RubyGems - grpc - Versions diffs - 1.0.1 → 1.1.2 - Mend

grpc 1.0.1 → 1.1.2

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (705) hide show

checksums.yaml +4 -4
data/Makefile +3696 -867
data/etc/roots.pem +39 -111
data/include/grpc/byte_buffer.h +64 -1
data/include/grpc/census.h +40 -96
data/include/grpc/compression.h +2 -1
data/include/grpc/grpc.h +42 -7
data/include/grpc/grpc_posix.h +8 -5
data/include/grpc/impl/codegen/atm.h +3 -0
data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
data/include/grpc/impl/codegen/atm_gcc_sync.h +8 -0
data/include/grpc/impl/codegen/atm_windows.h +4 -0
data/include/grpc/impl/codegen/byte_buffer_reader.h +4 -4
data/include/grpc/impl/codegen/compression_types.h +1 -1
data/include/grpc/impl/codegen/connectivity_state.h +2 -0
data/include/grpc/impl/codegen/exec_ctx_fwd.h +41 -0
data/include/grpc/impl/codegen/gpr_slice.h +84 -0
data/include/grpc/impl/codegen/{alloc.h → gpr_types.h} +30 -29
data/include/grpc/impl/codegen/grpc_types.h +91 -9
data/include/grpc/impl/codegen/port_platform.h +25 -92
data/include/grpc/impl/codegen/slice.h +54 -97
data/include/grpc/impl/codegen/sync.h +0 -253
data/include/grpc/module.modulemap +0 -2
data/include/grpc/slice.h +132 -0
data/include/grpc/{impl/codegen/slice_buffer.h → slice_buffer.h} +22 -39
data/include/grpc/support/alloc.h +40 -1
data/include/grpc/support/log.h +80 -1
data/include/grpc/support/log_windows.h +2 -0
data/include/grpc/support/string_util.h +1 -1
data/include/grpc/support/sync.h +252 -0
data/include/grpc/support/time.h +67 -1
data/src/boringssl/err_data.c +639 -627
data/src/core/ext/census/base_resources.c +71 -0
data/src/core/ext/census/base_resources.h +39 -0
data/src/core/ext/census/gen/census.pb.c +26 -29
data/src/core/ext/census/gen/census.pb.h +68 -67
data/src/core/ext/census/gen/trace_context.pb.c +81 -0
data/src/core/ext/census/gen/trace_context.pb.h +99 -0
data/src/core/ext/census/grpc_filter.c +22 -16
data/src/core/ext/census/grpc_plugin.c +2 -1
data/src/core/ext/census/initialize.c +16 -4
data/src/core/ext/census/mlog.h +1 -1
data/src/core/ext/census/placeholders.c +0 -45
data/src/core/ext/census/resource.c +312 -0
data/src/core/ext/census/resource.h +63 -0
data/src/core/ext/census/trace_context.c +86 -0
data/src/core/ext/census/trace_context.h +68 -0
data/src/core/ext/census/tracing.c +8 -2
data/src/core/ext/{client_config → client_channel}/channel_connectivity.c +8 -4
data/src/core/ext/client_channel/client_channel.c +1218 -0
data/src/core/ext/{client_config → client_channel}/client_channel.h +8 -11
data/src/core/ext/{client_config → client_channel}/client_channel_factory.c +33 -3
data/src/core/ext/{client_config → client_channel}/client_channel_factory.h +15 -8
data/src/core/ext/{client_config/client_config_plugin.c → client_channel/client_channel_plugin.c} +16 -15
data/src/core/ext/{client_config → client_channel}/connector.c +1 -1
data/src/core/ext/{client_config → client_channel}/connector.h +5 -8
data/{include/grpc/support/slice_buffer.h → src/core/ext/client_channel/default_initial_connect_string.c} +4 -5
data/src/core/ext/client_channel/http_connect_handshaker.c +399 -0
data/src/core/ext/client_channel/http_connect_handshaker.h +52 -0
data/src/core/ext/{client_config → client_channel}/initial_connect_string.c +6 -7
data/src/core/ext/{client_config → client_channel}/initial_connect_string.h +10 -10
data/src/core/ext/{client_config → client_channel}/lb_policy.c +11 -11
data/src/core/ext/{client_config → client_channel}/lb_policy.h +68 -27
data/src/core/ext/client_channel/lb_policy_factory.c +163 -0
data/src/core/ext/{client_config → client_channel}/lb_policy_factory.h +64 -9
data/src/core/ext/{client_config → client_channel}/lb_policy_registry.c +6 -4
data/src/core/ext/{client_config → client_channel}/lb_policy_registry.h +4 -4
data/src/core/ext/{client_config → client_channel}/parse_address.c +21 -14
data/src/core/ext/{client_config → client_channel}/parse_address.h +8 -10
data/src/core/ext/{client_config → client_channel}/resolver.c +3 -4
data/src/core/ext/{client_config → client_channel}/resolver.h +11 -15
data/src/core/ext/{client_config → client_channel}/resolver_factory.c +4 -3
data/src/core/ext/{client_config → client_channel}/resolver_factory.h +13 -11
data/src/core/ext/{client_config → client_channel}/resolver_registry.c +54 -34
data/src/core/ext/{client_config → client_channel}/resolver_registry.h +21 -8
data/src/core/ext/{client_config → client_channel}/subchannel.c +208 -119
data/src/core/ext/{client_config → client_channel}/subchannel.h +21 -11
data/src/core/ext/{client_config → client_channel}/subchannel_index.c +6 -17
data/src/core/ext/{client_config → client_channel}/subchannel_index.h +7 -7
data/src/core/ext/{client_config → client_channel}/uri_parser.c +21 -28
data/src/core/ext/{client_config → client_channel}/uri_parser.h +3 -3
data/src/core/ext/lb_policy/grpclb/grpclb.c +1406 -0
data/src/core/ext/lb_policy/grpclb/grpclb.h +44 -0
data/src/core/ext/lb_policy/grpclb/load_balancer_api.c +117 -37
data/src/core/ext/lb_policy/grpclb/load_balancer_api.h +31 -12
data/src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +6 -36
data/src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +22 -42
data/src/core/ext/lb_policy/pick_first/pick_first.c +64 -46
data/src/core/ext/lb_policy/round_robin/round_robin.c +324 -160
data/src/core/ext/load_reporting/load_reporting.c +7 -56
data/src/core/ext/load_reporting/load_reporting.h +41 -28
data/src/core/ext/load_reporting/load_reporting_filter.c +132 -42
data/src/core/ext/load_reporting/load_reporting_filter.h +1 -0
data/src/core/ext/resolver/dns/native/dns_resolver.c +88 -80
data/src/core/ext/resolver/sockaddr/sockaddr_resolver.c +57 -102
data/src/core/ext/transport/chttp2/alpn/alpn.c +1 -1
data/src/core/ext/transport/chttp2/client/chttp2_connector.c +253 -0
data/src/core/{lib/iomgr/ev_poll_and_epoll_posix.h → ext/transport/chttp2/client/chttp2_connector.h} +5 -5
data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +31 -160
data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +5 -5
data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +44 -243
data/src/core/ext/transport/chttp2/server/chttp2_server.c +342 -0
data/src/core/ext/transport/chttp2/server/chttp2_server.h +47 -0
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +11 -124
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +20 -9
data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +28 -236
data/src/core/ext/transport/chttp2/transport/bin_decoder.c +31 -27
data/src/core/ext/transport/chttp2/transport/bin_decoder.h +5 -4
data/src/core/ext/transport/chttp2/transport/bin_encoder.c +25 -22
data/src/core/ext/transport/chttp2/transport/bin_encoder.h +8 -7
data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +0 -3
data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +1345 -1521
data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -1
data/src/core/ext/transport/chttp2/transport/frame.h +3 -5
data/src/core/ext/transport/chttp2/transport/frame_data.c +50 -47
data/src/core/ext/transport/chttp2/transport/frame_data.h +8 -9
data/src/core/ext/transport/chttp2/transport/frame_goaway.c +19 -21
data/src/core/ext/transport/chttp2/transport/frame_goaway.h +9 -8
data/src/core/ext/transport/chttp2/transport/frame_ping.c +13 -12
data/src/core/ext/transport/chttp2/transport/frame_ping.h +6 -6
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +31 -19
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +8 -7
data/src/core/ext/transport/chttp2/transport/frame_settings.c +22 -25
data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -8
data/src/core/ext/transport/chttp2/transport/frame_window_update.c +26 -18
data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +68 -58
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +8 -5
data/src/core/ext/transport/chttp2/transport/hpack_parser.c +327 -214
data/src/core/ext/transport/chttp2/transport/hpack_parser.h +14 -9
data/src/core/ext/transport/chttp2/transport/hpack_table.c +24 -19
data/src/core/ext/transport/chttp2/transport/hpack_table.h +9 -6
data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +2 -2
data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +1 -1
data/src/core/ext/transport/chttp2/transport/internal.h +284 -436
data/src/core/ext/transport/chttp2/transport/parsing.c +355 -590
data/src/core/ext/transport/chttp2/transport/stream_lists.c +36 -309
data/src/core/ext/transport/chttp2/transport/stream_map.c +13 -34
data/src/core/ext/transport/chttp2/transport/stream_map.h +3 -4
data/src/core/ext/transport/chttp2/transport/writing.c +174 -286
data/src/core/lib/channel/channel_args.c +70 -13
data/src/core/lib/channel/channel_args.h +28 -2
data/src/core/lib/channel/channel_stack.c +77 -28
data/src/core/lib/channel/channel_stack.h +61 -23
data/src/core/lib/channel/channel_stack_builder.c +33 -25
data/src/core/lib/channel/channel_stack_builder.h +17 -8
data/src/core/lib/channel/compress_filter.c +52 -36
data/src/core/lib/channel/connected_channel.c +20 -12
data/src/core/lib/channel/connected_channel.h +2 -1
data/src/core/lib/channel/context.h +13 -1
data/src/core/lib/channel/deadline_filter.c +344 -0
data/src/core/lib/channel/deadline_filter.h +99 -0
data/src/core/lib/channel/handshaker.c +240 -0
data/src/core/lib/channel/handshaker.h +164 -0
data/src/core/lib/{security/credentials/google_default/credentials_windows.c → channel/handshaker_factory.c} +16 -23
data/src/core/lib/channel/handshaker_factory.h +66 -0
data/src/core/lib/channel/handshaker_registry.c +113 -0
data/src/core/{ext/client_config/client_config.h → lib/channel/handshaker_registry.h} +26 -16
data/src/core/lib/channel/http_client_filter.c +248 -46
data/src/core/lib/channel/http_client_filter.h +3 -0
data/src/core/lib/channel/http_server_filter.c +136 -24
data/src/core/lib/channel/message_size_filter.c +261 -0
data/src/core/lib/channel/message_size_filter.h +39 -0
data/src/core/lib/compression/message_compress.c +43 -37
data/src/core/lib/compression/message_compress.h +7 -5
data/src/core/lib/http/format_request.c +26 -11
data/src/core/lib/http/format_request.h +7 -5
data/src/core/lib/http/httpcli.c +45 -27
data/src/core/lib/http/httpcli.h +4 -4
data/src/core/lib/http/httpcli_security_connector.c +56 -46
data/src/core/lib/http/parser.c +17 -14
data/src/core/lib/http/parser.h +4 -2
data/src/core/lib/iomgr/closure.c +49 -7
data/src/core/lib/iomgr/closure.h +56 -14
data/src/core/lib/iomgr/combiner.c +422 -0
data/src/core/lib/iomgr/combiner.h +64 -0
data/src/core/lib/iomgr/endpoint.c +8 -2
data/src/core/lib/iomgr/endpoint.h +17 -7
data/src/core/lib/iomgr/endpoint_pair.h +3 -2
data/src/core/lib/iomgr/endpoint_pair_posix.c +9 -8
data/src/core/{ext/client_config/lb_policy_factory.c → lib/iomgr/endpoint_pair_uv.c} +18 -13
data/src/core/lib/iomgr/endpoint_pair_windows.c +7 -6
data/src/core/lib/iomgr/error.c +72 -6
data/src/core/lib/iomgr/error.h +30 -3
data/src/core/lib/iomgr/ev_epoll_linux.c +500 -382
data/src/core/lib/iomgr/ev_epoll_linux.h +3 -2
data/src/core/lib/iomgr/ev_poll_posix.c +317 -30
data/src/core/lib/iomgr/ev_poll_posix.h +1 -0
data/src/core/lib/iomgr/ev_posix.c +26 -5
data/src/core/lib/iomgr/ev_posix.h +12 -1
data/src/core/lib/iomgr/exec_ctx.c +27 -94
data/src/core/lib/iomgr/exec_ctx.h +19 -22
data/src/core/lib/iomgr/executor.c +29 -8
data/src/core/lib/iomgr/executor.h +2 -4
data/src/core/lib/iomgr/iocp_windows.c +3 -4
data/src/core/lib/iomgr/iomgr.c +14 -10
data/src/core/lib/iomgr/iomgr.h +6 -2
data/src/core/lib/iomgr/iomgr_posix.c +2 -2
data/src/core/lib/iomgr/iomgr_uv.c +49 -0
data/src/core/lib/iomgr/iomgr_windows.c +2 -2
data/src/core/lib/iomgr/load_file.c +3 -3
data/src/core/lib/iomgr/load_file.h +2 -2
data/src/core/lib/iomgr/network_status_tracker.c +1 -1
data/src/core/lib/iomgr/pollset_set_uv.c +62 -0
data/src/core/lib/iomgr/pollset_set_windows.c +3 -3
data/src/core/lib/iomgr/pollset_uv.c +142 -0
data/src/core/lib/iomgr/pollset_uv.h +42 -0
data/src/core/lib/iomgr/pollset_windows.c +5 -6
data/src/core/lib/iomgr/port.h +129 -0
data/src/core/lib/iomgr/resolve_address.h +2 -1
data/src/core/lib/iomgr/resolve_address_posix.c +14 -13
data/src/core/lib/iomgr/resolve_address_uv.c +233 -0
data/src/core/lib/iomgr/resolve_address_windows.c +14 -12
data/src/core/lib/iomgr/resource_quota.c +832 -0
data/src/core/lib/iomgr/resource_quota.h +159 -0
data/src/core/lib/iomgr/sockaddr.h +10 -2
data/src/core/lib/iomgr/sockaddr_utils.c +63 -36
data/src/core/lib/iomgr/sockaddr_utils.h +14 -14
data/src/core/lib/iomgr/socket_mutator.c +98 -0
data/src/core/lib/iomgr/socket_mutator.h +80 -0
data/src/core/lib/iomgr/socket_utils.h +42 -0
data/src/core/lib/iomgr/socket_utils_common_posix.c +28 -13
data/src/core/lib/iomgr/socket_utils_linux.c +11 -5
data/src/core/lib/iomgr/socket_utils_posix.c +10 -7
data/src/core/lib/iomgr/socket_utils_posix.h +11 -4
data/src/core/lib/iomgr/socket_utils_uv.c +49 -0
data/src/core/lib/iomgr/socket_utils_windows.c +52 -0
data/src/core/lib/iomgr/socket_windows.c +14 -6
data/src/core/lib/iomgr/socket_windows.h +1 -0
data/src/core/lib/iomgr/tcp_client.h +8 -2
data/src/core/lib/iomgr/tcp_client_posix.c +131 -82
data/src/core/lib/iomgr/tcp_client_posix.h +45 -0
data/src/core/lib/iomgr/tcp_client_uv.c +190 -0
data/src/core/lib/iomgr/tcp_client_windows.c +54 -30
data/src/core/lib/iomgr/tcp_posix.c +135 -56
data/src/core/lib/iomgr/tcp_posix.h +2 -2
data/src/core/lib/iomgr/tcp_server.h +14 -6
data/src/core/lib/iomgr/tcp_server_posix.c +154 -118
data/src/core/lib/iomgr/tcp_server_uv.c +388 -0
data/src/core/lib/iomgr/tcp_server_windows.c +127 -100
data/src/core/lib/iomgr/tcp_uv.c +367 -0
data/src/core/lib/iomgr/tcp_uv.h +59 -0
data/src/core/lib/iomgr/tcp_windows.c +65 -48
data/src/core/lib/iomgr/tcp_windows.h +3 -1
data/src/core/lib/iomgr/timer.h +21 -21
data/src/core/lib/iomgr/{timer.c → timer_generic.c} +15 -10
data/src/core/lib/iomgr/timer_generic.h +49 -0
data/src/core/lib/iomgr/timer_heap.c +6 -0
data/src/core/lib/iomgr/timer_uv.c +99 -0
data/src/core/lib/iomgr/timer_uv.h +47 -0
data/src/core/lib/iomgr/udp_server.c +116 -98
data/src/core/lib/iomgr/udp_server.h +5 -3
data/src/core/lib/iomgr/unix_sockets_posix.c +14 -6
data/src/core/lib/iomgr/unix_sockets_posix.h +6 -5
data/src/core/lib/iomgr/unix_sockets_posix_noop.c +4 -4
data/src/core/lib/iomgr/wakeup_fd_cv.c +118 -0
data/src/core/lib/iomgr/wakeup_fd_cv.h +80 -0
data/src/core/lib/iomgr/wakeup_fd_eventfd.c +3 -3
data/src/core/lib/iomgr/wakeup_fd_nospecial.c +3 -3
data/src/core/lib/iomgr/wakeup_fd_pipe.c +12 -6
data/src/core/lib/iomgr/wakeup_fd_posix.c +34 -5
data/src/core/lib/iomgr/wakeup_fd_posix.h +5 -0
data/src/core/lib/iomgr/workqueue.h +12 -20
data/src/core/{ext/client_config/client_config.c → lib/iomgr/workqueue_uv.c} +24 -33
data/{include/grpc/support/slice.h → src/core/lib/iomgr/workqueue_uv.h} +4 -6
data/src/core/lib/iomgr/workqueue_windows.c +9 -8
data/src/core/lib/json/json.c +3 -3
data/src/core/lib/json/json.h +11 -11
data/src/core/lib/json/json_reader.c +9 -5
data/src/core/lib/profiling/basic_timers.c +10 -1
data/src/core/lib/profiling/timers.h +2 -0
data/src/core/lib/security/context/security_context.c +13 -3
data/src/core/lib/security/context/security_context.h +20 -0
data/src/core/lib/security/credentials/composite/composite_credentials.c +28 -14
data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
data/src/core/lib/security/credentials/credentials.c +48 -19
data/src/core/lib/security/credentials/credentials.h +36 -19
data/src/core/lib/security/credentials/credentials_metadata.c +11 -8
data/src/core/lib/security/credentials/fake/fake_credentials.c +15 -11
data/src/core/lib/security/credentials/google_default/{credentials_posix.c → credentials_generic.c} +7 -14
data/src/core/lib/security/credentials/google_default/google_default_credentials.c +33 -21
data/src/core/lib/security/credentials/google_default/google_default_credentials.h +14 -0
data/src/core/lib/security/credentials/iam/iam_credentials.c +3 -2
data/src/core/lib/security/credentials/jwt/json_token.c +1 -0
data/src/core/lib/security/credentials/jwt/json_token.h +1 -1
data/src/core/lib/security/credentials/jwt/jwt_credentials.c +54 -19
data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -1
data/src/core/lib/security/credentials/jwt/jwt_verifier.c +129 -79
data/src/core/lib/security/credentials/jwt/jwt_verifier.h +9 -6
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +63 -28
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
data/src/core/lib/security/credentials/plugin/plugin_credentials.c +32 -11
data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -9
data/src/core/lib/security/transport/client_auth_filter.c +33 -27
data/src/core/lib/security/transport/secure_endpoint.c +93 -68
data/src/core/lib/security/transport/secure_endpoint.h +2 -2
data/src/core/lib/security/transport/security_connector.c +133 -168
data/src/core/lib/security/transport/security_connector.h +31 -46
data/src/core/lib/security/transport/security_handshaker.c +501 -0
data/src/core/lib/security/transport/{handshake.h → security_handshaker.h} +10 -10
data/src/core/lib/security/transport/server_auth_filter.c +50 -38
data/src/core/lib/security/util/b64.c +11 -8
data/src/core/lib/security/util/b64.h +5 -4
data/src/core/lib/slice/percent_encoding.c +182 -0
data/src/core/lib/slice/percent_encoding.h +78 -0
data/src/core/lib/{support → slice}/slice.c +81 -50
data/src/core/lib/{support → slice}/slice_buffer.c +78 -60
data/src/core/lib/slice/slice_internal.h +49 -0
data/src/core/lib/slice/slice_string_helpers.c +90 -0
data/src/core/lib/{iomgr/workqueue_posix.h → slice/slice_string_helpers.h} +18 -18
data/src/core/lib/support/backoff.c +24 -13
data/src/core/lib/support/backoff.h +5 -2
data/src/core/lib/support/env.h +0 -2
data/src/core/lib/support/log.c +5 -4
data/src/core/lib/support/log_linux.c +0 -1
data/src/core/lib/support/log_posix.c +1 -1
data/src/core/lib/support/mpscq.c +83 -0
data/src/core/lib/support/mpscq.h +65 -0
data/src/core/lib/support/string.c +58 -49
data/src/core/lib/support/string.h +11 -8
data/src/core/lib/support/subprocess_posix.c +5 -2
data/src/core/lib/support/thd.c +1 -1
data/src/core/lib/support/time.c +43 -79
data/src/core/lib/support/time_posix.c +1 -1
data/src/core/lib/support/tmpfile.h +0 -2
data/src/core/lib/surface/alarm.c +4 -1
data/src/core/lib/surface/byte_buffer.c +17 -11
data/src/core/lib/surface/byte_buffer_reader.c +23 -15
data/src/core/lib/surface/call.c +294 -276
data/src/core/lib/surface/call.h +24 -9
data/src/core/lib/surface/call_log_batch.c +5 -3
data/src/core/lib/surface/channel.c +127 -111
data/src/core/lib/surface/channel.h +14 -5
data/src/core/lib/surface/channel_init.c +1 -1
data/src/core/lib/surface/channel_init.h +10 -1
data/src/core/lib/surface/channel_ping.c +7 -6
data/src/core/lib/surface/completion_queue.c +154 -18
data/src/core/lib/surface/completion_queue.h +5 -0
data/src/core/lib/surface/init.c +40 -6
data/src/core/lib/surface/init.h +1 -0
data/src/core/lib/surface/init_secure.c +5 -2
data/src/core/lib/surface/lame_client.c +28 -18
data/src/core/lib/surface/server.c +134 -87
data/src/core/lib/surface/server.h +8 -0
data/src/core/lib/surface/validate_metadata.c +1 -1
data/src/core/lib/surface/version.c +3 -1
data/src/core/lib/transport/byte_stream.c +7 -4
data/src/core/lib/transport/byte_stream.h +6 -10
data/src/core/lib/transport/connectivity_state.c +21 -12
data/src/core/lib/transport/connectivity_state.h +4 -1
data/src/core/lib/transport/mdstr_hash_table.c +118 -0
data/src/core/lib/transport/mdstr_hash_table.h +77 -0
data/src/core/lib/transport/metadata.c +83 -60
data/src/core/lib/transport/metadata.h +41 -23
data/src/core/lib/transport/metadata_batch.c +17 -11
data/src/core/lib/transport/metadata_batch.h +20 -6
data/src/core/lib/transport/pid_controller.c +57 -0
data/src/core/lib/transport/pid_controller.h +64 -0
data/src/core/lib/transport/service_config.c +251 -0
data/src/core/lib/transport/service_config.h +71 -0
data/src/core/lib/transport/static_metadata.c +18 -16
data/src/core/lib/transport/static_metadata.h +113 -107
data/src/core/{ext/transport/chttp2 → lib}/transport/timeout_encoding.c +3 -3
data/src/core/{ext/transport/chttp2 → lib}/transport/timeout_encoding.h +7 -7
data/src/core/lib/transport/transport.c +84 -23
data/src/core/lib/transport/transport.h +53 -8
data/src/core/lib/transport/transport_impl.h +3 -0
data/src/core/lib/transport/transport_op_string.c +92 -20
data/src/core/lib/tsi/ssl_transport_security.c +3 -1
data/src/core/plugin_registry/grpc_plugin_registry.c +8 -4
data/src/ruby/ext/grpc/extconf.rb +0 -1
data/src/ruby/ext/grpc/rb_byte_buffer.c +8 -7
data/src/ruby/ext/grpc/rb_call.c +15 -5
data/src/ruby/ext/grpc/rb_channel.c +1 -1
data/src/ruby/ext/grpc/rb_compression_options.c +466 -0
data/src/{core/ext/client_config/default_initial_connect_string.c → ruby/ext/grpc/rb_compression_options.h} +10 -5
data/src/ruby/ext/grpc/rb_grpc.c +3 -1
data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +198 -190
data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +306 -294
data/src/ruby/ext/grpc/rb_server.c +18 -12
data/src/ruby/lib/grpc/errors.rb +154 -2
data/src/ruby/lib/grpc/generic/active_call.rb +144 -63
data/src/ruby/lib/grpc/generic/bidi_call.rb +18 -2
data/src/ruby/lib/grpc/generic/client_stub.rb +7 -5
data/src/ruby/lib/grpc/generic/rpc_desc.rb +39 -13
data/src/ruby/lib/grpc/generic/rpc_server.rb +51 -24
data/src/ruby/lib/grpc/generic/service.rb +3 -2
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/pb/grpc/health/checker.rb +3 -1
data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +7 -0
data/src/ruby/pb/test/client.rb +307 -7
data/src/ruby/pb/test/server.rb +26 -1
data/src/ruby/spec/compression_options_spec.rb +164 -0
data/src/ruby/spec/error_sanity_spec.rb +64 -0
data/src/ruby/spec/generic/active_call_spec.rb +290 -12
data/src/ruby/spec/generic/client_stub_spec.rb +91 -41
data/src/ruby/spec/generic/rpc_desc_spec.rb +36 -16
data/src/ruby/spec/generic/rpc_server_pool_spec.rb +22 -28
data/src/ruby/spec/generic/rpc_server_spec.rb +6 -6
data/src/ruby/spec/pb/health/checker_spec.rb +27 -19
data/src/ruby/spec/spec_helper.rb +2 -0
data/third_party/boringssl/crypto/aes/aes.c +12 -12
data/third_party/boringssl/crypto/aes/mode_wrappers.c +6 -2
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +28 -13
data/third_party/boringssl/crypto/asn1/a_gentm.c +2 -0
data/third_party/boringssl/crypto/asn1/a_object.c +7 -3
data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
data/third_party/boringssl/crypto/asn1/a_time.c +0 -11
data/third_party/boringssl/crypto/asn1/a_type.c +0 -2
data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -30
data/third_party/boringssl/crypto/asn1/asn1_lib.c +56 -76
data/third_party/boringssl/crypto/asn1/asn1_locl.h +0 -10
data/third_party/boringssl/crypto/asn1/asn1_par.c +0 -322
data/third_party/boringssl/crypto/asn1/f_enum.c +1 -108
data/third_party/boringssl/crypto/asn1/f_int.c +1 -106
data/third_party/boringssl/crypto/asn1/f_string.c +1 -106
data/third_party/boringssl/crypto/asn1/tasn_dec.c +10 -14
data/third_party/boringssl/crypto/asn1/tasn_enc.c +17 -11
data/third_party/boringssl/crypto/asn1/tasn_typ.c +29 -42
data/third_party/boringssl/crypto/asn1/tasn_utl.c +1 -1
data/third_party/boringssl/crypto/base64/base64.c +249 -285
data/third_party/boringssl/crypto/bio/bio.c +13 -23
data/third_party/boringssl/crypto/bio/bio_mem.c +3 -2
data/third_party/boringssl/crypto/bio/connect.c +12 -3
data/third_party/boringssl/crypto/bio/fd.c +22 -15
data/third_party/boringssl/crypto/bio/file.c +2 -38
data/third_party/boringssl/crypto/bio/hexdump.c +1 -2
data/third_party/boringssl/crypto/bio/internal.h +3 -0
data/third_party/boringssl/crypto/bio/pair.c +1 -1
data/third_party/boringssl/crypto/bio/socket.c +10 -2
data/third_party/boringssl/crypto/bio/socket_helper.c +2 -2
data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +0 -8
data/third_party/boringssl/crypto/bn/bn.c +38 -0
data/third_party/boringssl/crypto/bn/cmp.c +25 -0
data/third_party/boringssl/crypto/bn/convert.c +73 -76
data/third_party/boringssl/crypto/bn/div.c +136 -70
data/third_party/boringssl/crypto/bn/exponentiation.c +86 -381
data/third_party/boringssl/crypto/bn/gcd.c +213 -296
data/third_party/boringssl/crypto/bn/generic.c +0 -80
data/third_party/boringssl/crypto/bn/internal.h +15 -3
data/third_party/boringssl/crypto/bn/montgomery.c +57 -207
data/third_party/boringssl/crypto/bn/montgomery_inv.c +160 -0
data/third_party/boringssl/crypto/bn/mul.c +2 -1
data/third_party/boringssl/crypto/bn/prime.c +24 -8
data/third_party/boringssl/crypto/bn/random.c +47 -33
data/third_party/boringssl/crypto/bn/sqrt.c +4 -5
data/third_party/boringssl/crypto/buf/buf.c +25 -21
data/third_party/boringssl/crypto/bytestring/ber.c +1 -0
data/third_party/boringssl/crypto/bytestring/cbb.c +50 -22
data/third_party/boringssl/crypto/bytestring/cbs.c +28 -4
data/third_party/boringssl/crypto/chacha/{chacha_generic.c → chacha.c} +56 -29
data/third_party/boringssl/crypto/cipher/aead.c +11 -22
data/third_party/boringssl/crypto/cipher/cipher.c +2 -2
data/third_party/boringssl/crypto/cipher/e_aes.c +53 -103
data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +2 -8
data/third_party/boringssl/crypto/cipher/e_des.c +3 -5
data/third_party/boringssl/crypto/cipher/e_null.c +1 -1
data/third_party/boringssl/crypto/cipher/e_rc2.c +1 -1
data/third_party/boringssl/crypto/cipher/e_rc4.c +1 -1
data/third_party/boringssl/crypto/cipher/e_ssl3.c +3 -63
data/third_party/boringssl/crypto/cipher/e_tls.c +12 -83
data/third_party/boringssl/crypto/cipher/internal.h +8 -10
data/third_party/boringssl/crypto/cipher/tls_cbc.c +69 -40
data/third_party/boringssl/crypto/conf/conf.c +2 -1
data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
data/third_party/boringssl/crypto/cpu-arm-linux.c +360 -0
data/third_party/boringssl/crypto/cpu-arm.c +0 -161
data/third_party/boringssl/crypto/cpu-intel.c +5 -3
data/third_party/boringssl/{ssl/test/scoped_types.h → crypto/cpu-ppc64le.c} +21 -9
data/third_party/boringssl/crypto/crypto.c +29 -7
data/third_party/boringssl/crypto/curve25519/curve25519.c +284 -242
data/third_party/boringssl/crypto/curve25519/internal.h +64 -0
data/third_party/boringssl/crypto/curve25519/spake25519.c +464 -0
data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +21 -0
data/third_party/boringssl/crypto/dh/check.c +22 -6
data/third_party/boringssl/crypto/dh/dh.c +45 -21
data/third_party/boringssl/crypto/dh/dh_asn1.c +96 -20
data/third_party/boringssl/crypto/dh/params.c +30 -78
data/third_party/boringssl/crypto/digest/digest.c +3 -3
data/third_party/boringssl/crypto/dsa/dsa.c +59 -29
data/third_party/boringssl/crypto/dsa/dsa_asn1.c +4 -0
data/third_party/boringssl/crypto/ec/ec.c +84 -140
data/third_party/boringssl/crypto/ec/ec_asn1.c +82 -52
data/third_party/boringssl/crypto/ec/ec_key.c +15 -15
data/third_party/boringssl/crypto/ec/ec_montgomery.c +87 -50
data/third_party/boringssl/crypto/ec/internal.h +12 -36
data/third_party/boringssl/crypto/ec/oct.c +11 -11
data/third_party/boringssl/crypto/ec/p224-64.c +59 -116
data/third_party/boringssl/crypto/ec/p256-64.c +88 -163
data/third_party/boringssl/crypto/ec/p256-x86_64.c +46 -58
data/third_party/boringssl/crypto/ec/simple.c +81 -201
data/third_party/boringssl/crypto/ec/util-64.c +0 -74
data/third_party/boringssl/crypto/ecdh/ecdh.c +7 -1
data/third_party/boringssl/crypto/ecdsa/ecdsa.c +28 -46
data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c +1 -0
data/third_party/boringssl/crypto/engine/engine.c +1 -1
data/third_party/boringssl/crypto/err/err.c +3 -3
data/third_party/boringssl/crypto/evp/evp.c +14 -59
data/third_party/boringssl/crypto/evp/evp_asn1.c +144 -87
data/third_party/boringssl/crypto/evp/evp_ctx.c +7 -7
data/third_party/boringssl/crypto/evp/internal.h +4 -46
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +8 -157
data/third_party/boringssl/crypto/evp/p_ec.c +1 -1
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +22 -170
data/third_party/boringssl/crypto/evp/p_rsa.c +1 -1
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +10 -548
data/third_party/boringssl/crypto/evp/print.c +520 -0
data/third_party/boringssl/crypto/ex_data.c +4 -6
data/third_party/boringssl/crypto/hkdf/hkdf.c +38 -17
data/third_party/boringssl/crypto/hmac/hmac.c +6 -6
data/third_party/boringssl/crypto/internal.h +57 -77
data/third_party/boringssl/crypto/lhash/lhash.c +6 -10
data/third_party/boringssl/crypto/md4/md4.c +9 -0
data/third_party/boringssl/crypto/mem.c +19 -19
data/third_party/boringssl/crypto/modes/cfb.c +5 -6
data/third_party/boringssl/crypto/modes/ctr.c +10 -18
data/third_party/boringssl/crypto/modes/gcm.c +100 -66
data/third_party/boringssl/crypto/modes/internal.h +15 -27
data/third_party/boringssl/crypto/modes/ofb.c +9 -22
data/third_party/boringssl/crypto/newhope/error_correction.c +131 -0
data/third_party/boringssl/crypto/newhope/internal.h +71 -0
data/third_party/boringssl/crypto/newhope/newhope.c +174 -0
data/third_party/boringssl/crypto/newhope/ntt.c +148 -0
data/third_party/boringssl/crypto/newhope/poly.c +183 -0
data/third_party/boringssl/crypto/newhope/precomp.c +306 -0
data/third_party/boringssl/crypto/newhope/reduce.c +42 -0
data/third_party/boringssl/crypto/obj/obj.c +111 -135
data/third_party/boringssl/crypto/obj/obj_dat.h +4 -10
data/third_party/boringssl/crypto/pem/pem_lib.c +6 -43
data/third_party/boringssl/crypto/pem/pem_pkey.c +10 -19
data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +1 -0
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +2 -1
data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +2 -2
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +95 -87
data/third_party/boringssl/crypto/{test/test_util.h → poly1305/internal.h} +15 -10
data/third_party/boringssl/crypto/poly1305/poly1305.c +8 -15
data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +1 -0
data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +3 -3
data/third_party/boringssl/crypto/rand/deterministic.c +47 -0
data/third_party/boringssl/crypto/rand/rand.c +4 -1
data/third_party/boringssl/crypto/rand/urandom.c +5 -7
data/third_party/boringssl/crypto/rand/windows.c +5 -8
data/third_party/boringssl/crypto/rc4/rc4.c +24 -209
data/third_party/boringssl/crypto/refcount_lock.c +2 -2
data/third_party/boringssl/crypto/rsa/blinding.c +74 -232
data/third_party/boringssl/crypto/rsa/internal.h +5 -13
data/third_party/boringssl/crypto/rsa/padding.c +64 -63
data/third_party/boringssl/crypto/rsa/rsa.c +50 -28
data/third_party/boringssl/crypto/rsa/rsa_asn1.c +8 -16
data/third_party/boringssl/crypto/rsa/rsa_impl.c +134 -122
data/third_party/boringssl/crypto/sha/sha256.c +2 -2
data/third_party/boringssl/crypto/sha/sha512.c +7 -7
data/third_party/boringssl/crypto/stack/stack.c +13 -22
data/third_party/boringssl/crypto/thread.c +21 -12
data/third_party/boringssl/crypto/thread_none.c +6 -2
data/third_party/boringssl/crypto/thread_pthread.c +16 -7
data/third_party/boringssl/crypto/thread_win.c +38 -85
data/third_party/boringssl/crypto/x509/a_sign.c +3 -3
data/third_party/boringssl/crypto/x509/a_strex.c +1 -1
data/third_party/boringssl/crypto/x509/a_verify.c +2 -2
data/third_party/boringssl/crypto/{evp → x509}/algorithm.c +37 -53
data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -2
data/third_party/boringssl/crypto/x509/by_dir.c +6 -6
data/third_party/boringssl/crypto/x509/internal.h +66 -0
data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
data/third_party/boringssl/crypto/x509/t_x509.c +10 -12
data/third_party/boringssl/crypto/x509/x509.c +5 -0
data/third_party/boringssl/crypto/x509/x509_att.c +9 -3
data/third_party/boringssl/crypto/x509/x509_lu.c +34 -44
data/third_party/boringssl/crypto/x509/x509_obj.c +19 -2
data/third_party/boringssl/crypto/x509/x509_r2x.c +9 -5
data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
data/third_party/boringssl/crypto/x509/x509_txt.c +5 -0
data/third_party/boringssl/crypto/x509/x509_vfy.c +63 -32
data/third_party/boringssl/crypto/x509/x509_vpm.c +29 -18
data/third_party/boringssl/crypto/x509/x509cset.c +2 -1
data/third_party/boringssl/crypto/x509/x_crl.c +2 -2
data/third_party/boringssl/crypto/x509/x_name.c +14 -17
data/third_party/boringssl/crypto/x509/x_pubkey.c +10 -7
data/third_party/boringssl/crypto/x509/x_x509.c +67 -6
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -2
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_conf.c +4 -3
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +5 -0
data/third_party/boringssl/crypto/x509v3/v3_prn.c +0 -3
data/third_party/boringssl/crypto/x509v3/v3_purp.c +2 -2
data/third_party/boringssl/crypto/x509v3/v3_utl.c +2 -1
data/third_party/boringssl/include/openssl/aead.h +72 -73
data/third_party/boringssl/include/openssl/arm_arch.h +0 -6
data/third_party/boringssl/include/openssl/asn1.h +103 -235
data/third_party/boringssl/include/openssl/asn1_mac.h +17 -74
data/third_party/boringssl/include/openssl/asn1t.h +1 -11
data/third_party/boringssl/include/openssl/base.h +145 -3
data/third_party/boringssl/include/openssl/base64.h +20 -17
data/third_party/boringssl/include/openssl/bio.h +59 -34
data/third_party/boringssl/include/openssl/bn.h +118 -51
data/third_party/boringssl/include/openssl/buf.h +15 -0
data/third_party/boringssl/include/openssl/bytestring.h +52 -4
data/third_party/boringssl/include/openssl/chacha.h +2 -2
data/third_party/boringssl/include/openssl/cipher.h +18 -1
data/third_party/boringssl/include/openssl/cmac.h +11 -0
data/third_party/boringssl/include/openssl/conf.h +13 -2
data/third_party/boringssl/include/openssl/cpu.h +20 -23
data/third_party/boringssl/include/openssl/crypto.h +22 -1
data/third_party/boringssl/include/openssl/curve25519.h +96 -4
data/third_party/boringssl/include/openssl/dh.h +71 -16
data/third_party/boringssl/include/openssl/digest.h +38 -11
data/third_party/boringssl/include/openssl/dsa.h +40 -4
data/third_party/boringssl/include/openssl/ec.h +44 -18
data/third_party/boringssl/include/openssl/ec_key.h +27 -6
data/third_party/boringssl/include/openssl/ecdsa.h +11 -0
data/third_party/boringssl/include/openssl/engine.h +11 -0
data/third_party/boringssl/include/openssl/evp.h +52 -88
data/third_party/boringssl/include/openssl/hkdf.h +24 -4
data/third_party/boringssl/include/openssl/hmac.h +20 -6
data/third_party/boringssl/include/openssl/md4.h +4 -0
data/third_party/boringssl/include/openssl/mem.h +19 -0
data/third_party/boringssl/include/openssl/newhope.h +158 -0
data/third_party/boringssl/include/openssl/nid.h +4166 -0
data/third_party/boringssl/include/openssl/obj.h +31 -3
data/third_party/boringssl/include/openssl/obj_mac.h +17 -4143
data/third_party/boringssl/include/openssl/{opensslfeatures.h → opensslconf.h} +3 -3
data/third_party/boringssl/include/openssl/pem.h +5 -0
data/third_party/boringssl/include/openssl/pkcs8.h +12 -0
data/third_party/boringssl/include/openssl/rand.h +6 -0
data/third_party/boringssl/include/openssl/rc4.h +6 -0
data/third_party/boringssl/{crypto/dh/internal.h → include/openssl/ripemd.h} +38 -11
data/third_party/boringssl/include/openssl/rsa.h +127 -65
data/third_party/boringssl/include/openssl/sha.h +14 -10
data/third_party/boringssl/include/openssl/ssl.h +561 -275
data/third_party/boringssl/include/openssl/ssl3.h +18 -25
data/third_party/boringssl/include/openssl/stack.h +2 -4
data/third_party/boringssl/include/openssl/stack_macros.h +321 -353
data/third_party/boringssl/include/openssl/thread.h +31 -13
data/third_party/boringssl/include/openssl/time_support.h +1 -0
data/third_party/boringssl/include/openssl/tls1.h +37 -33
data/third_party/boringssl/include/openssl/x509.h +69 -26
data/third_party/boringssl/include/openssl/x509_vfy.h +12 -10
data/third_party/boringssl/include/openssl/x509v3.h +23 -2
data/third_party/boringssl/ssl/custom_extensions.c +3 -5
data/third_party/boringssl/ssl/d1_both.c +463 -499
data/third_party/boringssl/ssl/d1_lib.c +38 -109
data/third_party/boringssl/ssl/d1_pkt.c +173 -334
data/third_party/boringssl/ssl/d1_srtp.c +20 -18
data/third_party/boringssl/ssl/{d1_meth.c → dtls_method.c} +88 -15
data/third_party/boringssl/ssl/dtls_record.c +27 -26
data/third_party/boringssl/ssl/{s3_clnt.c → handshake_client.c} +816 -904
data/third_party/boringssl/ssl/handshake_server.c +1932 -0
data/third_party/boringssl/ssl/internal.h +712 -439
data/third_party/boringssl/ssl/s3_both.c +445 -257
data/third_party/boringssl/ssl/s3_enc.c +53 -36
data/third_party/boringssl/ssl/s3_lib.c +23 -268
data/third_party/boringssl/ssl/s3_pkt.c +168 -364
data/third_party/boringssl/ssl/ssl_aead_ctx.c +46 -17
data/third_party/boringssl/ssl/ssl_asn1.c +56 -26
data/third_party/boringssl/ssl/ssl_buffer.c +16 -24
data/third_party/boringssl/ssl/ssl_cert.c +324 -49
data/third_party/boringssl/ssl/ssl_cipher.c +205 -150
data/third_party/boringssl/ssl/ssl_ecdh.c +287 -51
data/third_party/boringssl/ssl/ssl_file.c +21 -68
data/third_party/boringssl/ssl/ssl_lib.c +881 -510
data/third_party/boringssl/ssl/ssl_rsa.c +404 -34
data/third_party/boringssl/ssl/ssl_session.c +324 -103
data/third_party/boringssl/ssl/ssl_stat.c +6 -88
data/third_party/boringssl/ssl/t1_enc.c +23 -39
data/third_party/boringssl/ssl/t1_lib.c +1120 -622
data/third_party/boringssl/ssl/tls13_both.c +440 -0
data/third_party/boringssl/ssl/tls13_client.c +682 -0
data/third_party/boringssl/ssl/tls13_enc.c +391 -0
data/third_party/boringssl/ssl/tls13_server.c +672 -0
data/third_party/boringssl/ssl/{s3_meth.c → tls_method.c} +100 -21
data/third_party/boringssl/ssl/tls_record.c +159 -77
data/third_party/nanopb/pb.h +60 -28
data/third_party/nanopb/pb_decode.c +120 -92
data/third_party/nanopb/pb_decode.h +3 -3
data/third_party/nanopb/pb_encode.c +73 -67
data/third_party/nanopb/pb_encode.h +4 -4
metadata +155 -89
data/include/grpc/impl/codegen/byte_buffer.h +0 -122
data/include/grpc/impl/codegen/log.h +0 -118
data/include/grpc/impl/codegen/time.h +0 -130
data/src/core/ext/client_config/client_channel.c +0 -593
data/src/core/ext/client_config/subchannel_call_holder.c +0 -272
data/src/core/ext/client_config/subchannel_call_holder.h +0 -99
data/src/core/lib/iomgr/ev_poll_and_epoll_posix.c +0 -2046
data/src/core/lib/iomgr/workqueue_posix.c +0 -151
data/src/core/lib/security/transport/handshake.c +0 -368
data/third_party/boringssl/crypto/asn1/a_bytes.c +0 -308
data/third_party/boringssl/crypto/asn1/bio_asn1.c +0 -477
data/third_party/boringssl/crypto/asn1/bio_ndef.c +0 -251
data/third_party/boringssl/crypto/asn1/t_pkey.c +0 -110
data/third_party/boringssl/crypto/asn1/tasn_prn.c +0 -596
data/third_party/boringssl/crypto/chacha/chacha_vec.c +0 -328
data/third_party/boringssl/crypto/directory.h +0 -66
data/third_party/boringssl/crypto/directory_posix.c +0 -108
data/third_party/boringssl/crypto/directory_win.c +0 -144
data/third_party/boringssl/crypto/test/scoped_types.h +0 -140
data/third_party/boringssl/include/openssl/pqueue.h +0 -146
data/third_party/boringssl/ssl/d1_clnt.c +0 -561
data/third_party/boringssl/ssl/d1_srvr.c +0 -476
data/third_party/boringssl/ssl/pqueue/pqueue.c +0 -197
data/third_party/boringssl/ssl/s3_srvr.c +0 -2272
data/third_party/boringssl/ssl/test/async_bio.h +0 -45
data/third_party/boringssl/ssl/test/packeted_bio.h +0 -44
data/third_party/boringssl/ssl/test/test_config.h +0 -110

data/third_party/boringssl/crypto/x509/t_x509.c CHANGED

@@ -64,7 +64,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "../evp/internal.h"
+#include "internal.h"
 #ifndef OPENSSL_NO_FP_API
 int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
@@ -132,7 +133,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
             goto err;
         bs = X509_get_serialNumber(x);
-        if (bs->length <= (int)sizeof(long)) {
+        if (bs->length < (int)sizeof(long)
+            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
             l = ASN1_INTEGER_get(bs);
             if (bs->type == V_ASN1_NEG_INTEGER) {
                 l = -l;
@@ -298,22 +300,18 @@ int X509_ocspid_print(BIO *bp, X509 *x)
 int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
 {
-    int sig_nid;
     if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
         return 0;
     if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
         return 0;
-    sig_nid = OBJ_obj2nid(sigalg->algorithm);
-    if (sig_nid != NID_undef) {
-        int pkey_nid, dig_nid;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
-            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
-            if (ameth && ameth->sig_print)
-                return ameth->sig_print(bp, sigalg, sig, 9, 0);
-        }
+    /* RSA-PSS signatures have parameters to print. */
+    int sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid == NID_rsassaPss &&
+        !x509_print_rsa_pss_params(bp, sigalg, 9, 0)) {
+        return 0;
     }
     if (sig)
         return X509_signature_dump(bp, sig, 9);
     else if (BIO_puts(bp, "\n") <= 0)

data/third_party/boringssl/crypto/x509/x509.c CHANGED

@@ -57,9 +57,14 @@
 #include <openssl/x509.h>
 #include <openssl/bio.h>
+#include <openssl/err.h>
 #include <openssl/mem.h>
+/* |X509_R_UNSUPPORTED_ALGORITHM| is no longer emitted, but continue to define
+ * it to avoid downstream churn. */
+OPENSSL_DECLARE_ERROR_REASON(X509, UNSUPPORTED_ALGORITHM)
 int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
                     int ptype, void *pval, uint8_t *penc, int penclen) {
   uint8_t **ppenc = NULL;

data/third_party/boringssl/crypto/x509/x509_att.c CHANGED

@@ -287,7 +287,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
                              const void *data, int len)
 {
-    ASN1_TYPE *ttmp;
+    ASN1_TYPE *ttmp = NULL;
     ASN1_STRING *stmp = NULL;
     int atype = 0;
     if (!attr)
@@ -315,20 +315,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
      * least one value but some types use and zero length SET and require
      * this.
      */
-    if (attrtype == 0)
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
         return 1;
+    }
     if (!(ttmp = ASN1_TYPE_new()))
         goto err;
     if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
         if (!ASN1_TYPE_set1(ttmp, attrtype, data))
             goto err;
-    } else
+    } else {
         ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
     if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
         goto err;
     return 1;
  err:
     OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
     return 0;
 }

data/third_party/boringssl/crypto/x509/x509_lu.c CHANGED

@@ -130,18 +130,18 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
                            X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-        return X509_LU_FAIL;
+        return 0;
     if (ctx->skip)
         return 0;
-    return ctx->method->get_by_subject(ctx, type, name, ret);
+    return ctx->method->get_by_subject(ctx, type, name, ret) > 0;
 }
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
                                  ASN1_INTEGER *serial, X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
-        return X509_LU_FAIL;
-    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+        return 0;
+    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret) > 0;
 }
 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
@@ -149,16 +149,16 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
                                X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-        return X509_LU_FAIL;
-    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+        return 0;
+    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret) > 0;
 }
 int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
                          X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-        return X509_LU_FAIL;
-    return ctx->method->get_by_alias(ctx, type, str, len, ret);
+        return 0;
+    return ctx->method->get_by_alias(ctx, type, str, len, ret) > 0;
 }
 static int x509_object_cmp(const X509_OBJECT **a, const X509_OBJECT **b)
@@ -217,6 +217,12 @@ X509_STORE *X509_STORE_new(void)
     return NULL;
 }
+int X509_STORE_up_ref(X509_STORE *store)
+{
+    CRYPTO_refcount_inc(&store->references);
+    return 1;
+}
 static void cleanup(X509_OBJECT *a)
 {
     if (a == NULL) {
@@ -296,26 +302,20 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
     X509_STORE *ctx = vs->ctx;
     X509_LOOKUP *lu;
     X509_OBJECT stmp, *tmp;
-    int i, j;
+    int i;
     CRYPTO_MUTEX_lock_write(&ctx->objs_lock);
     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
-    CRYPTO_MUTEX_unlock(&ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);
     if (tmp == NULL || type == X509_LU_CRL) {
-        for (i = vs->current_method;
-             i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+        for (i = 0; i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
-            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-            if (j < 0) {
-                vs->current_method = j;
-                return j;
-            } else if (j) {
+            if (X509_LOOKUP_by_subject(lu, type, name, &stmp)) {
                 tmp = &stmp;
                 break;
             }
         }
-        vs->current_method = 0;
         if (tmp == NULL)
             return 0;
     }
@@ -359,7 +359,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
     } else
         sk_X509_OBJECT_push(ctx->objs, obj);
-    CRYPTO_MUTEX_unlock(&ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);
     return ret;
 }
@@ -391,12 +391,12 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
     } else
         sk_X509_OBJECT_push(ctx->objs, obj);
-    CRYPTO_MUTEX_unlock(&ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);
     return ret;
 }
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
 {
     switch (a->type) {
     case X509_LU_X509:
@@ -406,6 +406,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
         X509_CRL_up_ref(a->data.crl);
         break;
     }
+    return 1;
 }
 void X509_OBJECT_free_contents(X509_OBJECT *a)
@@ -499,7 +500,7 @@ STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
          * cache
          */
         X509_OBJECT xobj;
-        CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+        CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
         if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
             sk_X509_free(sk);
             return NULL;
@@ -508,7 +509,7 @@ STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
         CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);
         idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
         if (idx < 0) {
-            CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+            CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
             sk_X509_free(sk);
             return NULL;
         }
@@ -516,14 +517,14 @@ STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
     for (i = 0; i < cnt; i++, idx++) {
         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
         x = obj->data.x509;
-        if (!sk_X509_push(sk, X509_up_ref(x))) {
-            CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
-            X509_free(x);
+        if (!sk_X509_push(sk, x)) {
+            CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
             sk_X509_pop_free(sk, X509_free);
             return NULL;
         }
+        X509_up_ref(x);
     }
-    CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
     return sk;
 }
@@ -547,7 +548,7 @@ STACK_OF (X509_CRL) * X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
     CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);
     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
     if (idx < 0) {
-        CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+        CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
         sk_X509_CRL_free(sk);
         return NULL;
     }
@@ -557,13 +558,13 @@ STACK_OF (X509_CRL) * X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
         x = obj->data.crl;
         X509_CRL_up_ref(x);
         if (!sk_X509_CRL_push(sk, x)) {
-            CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+            CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
             X509_CRL_free(x);
             sk_X509_CRL_pop_free(sk, X509_CRL_free);
             return NULL;
         }
     }
-    CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
     return sk;
 }
@@ -606,22 +607,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
     X509_NAME *xn;
     X509_OBJECT obj, *pobj;
-    int ok, idx, ret;
+    int idx, ret;
     size_t i;
     xn = X509_get_issuer_name(x);
-    ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
-    if (ok != X509_LU_X509) {
-        if (ok == X509_LU_RETRY) {
-            X509_OBJECT_free_contents(&obj);
-            OPENSSL_PUT_ERROR(X509, X509_R_SHOULD_RETRY);
-            return -1;
-        } else if (ok != X509_LU_FAIL) {
-            X509_OBJECT_free_contents(&obj);
-            /* not good :-(, break anyway */
-            return -1;
-        }
+    if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj))
         return 0;
-    }
     /* If certificate matches all OK */
     if (ctx->check_issued(ctx, x, obj.data.x509)) {
         *issuer = obj.data.x509;
@@ -651,7 +641,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
             }
         }
     }
-    CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock);
+    CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);
     return ret;
 }

data/third_party/boringssl/crypto/x509/x509_obj.c CHANGED

@@ -64,6 +64,13 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything enountered in practice.
+ */
+#define NAME_ONELINE_MAX    (1024 * 1024)
 char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 {
     X509_NAME_ENTRY *ne;
@@ -84,6 +91,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
             goto err;
         b->data[0] = '\0';
         len = 200;
+    } else if (len <= 0) {
+        return NULL;
     }
     if (a == NULL) {
         if (b) {
@@ -108,6 +117,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
         type = ne->value->type;
         num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
         q = ne->value->data;
         if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
@@ -135,6 +148,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
         lold = l;
         l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
         if (b != NULL) {
             if (!BUF_MEM_grow(b, l + 1))
                 goto err;
@@ -174,7 +191,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
     return (p);
  err:
     OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
-    if (b != NULL)
-        BUF_MEM_free(b);
+ end:
+    BUF_MEM_free(b);
     return (NULL);
 }

data/third_party/boringssl/crypto/x509/x509_r2x.c CHANGED

@@ -68,10 +68,12 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
     X509 *ret = NULL;
     X509_CINF *xi = NULL;
     X509_NAME *xn;
+    EVP_PKEY *pubkey = NULL;
+    int res;
     if ((ret = X509_new()) == NULL) {
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
-        goto err;
+        return NULL;
     }
     /* duplicate the request */
@@ -89,9 +91,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
     }
     xn = X509_REQ_get_subject_name(r);
-    if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+    if (X509_set_subject_name(ret, xn) == 0)
         goto err;
-    if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+    if (X509_set_issuer_name(ret, xn) == 0)
         goto err;
     if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
@@ -100,9 +102,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
         NULL)
         goto err;
-    X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
+    pubkey = X509_REQ_get_pubkey(r);
+    res = X509_set_pubkey(ret, pubkey);
+    EVP_PKEY_free(pubkey);
-    if (!X509_sign(ret, pkey, EVP_md5()))
+    if (!res || !X509_sign(ret, pkey, EVP_md5()))
         goto err;
     if (0) {
  err:

data/third_party/boringssl/crypto/x509/x509_set.c CHANGED

@@ -147,3 +147,8 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
         return (0);
     return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
 }
+STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+    return x->cert_info->extensions;
+}

data/third_party/boringssl/crypto/x509/x509_txt.c CHANGED

@@ -199,6 +199,11 @@ const char *X509_verify_cert_error_string(long n)
     case X509_V_ERR_IP_ADDRESS_MISMATCH:
         return ("IP address mismatch");
+    case X509_V_ERR_INVALID_CALL:
+        return ("Invalid certificate verification context");
+    case X509_V_ERR_STORE_LOOKUP:
+        return ("Issuer certificate lookup error");
     default:
         BIO_snprintf(buf, sizeof buf, "error number %ld", n);
         return (buf);

data/third_party/boringssl/crypto/x509/x509_vfy.c CHANGED

@@ -193,11 +193,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     int bad_chain = 0;
     X509_VERIFY_PARAM *param = ctx->param;
     int depth, i, ok = 0;
-    int num, j, retry;
+    int num, j, retry, trust;
     int (*cb) (int xok, X509_STORE_CTX *xctx);
     STACK_OF(X509) *sktmp = NULL;
     if (ctx->cert == NULL) {
         OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        ctx->error = X509_V_ERR_INVALID_CALL;
         return -1;
     }
     if (ctx->chain != NULL) {
@@ -206,6 +207,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          * cannot do another one.
          */
         OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ctx->error = X509_V_ERR_INVALID_CALL;
         return -1;
     }
@@ -218,6 +220,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     ctx->chain = sk_X509_new_null();
     if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
         goto end;
     }
     X509_up_ref(ctx->cert);
@@ -227,6 +230,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (ctx->untrusted != NULL
         && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
         goto end;
     }
@@ -250,8 +254,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          */
         if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
             ok = ctx->get_issuer(&xtmp, ctx, x);
-            if (ok < 0)
+            if (ok < 0) {
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
                 goto end;
+            }
             /*
              * If successful for now free up cert so it will be picked up
              * again later.
@@ -268,6 +274,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
             if (xtmp != NULL) {
                 if (!sk_X509_push(ctx->chain, xtmp)) {
                     OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+                    ctx->error = X509_V_ERR_OUT_OF_MEM;
+                    ok = 0;
                     goto end;
                 }
                 X509_up_ref(xtmp);
@@ -348,14 +356,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                 break;
             ok = ctx->get_issuer(&xtmp, ctx, x);
-            if (ok < 0)
+            if (ok < 0) {
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
                 goto end;
+            }
             if (ok == 0)
                 break;
             x = xtmp;
             if (!sk_X509_push(ctx->chain, x)) {
                 X509_free(xtmp);
                 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
                 ok = 0;
                 goto end;
             }
@@ -363,11 +374,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         }
         /* we now have our chain, lets check it... */
-        i = check_trust(ctx);
+        trust = check_trust(ctx);
         /* If explicitly rejected error */
-        if (i == X509_TRUST_REJECTED)
+        if (trust == X509_TRUST_REJECTED) {
+            ok = 0;
             goto end;
+        }
         /*
          * If it's not explicitly trusted then check if there is an alternative
          * chain that could be used. We only do this if we haven't already
@@ -375,7 +388,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          * chain checking
          */
         retry = 0;
-        if (i != X509_TRUST_TRUSTED
+        if (trust != X509_TRUST_TRUSTED
             && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
             && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
             while (j-- > 1) {
@@ -412,7 +425,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
      * self signed certificate in which case we've indicated an error already
      * and set bad_chain == 1
      */
-    if (i != X509_TRUST_TRUSTED && !bad_chain) {
+    if (trust != X509_TRUST_TRUSTED && !bad_chain) {
         if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
             if (ctx->last_untrusted >= num)
                 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@@ -463,10 +476,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (!ok)
         goto end;
-    i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
-                                ctx->param->flags);
-    if (i != X509_V_OK) {
-        ctx->error = i;
+    int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+                                      ctx->param->flags);
+    if (err != X509_V_OK) {
+        ctx->error = err;
         ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
         ok = cb(0, ctx);
         if (!ok)
@@ -490,6 +503,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         sk_X509_free(sktmp);
     if (chain_ss != NULL)
         X509_free(chain_ss);
+    /* Safety net, error returns must set ctx->error */
+    if (ok <= 0 && ctx->error == X509_V_OK)
+        ctx->error = X509_V_ERR_UNSPECIFIED;
     return ok;
 }
@@ -571,12 +588,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     } else {
         allow_proxy_certs =
             ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }
@@ -706,12 +717,19 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
             NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
             if (nc) {
                 rv = NAME_CONSTRAINTS_check(x, nc);
-                if (rv != X509_V_OK) {
+                switch (rv) {
+                case X509_V_OK:
+                    continue;
+                case X509_V_ERR_OUT_OF_MEM:
+                    ctx->error = rv;
+                    return 0;
+                default:
                     ctx->error = rv;
                     ctx->error_depth = i;
                     ctx->current_cert = x;
                     if (!ctx->verify_cb(0, ctx))
                         return 0;
+                    break;
                 }
             }
         }
@@ -841,11 +859,10 @@ static int check_revocation(X509_STORE_CTX *ctx)
 }
 static int check_cert(X509_STORE_CTX *ctx)
-    OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS
 {
     X509_CRL *crl = NULL, *dcrl = NULL;
     X509 *x;
-    int ok, cnum;
+    int ok = 0, cnum;
     unsigned int last_reasons;
     cnum = ctx->error_depth;
     x = sk_X509_value(ctx->chain, cnum);
@@ -984,13 +1001,25 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
         crl = sk_X509_CRL_value(crls, i);
         reasons = *preasons;
         crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-        if (crl_score > best_score) {
-            best_crl = crl;
-            best_crl_issuer = crl_issuer;
-            best_score = crl_score;
-            best_reasons = reasons;
+        if (crl_score < best_score || crl_score == 0)
+            continue;
+        /* If current CRL is equivalent use it if it is newer */
+        if (crl_score == best_score && best_crl != NULL) {
+            int day, sec;
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
+                               X509_CRL_get_lastUpdate(crl)) == 0)
+                continue;
+            /*
+             * ASN1_TIME_diff never returns inconsistent signs for |day|
+             * and |sec|.
+             */
+            if (day <= 0 && sec <= 0)
+                continue;
         }
+        best_crl = crl;
+        best_crl_issuer = crl_issuer;
+        best_score = crl_score;
+        best_reasons = reasons;
     }
     if (best_crl) {
@@ -1603,6 +1632,7 @@ static int check_policy(X509_STORE_CTX *ctx)
                             ctx->param->policies, ctx->param->flags);
     if (ret == 0) {
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
         return 0;
     }
     /* Invalid or inconsistent extensions */
@@ -1631,7 +1661,12 @@ static int check_policy(X509_STORE_CTX *ctx)
     if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
         ctx->current_cert = NULL;
-        ctx->error = X509_V_OK;
+        /*
+         * Verification errors need to be "sticky", a callback may have allowed
+         * an SSL handshake to continue despite an error, and we must then
+         * remain in an error state.  Therefore, we MUST NOT clear earlier
+         * verification errors by setting the error to X509_V_OK.
+         */
         if (!ctx->verify_cb(2, ctx))
             return 0;
     }
@@ -1724,9 +1759,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
          * explicitly asked for. It doesn't add any security and just wastes
          * time.
          */
-        if (!xs->valid
-            && (xs != xi
-                || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
+        if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
             if ((pkey = X509_get_pubkey(xi)) == NULL) {
                 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
                 ctx->current_cert = xi;
@@ -1746,8 +1779,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
             pkey = NULL;
         }
-        xs->valid = 1;
  check_cert:
         ok = check_cert_time(ctx, xs);
         if (!ok)