RubyGems - grpc - Versions diffs - 1.24.0 → 1.25.0.pre1 - Mend

grpc 1.24.0 → 1.25.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (504) hide show

checksums.yaml +4 -4
data/Makefile +306 -243
data/etc/roots.pem +0 -100
data/include/grpc/grpc_security.h +44 -18
data/include/grpc/impl/codegen/grpc_types.h +15 -0
data/include/grpc/impl/codegen/port_platform.h +27 -11
data/include/grpc/impl/codegen/sync_generic.h +1 -1
data/src/boringssl/err_data.c +695 -650
data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
data/src/core/ext/filters/client_channel/client_channel.h +24 -0
data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
data/src/core/ext/filters/client_channel/resolver.cc +1 -2
data/src/core/ext/filters/client_channel/resolver.h +8 -16
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
data/src/core/ext/filters/client_channel/service_config.h +8 -8
data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
data/src/core/ext/filters/client_channel/subchannel.h +7 -9
data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
data/src/core/lib/channel/channel_args.cc +16 -0
data/src/core/lib/channel/channel_args.h +22 -0
data/src/core/lib/channel/channelz.cc +5 -6
data/src/core/lib/channel/channelz.h +1 -1
data/src/core/lib/channel/connected_channel.cc +20 -20
data/src/core/lib/channel/handshaker.h +3 -4
data/src/core/lib/channel/handshaker_factory.h +1 -3
data/src/core/lib/debug/trace.h +3 -2
data/src/core/lib/gprpp/arena.cc +3 -3
data/src/core/lib/gprpp/arena.h +2 -3
data/src/core/lib/gprpp/inlined_vector.h +9 -0
data/src/core/lib/gprpp/map.h +3 -501
data/src/core/lib/gprpp/memory.h +45 -41
data/src/core/lib/gprpp/mpscq.cc +108 -0
data/src/core/lib/gprpp/mpscq.h +98 -0
data/src/core/lib/gprpp/orphanable.h +6 -11
data/src/core/lib/gprpp/ref_counted.h +25 -19
data/src/core/lib/gprpp/set.h +33 -0
data/src/core/lib/gprpp/thd.h +2 -4
data/src/core/lib/http/httpcli.cc +1 -1
data/src/core/lib/http/httpcli_security_connector.cc +15 -11
data/src/core/lib/http/parser.cc +1 -1
data/src/core/lib/iomgr/buffer_list.cc +4 -5
data/src/core/lib/iomgr/buffer_list.h +5 -6
data/src/core/lib/iomgr/call_combiner.cc +4 -5
data/src/core/lib/iomgr/call_combiner.h +2 -2
data/src/core/lib/iomgr/cfstream_handle.h +3 -5
data/src/core/lib/iomgr/closure.h +8 -3
data/src/core/lib/iomgr/combiner.cc +45 -82
data/src/core/lib/iomgr/combiner.h +32 -8
data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
data/src/core/lib/iomgr/exec_ctx.h +4 -3
data/src/core/lib/iomgr/executor.cc +4 -2
data/src/core/lib/iomgr/executor.h +3 -0
data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
data/src/core/lib/iomgr/executor/threadpool.h +7 -11
data/src/core/lib/iomgr/resource_quota.cc +55 -51
data/src/core/lib/iomgr/resource_quota.h +13 -9
data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
data/src/core/lib/iomgr/tcp_custom.cc +9 -7
data/src/core/lib/iomgr/tcp_posix.cc +20 -16
data/src/core/lib/iomgr/tcp_server.h +1 -4
data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
data/src/core/lib/iomgr/timer_custom.cc +2 -2
data/src/core/lib/iomgr/udp_server.cc +3 -2
data/src/core/lib/iomgr/udp_server.h +6 -12
data/src/core/lib/json/json.h +1 -1
data/src/core/lib/json/json_string.cc +2 -2
data/src/core/lib/profiling/basic_timers.cc +2 -2
data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
data/src/core/lib/security/credentials/credentials.h +4 -20
data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/security_connector.cc +1 -0
data/src/core/lib/security/security_connector/security_connector.h +19 -17
data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
data/src/core/lib/security/transport/security_handshaker.cc +29 -13
data/src/core/lib/security/transport/security_handshaker.h +4 -2
data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
data/src/core/lib/slice/slice.cc +2 -10
data/src/core/lib/slice/slice_hash_table.h +4 -6
data/src/core/lib/slice/slice_intern.cc +42 -39
data/src/core/lib/slice/slice_internal.h +3 -3
data/src/core/lib/slice/slice_utils.h +21 -4
data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
data/src/core/lib/surface/call.cc +3 -3
data/src/core/lib/surface/channel.cc +7 -0
data/src/core/lib/surface/completion_queue.cc +12 -11
data/src/core/lib/surface/completion_queue.h +4 -2
data/src/core/lib/surface/init.cc +1 -0
data/src/core/lib/surface/lame_client.cc +33 -18
data/src/core/lib/surface/server.cc +77 -76
data/src/core/lib/surface/version.cc +1 -1
data/src/core/lib/transport/byte_stream.h +3 -7
data/src/core/lib/transport/connectivity_state.cc +112 -98
data/src/core/lib/transport/connectivity_state.h +100 -50
data/src/core/lib/transport/static_metadata.cc +276 -288
data/src/core/lib/transport/static_metadata.h +73 -76
data/src/core/lib/transport/status_conversion.cc +1 -1
data/src/core/lib/transport/status_metadata.cc +1 -1
data/src/core/lib/transport/transport.cc +2 -2
data/src/core/lib/transport/transport.h +12 -4
data/src/core/lib/transport/transport_op_string.cc +14 -11
data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
data/src/core/tsi/fake_transport_security.cc +7 -5
data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
data/src/core/tsi/local_transport_security.cc +8 -6
data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
data/src/core/tsi/ssl_transport_security.cc +12 -12
data/src/core/tsi/ssl_transport_security.h +2 -2
data/src/core/tsi/transport_security_grpc.cc +7 -0
data/src/core/tsi/transport_security_grpc.h +6 -0
data/src/ruby/ext/grpc/extconf.rb +1 -0
data/src/ruby/ext/grpc/rb_call.c +1 -1
data/src/ruby/ext/grpc/rb_channel.c +1 -1
data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
data/third_party/boringssl/crypto/base64/base64.c +2 -2
data/third_party/boringssl/crypto/bio/bio.c +73 -9
data/third_party/boringssl/crypto/bio/connect.c +4 -0
data/third_party/boringssl/crypto/bio/fd.c +4 -0
data/third_party/boringssl/crypto/bio/file.c +5 -2
data/third_party/boringssl/crypto/bio/socket.c +4 -0
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
data/third_party/boringssl/crypto/chacha/internal.h +45 -0
data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
data/third_party/boringssl/crypto/conf/conf.c +7 -0
data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
data/third_party/boringssl/crypto/cpu-intel.c +45 -51
data/third_party/boringssl/crypto/crypto.c +39 -22
data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
data/third_party/boringssl/crypto/engine/engine.c +2 -1
data/third_party/boringssl/crypto/err/err.c +2 -0
data/third_party/boringssl/crypto/err/internal.h +2 -2
data/third_party/boringssl/crypto/evp/evp.c +89 -8
data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
data/third_party/boringssl/crypto/evp/internal.h +18 -1
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
data/third_party/boringssl/crypto/hrss/internal.h +62 -0
data/third_party/boringssl/crypto/internal.h +95 -20
data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
data/third_party/boringssl/crypto/mem.c +39 -2
data/third_party/boringssl/crypto/obj/obj.c +4 -4
data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
data/third_party/boringssl/crypto/pool/internal.h +1 -1
data/third_party/boringssl/crypto/pool/pool.c +21 -0
data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
data/third_party/boringssl/crypto/refcount_lock.c +2 -2
data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
data/third_party/boringssl/crypto/stack/stack.c +83 -32
data/third_party/boringssl/crypto/thread_none.c +2 -2
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +38 -19
data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
data/third_party/boringssl/crypto/x509/by_file.c +12 -10
data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
data/third_party/boringssl/crypto/x509/t_req.c +1 -3
data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
data/third_party/boringssl/crypto/x509/x509name.c +2 -3
data/third_party/boringssl/crypto/x509/x_all.c +109 -210
data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
data/third_party/boringssl/include/openssl/aead.h +45 -19
data/third_party/boringssl/include/openssl/aes.h +32 -7
data/third_party/boringssl/include/openssl/asn1.h +7 -77
data/third_party/boringssl/include/openssl/base.h +120 -6
data/third_party/boringssl/include/openssl/base64.h +4 -1
data/third_party/boringssl/include/openssl/bio.h +112 -81
data/third_party/boringssl/include/openssl/blowfish.h +3 -3
data/third_party/boringssl/include/openssl/bn.h +55 -29
data/third_party/boringssl/include/openssl/buf.h +2 -2
data/third_party/boringssl/include/openssl/bytestring.h +54 -32
data/third_party/boringssl/include/openssl/cast.h +2 -2
data/third_party/boringssl/include/openssl/cipher.h +46 -16
data/third_party/boringssl/include/openssl/cmac.h +6 -2
data/third_party/boringssl/include/openssl/conf.h +3 -6
data/third_party/boringssl/include/openssl/cpu.h +25 -9
data/third_party/boringssl/include/openssl/crypto.h +32 -10
data/third_party/boringssl/include/openssl/curve25519.h +4 -4
data/third_party/boringssl/include/openssl/dh.h +3 -2
data/third_party/boringssl/include/openssl/digest.h +21 -7
data/third_party/boringssl/include/openssl/dsa.h +8 -2
data/third_party/boringssl/include/openssl/e_os2.h +18 -0
data/third_party/boringssl/include/openssl/ec.h +25 -21
data/third_party/boringssl/include/openssl/ec_key.h +36 -8
data/third_party/boringssl/include/openssl/ecdh.h +17 -0
data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
data/third_party/boringssl/include/openssl/engine.h +4 -4
data/third_party/boringssl/include/openssl/err.h +3 -0
data/third_party/boringssl/include/openssl/evp.h +199 -42
data/third_party/boringssl/include/openssl/hmac.h +4 -4
data/third_party/boringssl/include/openssl/hrss.h +100 -0
data/third_party/boringssl/include/openssl/lhash.h +131 -23
data/third_party/boringssl/include/openssl/md4.h +6 -4
data/third_party/boringssl/include/openssl/md5.h +6 -4
data/third_party/boringssl/include/openssl/mem.h +6 -2
data/third_party/boringssl/include/openssl/nid.h +3 -0
data/third_party/boringssl/include/openssl/obj.h +3 -0
data/third_party/boringssl/include/openssl/pem.h +102 -64
data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
data/third_party/boringssl/include/openssl/pool.h +13 -2
data/third_party/boringssl/include/openssl/ripemd.h +5 -4
data/third_party/boringssl/include/openssl/rsa.h +46 -15
data/third_party/boringssl/include/openssl/sha.h +40 -28
data/third_party/boringssl/include/openssl/siphash.h +37 -0
data/third_party/boringssl/include/openssl/span.h +17 -9
data/third_party/boringssl/include/openssl/ssl.h +766 -393
data/third_party/boringssl/include/openssl/ssl3.h +4 -3
data/third_party/boringssl/include/openssl/stack.h +134 -77
data/third_party/boringssl/include/openssl/thread.h +1 -1
data/third_party/boringssl/include/openssl/tls1.h +25 -9
data/third_party/boringssl/include/openssl/type_check.h +14 -15
data/third_party/boringssl/include/openssl/x509.h +28 -3
data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
data/third_party/boringssl/include/openssl/x509v3.h +17 -13
data/third_party/boringssl/ssl/d1_both.cc +9 -18
data/third_party/boringssl/ssl/d1_lib.cc +4 -3
data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
data/third_party/boringssl/ssl/dtls_method.cc +0 -1
data/third_party/boringssl/ssl/dtls_record.cc +28 -28
data/third_party/boringssl/ssl/handoff.cc +295 -91
data/third_party/boringssl/ssl/handshake.cc +133 -72
data/third_party/boringssl/ssl/handshake_client.cc +218 -189
data/third_party/boringssl/ssl/handshake_server.cc +399 -272
data/third_party/boringssl/ssl/internal.h +1413 -928
data/third_party/boringssl/ssl/s3_both.cc +175 -36
data/third_party/boringssl/ssl/s3_lib.cc +9 -13
data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
data/third_party/boringssl/ssl/ssl_file.cc +2 -0
data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
data/third_party/boringssl/ssl/ssl_session.cc +230 -178
data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
data/third_party/boringssl/ssl/t1_enc.cc +5 -96
data/third_party/boringssl/ssl/t1_lib.cc +931 -678
data/third_party/boringssl/ssl/tls13_both.cc +251 -121
data/third_party/boringssl/ssl/tls13_client.cc +129 -73
data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
data/third_party/boringssl/ssl/tls13_server.cc +259 -192
data/third_party/boringssl/ssl/tls_method.cc +26 -21
data/third_party/boringssl/ssl/tls_record.cc +42 -47
data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
data/third_party/boringssl/third_party/fiat/p256.c +238 -999
data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
data/third_party/upb/upb/port_def.inc +1 -1
data/third_party/upb/upb/table.c +2 -1
metadata +71 -43
data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
data/src/core/lib/gpr/mpscq.cc +0 -117
data/src/core/lib/gpr/mpscq.h +0 -88
data/src/core/lib/gprpp/abstract.h +0 -47
data/src/core/lib/gprpp/pair.h +0 -38
data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
data/third_party/boringssl/ssl/custom_extensions.cc +0 -265

data/third_party/boringssl/crypto/ec_extra/ec_asn1.c CHANGED

@@ -159,8 +159,8 @@ EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
         (point_conversion_form_t)(CBS_data(&public_key)[0] & ~0x01);
   } else {
     // Compute the public key instead.
-    if (!ec_point_mul_scalar(group, ret->pub_key, &ret->priv_key->scalar, NULL,
-                             NULL, NULL)) {
+    if (!ec_point_mul_scalar_base(group, &ret->pub_key->raw,
+                                  &ret->priv_key->scalar)) {
       goto err;
     }
     // Remember the original private-key-only encoding.
@@ -264,7 +264,8 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
                                       CBS *out_base_y, CBS *out_order) {
   // See RFC 3279, section 2.3.5. Note that RFC 3279 calls this structure an
   // ECParameters while RFC 5480 calls it a SpecifiedECDomain.
-  CBS params, field_id, field_type, curve, base;
+  CBS params, field_id, field_type, curve, base, cofactor;
+  int has_cofactor;
   uint64_t version;
   if (!CBS_get_asn1(in, &params, CBS_ASN1_SEQUENCE) ||
       !CBS_get_asn1_uint64(&params, &version) ||
@@ -272,7 +273,8 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
       !CBS_get_asn1(&params, &field_id, CBS_ASN1_SEQUENCE) ||
       !CBS_get_asn1(&field_id, &field_type, CBS_ASN1_OBJECT) ||
       CBS_len(&field_type) != sizeof(kPrimeField) ||
-      OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 ||
+      OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) !=
+          0 ||
       !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) ||
       !is_unsigned_integer(out_prime) ||
       CBS_len(&field_id) != 0 ||
@@ -280,16 +282,26 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
       !CBS_get_asn1(&curve, out_a, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1(&curve, out_b, CBS_ASN1_OCTETSTRING) ||
       // |curve| has an optional BIT STRING seed which we ignore.
+      !CBS_get_optional_asn1(&curve, NULL, NULL, CBS_ASN1_BITSTRING) ||
+      CBS_len(&curve) != 0 ||
       !CBS_get_asn1(&params, &base, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1(&params, out_order, CBS_ASN1_INTEGER) ||
-      !is_unsigned_integer(out_order)) {
+      !is_unsigned_integer(out_order) ||
+      !CBS_get_optional_asn1(&params, &cofactor, &has_cofactor,
+                             CBS_ASN1_INTEGER) ||
+      CBS_len(&params) != 0) {
     OPENSSL_PUT_ERROR(EC, EC_R_DECODE_ERROR);
     return 0;
   }
-  // |params| has an optional cofactor which we ignore. With the optional seed
-  // in |curve|, a group already has arbitrarily many encodings. Parse enough to
-  // uniquely determine the curve.
+  if (has_cofactor) {
+    // We only support prime-order curves so the cofactor must be one.
+    if (CBS_len(&cofactor) != 1 ||
+        CBS_data(&cofactor)[0] != 1) {
+      OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
+      return 0;
+    }
+  }
   // Require that the base point use uncompressed form.
   uint8_t form;

data/third_party/boringssl/crypto/ec_extra/ec_derive.c ADDED

@@ -0,0 +1,96 @@
+/* Copyright (c) 2019, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <openssl/ec_key.h>
+#include <string.h>
+#include <openssl/buf.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/digest.h>
+#include <openssl/hkdf.h>
+#include <openssl/mem.h>
+#include "../fipsmodule/ec/internal.h"
+EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group, const uint8_t *secret,
+                                  size_t secret_len) {
+#define EC_KEY_DERIVE_MAX_NAME_LEN 16
+  const char *name = EC_curve_nid2nist(EC_GROUP_get_curve_name(group));
+  if (name == NULL || strlen(name) > EC_KEY_DERIVE_MAX_NAME_LEN) {
+    OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
+    return NULL;
+  }
+  // Assemble a label string to provide some key separation in case |secret| is
+  // misused, but ultimately it's on the caller to ensure |secret| is suitably
+  // separated.
+  static const char kLabel[] = "derive EC key ";
+  char info[sizeof(kLabel) + EC_KEY_DERIVE_MAX_NAME_LEN];
+  BUF_strlcpy(info, kLabel, sizeof(info));
+  BUF_strlcat(info, name, sizeof(info));
+  // Generate 128 bits beyond the group order so the bias is at most 2^-128.
+#define EC_KEY_DERIVE_EXTRA_BITS 128
+#define EC_KEY_DERIVE_EXTRA_BYTES (EC_KEY_DERIVE_EXTRA_BITS / 8)
+  if (EC_GROUP_order_bits(group) <= EC_KEY_DERIVE_EXTRA_BITS + 8) {
+    // The reduction strategy below requires the group order be large enough.
+    // (The actual bound is a bit tighter, but our curves are much larger than
+    // 128-bit.)
+    OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+    return NULL;
+  }
+  uint8_t derived[EC_KEY_DERIVE_EXTRA_BYTES + EC_MAX_BYTES];
+  size_t derived_len = BN_num_bytes(&group->order) + EC_KEY_DERIVE_EXTRA_BYTES;
+  assert(derived_len <= sizeof(derived));
+  if (!HKDF(derived, derived_len, EVP_sha256(), secret, secret_len,
+            /*salt=*/NULL, /*salt_len=*/0, (const uint8_t *)info,
+            strlen(info))) {
+    return NULL;
+  }
+  EC_KEY *key = EC_KEY_new();
+  BN_CTX *ctx = BN_CTX_new();
+  BIGNUM *priv = BN_bin2bn(derived, derived_len, NULL);
+  EC_POINT *pub = EC_POINT_new(group);
+  if (key == NULL || ctx == NULL || priv == NULL || pub == NULL ||
+      // Reduce |priv| with Montgomery reduction. First, convert "from"
+      // Montgomery form to compute |priv| * R^-1 mod |order|. This requires
+      // |priv| be under order * R, which is true if the group order is large
+      // enough. 2^(num_bytes(order)) < 2^8 * order, so:
+      //
+      //    priv < 2^8 * order * 2^128 < order * order < order * R
+      !BN_from_montgomery(priv, priv, group->order_mont, ctx) ||
+      // Multiply by R^2 and do another Montgomery reduction to compute
+      // priv * R^-1 * R^2 * R^-1 = priv mod order.
+      !BN_to_montgomery(priv, priv, group->order_mont, ctx) ||
+      !EC_POINT_mul(group, pub, priv, NULL, NULL, ctx) ||
+      !EC_KEY_set_group(key, group) || !EC_KEY_set_public_key(key, pub) ||
+      !EC_KEY_set_private_key(key, priv)) {
+    EC_KEY_free(key);
+    key = NULL;
+    goto err;
+  }
+err:
+  OPENSSL_cleanse(derived, sizeof(derived));
+  BN_CTX_free(ctx);
+  BN_free(priv);
+  EC_POINT_free(pub);
+  return key;
+}

data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} RENAMED

@@ -69,7 +69,6 @@
 #include <limits.h>
 #include <string.h>
-#include <openssl/bn.h>
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -78,85 +77,48 @@
 #include "../internal.h"
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+int ECDH_compute_key(void *out, size_t out_len, const EC_POINT *pub_key,
                      const EC_KEY *priv_key,
                      void *(*kdf)(const void *in, size_t inlen, void *out,
-                                  size_t *outlen)) {
+                                  size_t *out_len)) {
   if (priv_key->priv_key == NULL) {
     OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE);
     return -1;
   }
   const EC_SCALAR *const priv = &priv_key->priv_key->scalar;
-  BN_CTX *ctx = BN_CTX_new();
-  if (ctx == NULL) {
-    return -1;
-  }
-  BN_CTX_start(ctx);
-  int ret = -1;
-  size_t buflen = 0;
-  uint8_t *buf = NULL;
   const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
-  EC_POINT *tmp = EC_POINT_new(group);
-  if (tmp == NULL) {
-    OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-  if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) {
-    OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
-    goto err;
-  }
-  BIGNUM *x = BN_CTX_get(ctx);
-  if (!x) {
-    OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
-    goto err;
+  if (EC_GROUP_cmp(group, pub_key->group, NULL) != 0) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return -1;
   }
-  if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, NULL, ctx)) {
+  EC_RAW_POINT shared_point;
+  uint8_t buf[EC_MAX_BYTES];
+  size_t buf_len;
+  if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) ||
+      !ec_point_get_affine_coordinate_bytes(group, buf, NULL, &buf_len,
+                                            sizeof(buf), &shared_point)) {
     OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
-    goto err;
-  }
-  buflen = (EC_GROUP_get_degree(group) + 7) / 8;
-  buf = OPENSSL_malloc(buflen);
-  if (buf == NULL) {
-    OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-  if (!BN_bn2bin_padded(buf, buflen, x)) {
-    OPENSSL_PUT_ERROR(ECDH, ERR_R_INTERNAL_ERROR);
-    goto err;
+    return -1;
   }
   if (kdf != NULL) {
-    if (kdf(buf, buflen, out, &outlen) == NULL) {
+    if (kdf(buf, buf_len, out, &out_len) == NULL) {
       OPENSSL_PUT_ERROR(ECDH, ECDH_R_KDF_FAILED);
-      goto err;
+      return -1;
     }
   } else {
     // no KDF, just copy as much as we can
-    if (buflen < outlen) {
-      outlen = buflen;
+    if (buf_len < out_len) {
+      out_len = buf_len;
     }
-    OPENSSL_memcpy(out, buf, outlen);
+    OPENSSL_memcpy(out, buf, out_len);
   }
-  if (outlen > INT_MAX) {
+  if (out_len > INT_MAX) {
     OPENSSL_PUT_ERROR(ECDH, ERR_R_OVERFLOW);
-    goto err;
+    return -1;
   }
-  ret = (int)outlen;
-err:
-  OPENSSL_free(buf);
-  EC_POINT_free(tmp);
-  BN_CTX_end(ctx);
-  BN_CTX_free(ctx);
-  return ret;
+  return (int)out_len;
 }

data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c CHANGED

@@ -74,15 +74,7 @@ int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig,
   }
   int ret = 0;
-  ECDSA_SIG *s = NULL;
-  if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {
-    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
-    *sig_len = 0;
-    goto err;
-  }
-  s = ECDSA_do_sign(digest, digest_len, eckey);
+  ECDSA_SIG *s = ECDSA_do_sign(digest, digest_len, eckey);
   if (s == NULL) {
     *sig_len = 0;
     goto err;

data/third_party/boringssl/crypto/engine/engine.c CHANGED

@@ -41,9 +41,10 @@ ENGINE *ENGINE_new(void) {
   return engine;
 }
-void ENGINE_free(ENGINE *engine) {
+int ENGINE_free(ENGINE *engine) {
   // Methods are currently required to be static so are not unref'ed.
   OPENSSL_free(engine);
+  return 1;
 }
 // set_method takes a pointer to a method and its given size and sets

data/third_party/boringssl/crypto/err/err.c CHANGED

@@ -781,6 +781,8 @@ void ERR_load_BIO_strings(void) {}
 void ERR_load_ERR_strings(void) {}
+void ERR_load_RAND_strings(void) {}
 struct err_save_state_st {
   struct err_error_st *errors;
   size_t num_errors;

data/third_party/boringssl/crypto/err/internal.h CHANGED

@@ -46,11 +46,11 @@ OPENSSL_EXPORT void ERR_restore_state(const ERR_SAVE_STATE *state);
 extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 BORINGSSL_MAKE_DELETER(ERR_SAVE_STATE, ERR_SAVE_STATE_free)
-}  // namespace bssl
+BSSL_NAMESPACE_END
 }  // extern C++
 #endif

data/third_party/boringssl/crypto/evp/evp.c CHANGED

@@ -71,6 +71,11 @@
 #include "../internal.h"
+// Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|.
+//
+// TODO(davidben): Fix Node to not touch the error queue itself and remove this.
+OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH)
 EVP_PKEY *EVP_PKEY_new(void) {
   EVP_PKEY *ret;
@@ -176,7 +181,7 @@ int EVP_PKEY_size(const EVP_PKEY *pkey) {
   return 0;
 }
-int EVP_PKEY_bits(EVP_PKEY *pkey) {
+int EVP_PKEY_bits(const EVP_PKEY *pkey) {
   if (pkey && pkey->ameth && pkey->ameth->pkey_bits) {
     return pkey->ameth->pkey_bits(pkey);
   }
@@ -200,6 +205,8 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
       return &dsa_asn1_meth;
     case EVP_PKEY_ED25519:
       return &ed25519_asn1_meth;
+    case EVP_PKEY_X25519:
+      return &x25519_asn1_meth;
     default:
       return NULL;
   }
@@ -225,7 +232,7 @@ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
   return EVP_PKEY_assign(pkey, EVP_PKEY_RSA, key);
 }
-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) {
+RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
   if (pkey->type != EVP_PKEY_RSA) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
     return NULL;
@@ -233,7 +240,7 @@ RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) {
   return pkey->pkey.rsa;
 }
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) {
+RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
   RSA *rsa = EVP_PKEY_get0_RSA(pkey);
   if (rsa != NULL) {
     RSA_up_ref(rsa);
@@ -253,7 +260,7 @@ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) {
   return EVP_PKEY_assign(pkey, EVP_PKEY_DSA, key);
 }
-DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) {
+DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) {
   if (pkey->type != EVP_PKEY_DSA) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY);
     return NULL;
@@ -261,7 +268,7 @@ DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) {
   return pkey->pkey.dsa;
 }
-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) {
+DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) {
   DSA *dsa = EVP_PKEY_get0_DSA(pkey);
   if (dsa != NULL) {
     DSA_up_ref(dsa);
@@ -281,7 +288,7 @@ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
   return EVP_PKEY_assign(pkey, EVP_PKEY_EC, key);
 }
-EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) {
+EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
   if (pkey->type != EVP_PKEY_EC) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY);
     return NULL;
@@ -289,7 +296,7 @@ EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) {
   return pkey->pkey.ec;
 }
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) {
+EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
   EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
   if (ec_key != NULL) {
     EC_KEY_up_ref(ec_key);
@@ -297,7 +304,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) {
   return ec_key;
 }
-DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return NULL; }
+DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { return NULL; }
+DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { return NULL; }
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) {
   if (!EVP_PKEY_set_type(pkey, type)) {
@@ -329,7 +337,73 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
   return 1;
 }
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused,
+                                       const uint8_t *in, size_t len) {
+  EVP_PKEY *ret = EVP_PKEY_new();
+  if (ret == NULL ||
+      !EVP_PKEY_set_type(ret, type)) {
+    goto err;
+  }
+  if (ret->ameth->set_priv_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    goto err;
+  }
+  if (!ret->ameth->set_priv_raw(ret, in, len)) {
+    goto err;
+  }
+  return ret;
+err:
+  EVP_PKEY_free(ret);
+  return NULL;
+}
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused,
+                                      const uint8_t *in, size_t len) {
+  EVP_PKEY *ret = EVP_PKEY_new();
+  if (ret == NULL ||
+      !EVP_PKEY_set_type(ret, type)) {
+    goto err;
+  }
+  if (ret->ameth->set_pub_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    goto err;
+  }
+  if (!ret->ameth->set_pub_raw(ret, in, len)) {
+    goto err;
+  }
+  return ret;
+err:
+  EVP_PKEY_free(ret);
+  return NULL;
+}
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, uint8_t *out,
+                                 size_t *out_len) {
+  if (pkey->ameth->get_priv_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+  return pkey->ameth->get_priv_raw(pkey, out, out_len);
+}
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, uint8_t *out,
+                                size_t *out_len) {
+  if (pkey->ameth->get_pub_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+  return pkey->ameth->get_pub_raw(pkey, out, out_len);
+}
 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
   if (a->type != b->type) {
@@ -360,3 +434,10 @@ void OpenSSL_add_all_ciphers(void) {}
 void OpenSSL_add_all_digests(void) {}
 void EVP_cleanup(void) {}
+int EVP_PKEY_base_id(const EVP_PKEY *pkey) {
+  // OpenSSL has two notions of key type because it supports multiple OIDs for
+  // the same algorithm: NID_rsa vs NID_rsaEncryption and five distinct spelling
+  // of DSA. We do not support these, so the base ID is simply the ID.
+  return EVP_PKEY_id(pkey);
+}