grpc 1.24.0 → 1.25.0.pre1

data/third_party/boringssl/include/openssl/cmac.h

@@ -46,6 +46,10 @@ OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
 // CMAC_CTX_free frees a |CMAC_CTX|.
 OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);
 
+// CMAC_CTX_copy sets |out| to be a duplicate of the current state |in|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
 // CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
 // only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
 // should be |EVP_aes_128_cbc()|. However, this implementation also supports
@@ -74,11 +78,11 @@ OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len);
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 

data/third_party/boringssl/include/openssl/conf.h

@@ -85,11 +85,8 @@ struct conf_value_st {
   char *value;
 };
 
-struct conf_st {
-  LHASH_OF(CONF_VALUE) *data;
-};
-
 DEFINE_STACK_OF(CONF_VALUE)
+DECLARE_LHASH_OF(CONF_VALUE)
 
 
 // NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|
@@ -162,11 +159,11 @@ OPENSSL_EXPORT void OPENSSL_no_config(void);
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(CONF, NCONF_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 

data/third_party/boringssl/include/openssl/cpu.h

@@ -86,16 +86,17 @@ extern "C" {
 //     Bit 11 is used to indicate AMD XOP support, not SDBG
 //   Index 2:
 //     EBX for CPUID where EAX = 7
-//   Index 3 is set to zero.
+//   Index 3:
+//     ECX for CPUID where EAX = 7
 //
 // Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM and XMM
 // bits in XCR0, so it is not necessary to check those.
 extern uint32_t OPENSSL_ia32cap_P[4];
 
-#if defined(BORINGSSL_FIPS)
+#if defined(BORINGSSL_FIPS) && !defined(BORINGSSL_SHARED_LIBRARY)
 const uint32_t *OPENSSL_ia32cap_get(void);
 #else
-static inline const uint32_t *OPENSSL_ia32cap_get(void) {
+OPENSSL_INLINE const uint32_t *OPENSSL_ia32cap_get(void) {
   return OPENSSL_ia32cap_P;
 }
 #endif
@@ -118,13 +119,13 @@ OPENSSL_EXPORT char CRYPTO_is_NEON_capable_at_runtime(void);
 
 // CRYPTO_is_NEON_capable returns true if the current CPU has a NEON unit. If
 // this is known statically then it returns one immediately.
-static inline int CRYPTO_is_NEON_capable(void) {
+OPENSSL_INLINE int CRYPTO_is_NEON_capable(void) {
   // Only statically skip the runtime lookup on aarch64. On arm, one CPU is
   // known to have a broken NEON unit which is known to fail with on some
   // hand-written NEON assembly. For now, continue to apply the workaround even
   // when the compiler is instructed to freely emit NEON code. See
   // https://crbug.com/341598 and https://crbug.com/606629.
-#if defined(__ARM_NEON__) && !defined(OPENSSL_ARM)
+#if (defined(__ARM_NEON__) || defined(__ARM_NEON)) && !defined(OPENSSL_ARM)
   return 1;
 #else
   return CRYPTO_is_NEON_capable_at_runtime();
@@ -151,15 +152,16 @@ int CRYPTO_is_ARMv8_PMULL_capable(void);
 
 #else
 
-static inline int CRYPTO_is_NEON_capable(void) {
-#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
+OPENSSL_INLINE int CRYPTO_is_NEON_capable(void) {
+#if defined(OPENSSL_STATIC_ARMCAP_NEON) || \
+    (defined(__ARM_NEON__) || defined(__ARM_NEON))
   return 1;
 #else
   return 0;
 #endif
 }
 
-static inline int CRYPTO_is_ARMv8_AES_capable(void) {
+OPENSSL_INLINE int CRYPTO_is_ARMv8_AES_capable(void) {
 #if defined(OPENSSL_STATIC_ARMCAP_AES) || defined(__ARM_FEATURE_CRYPTO)
   return 1;
 #else
@@ -167,7 +169,7 @@ static inline int CRYPTO_is_ARMv8_AES_capable(void) {
 #endif
 }
 
-static inline int CRYPTO_is_ARMv8_PMULL_capable(void) {
+OPENSSL_INLINE int CRYPTO_is_ARMv8_PMULL_capable(void) {
 #if defined(OPENSSL_STATIC_ARMCAP_PMULL) || defined(__ARM_FEATURE_CRYPTO)
   return 1;
 #else
@@ -188,6 +190,20 @@ extern unsigned long OPENSSL_ppc64le_hwcap2;
 
 #endif  // OPENSSL_PPC64LE
 
+#if defined(BORINGSSL_DISPATCH_TEST)
+// Runtime CPU dispatch testing support
+
+// BORINGSSL_function_hit is an array of flags. The following functions will
+// set these flags if BORINGSSL_DISPATCH_TEST is defined.
+//   0: aes_hw_ctr32_encrypt_blocks
+//   1: aes_hw_encrypt
+//   2: aesni_gcm_encrypt
+//   3: aes_hw_set_encrypt_key
+//   4: vpaes_encrypt
+//   5: vpaes_set_encrypt_key
+extern uint8_t BORINGSSL_function_hit[7];
+#endif  // BORINGSSL_DISPATCH_TEST
+
 
 #if defined(__cplusplus)
 }  // extern C

data/third_party/boringssl/include/openssl/crypto.h

@@ -16,6 +16,7 @@
 #define OPENSSL_HEADER_CRYPTO_H
 
 #include <openssl/base.h>
+#include <openssl/sha.h>
 
 // Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
 // mem.h.
@@ -58,8 +59,11 @@ OPENSSL_EXPORT int CRYPTO_has_asm(void);
 // which case it returns one.
 OPENSSL_EXPORT int FIPS_mode(void);
 
-// BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one
-// on success and zero on error.
+// BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one on
+// success and zero on error. The argument is the integrity hash of the FIPS
+// module and may be used to check and write flag files to suppress duplicate
+// self-tests. If it is all zeros, no flag file will be checked nor written and
+// tests will always be run.
 OPENSSL_EXPORT int BORINGSSL_self_test(void);
 
 
@@ -69,17 +73,25 @@ OPENSSL_EXPORT int BORINGSSL_self_test(void);
 // “OpenSSL”. node.js requires a version number in this text.
 #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 (compatible; BoringSSL)"
 
-#define SSLEAY_VERSION 0
-
-// SSLeay_version is a compatibility function that returns the string
-// "BoringSSL".
-OPENSSL_EXPORT const char *SSLeay_version(int unused);
-
 #define OPENSSL_VERSION 0
+#define OPENSSL_CFLAGS 1
+#define OPENSSL_BUILT_ON 2
+#define OPENSSL_PLATFORM 3
+#define OPENSSL_DIR 4
 
 // OpenSSL_version is a compatibility function that returns the string
-// "BoringSSL".
-OPENSSL_EXPORT const char *OpenSSL_version(int unused);
+// "BoringSSL" if |which| is |OPENSSL_VERSION| and placeholder strings
+// otherwise.
+OPENSSL_EXPORT const char *OpenSSL_version(int which);
+
+#define SSLEAY_VERSION OPENSSL_VERSION
+#define SSLEAY_CFLAGS OPENSSL_CFLAGS
+#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
+#define SSLEAY_PLATFORM OPENSSL_PLATFORM
+#define SSLEAY_DIR OPENSSL_DIR
+
+// SSLeay_version calls |OpenSSL_version|.
+OPENSSL_EXPORT const char *SSLeay_version(int which);
 
 // SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
 // base.h.
@@ -92,6 +104,9 @@ OPENSSL_EXPORT unsigned long OpenSSL_version_num(void);
 // CRYPTO_malloc_init returns one.
 OPENSSL_EXPORT int CRYPTO_malloc_init(void);
 
+// OPENSSL_malloc_init returns one.
+OPENSSL_EXPORT int OPENSSL_malloc_init(void);
+
 // ENGINE_load_builtin_engines does nothing.
 OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
 
@@ -114,6 +129,13 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
 OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
                                        const OPENSSL_INIT_SETTINGS *settings);
 
+// OPENSSL_cleanup does nothing.
+OPENSSL_EXPORT void OPENSSL_cleanup(void);
+
+// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with
+// |BORINGSSL_FIPS| and zero otherwise.
+OPENSSL_EXPORT int FIPS_mode_set(int on);
+
 
 #if defined(__cplusplus)
 }  // extern C

data/third_party/boringssl/include/openssl/curve25519.h

@@ -65,7 +65,7 @@ OPENSSL_EXPORT void X25519_public_from_private(uint8_t out_public_value[32],
 //
 // Note that, unlike RFC 8032's formulation, our private key representation
 // includes a public key suffix to make multiple key signing operations with the
-// same key more efficient. The RFC 8032 key private key is referred to in this
+// same key more efficient. The RFC 8032 private key is referred to in this
 // implementation as the "seed" and is the first 32 bytes of our private key.
 
 #define ED25519_PRIVATE_KEY_LEN 64
@@ -79,7 +79,7 @@ OPENSSL_EXPORT void ED25519_keypair(uint8_t out_public_key[32],
 
 // ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from
 // |message| using |private_key|. It returns one on success or zero on
-// error.
+// allocation failure.
 OPENSSL_EXPORT int ED25519_sign(uint8_t out_sig[64], const uint8_t *message,
                                 size_t message_len,
                                 const uint8_t private_key[64]);
@@ -188,11 +188,11 @@ OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key,
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 

data/third_party/boringssl/include/openssl/dh.h

@@ -278,11 +278,12 @@ struct dh_st {
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(DH, DH_free)
+BORINGSSL_MAKE_UP_REF(DH, DH_up_ref)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 

data/third_party/boringssl/include/openssl/digest.h

@@ -119,18 +119,19 @@ OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 
 // EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
-// copy of |in|. It returns one on success and zero on error.
+// copy of |in|. It returns one on success and zero on allocation failure.
 OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 
-// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|.
-OPENSSL_EXPORT void EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It
+// returns one.
+OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
 
 
 // Digest operations.
 
 // EVP_DigestInit_ex configures |ctx|, which must already have been
 // initialised, for a fresh hashing operation using |type|. It returns one on
-// success and zero otherwise.
+// success and zero on allocation failure.
 OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
                                      ENGINE *engine);
 
@@ -194,7 +195,7 @@ OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md);
 // EVP_MD_block_size returns the native block-size of |md|, in bytes.
 OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
 
-// EVP_MD_FLAG_PKEY_DIGEST indicates the the digest function is used with a
+// EVP_MD_FLAG_PKEY_DIGEST indicates that the digest function is used with a
 // specific public key in order to verify signatures. (For example,
 // EVP_dss1.)
 #define EVP_MD_FLAG_PKEY_DIGEST 1
@@ -204,6 +205,11 @@ OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
 // undefined rather than NULL.
 #define EVP_MD_FLAG_DIGALGID_ABSENT 2
 
+// EVP_MD_FLAG_XOF indicates that the digest is an extensible-output function
+// (XOF). This flag is defined for compatibility and will never be set in any
+// |EVP_MD| in BoringSSL.
+#define EVP_MD_FLAG_XOF 4
+
 
 // Digest operation accessors.
 
@@ -268,6 +274,14 @@ OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
 // EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|.
 OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 
+// EVP_DigestFinalXOF returns zero and adds an error to the error queue.
+// BoringSSL does not support any XOF digests.
+OPENSSL_EXPORT int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out,
+                                      size_t len);
+
+// EVP_MD_meth_get_flags calls |EVP_MD_flags|.
+OPENSSL_EXPORT uint32_t EVP_MD_meth_get_flags(const EVP_MD *md);
+
 
 struct evp_md_pctx_ops;
 
@@ -294,7 +308,7 @@ struct env_md_ctx_st {
 #if !defined(BORINGSSL_NO_CXX)
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
 
@@ -302,7 +316,7 @@ using ScopedEVP_MD_CTX =
     internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,
                              EVP_MD_CTX_cleanup>;
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 #endif

data/third_party/boringssl/include/openssl/dsa.h

@@ -73,6 +73,10 @@ extern "C" {
 
 // DSA contains functions for signing and verifying with the Digital Signature
 // Algorithm.
+//
+// This module is deprecated and retained for legacy reasons only. It is not
+// considered a priority for performance or hardening work. Do not use it in
+// new code. Use Ed25519, ECDSA with P-256, or RSA instead.
 
 
 // Allocation and destruction.
@@ -413,12 +417,13 @@ struct dsa_st {
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(DSA, DSA_free)
+BORINGSSL_MAKE_UP_REF(DSA, DSA_up_ref)
 BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 
@@ -431,5 +436,6 @@ BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
 #define DSA_R_BAD_VERSION 104
 #define DSA_R_DECODE_ERROR 105
 #define DSA_R_ENCODE_ERROR 106
+#define DSA_R_INVALID_PARAMETERS 107
 
 #endif  // OPENSSL_HEADER_DSA_H

data/third_party/boringssl/include/openssl/e_os2.h

@@ -0,0 +1,18 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+/* This header is provided in order to make compiling against code that expects
+   OpenSSL easier. */
+
+#include <openssl/base.h>

data/third_party/boringssl/include/openssl/ec.h

@@ -102,7 +102,7 @@ typedef enum {
 // Elliptic curve groups.
 
 // EC_GROUP_new_by_curve_name returns a fresh EC_GROUP object for the elliptic
-// curve specified by |nid|, or NULL on error.
+// curve specified by |nid|, or NULL on unsupported NID or allocation failure.
 //
 // The supported NIDs are:
 //   NID_secp224r1 (P-224),
@@ -114,11 +114,10 @@ typedef enum {
 // more modern primitives.
 OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
 
-// EC_GROUP_free frees |group| and the data that it points to.
+// EC_GROUP_free releases a reference to |group|.
 OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group);
 
-// EC_GROUP_dup returns a fresh |EC_GROUP| which is equal to |a| or NULL on
-// error.
+// EC_GROUP_dup takes a reference to |a| and returns it.
 OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a);
 
 // EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
@@ -134,6 +133,9 @@ OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
 // |group| that specifies the order of the group.
 OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
 
+// EC_GROUP_order_bits returns the number of bits of the order of |group|.
+OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group);
+
 // EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
 // |ctx|, if it's not NULL. It returns one on success and zero otherwise.
 OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group,
@@ -155,6 +157,16 @@ OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group);
 // element of the field underlying |group|.
 OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group);
 
+// EC_curve_nid2nist returns the NIST name of the elliptic curve specified by
+// |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256"
+// for |NID_X9_62_prime256v1|.
+OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid);
+
+// EC_curve_nist2nid returns the NID of the elliptic curve specified by the NIST
+// name |name|, or |NID_undef| if |name| is not a recognized name. For example,
+// it returns |NID_X9_62_prime256v1| for "P-256".
+OPENSSL_EXPORT int EC_curve_nist2nid(const char *name);
+
 
 // Points on elliptic curves.
 
@@ -195,17 +207,6 @@ OPENSSL_EXPORT int EC_POINT_is_on_curve(const EC_GROUP *group,
 OPENSSL_EXPORT int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a,
                                 const EC_POINT *b, BN_CTX *ctx);
 
-// EC_POINT_make_affine converts |point| to affine form, internally. It returns
-// one on success and zero otherwise. If |ctx| is not NULL, it may be used.
-OPENSSL_EXPORT int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point,
-                                        BN_CTX *ctx);
-
-// EC_POINTs_make_affine converts |num| points from |points| to affine form,
-// internally. It returns one on success and zero otherwise. If |ctx| is not
-// NULL, it may be used.
-OPENSSL_EXPORT int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
-                                         EC_POINT *points[], BN_CTX *ctx);
-
 
 // Point conversion.
 
@@ -324,10 +325,11 @@ OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
 OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 
 #define OPENSSL_EC_NAMED_CURVE 0
+#define OPENSSL_EC_EXPLICIT_CURVE 1
 
 typedef struct ec_method_st EC_METHOD;
 
-// EC_GROUP_method_of returns NULL.
+// EC_GROUP_method_of returns a dummy non-NULL pointer.
 OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
 
 // EC_METHOD_get_field_type returns NID_X9_62_prime_field.
@@ -355,21 +357,23 @@ OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
 // EC_POINT_clear_free calls |EC_POINT_free|.
 OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point);
 
-// Old code expects to get EC_KEY from ec.h.
-#include <openssl/ec_key.h>
-
 
 #if defined(__cplusplus)
 }  // extern C
+#endif
 
+// Old code expects to get EC_KEY from ec.h.
+#include <openssl/ec_key.h>
+
+#if defined(__cplusplus)
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free)
 BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++