RubyGems - grpc - Versions diffs - 1.24.0 → 1.25.0 - Mend

grpc 1.24.0 → 1.25.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show

checksums.yaml +4 -4
data/Makefile +306 -243
data/etc/roots.pem +0 -100
data/include/grpc/grpc_security.h +44 -18
data/include/grpc/impl/codegen/grpc_types.h +15 -0
data/include/grpc/impl/codegen/port_platform.h +27 -11
data/include/grpc/impl/codegen/sync_generic.h +1 -1
data/src/boringssl/err_data.c +695 -650
data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
data/src/core/ext/filters/client_channel/client_channel.h +24 -0
data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
data/src/core/ext/filters/client_channel/resolver.cc +1 -2
data/src/core/ext/filters/client_channel/resolver.h +8 -16
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
data/src/core/ext/filters/client_channel/service_config.h +8 -8
data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
data/src/core/ext/filters/client_channel/subchannel.h +7 -9
data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
data/src/core/lib/channel/channel_args.cc +16 -0
data/src/core/lib/channel/channel_args.h +22 -0
data/src/core/lib/channel/channelz.cc +5 -6
data/src/core/lib/channel/channelz.h +1 -1
data/src/core/lib/channel/connected_channel.cc +20 -20
data/src/core/lib/channel/handshaker.h +3 -4
data/src/core/lib/channel/handshaker_factory.h +1 -3
data/src/core/lib/debug/trace.h +3 -2
data/src/core/lib/gprpp/arena.cc +3 -3
data/src/core/lib/gprpp/arena.h +2 -3
data/src/core/lib/gprpp/inlined_vector.h +9 -0
data/src/core/lib/gprpp/map.h +3 -501
data/src/core/lib/gprpp/memory.h +45 -41
data/src/core/lib/gprpp/mpscq.cc +108 -0
data/src/core/lib/gprpp/mpscq.h +98 -0
data/src/core/lib/gprpp/orphanable.h +6 -11
data/src/core/lib/gprpp/ref_counted.h +25 -19
data/src/core/lib/gprpp/set.h +33 -0
data/src/core/lib/gprpp/thd.h +2 -4
data/src/core/lib/http/httpcli.cc +1 -1
data/src/core/lib/http/httpcli_security_connector.cc +15 -11
data/src/core/lib/http/parser.cc +1 -1
data/src/core/lib/iomgr/buffer_list.cc +4 -5
data/src/core/lib/iomgr/buffer_list.h +5 -6
data/src/core/lib/iomgr/call_combiner.cc +4 -5
data/src/core/lib/iomgr/call_combiner.h +2 -2
data/src/core/lib/iomgr/cfstream_handle.h +3 -5
data/src/core/lib/iomgr/closure.h +8 -3
data/src/core/lib/iomgr/combiner.cc +45 -82
data/src/core/lib/iomgr/combiner.h +32 -8
data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
data/src/core/lib/iomgr/exec_ctx.h +4 -3
data/src/core/lib/iomgr/executor.cc +4 -2
data/src/core/lib/iomgr/executor.h +3 -0
data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
data/src/core/lib/iomgr/executor/threadpool.h +7 -11
data/src/core/lib/iomgr/resource_quota.cc +55 -51
data/src/core/lib/iomgr/resource_quota.h +13 -9
data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
data/src/core/lib/iomgr/tcp_custom.cc +9 -7
data/src/core/lib/iomgr/tcp_posix.cc +20 -16
data/src/core/lib/iomgr/tcp_server.h +1 -4
data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
data/src/core/lib/iomgr/timer_custom.cc +2 -2
data/src/core/lib/iomgr/udp_server.cc +3 -2
data/src/core/lib/iomgr/udp_server.h +6 -12
data/src/core/lib/json/json.h +1 -1
data/src/core/lib/json/json_string.cc +2 -2
data/src/core/lib/profiling/basic_timers.cc +2 -2
data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
data/src/core/lib/security/credentials/credentials.h +4 -20
data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/security_connector.cc +1 -0
data/src/core/lib/security/security_connector/security_connector.h +19 -17
data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
data/src/core/lib/security/transport/security_handshaker.cc +29 -13
data/src/core/lib/security/transport/security_handshaker.h +4 -2
data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
data/src/core/lib/slice/slice.cc +2 -10
data/src/core/lib/slice/slice_hash_table.h +4 -6
data/src/core/lib/slice/slice_intern.cc +42 -39
data/src/core/lib/slice/slice_internal.h +3 -3
data/src/core/lib/slice/slice_utils.h +21 -4
data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
data/src/core/lib/surface/call.cc +3 -3
data/src/core/lib/surface/channel.cc +7 -0
data/src/core/lib/surface/completion_queue.cc +12 -11
data/src/core/lib/surface/completion_queue.h +4 -2
data/src/core/lib/surface/init.cc +1 -0
data/src/core/lib/surface/lame_client.cc +33 -18
data/src/core/lib/surface/server.cc +77 -76
data/src/core/lib/surface/version.cc +1 -1
data/src/core/lib/transport/byte_stream.h +3 -7
data/src/core/lib/transport/connectivity_state.cc +112 -98
data/src/core/lib/transport/connectivity_state.h +100 -50
data/src/core/lib/transport/static_metadata.cc +276 -288
data/src/core/lib/transport/static_metadata.h +73 -76
data/src/core/lib/transport/status_conversion.cc +1 -1
data/src/core/lib/transport/status_metadata.cc +1 -1
data/src/core/lib/transport/transport.cc +2 -2
data/src/core/lib/transport/transport.h +12 -4
data/src/core/lib/transport/transport_op_string.cc +14 -11
data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
data/src/core/tsi/fake_transport_security.cc +7 -5
data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
data/src/core/tsi/local_transport_security.cc +8 -6
data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
data/src/core/tsi/ssl_transport_security.cc +12 -12
data/src/core/tsi/ssl_transport_security.h +2 -2
data/src/core/tsi/transport_security_grpc.cc +7 -0
data/src/core/tsi/transport_security_grpc.h +6 -0
data/src/ruby/ext/grpc/extconf.rb +1 -0
data/src/ruby/ext/grpc/rb_call.c +1 -1
data/src/ruby/ext/grpc/rb_channel.c +1 -1
data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
data/third_party/boringssl/crypto/base64/base64.c +2 -2
data/third_party/boringssl/crypto/bio/bio.c +73 -9
data/third_party/boringssl/crypto/bio/connect.c +4 -0
data/third_party/boringssl/crypto/bio/fd.c +4 -0
data/third_party/boringssl/crypto/bio/file.c +5 -2
data/third_party/boringssl/crypto/bio/socket.c +4 -0
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
data/third_party/boringssl/crypto/chacha/internal.h +45 -0
data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
data/third_party/boringssl/crypto/conf/conf.c +7 -0
data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
data/third_party/boringssl/crypto/cpu-intel.c +45 -51
data/third_party/boringssl/crypto/crypto.c +39 -22
data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
data/third_party/boringssl/crypto/engine/engine.c +2 -1
data/third_party/boringssl/crypto/err/err.c +2 -0
data/third_party/boringssl/crypto/err/internal.h +2 -2
data/third_party/boringssl/crypto/evp/evp.c +89 -8
data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
data/third_party/boringssl/crypto/evp/internal.h +18 -1
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
data/third_party/boringssl/crypto/hrss/internal.h +62 -0
data/third_party/boringssl/crypto/internal.h +95 -20
data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
data/third_party/boringssl/crypto/mem.c +39 -2
data/third_party/boringssl/crypto/obj/obj.c +4 -4
data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
data/third_party/boringssl/crypto/pool/internal.h +1 -1
data/third_party/boringssl/crypto/pool/pool.c +21 -0
data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
data/third_party/boringssl/crypto/refcount_lock.c +2 -2
data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
data/third_party/boringssl/crypto/stack/stack.c +83 -32
data/third_party/boringssl/crypto/thread_none.c +2 -2
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +38 -19
data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
data/third_party/boringssl/crypto/x509/by_file.c +12 -10
data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
data/third_party/boringssl/crypto/x509/t_req.c +1 -3
data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
data/third_party/boringssl/crypto/x509/x509name.c +2 -3
data/third_party/boringssl/crypto/x509/x_all.c +109 -210
data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
data/third_party/boringssl/include/openssl/aead.h +45 -19
data/third_party/boringssl/include/openssl/aes.h +32 -7
data/third_party/boringssl/include/openssl/asn1.h +7 -77
data/third_party/boringssl/include/openssl/base.h +120 -6
data/third_party/boringssl/include/openssl/base64.h +4 -1
data/third_party/boringssl/include/openssl/bio.h +112 -81
data/third_party/boringssl/include/openssl/blowfish.h +3 -3
data/third_party/boringssl/include/openssl/bn.h +55 -29
data/third_party/boringssl/include/openssl/buf.h +2 -2
data/third_party/boringssl/include/openssl/bytestring.h +54 -32
data/third_party/boringssl/include/openssl/cast.h +2 -2
data/third_party/boringssl/include/openssl/cipher.h +46 -16
data/third_party/boringssl/include/openssl/cmac.h +6 -2
data/third_party/boringssl/include/openssl/conf.h +3 -6
data/third_party/boringssl/include/openssl/cpu.h +25 -9
data/third_party/boringssl/include/openssl/crypto.h +32 -10
data/third_party/boringssl/include/openssl/curve25519.h +4 -4
data/third_party/boringssl/include/openssl/dh.h +3 -2
data/third_party/boringssl/include/openssl/digest.h +21 -7
data/third_party/boringssl/include/openssl/dsa.h +8 -2
data/third_party/boringssl/include/openssl/e_os2.h +18 -0
data/third_party/boringssl/include/openssl/ec.h +25 -21
data/third_party/boringssl/include/openssl/ec_key.h +36 -8
data/third_party/boringssl/include/openssl/ecdh.h +17 -0
data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
data/third_party/boringssl/include/openssl/engine.h +4 -4
data/third_party/boringssl/include/openssl/err.h +3 -0
data/third_party/boringssl/include/openssl/evp.h +199 -42
data/third_party/boringssl/include/openssl/hmac.h +4 -4
data/third_party/boringssl/include/openssl/hrss.h +100 -0
data/third_party/boringssl/include/openssl/lhash.h +131 -23
data/third_party/boringssl/include/openssl/md4.h +6 -4
data/third_party/boringssl/include/openssl/md5.h +6 -4
data/third_party/boringssl/include/openssl/mem.h +6 -2
data/third_party/boringssl/include/openssl/nid.h +3 -0
data/third_party/boringssl/include/openssl/obj.h +3 -0
data/third_party/boringssl/include/openssl/pem.h +102 -64
data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
data/third_party/boringssl/include/openssl/pool.h +13 -2
data/third_party/boringssl/include/openssl/ripemd.h +5 -4
data/third_party/boringssl/include/openssl/rsa.h +46 -15
data/third_party/boringssl/include/openssl/sha.h +40 -28
data/third_party/boringssl/include/openssl/siphash.h +37 -0
data/third_party/boringssl/include/openssl/span.h +17 -9
data/third_party/boringssl/include/openssl/ssl.h +766 -393
data/third_party/boringssl/include/openssl/ssl3.h +4 -3
data/third_party/boringssl/include/openssl/stack.h +134 -77
data/third_party/boringssl/include/openssl/thread.h +1 -1
data/third_party/boringssl/include/openssl/tls1.h +25 -9
data/third_party/boringssl/include/openssl/type_check.h +14 -15
data/third_party/boringssl/include/openssl/x509.h +28 -3
data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
data/third_party/boringssl/include/openssl/x509v3.h +17 -13
data/third_party/boringssl/ssl/d1_both.cc +9 -18
data/third_party/boringssl/ssl/d1_lib.cc +4 -3
data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
data/third_party/boringssl/ssl/dtls_method.cc +0 -1
data/third_party/boringssl/ssl/dtls_record.cc +28 -28
data/third_party/boringssl/ssl/handoff.cc +295 -91
data/third_party/boringssl/ssl/handshake.cc +133 -72
data/third_party/boringssl/ssl/handshake_client.cc +218 -189
data/third_party/boringssl/ssl/handshake_server.cc +399 -272
data/third_party/boringssl/ssl/internal.h +1413 -928
data/third_party/boringssl/ssl/s3_both.cc +175 -36
data/third_party/boringssl/ssl/s3_lib.cc +9 -13
data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
data/third_party/boringssl/ssl/ssl_file.cc +2 -0
data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
data/third_party/boringssl/ssl/ssl_session.cc +230 -178
data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
data/third_party/boringssl/ssl/t1_enc.cc +5 -96
data/third_party/boringssl/ssl/t1_lib.cc +931 -678
data/third_party/boringssl/ssl/tls13_both.cc +251 -121
data/third_party/boringssl/ssl/tls13_client.cc +129 -73
data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
data/third_party/boringssl/ssl/tls13_server.cc +259 -192
data/third_party/boringssl/ssl/tls_method.cc +26 -21
data/third_party/boringssl/ssl/tls_record.cc +42 -47
data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
data/third_party/boringssl/third_party/fiat/p256.c +238 -999
data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
data/third_party/upb/upb/port_def.inc +1 -1
data/third_party/upb/upb/table.c +2 -1
metadata +72 -44
data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
data/src/core/lib/gpr/mpscq.cc +0 -117
data/src/core/lib/gpr/mpscq.h +0 -88
data/src/core/lib/gprpp/abstract.h +0 -47
data/src/core/lib/gprpp/pair.h +0 -38
data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
data/third_party/boringssl/ssl/custom_extensions.cc +0 -265

data/third_party/boringssl/include/openssl/type_check.h CHANGED

@@ -64,25 +64,24 @@ extern "C" {
 #endif
-// This header file contains some common macros for enforcing type checking.
-// Several, common OpenSSL structures (i.e. stack and lhash) operate on void
-// pointers, but we wish to have type checking when they are used with a
-// specific type.
+#if defined(__cplusplus) || (defined(_MSC_VER) && !defined(__clang__))
+// In C++ and non-clang MSVC, |static_assert| is a keyword.
+#define OPENSSL_STATIC_ASSERT(cond, msg) static_assert(cond, msg)
+#else
+// C11 defines the |_Static_assert| keyword and the |static_assert| macro in
+// assert.h. While the former is available at all versions in Clang and GCC, the
+// later depends on libc and, in glibc, depends on being built in C11 mode. We
+// do not require this, for now, so use |_Static_assert| directly.
+#define OPENSSL_STATIC_ASSERT(cond, msg) _Static_assert(cond, msg)
+#endif
 // CHECKED_CAST casts |p| from type |from| to type |to|.
+//
+// TODO(davidben): Although this macro is not public API and is unused in
+// BoringSSL, wpa_supplicant uses it to define its own stacks. Remove this once
+// wpa_supplicant has been fixed.
 #define CHECKED_CAST(to, from, p) ((to) (1 ? (p) : (from)0))
-// CHECKED_PTR_OF casts a given pointer to void* and statically checks that it
-// was a pointer to |type|.
-#define CHECKED_PTR_OF(type, p) CHECKED_CAST(void*, type*, (p))
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-#define OPENSSL_COMPILE_ASSERT(cond, msg) _Static_assert(cond, #msg)
-#else
-#define OPENSSL_COMPILE_ASSERT(cond, msg) \
-  typedef char OPENSSL_COMPILE_ASSERT_##msg[((cond) ? 1 : -1)] OPENSSL_UNUSED
-#endif
 #if defined(__cplusplus)
 }  // extern C

data/third_party/boringssl/include/openssl/x509.h CHANGED

@@ -531,6 +531,8 @@ extern "C" {
 #define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 #define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
 #define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
 #define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
 #define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
@@ -671,6 +673,8 @@ OPENSSL_EXPORT int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
 OPENSSL_EXPORT int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+OPENSSL_EXPORT DH *d2i_DHparams_bio(BIO *bp, DH **dh);
+OPENSSL_EXPORT int i2d_DHparams_bio(BIO *bp, const DH *dh);
 OPENSSL_EXPORT X509 *X509_dup(X509 *x509);
 OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
@@ -762,6 +766,8 @@ OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
 OPENSSL_EXPORT int		i2d_X509_AUX(X509 *a,unsigned char **pp);
 OPENSSL_EXPORT X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
+OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig,
                                         const X509_ALGOR **palg, const X509 *x);
 OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x);
@@ -829,9 +835,15 @@ OPENSSL_EXPORT int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *	X509_get_pubkey(X509 *x);
 OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
 OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 OPENSSL_EXPORT int		X509_REQ_set_version(X509_REQ *x,long version);
 OPENSSL_EXPORT int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
+                                            const ASN1_BIT_STRING **psig,
+                                            const X509_ALGOR **palg);
+OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
+OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 OPENSSL_EXPORT int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
 OPENSSL_EXPORT int		X509_REQ_extension_nid(int nid);
@@ -866,7 +878,17 @@ OPENSSL_EXPORT int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
 OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
+OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
+                                            const ASN1_BIT_STRING **psig,
+                                            const X509_ALGOR **palg);
+OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
+OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
+OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
+    const X509_REVOKED *x);
 OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
+    const X509_REVOKED *x);
 OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
@@ -874,7 +896,7 @@ OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
 OPENSSL_EXPORT int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-OPENSSL_EXPORT int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+OPENSSL_EXPORT int		X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
 OPENSSL_EXPORT int 		X509_chain_check_suiteb(int *perror_depth,
 						X509 *x, STACK_OF(X509) *chain,
 						unsigned long flags);
@@ -1107,13 +1129,15 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 #if !defined(BORINGSSL_NO_CXX)
 extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free)
 BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free)
 BORINGSSL_MAKE_DELETER(X509, X509_free)
+BORINGSSL_MAKE_UP_REF(X509, X509_up_ref)
 BORINGSSL_MAKE_DELETER(X509_ALGOR, X509_ALGOR_free)
 BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
+BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
 BORINGSSL_MAKE_DELETER(X509_CRL_METHOD, X509_CRL_METHOD_free)
 BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
 BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
@@ -1134,7 +1158,7 @@ using ScopedX509_STORE_CTX =
     internal::StackAllocated<X509_STORE_CTX, void, X509_STORE_CTX_zero,
                              X509_STORE_CTX_cleanup>;
-}  // namespace bssl
+BSSL_NAMESPACE_END
 }  /* extern C++ */
 #endif  /* !BORINGSSL_NO_CXX */
@@ -1176,5 +1200,6 @@ using ScopedX509_STORE_CTX =
 #define X509_R_WRONG_TYPE 134
 #define X509_R_NAME_TOO_LONG 135
 #define X509_R_INVALID_PARAMETER 136
+#define X509_R_SIGNATURE_ALGORITHM_MISMATCH 137
 #endif

data/third_party/boringssl/include/openssl/x509_vfy.h CHANGED

@@ -158,6 +158,25 @@ struct X509_VERIFY_PARAM_st
 DEFINE_STACK_OF(X509_VERIFY_PARAM)
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
@@ -175,26 +194,23 @@ struct x509_store_st
 	X509_VERIFY_PARAM *param;
 	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
+	X509_STORE_CTX_verify_fn verify;	/* called to verify a certificate */
+	X509_STORE_CTX_verify_cb verify_cb;	/* error callback */
+	X509_STORE_CTX_get_issuer_fn get_issuer;	/* get issuers cert from ctx */
+	X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+	X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+	X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+	X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+	X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+	X509_STORE_CTX_lookup_certs_fn lookup_certs;
+	X509_STORE_CTX_lookup_crls_fn lookup_crls;
+	X509_STORE_CTX_cleanup_fn cleanup;
 	CRYPTO_refcount_t references;
 	} /* X509_STORE */;
 OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
 /* This is the functions plus an instance of the local variables. */
 struct x509_lookup_st
 	{
@@ -222,18 +238,18 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 	void *other_ctx;	/* Other info for use with get_issuer() */
 	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	int (*check_policy)(X509_STORE_CTX *ctx);
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
+	X509_STORE_CTX_verify_fn verify;	/* called to verify a certificate */
+	X509_STORE_CTX_verify_cb verify_cb;		/* error callback */
+	X509_STORE_CTX_get_issuer_fn get_issuer;	/* get issuers cert from ctx */
+	X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+	X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+	X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+	X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+	X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+	X509_STORE_CTX_check_policy_fn check_policy;
+	X509_STORE_CTX_lookup_certs_fn lookup_certs;
+	X509_STORE_CTX_lookup_crls_fn lookup_crls;
+	X509_STORE_CTX_cleanup_fn cleanup;
 	/* The following is built up */
 	int valid;		/* if 0, rebuild chain */
@@ -354,6 +370,8 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Issuer lookup error */
 #define		X509_V_ERR_STORE_LOOKUP				66
+#define		X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS	67
 /* Certificate verify flags */
 /* Send issuer+subject checks to verify_cb */
@@ -366,8 +384,8 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define	X509_V_FLAG_CRL_CHECK_ALL		0x8
 /* Ignore unhandled critical extensions */
 #define	X509_V_FLAG_IGNORE_CRITICAL		0x10
-/* Disable workarounds for broken certificates */
-#define	X509_V_FLAG_X509_STRICT			0x20
+/* Does nothing as its functionality has been enabled by default. */
+#define	X509_V_FLAG_X509_STRICT			0x00
 /* Enable proxy certificate validation */
 #define	X509_V_FLAG_ALLOW_PROXY_CERTS		0x40
 /* Enable policy checking */
@@ -441,11 +459,58 @@ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
 OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted(
     X509_STORE *ctx, STACK_OF(X509) *untrusted);
-OPENSSL_EXPORT void X509_STORE_set_verify_cb(X509_STORE *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
+OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
+                                          X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+  X509_STORE_set_verify((ctx), (func))
+OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                                              X509_STORE_CTX_verify_fn verify);
+OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_verify_cb(
+    X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
+#define X509_STORE_set_verify_cb_func(ctx, func) \
+  X509_STORE_set_verify_cb((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_verify_cb
+X509_STORE_get_verify_cb(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_issuer(
+    X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
+OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
+X509_STORE_get_get_issuer(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_issued(
+    X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued);
+OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn
+X509_STORE_get_check_issued(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_revocation(
+    X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation);
+OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn
+X509_STORE_get_check_revocation(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
+                                           X509_STORE_CTX_get_crl_fn get_crl);
+OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
+X509_STORE_get_get_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_crl(
+    X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
+OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
+X509_STORE_get_check_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cert_crl(
+    X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl);
+OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn
+X509_STORE_get_cert_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_certs(
+    X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs);
+OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn
+X509_STORE_get_lookup_certs(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_crls(
+    X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+  X509_STORE_set_lookup_crls((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn
+X509_STORE_get_lookup_crls(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx,
+                                           X509_STORE_CTX_cleanup_fn cleanup);
+OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn
+X509_STORE_get_cleanup(X509_STORE *ctx);
-OPENSSL_EXPORT void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-		STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm));
 OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -459,6 +524,7 @@ OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X
 OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);

data/third_party/boringssl/include/openssl/x509v3.h CHANGED

@@ -57,8 +57,8 @@
 #include <openssl/bio.h>
 #include <openssl/conf.h>
-#include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include <openssl/lhash.h>
 #ifdef __cplusplus
 extern "C" {
@@ -612,7 +612,11 @@ OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
+// X509V3_EXT_conf_nid contains the only exposed instance of an LHASH in our
+// public headers. The |conf| pointer must be NULL but cryptography.io wraps
+// this function so we cannot, yet, replace the type with a dummy struct.
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
 OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
@@ -620,9 +624,6 @@ OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *secti
 OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-OPENSSL_EXPORT int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_CRL *crl);
 OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 			     STACK_OF(CONF_VALUE) **extlist);
 OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
@@ -665,10 +666,6 @@ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
 OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
 								 int ml);
 OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
@@ -682,6 +679,11 @@ OPENSSL_EXPORT int X509_supported_extension(X509_EXTENSION *ex);
 OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
 OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
 OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x);
+OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x);
+OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x);
 OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
 OPENSSL_EXPORT X509_PURPOSE * X509_PURPOSE_get0(int idx);
 OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);
@@ -701,8 +703,8 @@ OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
 OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 /* Flags for X509_check_* functions */
-/* Always check subject name for host match even if subject alt names present */
-#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT	0x1
+/* Deprecated: this flag does nothing */
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT	0
 /* Disable wildcard matching for dnsName fields and common name. */
 #define X509_CHECK_FLAG_NO_WILDCARDS	0x2
 /* Wildcards must not match a partial label. */
@@ -711,6 +713,8 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
 /* Constraint verifier subdomain patterns to match a single labels. */
 #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Skip the subject common name fallback if subjectAltNames is missing. */
+#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
 /*
  * Match reference identifiers starting with "." to any sub-domain.
  * This is a non-public flag, turned on implicitly when the subject
@@ -746,16 +750,16 @@ DEFINE_STACK_OF(X509_POLICY_NODE)
 extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
-BORINGSSL_MAKE_DELETER(AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free)
+BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free)
 BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
 BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)
 BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free)
 BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)
 BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free)
-}  // namespace bssl
+BSSL_NAMESPACE_END
 }  /* extern C++ */
 #endif

data/third_party/boringssl/ssl/d1_both.cc CHANGED

@@ -127,7 +127,7 @@
 #include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 // TODO(davidben): 28 comes from the size of IP + UDP header. Is this reasonable
 // for these values? Notably, why is kMinMTU a function of the transport
@@ -405,7 +405,7 @@ ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed,
   return ssl_open_record_success;
 }
-bool dtls1_get_message(SSL *ssl, SSLMessage *out) {
+bool dtls1_get_message(const SSL *ssl, SSLMessage *out) {
   if (!dtls1_is_current_message_complete(ssl)) {
     return false;
   }
@@ -601,15 +601,6 @@ bool dtls1_add_change_cipher_spec(SSL *ssl) {
   return add_outgoing(ssl, true /* ChangeCipherSpec */, Array<uint8_t>());
 }
-bool dtls1_add_alert(SSL *ssl, uint8_t level, uint8_t desc) {
-  // The |add_alert| path is only used for warning alerts for now, which DTLS
-  // never sends. This will be implemented later once closure alerts are
-  // converted.
-  assert(false);
-  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-  return false;
-}
 // dtls1_update_mtu updates the current MTU from the BIO, ensuring it is above
 // the minimum.
 static void dtls1_update_mtu(SSL *ssl) {
@@ -618,12 +609,12 @@ static void dtls1_update_mtu(SSL *ssl) {
   // |SSL_set_mtu|. Does this need to be so complex?
   if (ssl->d1->mtu < dtls1_min_mtu() &&
       !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
-    long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+    long mtu = BIO_ctrl(ssl->wbio.get(), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
     if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {
       ssl->d1->mtu = (unsigned)mtu;
     } else {
       ssl->d1->mtu = kDefaultMTU;
-      BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL);
+      BIO_ctrl(ssl->wbio.get(), BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL);
     }
   }
@@ -803,19 +794,19 @@ static int send_flight(SSL *ssl) {
       goto err;
     }
-    int bio_ret = BIO_write(ssl->wbio, packet, packet_len);
+    int bio_ret = BIO_write(ssl->wbio.get(), packet, packet_len);
     if (bio_ret <= 0) {
       // Retry this packet the next time around.
       ssl->d1->outgoing_written = old_written;
       ssl->d1->outgoing_offset = old_offset;
-      ssl->s3->rwstate = SSL_WRITING;
+      ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
       ret = bio_ret;
       goto err;
     }
   }
-  if (BIO_flush(ssl->wbio) <= 0) {
-    ssl->s3->rwstate = SSL_WRITING;
+  if (BIO_flush(ssl->wbio.get()) <= 0) {
+    ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
     goto err;
   }
@@ -848,4 +839,4 @@ unsigned int dtls1_min_mtu(void) {
   return kMinMTU;
 }
-}  // namespace bssl
+BSSL_NAMESPACE_END