grpc 1.12.0 → 1.13.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +314 -23
- data/include/grpc/impl/codegen/fork.h +4 -4
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/port_platform.h +3 -0
- data/src/boringssl/err_data.c +256 -246
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
- data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
- data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
- data/src/core/lib/channel/channel_stack.cc +0 -5
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channel_stack_builder.cc +0 -3
- data/src/core/lib/channel/channel_stack_builder.h +0 -2
- data/src/core/lib/channel/channel_trace.cc +3 -3
- data/src/core/lib/channel/channelz_registry.cc +77 -0
- data/src/core/lib/channel/channelz_registry.h +99 -0
- data/src/core/lib/channel/handshaker.cc +20 -1
- data/src/core/lib/debug/stats.h +7 -0
- data/src/core/lib/debug/stats_data.cc +5 -0
- data/src/core/lib/debug/stats_data.h +120 -0
- data/src/core/lib/debug/trace.h +11 -9
- data/src/core/lib/gprpp/fork.cc +260 -0
- data/src/core/lib/gprpp/fork.h +79 -0
- data/src/core/lib/gprpp/memory.h +12 -0
- data/src/core/lib/gprpp/orphanable.h +2 -6
- data/src/core/lib/gprpp/ref_counted.h +2 -6
- data/src/core/lib/gprpp/thd.h +0 -3
- data/src/core/lib/gprpp/thd_posix.cc +4 -53
- data/src/core/lib/gprpp/thd_windows.cc +0 -7
- data/src/core/lib/http/httpcli_security_connector.cc +1 -3
- data/src/core/lib/iomgr/combiner.cc +19 -2
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
- data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
- data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
- data/src/core/lib/iomgr/ev_posix.cc +11 -4
- data/src/core/lib/iomgr/ev_posix.h +6 -0
- data/src/core/lib/iomgr/exec_ctx.cc +9 -9
- data/src/core/lib/iomgr/exec_ctx.h +39 -20
- data/src/core/lib/iomgr/fork_posix.cc +30 -18
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +11 -2
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/port.h +38 -1
- data/src/core/lib/iomgr/resolve_address.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +18 -10
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
- data/src/core/lib/iomgr/timer.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +113 -41
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
- data/src/core/lib/security/security_connector/security_connector.cc +7 -7
- data/src/core/lib/security/transport/security_handshaker.cc +1 -0
- data/src/core/lib/security/util/json_util.cc +4 -0
- data/src/core/lib/slice/slice_buffer.cc +15 -3
- data/src/core/lib/surface/call.cc +31 -17
- data/src/core/lib/surface/call.h +5 -0
- data/src/core/lib/surface/channel.cc +2 -5
- data/src/core/lib/surface/completion_queue.cc +1 -3
- data/src/core/lib/surface/completion_queue.h +0 -1
- data/src/core/lib/surface/init.cc +7 -8
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -1
- data/src/core/lib/transport/transport.h +4 -8
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/ssl_transport_security.cc +238 -110
- data/src/core/tsi/transport_security.cc +14 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_interface.h +11 -1
- data/src/ruby/bin/math_client.rb +17 -9
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
- data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
- data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/bio/fd.c +1 -0
- data/third_party/boringssl/crypto/bio/file.c +2 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
- data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
- data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
- data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
- data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
- data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
- data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
- data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
- data/third_party/boringssl/crypto/internal.h +65 -2
- data/third_party/boringssl/crypto/mem.c +0 -2
- data/third_party/boringssl/crypto/obj/obj.c +6 -73
- data/third_party/boringssl/crypto/thread_pthread.c +35 -5
- data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
- data/third_party/boringssl/crypto/x509/x_name.c +13 -0
- data/third_party/boringssl/include/openssl/aead.h +4 -0
- data/third_party/boringssl/include/openssl/asn1.h +1 -3
- data/third_party/boringssl/include/openssl/base.h +1 -14
- data/third_party/boringssl/include/openssl/bio.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +49 -15
- data/third_party/boringssl/include/openssl/bytestring.h +49 -24
- data/third_party/boringssl/include/openssl/crypto.h +4 -0
- data/third_party/boringssl/include/openssl/ec_key.h +7 -3
- data/third_party/boringssl/include/openssl/err.h +9 -9
- data/third_party/boringssl/include/openssl/evp.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +34 -10
- data/third_party/boringssl/include/openssl/ssl.h +160 -17
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +10 -2
- data/third_party/boringssl/include/openssl/x509.h +3 -0
- data/third_party/boringssl/ssl/d1_both.cc +16 -2
- data/third_party/boringssl/ssl/dtls_method.cc +1 -1
- data/third_party/boringssl/ssl/handoff.cc +285 -0
- data/third_party/boringssl/ssl/handshake.cc +26 -12
- data/third_party/boringssl/ssl/handshake_client.cc +65 -31
- data/third_party/boringssl/ssl/handshake_server.cc +14 -2
- data/third_party/boringssl/ssl/internal.h +132 -79
- data/third_party/boringssl/ssl/s3_both.cc +2 -2
- data/third_party/boringssl/ssl/s3_lib.cc +3 -1
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
- data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
- data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
- data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
- data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
- data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
- data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
- data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
- data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
- data/third_party/boringssl/ssl/t1_enc.cc +73 -124
- data/third_party/boringssl/ssl/t1_lib.cc +367 -41
- data/third_party/boringssl/ssl/tls13_both.cc +8 -0
- data/third_party/boringssl/ssl/tls13_client.cc +98 -184
- data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
- data/third_party/boringssl/ssl/tls13_server.cc +91 -137
- data/third_party/boringssl/ssl/tls_method.cc +0 -17
- data/third_party/boringssl/ssl/tls_record.cc +1 -10
- data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
- data/third_party/boringssl/third_party/fiat/internal.h +32 -20
- data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
- metadata +64 -64
- data/src/core/lib/channel/channel_trace_registry.cc +0 -80
- data/src/core/lib/channel/channel_trace_registry.h +0 -43
- data/src/core/lib/gpr/fork.cc +0 -78
- data/src/core/lib/gpr/fork.h +0 -35
- data/src/core/tsi/transport_security_adapter.cc +0 -235
- data/src/core/tsi/transport_security_adapter.h +0 -41
- data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
- data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
- data/src/ruby/pb/test/client.rb +0 -764
- data/src/ruby/pb/test/server.rb +0 -252
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674
@@ -14,9 +14,6 @@
|
|
14
14
|
|
15
15
|
#include <openssl/base.h>
|
16
16
|
|
17
|
-
|
18
|
-
#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS)
|
19
|
-
|
20
17
|
#include <openssl/ec.h>
|
21
18
|
|
22
19
|
#include "internal.h"
|
@@ -105,5 +102,3 @@ void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit,
|
|
105
102
|
*sign = s & 1;
|
106
103
|
*digit = d;
|
107
104
|
}
|
108
|
-
|
109
|
-
#endif // 64_BIT && !WINDOWS
|
@@ -73,8 +73,10 @@
|
|
73
73
|
#include <openssl/err.h>
|
74
74
|
#include <openssl/mem.h>
|
75
75
|
#include <openssl/thread.h>
|
76
|
+
#include <openssl/type_check.h>
|
76
77
|
|
77
78
|
#include "internal.h"
|
79
|
+
#include "../bn/internal.h"
|
78
80
|
#include "../../internal.h"
|
79
81
|
|
80
82
|
|
@@ -83,58 +85,21 @@
|
|
83
85
|
// http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13
|
84
86
|
// http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf
|
85
87
|
|
86
|
-
|
87
|
-
|
88
|
-
// absolute value less than 2^w satisfying
|
89
|
-
// scalar = \sum_j r[j]*2^j
|
90
|
-
// where at most one of any w+1 consecutive digits is non-zero
|
91
|
-
// with the exception that the most significant digit may be only
|
92
|
-
// w-1 zeros away from that next non-zero digit.
|
93
|
-
static int8_t *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) {
|
94
|
-
int window_val;
|
95
|
-
int ok = 0;
|
96
|
-
int8_t *r = NULL;
|
97
|
-
int sign = 1;
|
98
|
-
int bit, next_bit, mask;
|
99
|
-
size_t len = 0, j;
|
100
|
-
|
101
|
-
if (BN_is_zero(scalar)) {
|
102
|
-
r = OPENSSL_malloc(1);
|
103
|
-
if (!r) {
|
104
|
-
OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
|
105
|
-
goto err;
|
106
|
-
}
|
107
|
-
r[0] = 0;
|
108
|
-
*ret_len = 1;
|
109
|
-
return r;
|
110
|
-
}
|
111
|
-
|
88
|
+
int ec_compute_wNAF(const EC_GROUP *group, int8_t *out, const EC_SCALAR *scalar,
|
89
|
+
size_t bits, int w) {
|
112
90
|
// 'int8_t' can represent integers with absolute values less than 2^7.
|
113
|
-
if (w <= 0 || w > 7) {
|
91
|
+
if (w <= 0 || w > 7 || bits == 0) {
|
114
92
|
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
115
|
-
|
116
|
-
}
|
117
|
-
bit = 1 << w; // at most 128
|
118
|
-
next_bit = bit << 1; // at most 256
|
119
|
-
mask = next_bit - 1; // at most 255
|
120
|
-
|
121
|
-
if (BN_is_negative(scalar)) {
|
122
|
-
sign = -1;
|
93
|
+
return 0;
|
123
94
|
}
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
goto err;
|
133
|
-
}
|
134
|
-
window_val = scalar->d[0] & mask;
|
135
|
-
j = 0;
|
136
|
-
// If j+w+1 >= len, window_val will not increase.
|
137
|
-
while (window_val != 0 || j + w + 1 < len) {
|
95
|
+
int bit = 1 << w; // at most 128
|
96
|
+
int next_bit = bit << 1; // at most 256
|
97
|
+
int mask = next_bit - 1; // at most 255
|
98
|
+
|
99
|
+
int window_val = scalar->words[0] & mask;
|
100
|
+
size_t j = 0;
|
101
|
+
// If j+w+1 >= bits, window_val will not increase.
|
102
|
+
while (window_val != 0 || j + w + 1 < bits) {
|
138
103
|
int digit = 0;
|
139
104
|
|
140
105
|
// 0 <= window_val <= 2^(w+1)
|
@@ -146,7 +111,7 @@ static int8_t *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) {
|
|
146
111
|
digit = window_val - next_bit; // -2^w < digit < 0
|
147
112
|
|
148
113
|
#if 1 // modified wNAF
|
149
|
-
if (j + w + 1 >=
|
114
|
+
if (j + w + 1 >= bits) {
|
150
115
|
// special case for generating modified wNAFs:
|
151
116
|
// no new bits will be added into window_val,
|
152
117
|
// so using a positive digit here will decrease
|
@@ -161,7 +126,7 @@ static int8_t *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) {
|
|
161
126
|
|
162
127
|
if (digit <= -bit || digit >= bit || !(digit & 1)) {
|
163
128
|
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
164
|
-
|
129
|
+
return 0;
|
165
130
|
}
|
166
131
|
|
167
132
|
window_val -= digit;
|
@@ -170,52 +135,38 @@ static int8_t *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) {
|
|
170
135
|
// for modified window NAFs, it may also be 2^w.
|
171
136
|
if (window_val != 0 && window_val != next_bit && window_val != bit) {
|
172
137
|
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
173
|
-
|
138
|
+
return 0;
|
174
139
|
}
|
175
140
|
}
|
176
141
|
|
177
|
-
|
142
|
+
out[j++] = digit;
|
178
143
|
|
179
144
|
window_val >>= 1;
|
180
|
-
window_val +=
|
145
|
+
window_val +=
|
146
|
+
bit * bn_is_bit_set_words(scalar->words, group->order.width, j + w);
|
181
147
|
|
182
148
|
if (window_val > next_bit) {
|
183
149
|
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
184
|
-
|
150
|
+
return 0;
|
185
151
|
}
|
186
152
|
}
|
187
153
|
|
188
|
-
|
154
|
+
// Fill the rest of the wNAF with zeros.
|
155
|
+
if (j > bits + 1) {
|
189
156
|
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
190
|
-
|
191
|
-
}
|
192
|
-
len = j;
|
193
|
-
ok = 1;
|
194
|
-
|
195
|
-
err:
|
196
|
-
if (!ok) {
|
197
|
-
OPENSSL_free(r);
|
198
|
-
r = NULL;
|
157
|
+
return 0;
|
199
158
|
}
|
200
|
-
|
201
|
-
|
159
|
+
for (size_t i = j; i < bits + 1; i++) {
|
160
|
+
out[i] = 0;
|
202
161
|
}
|
203
|
-
return r;
|
204
|
-
}
|
205
162
|
|
163
|
+
return 1;
|
164
|
+
}
|
206
165
|
|
207
166
|
// TODO: table should be optimised for the wNAF-based implementation,
|
208
167
|
// sometimes smaller windows will give better performance
|
209
168
|
// (thus the boundaries should be increased)
|
210
169
|
static size_t window_bits_for_scalar_size(size_t b) {
|
211
|
-
if (b >= 2000) {
|
212
|
-
return 6;
|
213
|
-
}
|
214
|
-
|
215
|
-
if (b >= 800) {
|
216
|
-
return 5;
|
217
|
-
}
|
218
|
-
|
219
170
|
if (b >= 300) {
|
220
171
|
return 4;
|
221
172
|
}
|
@@ -231,244 +182,173 @@ static size_t window_bits_for_scalar_size(size_t b) {
|
|
231
182
|
return 1;
|
232
183
|
}
|
233
184
|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
size_t max_len = 0;
|
249
|
-
size_t num_val = 0;
|
250
|
-
EC_POINT **val = NULL; // precomputation
|
251
|
-
EC_POINT **v;
|
252
|
-
EC_POINT ***val_sub = NULL; // pointers to sub-arrays of 'val'
|
253
|
-
int ret = 0;
|
185
|
+
// EC_WNAF_MAX_WINDOW_BITS is the largest value returned by
|
186
|
+
// |window_bits_for_scalar_size|.
|
187
|
+
#define EC_WNAF_MAX_WINDOW_BITS 4
|
188
|
+
|
189
|
+
// compute_precomp sets |out[i]| to a newly-allocated |EC_POINT| containing
|
190
|
+
// (2*i+1)*p, for i from 0 to |len|. It returns one on success and
|
191
|
+
// zero on error.
|
192
|
+
static int compute_precomp(const EC_GROUP *group, EC_POINT **out,
|
193
|
+
const EC_POINT *p, size_t len, BN_CTX *ctx) {
|
194
|
+
out[0] = EC_POINT_new(group);
|
195
|
+
if (out[0] == NULL ||
|
196
|
+
!EC_POINT_copy(out[0], p)) {
|
197
|
+
return 0;
|
198
|
+
}
|
254
199
|
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
200
|
+
int ret = 0;
|
201
|
+
EC_POINT *two_p = EC_POINT_new(group);
|
202
|
+
if (two_p == NULL ||
|
203
|
+
!EC_POINT_dbl(group, two_p, p, ctx)) {
|
204
|
+
goto err;
|
260
205
|
}
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
if (g_scalar_raw != NULL) {
|
267
|
-
g_scalar = BN_CTX_get(ctx);
|
268
|
-
if (g_scalar == NULL ||
|
269
|
-
!bn_set_words(g_scalar, g_scalar_raw->words, group->order.top)) {
|
206
|
+
|
207
|
+
for (size_t i = 1; i < len; i++) {
|
208
|
+
out[i] = EC_POINT_new(group);
|
209
|
+
if (out[i] == NULL ||
|
210
|
+
!EC_POINT_add(group, out[i], out[i - 1], two_p, ctx)) {
|
270
211
|
goto err;
|
271
212
|
}
|
272
213
|
}
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
214
|
+
|
215
|
+
ret = 1;
|
216
|
+
|
217
|
+
err:
|
218
|
+
EC_POINT_free(two_p);
|
219
|
+
return ret;
|
220
|
+
}
|
221
|
+
|
222
|
+
static int lookup_precomp(const EC_GROUP *group, EC_POINT *out,
|
223
|
+
EC_POINT *const *precomp, int digit, BN_CTX *ctx) {
|
224
|
+
if (digit < 0) {
|
225
|
+
digit = -digit;
|
226
|
+
return EC_POINT_copy(out, precomp[digit >> 1]) &&
|
227
|
+
EC_POINT_invert(group, out, ctx);
|
279
228
|
}
|
280
229
|
|
281
|
-
|
282
|
-
|
283
|
-
// and |p_scalar|.
|
284
|
-
size_t num = p != NULL ? 1 : 0;
|
285
|
-
const EC_POINT **points = p != NULL ? &p : NULL;
|
286
|
-
BIGNUM **scalars = p != NULL ? &p_scalar : NULL;
|
230
|
+
return EC_POINT_copy(out, precomp[digit >> 1]);
|
231
|
+
}
|
287
232
|
|
288
|
-
|
233
|
+
int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar,
|
234
|
+
const EC_POINT *p, const EC_SCALAR *p_scalar, BN_CTX *ctx) {
|
235
|
+
BN_CTX *new_ctx = NULL;
|
236
|
+
EC_POINT *precomp_storage[2 * (1 << (EC_WNAF_MAX_WINDOW_BITS - 1))] = {NULL};
|
237
|
+
EC_POINT **g_precomp = NULL, **p_precomp = NULL;
|
238
|
+
int8_t g_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
|
239
|
+
int8_t p_wNAF[EC_MAX_SCALAR_BYTES * 8 + 1];
|
240
|
+
EC_POINT *tmp = NULL;
|
241
|
+
int ret = 0;
|
289
242
|
|
290
|
-
if (
|
291
|
-
|
292
|
-
if (
|
293
|
-
OPENSSL_PUT_ERROR(EC, EC_R_UNDEFINED_GENERATOR);
|
243
|
+
if (ctx == NULL) {
|
244
|
+
ctx = new_ctx = BN_CTX_new();
|
245
|
+
if (ctx == NULL) {
|
294
246
|
goto err;
|
295
247
|
}
|
296
|
-
|
297
|
-
++total_num; // treat 'g_scalar' like 'num'-th element of 'scalars'
|
298
248
|
}
|
299
249
|
|
250
|
+
size_t bits = BN_num_bits(&group->order);
|
251
|
+
size_t wsize = window_bits_for_scalar_size(bits);
|
252
|
+
size_t wNAF_len = bits + 1;
|
253
|
+
size_t precomp_len = (size_t)1 << (wsize - 1);
|
300
254
|
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
val_sub = OPENSSL_malloc(total_num * sizeof(val_sub[0]));
|
305
|
-
|
306
|
-
// Ensure wNAF is initialised in case we end up going to err.
|
307
|
-
if (wNAF != NULL) {
|
308
|
-
OPENSSL_memset(wNAF, 0, total_num * sizeof(wNAF[0]));
|
309
|
-
}
|
255
|
+
OPENSSL_COMPILE_ASSERT(
|
256
|
+
OPENSSL_ARRAY_SIZE(g_wNAF) == OPENSSL_ARRAY_SIZE(p_wNAF),
|
257
|
+
g_wNAF_and_p_wNAF_are_different_sizes);
|
310
258
|
|
311
|
-
if (
|
312
|
-
|
259
|
+
if (wNAF_len > OPENSSL_ARRAY_SIZE(g_wNAF) ||
|
260
|
+
2 * precomp_len > OPENSSL_ARRAY_SIZE(precomp_storage)) {
|
261
|
+
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
313
262
|
goto err;
|
314
263
|
}
|
315
264
|
|
316
|
-
//
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
num_val += (size_t)1 << (wsize[i] - 1);
|
325
|
-
wNAF[i] =
|
326
|
-
compute_wNAF((i < num ? scalars[i] : g_scalar), wsize[i], &wNAF_len[i]);
|
327
|
-
if (wNAF[i] == NULL) {
|
265
|
+
// TODO(davidben): |mul_public| is for ECDSA verification which can assume
|
266
|
+
// non-NULL inputs, but this code is also used for |mul| which cannot. It's
|
267
|
+
// not constant-time, so replace the generic |mul| and remove the NULL checks.
|
268
|
+
size_t total_precomp = 0;
|
269
|
+
if (g_scalar != NULL) {
|
270
|
+
const EC_POINT *g = EC_GROUP_get0_generator(group);
|
271
|
+
if (g == NULL) {
|
272
|
+
OPENSSL_PUT_ERROR(EC, EC_R_UNDEFINED_GENERATOR);
|
328
273
|
goto err;
|
329
274
|
}
|
330
|
-
|
331
|
-
|
275
|
+
g_precomp = precomp_storage + total_precomp;
|
276
|
+
total_precomp += precomp_len;
|
277
|
+
if (!ec_compute_wNAF(group, g_wNAF, g_scalar, bits, wsize) ||
|
278
|
+
!compute_precomp(group, g_precomp, g, precomp_len, ctx)) {
|
279
|
+
goto err;
|
332
280
|
}
|
333
281
|
}
|
334
282
|
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
}
|
342
|
-
OPENSSL_memset(val, 0, num_val * sizeof(val[0]));
|
343
|
-
|
344
|
-
// allocate points for precomputation
|
345
|
-
v = val;
|
346
|
-
for (i = 0; i < total_num; i++) {
|
347
|
-
val_sub[i] = v;
|
348
|
-
for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) {
|
349
|
-
*v = EC_POINT_new(group);
|
350
|
-
if (*v == NULL) {
|
351
|
-
goto err;
|
352
|
-
}
|
353
|
-
v++;
|
283
|
+
if (p_scalar != NULL) {
|
284
|
+
p_precomp = precomp_storage + total_precomp;
|
285
|
+
total_precomp += precomp_len;
|
286
|
+
if (!ec_compute_wNAF(group, p_wNAF, p_scalar, bits, wsize) ||
|
287
|
+
!compute_precomp(group, p_precomp, p, precomp_len, ctx)) {
|
288
|
+
goto err;
|
354
289
|
}
|
355
290
|
}
|
356
|
-
if (!(v == val + num_val)) {
|
357
|
-
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
358
|
-
goto err;
|
359
|
-
}
|
360
291
|
|
361
|
-
|
292
|
+
tmp = EC_POINT_new(group);
|
293
|
+
if (tmp == NULL ||
|
294
|
+
// |window_bits_for_scalar_size| assumes we do this step.
|
295
|
+
!EC_POINTs_make_affine(group, total_precomp, precomp_storage, ctx)) {
|
362
296
|
goto err;
|
363
297
|
}
|
364
298
|
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
// val_sub[i][2] := 5 * points[i]
|
369
|
-
// ...
|
370
|
-
for (i = 0; i < total_num; i++) {
|
371
|
-
if (i < num) {
|
372
|
-
if (!EC_POINT_copy(val_sub[i][0], points[i])) {
|
373
|
-
goto err;
|
374
|
-
}
|
375
|
-
} else if (!EC_POINT_copy(val_sub[i][0], generator)) {
|
299
|
+
int r_is_at_infinity = 1;
|
300
|
+
for (size_t k = wNAF_len - 1; k < wNAF_len; k--) {
|
301
|
+
if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) {
|
376
302
|
goto err;
|
377
303
|
}
|
378
304
|
|
379
|
-
if (
|
380
|
-
if (
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
if (
|
305
|
+
if (g_scalar != NULL) {
|
306
|
+
if (g_wNAF[k] != 0) {
|
307
|
+
if (!lookup_precomp(group, tmp, g_precomp, g_wNAF[k], ctx)) {
|
308
|
+
goto err;
|
309
|
+
}
|
310
|
+
if (r_is_at_infinity) {
|
311
|
+
if (!EC_POINT_copy(r, tmp)) {
|
312
|
+
goto err;
|
313
|
+
}
|
314
|
+
r_is_at_infinity = 0;
|
315
|
+
} else if (!EC_POINT_add(group, r, r, tmp, ctx)) {
|
385
316
|
goto err;
|
386
317
|
}
|
387
318
|
}
|
388
319
|
}
|
389
|
-
}
|
390
320
|
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
for (k = max_len - 1; k >= 0; k--) {
|
400
|
-
if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) {
|
401
|
-
goto err;
|
402
|
-
}
|
403
|
-
|
404
|
-
for (i = 0; i < total_num; i++) {
|
405
|
-
if (wNAF_len[i] > (size_t)k) {
|
406
|
-
int digit = wNAF[i][k];
|
407
|
-
int is_neg;
|
408
|
-
|
409
|
-
if (digit) {
|
410
|
-
is_neg = digit < 0;
|
411
|
-
|
412
|
-
if (is_neg) {
|
413
|
-
digit = -digit;
|
414
|
-
}
|
415
|
-
|
416
|
-
if (is_neg != r_is_inverted) {
|
417
|
-
if (!r_is_at_infinity && !EC_POINT_invert(group, r, ctx)) {
|
418
|
-
goto err;
|
419
|
-
}
|
420
|
-
r_is_inverted = !r_is_inverted;
|
421
|
-
}
|
422
|
-
|
423
|
-
// digit > 0
|
424
|
-
|
425
|
-
if (r_is_at_infinity) {
|
426
|
-
if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) {
|
427
|
-
goto err;
|
428
|
-
}
|
429
|
-
r_is_at_infinity = 0;
|
430
|
-
} else {
|
431
|
-
if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) {
|
432
|
-
goto err;
|
433
|
-
}
|
321
|
+
if (p_scalar != NULL) {
|
322
|
+
if (p_wNAF[k] != 0) {
|
323
|
+
if (!lookup_precomp(group, tmp, p_precomp, p_wNAF[k], ctx)) {
|
324
|
+
goto err;
|
325
|
+
}
|
326
|
+
if (r_is_at_infinity) {
|
327
|
+
if (!EC_POINT_copy(r, tmp)) {
|
328
|
+
goto err;
|
434
329
|
}
|
330
|
+
r_is_at_infinity = 0;
|
331
|
+
} else if (!EC_POINT_add(group, r, r, tmp, ctx)) {
|
332
|
+
goto err;
|
435
333
|
}
|
436
334
|
}
|
437
335
|
}
|
438
336
|
}
|
439
337
|
|
440
|
-
if (r_is_at_infinity
|
441
|
-
|
442
|
-
goto err;
|
443
|
-
}
|
444
|
-
} else if (r_is_inverted && !EC_POINT_invert(group, r, ctx)) {
|
338
|
+
if (r_is_at_infinity &&
|
339
|
+
!EC_POINT_set_to_infinity(group, r)) {
|
445
340
|
goto err;
|
446
341
|
}
|
447
342
|
|
448
343
|
ret = 1;
|
449
344
|
|
450
345
|
err:
|
451
|
-
if (ctx != NULL) {
|
452
|
-
BN_CTX_end(ctx);
|
453
|
-
}
|
454
346
|
BN_CTX_free(new_ctx);
|
455
347
|
EC_POINT_free(tmp);
|
456
|
-
|
457
|
-
|
458
|
-
|
459
|
-
|
460
|
-
OPENSSL_free(wNAF[i]);
|
461
|
-
}
|
462
|
-
|
463
|
-
OPENSSL_free(wNAF);
|
464
|
-
}
|
465
|
-
if (val != NULL) {
|
466
|
-
for (i = 0; i < num_val; i++) {
|
467
|
-
EC_POINT_free(val[i]);
|
468
|
-
}
|
469
|
-
|
470
|
-
OPENSSL_free(val);
|
348
|
+
OPENSSL_cleanse(&g_wNAF, sizeof(g_wNAF));
|
349
|
+
OPENSSL_cleanse(&p_wNAF, sizeof(p_wNAF));
|
350
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(precomp_storage); i++) {
|
351
|
+
EC_POINT_free(precomp_storage[i]);
|
471
352
|
}
|
472
|
-
OPENSSL_free(val_sub);
|
473
353
|
return ret;
|
474
354
|
}
|