grpc 1.40.0.pre1 → 1.41.1

data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h

@@ -389,13 +389,6 @@ struct ASN1_ADB_TABLE_st {
 /* Field is a SEQUENCE OF */
 #define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
 
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
-
 /* Mask for SET OF or SEQUENCE OF */
 #define ASN1_TFLG_SK_MASK	(0x3 << 1)
 
@@ -602,8 +595,8 @@ typedef struct ASN1_AUX_st {
 #define ASN1_OP_FREE_POST	3
 #define ASN1_OP_D2I_PRE		4
 #define ASN1_OP_D2I_POST	5
-#define ASN1_OP_I2D_PRE		6
-#define ASN1_OP_I2D_POST	7
+/* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the
+ * constants undefined so code relying on them does not accidentally compile. */
 #define ASN1_OP_PRINT_PRE	8
 #define ASN1_OP_PRINT_POST	9
 #define ASN1_OP_STREAM_PRE	10

data/third_party/boringssl-with-bazel/src/include/openssl/base.h

@@ -145,7 +145,7 @@ extern "C" {
 // Trusty isn't Linux but currently defines __linux__. As a workaround, we
 // exclude it here.
 // TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
-#if defined(__linux__) && !defined(TRUSTY)
+#if defined(__linux__) && !defined(__TRUSTY__)
 #define OPENSSL_LINUX
 #endif
 
@@ -153,7 +153,7 @@ extern "C" {
 #define OPENSSL_FUCHSIA
 #endif
 
-#if defined(TRUSTY)
+#if defined(__TRUSTY__)
 #define OPENSSL_TRUSTY
 #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
 #endif
@@ -365,7 +365,6 @@ typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
 typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
 typedef struct X509_algor_st X509_ALGOR;
-typedef struct X509_crl_info_st X509_CRL_INFO;
 typedef struct X509_crl_st X509_CRL;
 typedef struct X509_extension_st X509_EXTENSION;
 typedef struct X509_info_st X509_INFO;
@@ -423,6 +422,7 @@ typedef struct private_key_st X509_PKEY;
 typedef struct rand_meth_st RAND_METHOD;
 typedef struct rc4_key_st RC4_KEY;
 typedef struct rsa_meth_st RSA_METHOD;
+typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
 typedef struct rsa_st RSA;
 typedef struct sha256_state_st SHA256_CTX;
 typedef struct sha512_state_st SHA512_CTX;
@@ -446,9 +446,10 @@ typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct x509_attributes_st X509_ATTRIBUTE;
 typedef struct x509_cert_aux_st X509_CERT_AUX;
-typedef struct x509_cinf_st X509_CINF;
 typedef struct x509_crl_method_st X509_CRL_METHOD;
 typedef struct x509_lookup_st X509_LOOKUP;
+typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
+typedef struct x509_object_st X509_OBJECT;
 typedef struct x509_revoked_st X509_REVOKED;
 typedef struct x509_st X509;
 typedef struct x509_store_ctx_st X509_STORE_CTX;

data/third_party/boringssl-with-bazel/src/include/openssl/bio.h

@@ -377,7 +377,9 @@ OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len,
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
 
 // BIO_new_mem_buf creates read-only BIO that reads from |len| bytes at |buf|.
-// It does not take ownership of |buf|. It returns the BIO or NULL on error.
+// It returns the BIO or NULL on error. This function does not copy or take
+// ownership of |buf|. The caller must ensure the memory pointed to by |buf|
+// outlives the |BIO|.
 //
 // If |len| is negative, then |buf| is treated as a NUL-terminated string, but
 // don't depend on this in new code.

data/third_party/boringssl-with-bazel/src/include/openssl/bn.h

@@ -687,9 +687,9 @@ OPENSSL_EXPORT int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 // BN_prime_checks_for_validation can be used as the |checks| argument to the
 // primarily testing functions when validating an externally-supplied candidate
 // prime. It gives a false positive rate of at most 2^{-128}. (The worst case
-// false positive rate for a single iteration is 1/4, so we perform 32
-// iterations.)
-#define BN_prime_checks_for_validation 32
+// false positive rate for a single iteration is 1/4 per
+// https://eprint.iacr.org/2018/749. (1/4)^64 = 2^{-128}.)
+#define BN_prime_checks_for_validation 64
 
 // BN_prime_checks_for_generation can be used as the |checks| argument to the
 // primality testing functions when generating random primes. It gives a false

data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h

@@ -154,6 +154,11 @@ OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
 // returns one on success and zero on error.
 OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
 
+// CBS_get_until_first finds the first instance of |c| in |cbs|. If found, it
+// sets |*out| to the text before the match, advances |cbs| over it, and returns
+// one. Otherwise, it returns zero and leaves |cbs| unmodified.
+OPENSSL_EXPORT int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c);
+
 
 // Parsing ASN.1
 //
@@ -463,6 +468,10 @@ OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag);
 // success and zero otherwise.
 OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
 
+// CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on
+// success and zero otherwise.
+OPENSSL_EXPORT int CBB_add_zeros(CBB *cbb, size_t len);
+
 // CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
 // the beginning of that space. The caller must then write |len| bytes of
 // actual contents to |*out_data|. It returns one on success and zero

data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h

@@ -106,7 +106,10 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_rc2_cbc(void);
 const EVP_CIPHER *EVP_rc2_40_cbc(void);
 
 // EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
-// NULL if no such cipher is known.
+// NULL if no such cipher is known. Note using this function links almost every
+// cipher implemented by BoringSSL into the binary, whether the caller uses them
+// or not. Size-conscious callers, such as client software, should not use this
+// function.
 OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
 
 
@@ -409,7 +412,10 @@ OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
 OPENSSL_EXPORT int EVP_add_cipher_alias(const char *a, const char *b);
 
 // EVP_get_cipherbyname returns an |EVP_CIPHER| given a human readable name in
-// |name|, or NULL if the name is unknown.
+// |name|, or NULL if the name is unknown. Note using this function links almost
+// every cipher implemented by BoringSSL into the binary, not just the ones the
+// caller requests. Size-conscious callers, such as client software, should not
+// use this function.
 OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 
 // These AEADs are deprecated AES-GCM implementations that set

data/third_party/boringssl-with-bazel/src/include/openssl/conf.h

@@ -100,22 +100,25 @@ OPENSSL_EXPORT void NCONF_free(CONF *conf);
 // |conf|. It returns one on success and zero on error. In the event of an
 // error, if |out_error_line| is not NULL, |*out_error_line| is set to the
 // number of the line that contained the error.
-int NCONF_load(CONF *conf, const char *filename, long *out_error_line);
+OPENSSL_EXPORT int NCONF_load(CONF *conf, const char *filename,
+                              long *out_error_line);
 
 // NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from
 // a named file.
-int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
+OPENSSL_EXPORT int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
 
 // NCONF_get_section returns a stack of values for a given section in |conf|.
 // If |section| is NULL, the default section is returned. It returns NULL on
 // error.
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section);
+OPENSSL_EXPORT STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+                                                       const char *section);
 
 // NCONF_get_string returns the value of the key |name|, in section |section|.
 // The |section| argument may be NULL to indicate the default section. It
 // returns the value or NULL on error.
-const char *NCONF_get_string(const CONF *conf, const char *section,
-                             const char *name);
+OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf,
+                                            const char *section,
+                                            const char *name);
 
 
 // Utility functions

data/third_party/boringssl-with-bazel/src/include/openssl/digest.h

@@ -297,6 +297,9 @@ OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 // their needs). Thus this exists only to allow code to compile.
 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0
 
+// EVP_MD_nid calls |EVP_MD_type|.
+OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md);
+
 
 struct evp_md_pctx_ops;
 

data/third_party/boringssl-with-bazel/src/include/openssl/evp.h

@@ -867,6 +867,12 @@ OPENSSL_EXPORT void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
                                                           void *arg),
                                          void *arg);
 
+OPENSSL_EXPORT void EVP_MD_do_all(void (*callback)(const EVP_MD *cipher,
+                                                   const char *name,
+                                                   const char *unused,
+                                                   void *arg),
+                                  void *arg);
+
 // i2d_PrivateKey marshals a private key from |key| to an ASN.1, DER
 // structure. If |outp| is not NULL then the result is written to |*outp| and
 // |*outp| is advanced just past the output. It returns the number of bytes in

data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h

@@ -41,6 +41,10 @@ OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
 // keying material |secret| and salt |salt| using |digest|, and outputs
 // |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|.
 // It returns one on success and zero on error.
+//
+// WARNING: This function orders the inputs differently from RFC 5869
+// specification. Double-check which parameter is the secret/IKM and which is
+// the salt when using.
 OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len,
                                 const EVP_MD *digest, const uint8_t *secret,
                                 size_t secret_len, const uint8_t *salt,

data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h

@@ -93,6 +93,17 @@ OPENSSL_EXPORT void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key);
 // EVP_HPKE_KEY_cleanup releases memory referenced by |key|.
 OPENSSL_EXPORT void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key);
 
+// EVP_HPKE_KEY_new returns a newly-allocated |EVP_HPKE_KEY|, or NULL on error.
+// The caller must call |EVP_HPKE_KEY_free| on the result to release it.
+//
+// This is a convenience function for callers that need a heap-allocated
+// |EVP_HPKE_KEY|.
+OPENSSL_EXPORT EVP_HPKE_KEY *EVP_HPKE_KEY_new(void);
+
+// EVP_HPKE_KEY_free releases memory associated with |key|, which must have been
+// created with |EVP_HPKE_KEY_new|.
+OPENSSL_EXPORT void EVP_HPKE_KEY_free(EVP_HPKE_KEY *key);
+
 // EVP_HPKE_KEY_copy sets |dst| to a copy of |src|. It returns one on success
 // and zero on error. On success, the caller must call |EVP_HPKE_KEY_cleanup| to
 // release |dst|. On failure, calling |EVP_HPKE_KEY_cleanup| is safe, but not
@@ -160,6 +171,17 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx);
 // |EVP_HPKE_CTX_setup_*| functions.
 OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
 
+// EVP_HPKE_CTX_new returns a newly-allocated |EVP_HPKE_CTX|, or NULL on error.
+// The caller must call |EVP_HPKE_CTX_free| on the result to release it.
+//
+// This is a convenience function for callers that need a heap-allocated
+// |EVP_HPKE_CTX|.
+OPENSSL_EXPORT EVP_HPKE_CTX *EVP_HPKE_CTX_new(void);
+
+// EVP_HPKE_CTX_free releases memory associated with |ctx|, which must have been
+// created with |EVP_HPKE_CTX_new|.
+OPENSSL_EXPORT void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx);
+
 // EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
 // shared secret, for all supported KEMs in this library.
 #define EVP_HPKE_MAX_ENC_LENGTH 32
@@ -317,6 +339,9 @@ using ScopedEVP_HPKE_KEY =
     internal::StackAllocated<EVP_HPKE_KEY, void, EVP_HPKE_KEY_zero,
                              EVP_HPKE_KEY_cleanup>;
 
+BORINGSSL_MAKE_DELETER(EVP_HPKE_CTX, EVP_HPKE_CTX_free)
+BORINGSSL_MAKE_DELETER(EVP_HPKE_KEY, EVP_HPKE_KEY_free)
+
 BSSL_NAMESPACE_END
 
 }  // extern C++

data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h

@@ -59,29 +59,31 @@ struct HRSS_public_key {
   (HRSS_POLY3_BYTES * 2 + HRSS_PUBLIC_KEY_BYTES + 2 + 32)
 
 // HRSS_generate_key is a deterministic function that outputs a public and
-// private key based on the given entropy.
-OPENSSL_EXPORT void HRSS_generate_key(
+// private key based on the given entropy. It returns one on success or zero
+// on malloc failure.
+OPENSSL_EXPORT int HRSS_generate_key(
     struct HRSS_public_key *out_pub, struct HRSS_private_key *out_priv,
     const uint8_t input[HRSS_GENERATE_KEY_BYTES]);
 
 // HRSS_encap is a deterministic function the generates and encrypts a random
 // session key from the given entropy, writing those values to |out_shared_key|
-// and |out_ciphertext|, respectively.
-OPENSSL_EXPORT void HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
-                               uint8_t out_shared_key[HRSS_KEY_BYTES],
-                               const struct HRSS_public_key *in_pub,
-                               const uint8_t in[HRSS_ENCAP_BYTES]);
+// and |out_ciphertext|, respectively. It returns one on success or zero on
+// malloc failure.
+OPENSSL_EXPORT int HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
+                              uint8_t out_shared_key[HRSS_KEY_BYTES],
+                              const struct HRSS_public_key *in_pub,
+                              const uint8_t in[HRSS_ENCAP_BYTES]);
 
 // HRSS_decap decrypts a session key from |ciphertext_len| bytes of
 // |ciphertext|. If the ciphertext is valid, the decrypted key is written to
 // |out_shared_key|. Otherwise the HMAC of |ciphertext| under a secret key (kept
 // in |in_priv|) is written. If the ciphertext is the wrong length then it will
 // leak which was done via side-channels. Otherwise it should perform either
-// action in constant-time.
-OPENSSL_EXPORT void HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
-                               const struct HRSS_private_key *in_priv,
-                               const uint8_t *ciphertext,
-                               size_t ciphertext_len);
+// action in constant-time. It returns one on success (whether the ciphertext
+// was valid or not) and zero on malloc failure.
+OPENSSL_EXPORT int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
+                              const struct HRSS_private_key *in_priv,
+                              const uint8_t *ciphertext, size_t ciphertext_len);
 
 // HRSS_marshal_public_key serialises |in_pub| to |out|.
 OPENSSL_EXPORT void HRSS_marshal_public_key(

data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h

@@ -58,223 +58,22 @@
 #define OPENSSL_HEADER_LHASH_H
 
 #include <openssl/base.h>
-#include <openssl/type_check.h>
 
 #if defined(__cplusplus)
 extern "C" {
 #endif
 
 
-// lhash is a traditional, chaining hash table that automatically expands and
-// contracts as needed. One should not use the lh_* functions directly, rather
-// use the type-safe macro wrappers:
-//
-// A hash table of a specific type of object has type |LHASH_OF(type)|. This
-// can be defined (once) with |DEFINE_LHASH_OF(type)| and declared where needed
-// with |DECLARE_LHASH_OF(type)|. For example:
-//
-//   struct foo {
-//     int bar;
-//   };
-//
-//   DEFINE_LHASH_OF(struct foo)
-//
-// Although note that the hash table will contain /pointers/ to |foo|.
-//
-// A macro will be defined for each of the lh_* functions below. For
-// LHASH_OF(foo), the macros would be lh_foo_new, lh_foo_num_items etc.
+// lhash is an internal library and not exported for use outside BoringSSL. This
+// header is provided for compatibility with code that expects OpenSSL.
 
 
+// These two macros are exported for compatibility with existing callers of
+// |X509V3_EXT_conf_nid|. Do not use these symbols outside BoringSSL.
 #define LHASH_OF(type) struct lhash_st_##type
-
 #define DECLARE_LHASH_OF(type) LHASH_OF(type);
 
 
-// lhash_item_st is an element of a hash chain. It points to the opaque data
-// for this element and to the next item in the chain. The linked-list is NULL
-// terminated.
-typedef struct lhash_item_st {
-  void *data;
-  struct lhash_item_st *next;
-  // hash contains the cached, hash value of |data|.
-  uint32_t hash;
-} LHASH_ITEM;
-
-// lhash_cmp_func is a comparison function that returns a value equal, or not
-// equal, to zero depending on whether |*a| is equal, or not equal to |*b|,
-// respectively. Note the difference between this and |stack_cmp_func| in that
-// this takes pointers to the objects directly.
-//
-// This function's actual type signature is int (*)(const T*, const T*). The
-// low-level |lh_*| functions will be passed a type-specific wrapper to call it
-// correctly.
-typedef int (*lhash_cmp_func)(const void *a, const void *b);
-typedef int (*lhash_cmp_func_helper)(lhash_cmp_func func, const void *a,
-                                     const void *b);
-
-// lhash_hash_func is a function that maps an object to a uniformly distributed
-// uint32_t.
-//
-// This function's actual type signature is uint32_t (*)(const T*). The
-// low-level |lh_*| functions will be passed a type-specific wrapper to call it
-// correctly.
-typedef uint32_t (*lhash_hash_func)(const void *a);
-typedef uint32_t (*lhash_hash_func_helper)(lhash_hash_func func, const void *a);
-
-typedef struct lhash_st _LHASH;
-
-// lh_new returns a new, empty hash table or NULL on error.
-OPENSSL_EXPORT _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp);
-
-// lh_free frees the hash table itself but none of the elements. See
-// |lh_doall|.
-OPENSSL_EXPORT void lh_free(_LHASH *lh);
-
-// lh_num_items returns the number of items in |lh|.
-OPENSSL_EXPORT size_t lh_num_items(const _LHASH *lh);
-
-// lh_retrieve finds an element equal to |data| in the hash table and returns
-// it. If no such element exists, it returns NULL.
-OPENSSL_EXPORT void *lh_retrieve(const _LHASH *lh, const void *data,
-                                 lhash_hash_func_helper call_hash_func,
-                                 lhash_cmp_func_helper call_cmp_func);
-
-// lh_retrieve_key finds an element matching |key|, given the specified hash and
-// comparison function. This differs from |lh_retrieve| in that the key may be a
-// different type than the values stored in |lh|. |key_hash| and |cmp_key| must
-// be compatible with the functions passed into |lh_new|.
-OPENSSL_EXPORT void *lh_retrieve_key(const _LHASH *lh, const void *key,
-                                     uint32_t key_hash,
-                                     int (*cmp_key)(const void *key,
-                                                    const void *value));
-
-// lh_insert inserts |data| into the hash table. If an existing element is
-// equal to |data| (with respect to the comparison function) then |*old_data|
-// will be set to that value and it will be replaced. Otherwise, or in the
-// event of an error, |*old_data| will be set to NULL. It returns one on
-// success or zero in the case of an allocation error.
-OPENSSL_EXPORT int lh_insert(_LHASH *lh, void **old_data, void *data,
-                             lhash_hash_func_helper call_hash_func,
-                             lhash_cmp_func_helper call_cmp_func);
-
-// lh_delete removes an element equal to |data| from the hash table and returns
-// it. If no such element is found, it returns NULL.
-OPENSSL_EXPORT void *lh_delete(_LHASH *lh, const void *data,
-                               lhash_hash_func_helper call_hash_func,
-                               lhash_cmp_func_helper call_cmp_func);
-
-// lh_doall_arg calls |func| on each element of the hash table and also passes
-// |arg| as the second argument.
-// TODO(fork): rename this
-OPENSSL_EXPORT void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *),
-                                 void *arg);
-
-// lh_strhash is the default hash function which processes NUL-terminated
-// strings.
-OPENSSL_EXPORT uint32_t lh_strhash(const char *c);
-
-#define DEFINE_LHASH_OF(type)                                                  \
-  DECLARE_LHASH_OF(type)                                                       \
-                                                                               \
-  typedef int (*lhash_##type##_cmp_func)(const type *, const type *);          \
-  typedef uint32_t (*lhash_##type##_hash_func)(const type *);                  \
-                                                                               \
-  OPENSSL_INLINE int lh_##type##_call_cmp_func(lhash_cmp_func func,            \
-                                               const void *a, const void *b) { \
-    return ((lhash_##type##_cmp_func)func)((const type *)a, (const type *)b);  \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE uint32_t lh_##type##_call_hash_func(lhash_hash_func func,     \
-                                                     const void *a) {          \
-    return ((lhash_##type##_hash_func)func)((const type *)a);                  \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE LHASH_OF(type) *                                              \
-      lh_##type##_new(lhash_##type##_hash_func hash,                           \
-                      lhash_##type##_cmp_func comp) {                          \
-    return (LHASH_OF(type) *)lh_new((lhash_hash_func)hash,                     \
-                                    (lhash_cmp_func)comp);                     \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE void lh_##type##_free(LHASH_OF(type) *lh) {                   \
-    lh_free((_LHASH *)lh);                                                     \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE size_t lh_##type##_num_items(const LHASH_OF(type) *lh) {      \
-    return lh_num_items((const _LHASH *)lh);                                   \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE type *lh_##type##_retrieve(const LHASH_OF(type) *lh,          \
-                                            const type *data) {                \
-    return (type *)lh_retrieve((const _LHASH *)lh, data,                       \
-                               lh_##type##_call_hash_func,                     \
-                               lh_##type##_call_cmp_func);                     \
-  }                                                                            \
-                                                                               \
-  typedef struct {                                                             \
-    int (*cmp_key)(const void *key, const type *value);                        \
-    const void *key;                                                           \
-  } LHASH_CMP_KEY_##type;                                                      \
-                                                                               \
-  OPENSSL_INLINE int lh_##type##_call_cmp_key(const void *key,                 \
-                                              const void *value) {             \
-    const LHASH_CMP_KEY_##type *cb = (const LHASH_CMP_KEY_##type *)key;        \
-    return cb->cmp_key(cb->key, (const type *)value);                          \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE type *lh_##type##_retrieve_key(                               \
-      const LHASH_OF(type) *lh, const void *key, uint32_t key_hash,            \
-      int (*cmp_key)(const void *key, const type *value)) {                    \
-    LHASH_CMP_KEY_##type cb = {cmp_key, key};                                  \
-    return (type *)lh_retrieve_key((const _LHASH *)lh, &cb, key_hash,          \
-                                   lh_##type##_call_cmp_key);                  \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE int lh_##type##_insert(LHASH_OF(type) *lh, type **old_data,   \
-                                        type *data) {                          \
-    void *old_data_void = NULL;                                                \
-    int ret =                                                                  \
-        lh_insert((_LHASH *)lh, &old_data_void, data,                          \
-                  lh_##type##_call_hash_func, lh_##type##_call_cmp_func);      \
-    *old_data = (type *)old_data_void;                                         \
-    return ret;                                                                \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE type *lh_##type##_delete(LHASH_OF(type) *lh,                  \
-                                          const type *data) {                  \
-    return (type *)lh_delete((_LHASH *)lh, data, lh_##type##_call_hash_func,   \
-                             lh_##type##_call_cmp_func);                       \
-  }                                                                            \
-                                                                               \
-  typedef struct {                                                             \
-    void (*doall)(type *);                                                     \
-    void (*doall_arg)(type *, void *);                                         \
-    void *arg;                                                                 \
-  } LHASH_DOALL_##type;                                                        \
-                                                                               \
-  OPENSSL_INLINE void lh_##type##_call_doall(void *value, void *arg) {         \
-    const LHASH_DOALL_##type *cb = (const LHASH_DOALL_##type *)arg;            \
-    cb->doall((type *)value);                                                  \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE void lh_##type##_call_doall_arg(void *value, void *arg) {     \
-    const LHASH_DOALL_##type *cb = (const LHASH_DOALL_##type *)arg;            \
-    cb->doall_arg((type *)value, cb->arg);                                     \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE void lh_##type##_doall(LHASH_OF(type) *lh,                    \
-                                        void (*func)(type *)) {                \
-    LHASH_DOALL_##type cb = {func, NULL, NULL};                                \
-    lh_doall_arg((_LHASH *)lh, lh_##type##_call_doall, &cb);                   \
-  }                                                                            \
-                                                                               \
-  OPENSSL_INLINE void lh_##type##_doall_arg(                                   \
-      LHASH_OF(type) *lh, void (*func)(type *, void *), void *arg) {           \
-    LHASH_DOALL_##type cb = {NULL, func, arg};                                 \
-    lh_doall_arg((_LHASH *)lh, lh_##type##_call_doall_arg, &cb);               \
-  }
-
-
 #if defined(__cplusplus)
 }  // extern C
 #endif

data/third_party/boringssl-with-bazel/src/include/openssl/mem.h

@@ -101,6 +101,9 @@ OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 // OPENSSL_hash32 implements the 32 bit, FNV-1a hash.
 OPENSSL_EXPORT uint32_t OPENSSL_hash32(const void *ptr, size_t len);
 
+// OPENSSL_strhash calls |OPENSSL_hash32| on the NUL-terminated string |s|.
+OPENSSL_EXPORT uint32_t OPENSSL_strhash(const char *s);
+
 // OPENSSL_strdup has the same behaviour as strdup(3).
 OPENSSL_EXPORT char *OPENSSL_strdup(const char *s);
 
@@ -147,9 +150,15 @@ OPENSSL_EXPORT size_t OPENSSL_strlcat(char *dst, const char *src,
 
 // Deprecated functions.
 
-#define CRYPTO_malloc OPENSSL_malloc
-#define CRYPTO_realloc OPENSSL_realloc
-#define CRYPTO_free OPENSSL_free
+// CRYPTO_malloc calls |OPENSSL_malloc|. |file| and |line| are ignored.
+OPENSSL_EXPORT void *CRYPTO_malloc(size_t size, const char *file, int line);
+
+// CRYPTO_realloc calls |OPENSSL_realloc|. |file| and |line| are ignored.
+OPENSSL_EXPORT void *CRYPTO_realloc(void *ptr, size_t new_size,
+                                    const char *file, int line);
+
+// CRYPTO_free calls |OPENSSL_free|. |file| and |line| are ignored.
+OPENSSL_EXPORT void CRYPTO_free(void *ptr, const char *file, int line);
 
 // OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all
 // allocations on free, but we define |OPENSSL_clear_free| for compatibility.

data/third_party/boringssl-with-bazel/src/include/openssl/obj.h

@@ -84,7 +84,8 @@ extern "C" {
 
 // Basic operations.
 
-// OBJ_dup returns a duplicate copy of |obj| or NULL on allocation failure.
+// OBJ_dup returns a duplicate copy of |obj| or NULL on allocation failure. The
+// caller must call |ASN1_OBJECT_free| on the result to release it.
 OPENSSL_EXPORT ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *obj);
 
 // OBJ_cmp returns a value less than, equal to or greater than zero if |a| is
@@ -133,9 +134,9 @@ OPENSSL_EXPORT int OBJ_txt2nid(const char *s);
 // OBJ_nid2obj returns the |ASN1_OBJECT| corresponding to |nid|, or NULL if
 // |nid| is unknown.
 //
-// This function returns a static, immutable |ASN1_OBJECT|. Although the output
-// is not const, callers may not mutate it. It is also not necessary to release
-// the object with |ASN1_OBJECT_free|.
+// Although the output is not const, this function returns a static, immutable
+// |ASN1_OBJECT|. It is not necessary to release the object with
+// |ASN1_OBJECT_free|.
 //
 // However, functions like |X509_ALGOR_set0| expect to take ownership of a
 // possibly dynamically-allocated |ASN1_OBJECT|. |ASN1_OBJECT_free| is a no-op

data/third_party/boringssl-with-bazel/src/include/openssl/pem.h

@@ -112,15 +112,6 @@ extern "C" {
 // write. Now they are all implemented with either:
 // IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
 
-#ifdef OPENSSL_NO_FP_API
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1)            //
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1)           //
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)     //
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)        //
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)  //
-
-#else
 
 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1)                         \
   static void *pem_read_##name##_d2i(void **x, const unsigned char **inp,    \
@@ -173,7 +164,6 @@ extern "C" {
                           cb, u);                                              \
   }
 
-#endif
 
 #define IMPLEMENT_PEM_read_bio(name, type, str, asn1)                         \
   static void *pem_read_bio_##name##_d2i(void **x, const unsigned char **inp, \
@@ -260,14 +250,6 @@ extern "C" {
 
 // These are the same except they are for the declarations
 
-#if defined(OPENSSL_NO_FP_API)
-
-#define DECLARE_PEM_read_fp(name, type)      //
-#define DECLARE_PEM_write_fp(name, type)     //
-#define DECLARE_PEM_write_cb_fp(name, type)  //
-
-#else
-
 #define DECLARE_PEM_read_fp(name, type)                    \
   OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
                                        pem_password_cb *cb, void *u);
@@ -283,8 +265,6 @@ extern "C" {
       FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \
       pem_password_cb *cb, void *u);
 
-#endif
-
 #define DECLARE_PEM_read_bio(name, type)                      \
   OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
                                            pem_password_cb *cb, void *u);