grpc 1.10.0.pre1 → 1.10.0.pre2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +3 -3
  3. data/src/core/ext/filters/max_age/max_age_filter.cc +3 -0
  4. data/src/core/lib/surface/version.cc +1 -1
  5. data/src/ruby/lib/grpc/version.rb +1 -1
  6. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +1100 -0
  7. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +138 -0
  8. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +112 -0
  9. data/third_party/boringssl/crypto/fipsmodule/bn/add.c +375 -0
  10. data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +537 -0
  11. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +370 -0
  12. data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +269 -0
  13. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +239 -0
  14. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +303 -0
  15. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +726 -0
  16. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +1233 -0
  17. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +627 -0
  18. data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +715 -0
  19. data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +146 -0
  20. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +430 -0
  21. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +207 -0
  22. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +869 -0
  23. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +894 -0
  24. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +283 -0
  25. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +254 -0
  26. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +307 -0
  27. data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +502 -0
  28. data/third_party/boringssl/crypto/fipsmodule/cipher/aead.c +284 -0
  29. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +613 -0
  30. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +1437 -0
  31. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +233 -0
  32. data/third_party/boringssl/crypto/fipsmodule/des/des.c +785 -0
  33. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +256 -0
  34. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +280 -0
  35. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +842 -0
  36. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +517 -0
  37. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +304 -0
  38. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +404 -0
  39. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +1165 -0
  40. data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +1708 -0
  41. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +561 -0
  42. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +1113 -0
  43. data/third_party/boringssl/crypto/fipsmodule/ec/util-64.c +109 -0
  44. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +456 -0
  45. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +444 -0
  46. data/third_party/boringssl/crypto/fipsmodule/hmac/hmac.c +228 -0
  47. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +254 -0
  48. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +298 -0
  49. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +212 -0
  50. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +230 -0
  51. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +219 -0
  52. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +1074 -0
  53. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +95 -0
  54. data/third_party/boringssl/crypto/fipsmodule/modes/polyval.c +91 -0
  55. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +200 -0
  56. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +358 -0
  57. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +302 -0
  58. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +263 -0
  59. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +692 -0
  60. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +855 -0
  61. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +1061 -0
  62. data/third_party/boringssl/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  63. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +375 -0
  64. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +337 -0
  65. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +608 -0
  66. metadata +62 -2
@@ -0,0 +1,283 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.]
56
+ */
57
+ /* ====================================================================
58
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
59
+ *
60
+ * Redistribution and use in source and binary forms, with or without
61
+ * modification, are permitted provided that the following conditions
62
+ * are met:
63
+ *
64
+ * 1. Redistributions of source code must retain the above copyright
65
+ * notice, this list of conditions and the following disclaimer.
66
+ *
67
+ * 2. Redistributions in binary form must reproduce the above copyright
68
+ * notice, this list of conditions and the following disclaimer in
69
+ * the documentation and/or other materials provided with the
70
+ * distribution.
71
+ *
72
+ * 3. All advertising materials mentioning features or use of this
73
+ * software must display the following acknowledgment:
74
+ * "This product includes software developed by the OpenSSL Project
75
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
+ *
77
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
+ * endorse or promote products derived from this software without
79
+ * prior written permission. For written permission, please contact
80
+ * openssl-core@openssl.org.
81
+ *
82
+ * 5. Products derived from this software may not be called "OpenSSL"
83
+ * nor may "OpenSSL" appear in their names without prior written
84
+ * permission of the OpenSSL Project.
85
+ *
86
+ * 6. Redistributions of any form whatsoever must retain the following
87
+ * acknowledgment:
88
+ * "This product includes software developed by the OpenSSL Project
89
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
+ *
91
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
103
+ * ====================================================================
104
+ *
105
+ * This product includes cryptographic software written by Eric Young
106
+ * (eay@cryptsoft.com). This product includes software written by Tim
107
+ * Hudson (tjh@cryptsoft.com). */
108
+
109
+ #include <openssl/bn.h>
110
+
111
+ #include <string.h>
112
+
113
+ #include <openssl/err.h>
114
+ #include <openssl/mem.h>
115
+ #include <openssl/rand.h>
116
+ #include <openssl/sha.h>
117
+ #include <openssl/type_check.h>
118
+
119
+ #include "../../internal.h"
120
+ #include "../rand/internal.h"
121
+
122
+
123
+ static const uint8_t kDefaultAdditionalData[32] = {0};
124
+
125
+ static int bn_rand_with_additional_data(BIGNUM *rnd, int bits, int top,
126
+ int bottom,
127
+ const uint8_t additional_data[32]) {
128
+ uint8_t *buf = NULL;
129
+ int ret = 0, bit, bytes, mask;
130
+
131
+ if (rnd == NULL) {
132
+ return 0;
133
+ }
134
+
135
+ if (top != BN_RAND_TOP_ANY && top != BN_RAND_TOP_ONE &&
136
+ top != BN_RAND_TOP_TWO) {
137
+ OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
138
+ return 0;
139
+ }
140
+
141
+ if (bottom != BN_RAND_BOTTOM_ANY && bottom != BN_RAND_BOTTOM_ODD) {
142
+ OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
143
+ return 0;
144
+ }
145
+
146
+ if (bits == 0) {
147
+ BN_zero(rnd);
148
+ return 1;
149
+ }
150
+
151
+ bytes = (bits + 7) / 8;
152
+ bit = (bits - 1) % 8;
153
+ mask = 0xff << (bit + 1);
154
+
155
+ buf = OPENSSL_malloc(bytes);
156
+ if (buf == NULL) {
157
+ OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
158
+ goto err;
159
+ }
160
+
161
+ // Make a random number and set the top and bottom bits.
162
+ RAND_bytes_with_additional_data(buf, bytes, additional_data);
163
+
164
+ if (top != BN_RAND_TOP_ANY) {
165
+ if (top == BN_RAND_TOP_TWO && bits > 1) {
166
+ if (bit == 0) {
167
+ buf[0] = 1;
168
+ buf[1] |= 0x80;
169
+ } else {
170
+ buf[0] |= (3 << (bit - 1));
171
+ }
172
+ } else {
173
+ buf[0] |= (1 << bit);
174
+ }
175
+ }
176
+
177
+ buf[0] &= ~mask;
178
+
179
+ // Set the bottom bit if requested,
180
+ if (bottom == BN_RAND_BOTTOM_ODD) {
181
+ buf[bytes - 1] |= 1;
182
+ }
183
+
184
+ if (!BN_bin2bn(buf, bytes, rnd)) {
185
+ goto err;
186
+ }
187
+
188
+ ret = 1;
189
+
190
+ err:
191
+ OPENSSL_free(buf);
192
+ return ret;
193
+ }
194
+
195
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
196
+ return bn_rand_with_additional_data(rnd, bits, top, bottom,
197
+ kDefaultAdditionalData);
198
+ }
199
+
200
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) {
201
+ return BN_rand(rnd, bits, top, bottom);
202
+ }
203
+
204
+ static int bn_rand_range_with_additional_data(
205
+ BIGNUM *r, BN_ULONG min_inclusive, const BIGNUM *max_exclusive,
206
+ const uint8_t additional_data[32]) {
207
+ if (BN_cmp_word(max_exclusive, min_inclusive) <= 0) {
208
+ OPENSSL_PUT_ERROR(BN, BN_R_INVALID_RANGE);
209
+ return 0;
210
+ }
211
+
212
+ // This function is used to implement steps 4 through 7 of FIPS 186-4
213
+ // appendices B.4.2 and B.5.2. When called in those contexts, |max_exclusive|
214
+ // is n and |min_inclusive| is one.
215
+ unsigned count = 100;
216
+ unsigned n = BN_num_bits(max_exclusive); // n > 0
217
+ do {
218
+ if (!--count) {
219
+ OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_ITERATIONS);
220
+ return 0;
221
+ }
222
+
223
+ if (// steps 4 and 5
224
+ !bn_rand_with_additional_data(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
225
+ additional_data) ||
226
+ // step 7
227
+ !BN_add_word(r, min_inclusive)) {
228
+ return 0;
229
+ }
230
+
231
+ // Step 6. This loops if |r| >= |max_exclusive|. This is identical to
232
+ // checking |r| > |max_exclusive| - 1 or |r| - 1 > |max_exclusive| - 2, the
233
+ // formulation stated in FIPS 186-4.
234
+ } while (BN_cmp(r, max_exclusive) >= 0);
235
+
236
+ return 1;
237
+ }
238
+
239
+ int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
240
+ const BIGNUM *max_exclusive) {
241
+ return bn_rand_range_with_additional_data(r, min_inclusive, max_exclusive,
242
+ kDefaultAdditionalData);
243
+ }
244
+
245
+ int BN_rand_range(BIGNUM *r, const BIGNUM *range) {
246
+ return BN_rand_range_ex(r, 0, range);
247
+ }
248
+
249
+ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) {
250
+ return BN_rand_range(r, range);
251
+ }
252
+
253
+ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
254
+ const uint8_t *message, size_t message_len,
255
+ BN_CTX *ctx) {
256
+ // We copy |priv| into a local buffer to avoid furthur exposing its
257
+ // length.
258
+ uint8_t private_bytes[96];
259
+ size_t todo = sizeof(priv->d[0]) * priv->top;
260
+ if (todo > sizeof(private_bytes)) {
261
+ // No reasonable DSA or ECDSA key should have a private key
262
+ // this large and we don't handle this case in order to avoid
263
+ // leaking the length of the private key.
264
+ OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE);
265
+ return 0;
266
+ }
267
+ OPENSSL_memcpy(private_bytes, priv->d, todo);
268
+ OPENSSL_memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
269
+
270
+ // Pass a SHA512 hash of the private key and message as additional data into
271
+ // the RBG. This is a hardening measure against entropy failure.
272
+ OPENSSL_COMPILE_ASSERT(SHA512_DIGEST_LENGTH >= 32,
273
+ additional_data_is_too_large_for_sha512);
274
+ SHA512_CTX sha;
275
+ uint8_t digest[SHA512_DIGEST_LENGTH];
276
+ SHA512_Init(&sha);
277
+ SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
278
+ SHA512_Update(&sha, message, message_len);
279
+ SHA512_Final(digest, &sha);
280
+
281
+ // Select a value k from [1, range-1], following FIPS 186-4 appendix B.5.2.
282
+ return bn_rand_range_with_additional_data(out, 1, range, digest);
283
+ }
@@ -0,0 +1,254 @@
1
+ /*****************************************************************************
2
+ * *
3
+ * Copyright (c) 2012, Intel Corporation *
4
+ * *
5
+ * All rights reserved. *
6
+ * *
7
+ * Redistribution and use in source and binary forms, with or without *
8
+ * modification, are permitted provided that the following conditions are *
9
+ * met: *
10
+ * *
11
+ * * Redistributions of source code must retain the above copyright *
12
+ * notice, this list of conditions and the following disclaimer. *
13
+ * *
14
+ * * Redistributions in binary form must reproduce the above copyright *
15
+ * notice, this list of conditions and the following disclaimer in the *
16
+ * documentation and/or other materials provided with the *
17
+ * distribution. *
18
+ * *
19
+ * * Neither the name of the Intel Corporation nor the names of its *
20
+ * contributors may be used to endorse or promote products derived from *
21
+ * this software without specific prior written permission. *
22
+ * *
23
+ * *
24
+ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY *
25
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
26
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR *
27
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR *
28
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, *
29
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, *
30
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
31
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
32
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
33
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
34
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
35
+ * *
36
+ ******************************************************************************
37
+ * Developers and authors: *
38
+ * Shay Gueron (1, 2), and Vlad Krasnov (1) *
39
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel *
40
+ * (2) University of Haifa, Israel *
41
+ *****************************************************************************/
42
+
43
+ #include <openssl/base.h>
44
+
45
+ #if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
46
+
47
+ #include "rsaz_exp.h"
48
+
49
+ #include <openssl/mem.h>
50
+
51
+ #include "../../internal.h"
52
+
53
+
54
+ /*
55
+ * See crypto/bn/asm/rsaz-avx2.pl for further details.
56
+ */
57
+ void rsaz_1024_norm2red_avx2(void *red,const void *norm);
58
+ void rsaz_1024_mul_avx2(void *ret,const void *a,const void *b,const void *n,BN_ULONG k);
59
+ void rsaz_1024_sqr_avx2(void *ret,const void *a,const void *n,BN_ULONG k,int cnt);
60
+ void rsaz_1024_scatter5_avx2(void *tbl,const void *val,int i);
61
+ void rsaz_1024_gather5_avx2(void *val,const void *tbl,int i);
62
+ void rsaz_1024_red2norm_avx2(void *norm,const void *red);
63
+
64
+ alignas(64) static const BN_ULONG one[40] =
65
+ {1,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
66
+ alignas(64) static const BN_ULONG two80[40] =
67
+ {0,0,1<<22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
68
+
69
+ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
70
+ const BN_ULONG base_norm[16], const BN_ULONG exponent[16],
71
+ const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0)
72
+ {
73
+ alignas(64) uint8_t storage[(320 * 3) + (32 * 9 * 16)]; /* 5.5KB */
74
+ unsigned char *a_inv, *m, *result,
75
+ *table_s = storage + (320 * 3),
76
+ *R2 = table_s; /* borrow */
77
+ int index;
78
+ int wvalue;
79
+
80
+ if (((((uintptr_t)storage & 4095) + 320) >> 12) != 0) {
81
+ result = storage;
82
+ a_inv = storage + 320;
83
+ m = storage + (320 * 2); /* should not cross page */
84
+ } else {
85
+ m = storage; /* should not cross page */
86
+ result = storage + 320;
87
+ a_inv = storage + (320 * 2);
88
+ }
89
+
90
+ rsaz_1024_norm2red_avx2(m, m_norm);
91
+ rsaz_1024_norm2red_avx2(a_inv, base_norm);
92
+ rsaz_1024_norm2red_avx2(R2, RR);
93
+
94
+ rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
95
+ rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
96
+
97
+ /* table[0] = 1 */
98
+ rsaz_1024_mul_avx2(result, R2, one, m, k0);
99
+ /* table[1] = a_inv^1 */
100
+ rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
101
+
102
+ rsaz_1024_scatter5_avx2(table_s,result,0);
103
+ rsaz_1024_scatter5_avx2(table_s,a_inv,1);
104
+
105
+ /* table[2] = a_inv^2 */
106
+ rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1);
107
+ rsaz_1024_scatter5_avx2(table_s,result,2);
108
+ #if 0
109
+ /* this is almost 2x smaller and less than 1% slower */
110
+ for (index=3; index<32; index++) {
111
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
112
+ rsaz_1024_scatter5_avx2(table_s,result,index);
113
+ }
114
+ #else
115
+ /* table[4] = a_inv^4 */
116
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
117
+ rsaz_1024_scatter5_avx2(table_s,result,4);
118
+ /* table[8] = a_inv^8 */
119
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
120
+ rsaz_1024_scatter5_avx2(table_s,result,8);
121
+ /* table[16] = a_inv^16 */
122
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
123
+ rsaz_1024_scatter5_avx2(table_s,result,16);
124
+ /* table[17] = a_inv^17 */
125
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
126
+ rsaz_1024_scatter5_avx2(table_s,result,17);
127
+
128
+ /* table[3] */
129
+ rsaz_1024_gather5_avx2(result,table_s,2);
130
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
131
+ rsaz_1024_scatter5_avx2(table_s,result,3);
132
+ /* table[6] */
133
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
134
+ rsaz_1024_scatter5_avx2(table_s,result,6);
135
+ /* table[12] */
136
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
137
+ rsaz_1024_scatter5_avx2(table_s,result,12);
138
+ /* table[24] */
139
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
140
+ rsaz_1024_scatter5_avx2(table_s,result,24);
141
+ /* table[25] */
142
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
143
+ rsaz_1024_scatter5_avx2(table_s,result,25);
144
+
145
+ /* table[5] */
146
+ rsaz_1024_gather5_avx2(result,table_s,4);
147
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
148
+ rsaz_1024_scatter5_avx2(table_s,result,5);
149
+ /* table[10] */
150
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
151
+ rsaz_1024_scatter5_avx2(table_s,result,10);
152
+ /* table[20] */
153
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
154
+ rsaz_1024_scatter5_avx2(table_s,result,20);
155
+ /* table[21] */
156
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
157
+ rsaz_1024_scatter5_avx2(table_s,result,21);
158
+
159
+ /* table[7] */
160
+ rsaz_1024_gather5_avx2(result,table_s,6);
161
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
162
+ rsaz_1024_scatter5_avx2(table_s,result,7);
163
+ /* table[14] */
164
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
165
+ rsaz_1024_scatter5_avx2(table_s,result,14);
166
+ /* table[28] */
167
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
168
+ rsaz_1024_scatter5_avx2(table_s,result,28);
169
+ /* table[29] */
170
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
171
+ rsaz_1024_scatter5_avx2(table_s,result,29);
172
+
173
+ /* table[9] */
174
+ rsaz_1024_gather5_avx2(result,table_s,8);
175
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
176
+ rsaz_1024_scatter5_avx2(table_s,result,9);
177
+ /* table[18] */
178
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
179
+ rsaz_1024_scatter5_avx2(table_s,result,18);
180
+ /* table[19] */
181
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
182
+ rsaz_1024_scatter5_avx2(table_s,result,19);
183
+
184
+ /* table[11] */
185
+ rsaz_1024_gather5_avx2(result,table_s,10);
186
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
187
+ rsaz_1024_scatter5_avx2(table_s,result,11);
188
+ /* table[22] */
189
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
190
+ rsaz_1024_scatter5_avx2(table_s,result,22);
191
+ /* table[23] */
192
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
193
+ rsaz_1024_scatter5_avx2(table_s,result,23);
194
+
195
+ /* table[13] */
196
+ rsaz_1024_gather5_avx2(result,table_s,12);
197
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
198
+ rsaz_1024_scatter5_avx2(table_s,result,13);
199
+ /* table[26] */
200
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
201
+ rsaz_1024_scatter5_avx2(table_s,result,26);
202
+ /* table[27] */
203
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
204
+ rsaz_1024_scatter5_avx2(table_s,result,27);
205
+
206
+ /* table[15] */
207
+ rsaz_1024_gather5_avx2(result,table_s,14);
208
+ rsaz_1024_mul_avx2(result,result,a_inv,m,k0);
209
+ rsaz_1024_scatter5_avx2(table_s,result,15);
210
+ /* table[30] */
211
+ rsaz_1024_sqr_avx2(result, result, m, k0, 1);
212
+ rsaz_1024_scatter5_avx2(table_s,result,30);
213
+ /* table[31] */
214
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
215
+ rsaz_1024_scatter5_avx2(table_s,result,31);
216
+ #endif
217
+
218
+ const uint8_t *p_str = (const uint8_t *)exponent;
219
+
220
+ /* load first window */
221
+ wvalue = p_str[127] >> 3;
222
+ rsaz_1024_gather5_avx2(result,table_s,wvalue);
223
+
224
+ index = 1014;
225
+
226
+ while(index > -1) { /* loop for the remaining 127 windows */
227
+
228
+ rsaz_1024_sqr_avx2(result, result, m, k0, 5);
229
+
230
+ wvalue = *((const unsigned short*)&p_str[index / 8]);
231
+ wvalue = (wvalue>> (index%8)) & 31;
232
+ index-=5;
233
+
234
+ rsaz_1024_gather5_avx2(a_inv,table_s,wvalue); /* borrow a_inv */
235
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
236
+ }
237
+
238
+ /* square four times */
239
+ rsaz_1024_sqr_avx2(result, result, m, k0, 4);
240
+
241
+ wvalue = p_str[0] & 15;
242
+
243
+ rsaz_1024_gather5_avx2(a_inv,table_s,wvalue); /* borrow a_inv */
244
+ rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
245
+
246
+ /* from Montgomery */
247
+ rsaz_1024_mul_avx2(result, result, one, m, k0);
248
+
249
+ rsaz_1024_red2norm_avx2(result_norm, result);
250
+
251
+ OPENSSL_cleanse(storage,sizeof(storage));
252
+ }
253
+
254
+ #endif /* OPENSSL_X86_64 */