grpc 1.56.2 → 1.57.0.pre1

data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h

@@ -53,12 +53,13 @@
 #ifndef OPENSSL_HEADER_ARM_ARCH_H
 #define OPENSSL_HEADER_ARM_ARCH_H
 
+#include <openssl/target.h>
+
 // arm_arch.h contains symbols used by ARM assembly, and the C code that calls
 // it. It is included as a public header to simplify the build, but is not
 // intended for external use.
 
-#if defined(__ARMEL__) || defined(_M_ARM) || defined(__AARCH64EL__) || \
-    defined(_M_ARM64)
+#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
 
 // ARMV7_NEON is true when a NEON unit is present in the current CPU.
 #define ARMV7_NEON (1 << 0)
@@ -97,124 +98,8 @@
 // will be included.
 #define __ARM_MAX_ARCH__ 8
 
-// Support macros for
-//   - Armv8.3-A Pointer Authentication and
-//   - Armv8.5-A Branch Target Identification
-// features which require emitting a .note.gnu.property section with the
-// appropriate architecture-dependent feature bits set.
-//
-// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
-// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
-// used immediately before saving the LR register (x30) to the stack.
-// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
-// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
-// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
-// have the same value at the two points. For example:
-//
-//   .global f
-//   f:
-//     AARCH64_SIGN_LINK_REGISTER
-//     stp x29, x30, [sp, #-96]!
-//     mov x29, sp
-//     ...
-//     ldp x29, x30, [sp], #96
-//     AARCH64_VALIDATE_LINK_REGISTER
-//     ret
-//
-// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
-// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
-// indirect call target. In particular, all symbols exported from a file must
-// begin with one of these macros. For example, a leaf function that does not
-// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
-//
-//   .globl return_zero
-//   return_zero:
-//     AARCH64_VALID_CALL_TARGET
-//     mov x0, #0
-//     ret
-//
-// A non-leaf function which does not immediately save LR may need both macros
-// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
-// may jump to an alternate implementation before setting up the stack:
-//
-//   .globl with_early_jump
-//   with_early_jump:
-//     AARCH64_VALID_CALL_TARGET
-//     cmp x0, #128
-//     b.lt .Lwith_early_jump_128
-//     AARCH64_SIGN_LINK_REGISTER
-//     stp x29, x30, [sp, #-96]!
-//     mov x29, sp
-//     ...
-//     ldp x29, x30, [sp], #96
-//     AARCH64_VALIDATE_LINK_REGISTER
-//     ret
-//
-//  .Lwith_early_jump_128:
-//     ...
-//     ret
-//
-// These annotations are only required with indirect calls. Private symbols that
-// are only the target of direct calls do not require annotations. Also note
-// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
-// indirect jumps (BR). Indirect jumps in assembly are currently not supported
-// and would require a macro for BTI 'j'.
-//
-// Although not necessary, it is safe to use these macros in 32-bit ARM
-// assembly. This may be used to simplify dual 32-bit and 64-bit files.
-//
-// References:
-// - "ELF for the Arm® 64-bit Architecture"
-//   https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
-// - "Providing protection for complex software"
-//   https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
-
-#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
-#define GNU_PROPERTY_AARCH64_BTI (1 << 0)   // Has Branch Target Identification
-#define AARCH64_VALID_CALL_TARGET hint #34  // BTI 'c'
-#else
-#define GNU_PROPERTY_AARCH64_BTI 0  // No Branch Target Identification
-#define AARCH64_VALID_CALL_TARGET
-#endif
-
-#if defined(__ARM_FEATURE_PAC_DEFAULT) && \
-    (__ARM_FEATURE_PAC_DEFAULT & 1) == 1  // Signed with A-key
-#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
-  (1 << 1)                                       // Has Pointer Authentication
-#define AARCH64_SIGN_LINK_REGISTER hint #25      // PACIASP
-#define AARCH64_VALIDATE_LINK_REGISTER hint #29  // AUTIASP
-#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
-    (__ARM_FEATURE_PAC_DEFAULT & 2) == 2  // Signed with B-key
-#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
-  (1 << 1)                                       // Has Pointer Authentication
-#define AARCH64_SIGN_LINK_REGISTER hint #27      // PACIBSP
-#define AARCH64_VALIDATE_LINK_REGISTER hint #31  // AUTIBSP
-#else
-#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0  // No Pointer Authentication
-#if GNU_PROPERTY_AARCH64_BTI != 0
-#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
-#else
-#define AARCH64_SIGN_LINK_REGISTER
-#endif
-#define AARCH64_VALIDATE_LINK_REGISTER
-#endif
-
-#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
-.pushsection .note.gnu.property, "a";
-.balign 8;
-.long 4;
-.long 0x10;
-.long 0x5;
-.asciz "GNU";
-.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
-.long 4;
-.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
-.long 0;
-.popsection;
-#endif
-
 #endif  // __ASSEMBLER__
 
-#endif  // __ARMEL__ || _M_ARM || __AARCH64EL__ || _M_ARM64
+#endif  // ARM || AARCH64
 
 #endif  // OPENSSL_HEADER_ARM_ARCH_H

data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h

@@ -0,0 +1,207 @@
+/* Copyright (c) 2023, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_ASM_BASE_H
+#define OPENSSL_HEADER_ASM_BASE_H
+
+#include <openssl/target.h>
+
+
+// This header contains symbols and common sections used by assembly files. It
+// is included as a public header to simplify the build, but is not intended for
+// external use.
+//
+// Every assembly file must include this header. Some linker features require
+// all object files to be tagged with some section metadata. This header file,
+// when included in assembly, adds that metadata. It also makes defines like
+// |OPENSSL_X86_64| available and includes the prefixing macros.
+//
+// Including this header in an assembly file imples:
+//
+// - The file does not require an executable stack.
+//
+// - The file, on aarch64, uses the macros defined below to be compatible with
+//   BTI and PAC.
+//
+// - The file, on x86_64, requires the program to be compatible with Intel IBT
+//   and SHSTK
+
+#if defined(__ASSEMBLER__)
+
+#if defined(BORINGSSL_PREFIX)
+#include <boringssl_prefix_symbols_asm.h>
+#endif
+
+#if defined(__ELF__)
+// Every ELF object file, even empty ones, should disable executable stacks. See
+// https://www.airs.com/blog/archives/518.
+.pushsection .note.GNU-stack, "", %progbits
+.popsection
+#endif
+
+#if defined(__CET__) && defined(OPENSSL_X86_64)
+// Clang and GCC define __CET__ and provide <cet.h> when they support Intel's
+// Indirect Branch Tracking.
+// https://lpc.events/event/7/contributions/729/attachments/496/903/CET-LPC-2020.pdf
+//
+// cet.h defines _CET_ENDBR which is used to mark function entry points for IBT.
+// and adds the assembly marker. The value of _CET_ENDBR is made dependant on if
+// '-fcf-protection' is passed to the compiler. _CET_ENDBR is only required when
+// the function is the target of an indirect jump, but BoringSSL chooses to mark
+// all assembly entry points because it is easier, and allows BoringSSL's ABI
+// tester to call the assembly entry points via an indirect jump.
+#include <cet.h>
+#else
+#define _CET_ENDBR
+#endif
+
+#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
+
+// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language
+// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does
+// not implement ACLE, but we require Clang's assembler on Windows.
+#if !defined(__ARM_ARCH)
+#error "ARM assembler must define __ARM_ARCH"
+#endif
+
+// __ARM_ARCH__ is used by OpenSSL assembly to determine the minimum target ARM
+// version.
+//
+// TODO(davidben): Switch the assembly to use |__ARM_ARCH| directly.
+#define __ARM_ARCH__ __ARM_ARCH
+
+// Even when building for 32-bit ARM, support for aarch64 crypto instructions
+// will be included.
+#define __ARM_MAX_ARCH__ 8
+
+// Support macros for
+//   - Armv8.3-A Pointer Authentication and
+//   - Armv8.5-A Branch Target Identification
+// features which require emitting a .note.gnu.property section with the
+// appropriate architecture-dependent feature bits set.
+//
+// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
+// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
+// used immediately before saving the LR register (x30) to the stack.
+// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
+// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
+// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
+// have the same value at the two points. For example:
+//
+//   .global f
+//   f:
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
+// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
+// indirect call target. In particular, all symbols exported from a file must
+// begin with one of these macros. For example, a leaf function that does not
+// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
+//
+//   .globl return_zero
+//   return_zero:
+//     AARCH64_VALID_CALL_TARGET
+//     mov x0, #0
+//     ret
+//
+// A non-leaf function which does not immediately save LR may need both macros
+// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
+// may jump to an alternate implementation before setting up the stack:
+//
+//   .globl with_early_jump
+//   with_early_jump:
+//     AARCH64_VALID_CALL_TARGET
+//     cmp x0, #128
+//     b.lt .Lwith_early_jump_128
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+//  .Lwith_early_jump_128:
+//     ...
+//     ret
+//
+// These annotations are only required with indirect calls. Private symbols that
+// are only the target of direct calls do not require annotations. Also note
+// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
+// indirect jumps (BR). Indirect jumps in assembly are currently not supported
+// and would require a macro for BTI 'j'.
+//
+// Although not necessary, it is safe to use these macros in 32-bit ARM
+// assembly. This may be used to simplify dual 32-bit and 64-bit files.
+//
+// References:
+// - "ELF for the Arm® 64-bit Architecture"
+//   https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
+// - "Providing protection for complex software"
+//   https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
+
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+#define GNU_PROPERTY_AARCH64_BTI (1 << 0)   // Has Branch Target Identification
+#define AARCH64_VALID_CALL_TARGET hint #34  // BTI 'c'
+#else
+#define GNU_PROPERTY_AARCH64_BTI 0  // No Branch Target Identification
+#define AARCH64_VALID_CALL_TARGET
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && \
+    (__ARM_FEATURE_PAC_DEFAULT & 1) == 1  // Signed with A-key
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+  (1 << 1)                                       // Has Pointer Authentication
+#define AARCH64_SIGN_LINK_REGISTER hint #25      // PACIASP
+#define AARCH64_VALIDATE_LINK_REGISTER hint #29  // AUTIASP
+#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
+    (__ARM_FEATURE_PAC_DEFAULT & 2) == 2  // Signed with B-key
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+  (1 << 1)                                       // Has Pointer Authentication
+#define AARCH64_SIGN_LINK_REGISTER hint #27      // PACIBSP
+#define AARCH64_VALIDATE_LINK_REGISTER hint #31  // AUTIBSP
+#else
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0  // No Pointer Authentication
+#if GNU_PROPERTY_AARCH64_BTI != 0
+#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
+#else
+#define AARCH64_SIGN_LINK_REGISTER
+#endif
+#define AARCH64_VALIDATE_LINK_REGISTER
+#endif
+
+#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
+.pushsection .note.gnu.property, "a";
+.balign 8;
+.long 4;
+.long 0x10;
+.long 0x5;
+.asciz "GNU";
+.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4;
+.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+.long 0;
+.popsection;
+#endif
+#endif  // ARM || AARCH64
+
+#endif  // __ASSEMBLER__
+
+#endif  // OPENSSL_HEADER_ASM_BASE_H

data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h

@@ -1355,6 +1355,11 @@ OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(
 // GeneralizedTime. If |str| is neither, it returns zero.
 OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
+// ASN1_TIME_set_string_X509 behaves like |ASN1_TIME_set_string| except it
+// additionally converts GeneralizedTime to UTCTime if it is in the range where
+// UTCTime is used. See RFC 5280, section 4.1.2.5.
+OPENSSL_EXPORT int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+
 // ASN1_TIME_to_time_t converts |t| to a time_t value in |out|. On
 // success, one is returned. On failure zero is returned. This function
 // will fail if the time can not be represented in a time_t.

data/third_party/boringssl-with-bazel/src/include/openssl/base.h

@@ -74,6 +74,7 @@
 // opensslconf.h.
 #include <openssl/is_boringssl.h>
 #include <openssl/opensslconf.h>
+#include <openssl/target.h>  // IWYU pragma: export
 
 #if defined(BORINGSSL_PREFIX)
 #include <boringssl_prefix_symbols.h>
@@ -84,48 +85,7 @@ extern "C" {
 #endif
 
 
-#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
-#define OPENSSL_64_BIT
-#define OPENSSL_X86_64
-#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
-#define OPENSSL_32_BIT
-#define OPENSSL_X86
-#elif defined(__AARCH64EL__) || defined(_M_ARM64)
-#define OPENSSL_64_BIT
-#define OPENSSL_AARCH64
-#elif defined(__ARMEL__) || defined(_M_ARM)
-#define OPENSSL_32_BIT
-#define OPENSSL_ARM
-#elif defined(__MIPSEL__) && !defined(__LP64__)
-#define OPENSSL_32_BIT
-#define OPENSSL_MIPS
-#elif defined(__MIPSEL__) && defined(__LP64__)
-#define OPENSSL_64_BIT
-#define OPENSSL_MIPS64
-#elif defined(__riscv) && __SIZEOF_POINTER__ == 8
-#define OPENSSL_64_BIT
-#define OPENSSL_RISCV64
-#elif defined(__riscv) && __SIZEOF_POINTER__ == 4
-#define OPENSSL_32_BIT
-#elif defined(__pnacl__)
-#define OPENSSL_32_BIT
-#define OPENSSL_PNACL
-#elif defined(__wasm__)
-#define OPENSSL_32_BIT
-#elif defined(__asmjs__)
-#define OPENSSL_32_BIT
-#elif defined(__myriad2__)
-#define OPENSSL_32_BIT
-#else
-// Note BoringSSL only supports standard 32-bit and 64-bit two's-complement,
-// little-endian architectures. Functions will not produce the correct answer
-// on other systems. Run the crypto_test binary, notably
-// crypto/compiler_test.cc, before adding a new architecture.
-#error "Unknown target CPU"
-#endif
-
 #if defined(__APPLE__)
-#define OPENSSL_APPLE
 // Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
 // targets macOS specifically.
 #if defined(TARGET_OS_OSX) && TARGET_OS_OSX
@@ -136,55 +96,6 @@ extern "C" {
 #endif
 #endif
 
-#if defined(_WIN32)
-#define OPENSSL_WINDOWS
-#endif
-
-// Trusty isn't Linux but currently defines __linux__. As a workaround, we
-// exclude it here.
-// TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
-#if defined(__linux__) && !defined(__TRUSTY__)
-#define OPENSSL_LINUX
-#endif
-
-#if defined(__Fuchsia__)
-#define OPENSSL_FUCHSIA
-#endif
-
-#if defined(__TRUSTY__)
-#define OPENSSL_TRUSTY
-#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
-#endif
-
-#if defined(__ANDROID_API__)
-#define OPENSSL_ANDROID
-#endif
-
-#if defined(__FreeBSD__)
-#define OPENSSL_FREEBSD
-#endif
-
-#if defined(__OpenBSD__)
-#define OPENSSL_OPENBSD
-#endif
-
-// BoringSSL requires platform's locking APIs to make internal global state
-// thread-safe, including the PRNG. On some single-threaded embedded platforms,
-// locking APIs may not exist, so this dependency may be disabled with the
-// following build flag.
-//
-// IMPORTANT: Doing so means the consumer promises the library will never be
-// used in any multi-threaded context. It causes BoringSSL to be globally
-// thread-unsafe. Setting it inappropriately will subtly and unpredictably
-// corrupt memory and leak secret keys.
-//
-// Do not set this flag on any platform where threads are possible. BoringSSL
-// maintainers will not provide support for any consumers that do so. Changes
-// which break such unsupported configurations will not be reverted.
-#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED)
-#define OPENSSL_THREADS
-#endif
-
 #define OPENSSL_IS_BORINGSSL
 #define OPENSSL_VERSION_NUMBER 0x1010107f
 #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
@@ -197,7 +108,7 @@ extern "C" {
 // A consumer may use this symbol in the preprocessor to temporarily build
 // against multiple revisions of BoringSSL at the same time. It is not
 // recommended to do so for longer than is necessary.
-#define BORINGSSL_API_VERSION 21
+#define BORINGSSL_API_VERSION 24
 
 #if defined(BORINGSSL_SHARED_LIBRARY)
 
@@ -311,31 +222,6 @@ extern "C" {
 #define OPENSSL_INLINE static inline OPENSSL_UNUSED
 #endif
 
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \
-    !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
-#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE
-#endif
-
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#define OPENSSL_ASAN
-#endif
-#if __has_feature(thread_sanitizer)
-#define OPENSSL_TSAN
-#endif
-#if __has_feature(memory_sanitizer)
-#define OPENSSL_MSAN
-#define OPENSSL_ASM_INCOMPATIBLE
-#endif
-#endif
-
-#if defined(OPENSSL_ASM_INCOMPATIBLE)
-#undef OPENSSL_ASM_INCOMPATIBLE
-#if !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif  // OPENSSL_ASM_INCOMPATIBLE
-
 #if defined(__cplusplus)
 // enums can be predeclared, but only in C++ and only if given an explicit type.
 // C doesn't support setting an explicit type for enums thus a #define is used

data/third_party/boringssl-with-bazel/src/include/openssl/bn.h

@@ -160,14 +160,12 @@ extern "C" {
 typedef uint64_t BN_ULONG;
 #define BN_BITS2 64
 #define BN_DEC_FMT1 "%" PRIu64
-#define BN_DEC_FMT2 "%019" PRIu64
 #define BN_HEX_FMT1 "%" PRIx64
 #define BN_HEX_FMT2 "%016" PRIx64
 #elif defined(OPENSSL_32_BIT)
 typedef uint32_t BN_ULONG;
 #define BN_BITS2 32
 #define BN_DEC_FMT1 "%" PRIu32
-#define BN_DEC_FMT2 "%09" PRIu32
 #define BN_HEX_FMT1 "%" PRIx32
 #define BN_HEX_FMT2 "%08" PRIx32
 #else

data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h

@@ -29,6 +29,12 @@ extern "C" {
 // CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and
 // nonce and writes the result to |out|. If |in| and |out| alias, they must be
 // equal. The initial block counter is specified by |counter|.
+//
+// This function implements a 32-bit block counter as in RFC 8439. On overflow,
+// the counter wraps. Reusing a key, nonce, and block counter combination is not
+// secure, so wrapping is usually a bug in the caller. While it is possible to
+// wrap without reuse with a large initial block counter, this is not
+// recommended and may not be portable to other ChaCha20 implementations.
 OPENSSL_EXPORT void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in,
                                      size_t in_len, const uint8_t key[32],
                                      const uint8_t nonce[12], uint32_t counter);

data/third_party/boringssl-with-bazel/src/include/openssl/conf.h

@@ -77,7 +77,10 @@ extern "C" {
 //   [section_name]
 //   key2=value2
 //
-// Config files are represented by a |CONF|.
+// Config files are represented by a |CONF|. Use of this module is strongly
+// discouraged. It is a remnant of the OpenSSL command-line tool. Parsing an
+// untrusted input as a config file risks string injection and denial of service
+// vulnerabilities.
 
 struct conf_value_st {
   char *section;
@@ -166,5 +169,6 @@ BSSL_NAMESPACE_END
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104
 #define CONF_R_VARIABLE_HAS_NO_VALUE 105
 #define CONF_R_VARIABLE_EXPANSION_TOO_LONG 106
+#define CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED 107
 
 #endif  // OPENSSL_HEADER_THREAD_H

data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h

@@ -62,9 +62,7 @@
 
 #include <openssl/base.h>
 
-#include <openssl/engine.h>
 #include <openssl/ex_data.h>
-#include <openssl/thread.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -398,25 +396,6 @@ OPENSSL_EXPORT DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                                             void *cb_arg);
 
 
-struct dsa_st {
-  long version;
-  BIGNUM *p;
-  BIGNUM *q;  // == 20
-  BIGNUM *g;
-
-  BIGNUM *pub_key;   // y public key
-  BIGNUM *priv_key;  // x private key
-
-  int flags;
-  // Normally used to cache montgomery values
-  CRYPTO_MUTEX method_mont_lock;
-  BN_MONT_CTX *method_mont_p;
-  BN_MONT_CTX *method_mont_q;
-  CRYPTO_refcount_t references;
-  CRYPTO_EX_DATA ex_data;
-};
-
-
 #if defined(__cplusplus)
 }  // extern C
 

data/third_party/boringssl-with-bazel/src/include/openssl/ec.h

@@ -101,8 +101,24 @@ typedef enum {
 
 // Elliptic curve groups.
 
-// EC_GROUP_new_by_curve_name returns a fresh EC_GROUP object for the elliptic
-// curve specified by |nid|, or NULL on unsupported NID or allocation failure.
+// EC_group_p224 returns an |EC_GROUP| for P-224, also known as secp224r1.
+OPENSSL_EXPORT const EC_GROUP *EC_group_p224(void);
+
+// EC_group_p256 returns an |EC_GROUP| for P-256, also known as secp256r1 or
+// prime256v1.
+OPENSSL_EXPORT const EC_GROUP *EC_group_p256(void);
+
+// EC_group_p384 returns an |EC_GROUP| for P-384, also known as secp384r1.
+OPENSSL_EXPORT const EC_GROUP *EC_group_p384(void);
+
+// EC_group_p521 returns an |EC_GROUP| for P-521, also known as secp521r1.
+OPENSSL_EXPORT const EC_GROUP *EC_group_p521(void);
+
+// EC_GROUP_new_by_curve_name returns the |EC_GROUP| object for the elliptic
+// curve specified by |nid|, or NULL on unsupported NID.  For OpenSSL
+// compatibility, this function returns a non-const pointer which may be passed
+// to |EC_GROUP_free|. However, the resulting object is actually static and
+// calling |EC_GROUP_free| is optional.
 //
 // The supported NIDs are:
 //   NID_secp224r1 (P-224),
@@ -110,6 +126,9 @@ typedef enum {
 //   NID_secp384r1 (P-384),
 //   NID_secp521r1 (P-521)
 //
+// Calling this function causes all four curves to be linked into the binary.
+// Prefer calling |EC_group_*| to allow the static linker to drop unused curves.
+//
 // If in doubt, use |NID_X9_62_prime256v1|, or see the curve25519.h header for
 // more modern primitives.
 OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);

data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h

@@ -259,8 +259,15 @@ OPENSSL_EXPORT int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
                                               unsigned enc_flags);
 
 // EC_KEY_parse_curve_name parses a DER-encoded OBJECT IDENTIFIER as a curve
-// name from |cbs| and advances |cbs|. It returns a newly-allocated |EC_GROUP|
-// or NULL on error.
+// name from |cbs| and advances |cbs|. It returns the decoded |EC_GROUP| or NULL
+// on error.
+//
+// This function returns a non-const pointer which may be passed to
+// |EC_GROUP_free|. However, the resulting object is actually static and calling
+// |EC_GROUP_free| is optional.
+//
+// TODO(davidben): Make this return a const pointer, if it does not break too
+// many callers.
 OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs);
 
 // EC_KEY_marshal_curve_name marshals |group| as a DER-encoded OBJECT IDENTIFIER
@@ -269,10 +276,16 @@ OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs);
 OPENSSL_EXPORT int EC_KEY_marshal_curve_name(CBB *cbb, const EC_GROUP *group);
 
 // EC_KEY_parse_parameters parses a DER-encoded ECParameters structure (RFC
-// 5480) from |cbs| and advances |cbs|. It returns a newly-allocated |EC_GROUP|
-// or NULL on error. It supports the namedCurve and specifiedCurve options, but
-// use of specifiedCurve is deprecated. Use |EC_KEY_parse_curve_name|
-// instead.
+// 5480) from |cbs| and advances |cbs|. It returns the resulting |EC_GROUP| or
+// NULL on error. It supports the namedCurve and specifiedCurve options, but use
+// of specifiedCurve is deprecated. Use |EC_KEY_parse_curve_name| instead.
+//
+// This function returns a non-const pointer which may be passed to
+// |EC_GROUP_free|. However, the resulting object is actually static and calling
+// |EC_GROUP_free| is optional.
+//
+// TODO(davidben): Make this return a const pointer, if it does not break too
+// many callers.
 OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_parameters(CBS *cbs);