grpc 1.13.0 → 1.14.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +403 -153
- data/include/grpc/grpc.h +0 -8
- data/include/grpc/grpc_security.h +59 -2
- data/include/grpc/impl/codegen/grpc_types.h +8 -2
- data/include/grpc/impl/codegen/log.h +112 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/log.h +2 -88
- data/include/grpc/support/string_util.h +2 -0
- data/src/boringssl/err_data.c +597 -593
- data/src/core/ext/filters/client_channel/client_channel.cc +715 -770
- data/src/core/ext/filters/client_channel/client_channel.h +5 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +111 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +69 -0
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +9 -0
- data/src/core/ext/filters/client_channel/http_proxy.cc +22 -5
- data/src/core/ext/filters/client_channel/lb_policy.h +15 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.c +19 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.c +19 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +4 -17
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +37 -63
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +79 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -2
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +8 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +4 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +317 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +48 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +40 -293
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +106 -84
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +6 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +6 -5
- data/src/core/ext/filters/client_channel/subchannel.cc +36 -6
- data/src/core/ext/filters/client_channel/subchannel.h +4 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +18 -15
- data/src/core/ext/filters/deadline/deadline_filter.h +5 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +10 -9
- data/src/core/ext/filters/http/server/http_server_filter.h +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +33 -22
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +10 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +17 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +21 -16
- data/src/core/ext/transport/inproc/inproc_transport.cc +46 -6
- data/src/core/lib/channel/channel_stack.cc +22 -24
- data/src/core/lib/channel/channel_trace.cc +28 -63
- data/src/core/lib/channel/channel_trace.h +13 -17
- data/src/core/lib/channel/channelz.cc +143 -0
- data/src/core/lib/channel/channelz.h +124 -0
- data/src/core/lib/channel/channelz_registry.cc +7 -24
- data/src/core/lib/channel/channelz_registry.h +12 -8
- data/src/core/lib/channel/connected_channel.cc +8 -1
- data/src/core/{ext/filters/load_reporting/server_load_reporting_filter.h → lib/gpr/alloc.h} +7 -9
- data/src/core/lib/gpr/arena.cc +8 -8
- data/src/core/lib/gpr/string.cc +28 -0
- data/src/core/lib/gpr/string.h +10 -0
- data/src/core/lib/gprpp/abstract.h +5 -2
- data/src/core/lib/gprpp/inlined_vector.h +57 -3
- data/src/core/lib/gprpp/memory.h +2 -2
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/thd_posix.cc +1 -1
- data/src/core/lib/iomgr/call_combiner.h +80 -0
- data/src/core/lib/iomgr/closure.h +3 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/error.cc +12 -0
- data/src/core/lib/iomgr/error.h +5 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +36 -9
- data/src/core/lib/iomgr/ev_epollex_linux.cc +172 -46
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +47 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +10 -4
- data/src/core/lib/iomgr/ev_posix.cc +17 -9
- data/src/core/lib/iomgr/ev_posix.h +20 -4
- data/src/core/lib/iomgr/executor.cc +196 -140
- data/src/core/lib/iomgr/executor.h +47 -14
- data/src/core/lib/iomgr/iomgr.cc +2 -0
- data/src/core/lib/iomgr/iomgr.h +5 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +1 -0
- data/src/core/lib/iomgr/socket_utils.h +9 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -0
- data/src/core/lib/iomgr/socket_utils_uv.cc +4 -0
- data/src/core/lib/iomgr/socket_utils_windows.cc +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -5
- data/src/core/lib/iomgr/tcp_posix.cc +6 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +3 -3
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -1
- data/src/core/lib/iomgr/timer_manager.cc +0 -1
- data/src/core/lib/iomgr/udp_server.cc +2 -3
- data/src/core/lib/json/json.cc +10 -0
- data/src/core/lib/json/json.h +5 -0
- data/src/core/lib/security/context/security_context.cc +8 -8
- data/src/core/lib/security/context/security_context.h +6 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.cc +77 -0
- data/src/core/lib/security/credentials/local/local_credentials.h +40 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +17 -3
- data/src/core/lib/security/security_connector/local_security_connector.cc +245 -0
- data/src/core/lib/security/security_connector/local_security_connector.h +58 -0
- data/src/core/lib/security/security_connector/security_connector.cc +30 -5
- data/src/core/lib/security/security_connector/security_connector.h +1 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +5 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -5
- data/src/core/lib/surface/call.cc +75 -32
- data/src/core/lib/surface/call.h +2 -0
- data/src/core/lib/surface/channel.cc +32 -13
- data/src/core/lib/surface/channel.h +4 -0
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/transport.cc +20 -9
- data/src/core/lib/transport/transport.h +12 -10
- data/src/core/lib/transport/transport_op_string.cc +0 -7
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +2 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -1
- data/src/core/tsi/alts/handshaker/altscontext.pb.c +0 -1
- data/src/core/tsi/alts/handshaker/altscontext.pb.h +1 -2
- data/src/core/tsi/alts/handshaker/handshaker.pb.c +0 -1
- data/src/core/tsi/alts/handshaker/handshaker.pb.h +1 -2
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +47 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +3 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -11
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +7 -2
- data/src/core/tsi/local_transport_security.cc +209 -0
- data/src/core/tsi/local_transport_security.h +51 -0
- data/src/core/tsi/ssl_transport_security.cc +2 -3
- data/src/{core/ext → cpp/ext/filters}/census/grpc_context.cc +0 -0
- data/src/ruby/ext/grpc/rb_channel_credentials.c +3 -3
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +18 -18
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +29 -29
- data/src/ruby/lib/grpc/generic/active_call.rb +19 -23
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_credentials_spec.rb +1 -1
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +1 -1
- data/src/ruby/spec/channel_spec.rb +1 -1
- data/src/ruby/spec/client_auth_spec.rb +1 -12
- data/src/ruby/spec/client_server_spec.rb +1 -1
- data/src/ruby/spec/compression_options_spec.rb +1 -1
- data/src/ruby/spec/error_sanity_spec.rb +1 -1
- data/src/ruby/spec/generic/client_stub_spec.rb +13 -1
- data/src/ruby/spec/generic/rpc_desc_spec.rb +1 -1
- data/src/ruby/spec/generic/rpc_server_pool_spec.rb +1 -1
- data/src/ruby/spec/generic/service_spec.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +1 -12
- data/src/ruby/spec/pb/duplicate/codegen_spec.rb +1 -0
- data/src/ruby/spec/pb/health/checker_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +1 -1
- data/src/ruby/spec/server_spec.rb +1 -1
- data/src/ruby/spec/spec_helper.rb +1 -0
- data/src/ruby/spec/support/services.rb +1 -1
- data/src/ruby/spec/time_consts_spec.rb +1 -1
- data/third_party/boringssl/crypto/asn1/tasn_dec.c +40 -19
- data/third_party/boringssl/crypto/bytestring/cbs.c +1 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +47 -15
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +9 -10
- data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +30 -54
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +7 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +8 -8
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +97 -11
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +274 -218
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +111 -34
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +24 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +324 -63
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +74 -21
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +128 -86
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +67 -112
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +8 -1
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +5 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +9 -17
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +5378 -5418
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +32 -32
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +5 -11
- data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +16 -40
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +1 -6
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +41 -29
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +63 -49
- data/third_party/boringssl/crypto/x509/vpm_int.h +1 -0
- data/third_party/boringssl/crypto/x509/x509_vfy.c +4 -0
- data/third_party/boringssl/crypto/x509/x509_vpm.c +44 -22
- data/third_party/boringssl/include/openssl/aead.h +8 -2
- data/third_party/boringssl/include/openssl/asn1.h +1 -0
- data/third_party/boringssl/include/openssl/base.h +4 -0
- data/third_party/boringssl/include/openssl/bn.h +13 -3
- data/third_party/boringssl/include/openssl/bytestring.h +4 -4
- data/third_party/boringssl/include/openssl/ec.h +10 -4
- data/third_party/boringssl/include/openssl/ec_key.h +0 -3
- data/third_party/boringssl/include/openssl/rsa.h +1 -0
- data/third_party/boringssl/include/openssl/ssl.h +8 -3
- data/third_party/boringssl/include/openssl/ssl3.h +0 -1
- data/third_party/boringssl/include/openssl/x509.h +1 -0
- data/third_party/boringssl/include/openssl/x509v3.h +1 -0
- data/third_party/boringssl/ssl/handshake_client.cc +36 -64
- data/third_party/boringssl/ssl/ssl_cipher.cc +4 -0
- data/third_party/boringssl/ssl/ssl_lib.cc +1 -1
- metadata +45 -38
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +0 -222
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +0 -71
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +0 -61
- data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +0 -51
- data/src/ruby/spec/pb/package_with_underscore/data.proto +0 -23
- data/src/ruby/spec/pb/package_with_underscore/service.proto +0 -23
@@ -120,8 +120,6 @@
|
|
120
120
|
#include "../rand/internal.h"
|
121
121
|
|
122
122
|
|
123
|
-
static const uint8_t kDefaultAdditionalData[32] = {0};
|
124
|
-
|
125
123
|
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
|
126
124
|
uint8_t *buf = NULL;
|
127
125
|
int ret = 0, bit, bytes, mask;
|
@@ -194,15 +192,16 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) {
|
|
194
192
|
return BN_rand(rnd, bits, top, bottom);
|
195
193
|
}
|
196
194
|
|
197
|
-
//
|
198
|
-
// is less than |b| and zero otherwise. It performs this
|
199
|
-
// independent of the value of |a|. |b| is assumed public.
|
200
|
-
static
|
195
|
+
// bn_less_than_word_mask returns a mask of all ones if the number represented
|
196
|
+
// by |len| words at |a| is less than |b| and zero otherwise. It performs this
|
197
|
+
// computation in time independent of the value of |a|. |b| is assumed public.
|
198
|
+
static crypto_word_t bn_less_than_word_mask(const BN_ULONG *a, size_t len,
|
199
|
+
BN_ULONG b) {
|
201
200
|
if (b == 0) {
|
202
|
-
return
|
201
|
+
return CONSTTIME_FALSE_W;
|
203
202
|
}
|
204
203
|
if (len == 0) {
|
205
|
-
return
|
204
|
+
return CONSTTIME_TRUE_W;
|
206
205
|
}
|
207
206
|
|
208
207
|
// |a| < |b| iff a[1..len-1] are all zero and a[0] < b.
|
@@ -215,25 +214,19 @@ static int bn_less_than_word(const BN_ULONG *a, size_t len, BN_ULONG b) {
|
|
215
214
|
// |mask| is now zero iff a[1..len-1] are all zero.
|
216
215
|
mask = constant_time_is_zero_w(mask);
|
217
216
|
mask &= constant_time_lt_w(a[0], b);
|
218
|
-
return
|
217
|
+
return mask;
|
219
218
|
}
|
220
219
|
|
221
220
|
int bn_in_range_words(const BN_ULONG *a, BN_ULONG min_inclusive,
|
222
221
|
const BN_ULONG *max_exclusive, size_t len) {
|
223
|
-
|
224
|
-
|
222
|
+
crypto_word_t mask = ~bn_less_than_word_mask(a, len, min_inclusive);
|
223
|
+
return mask & bn_less_than_words(a, max_exclusive, len);
|
225
224
|
}
|
226
225
|
|
227
|
-
int
|
228
|
-
|
229
|
-
|
230
|
-
//
|
231
|
-
// appendices B.4.2 and B.5.2. When called in those contexts, |max_exclusive|
|
232
|
-
// is n and |min_inclusive| is one.
|
233
|
-
|
234
|
-
// Compute the bit length of |max_exclusive| (step 1), in terms of a number of
|
235
|
-
// |words| worth of entropy to fill and a mask of bits to clear in the top
|
236
|
-
// word.
|
226
|
+
static int bn_range_to_mask(size_t *out_words, BN_ULONG *out_mask,
|
227
|
+
size_t min_inclusive, const BN_ULONG *max_exclusive,
|
228
|
+
size_t len) {
|
229
|
+
// The magnitude of |max_exclusive| is assumed public.
|
237
230
|
size_t words = len;
|
238
231
|
while (words > 0 && max_exclusive[words - 1] == 0) {
|
239
232
|
words--;
|
@@ -254,6 +247,27 @@ int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive,
|
|
254
247
|
mask |= mask >> 32;
|
255
248
|
#endif
|
256
249
|
|
250
|
+
*out_words = words;
|
251
|
+
*out_mask = mask;
|
252
|
+
return 1;
|
253
|
+
}
|
254
|
+
|
255
|
+
int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive,
|
256
|
+
const BN_ULONG *max_exclusive, size_t len,
|
257
|
+
const uint8_t additional_data[32]) {
|
258
|
+
// This function implements the equivalent of steps 4 through 7 of FIPS 186-4
|
259
|
+
// appendices B.4.2 and B.5.2. When called in those contexts, |max_exclusive|
|
260
|
+
// is n and |min_inclusive| is one.
|
261
|
+
|
262
|
+
// Compute the bit length of |max_exclusive| (step 1), in terms of a number of
|
263
|
+
// |words| worth of entropy to fill and a mask of bits to clear in the top
|
264
|
+
// word.
|
265
|
+
size_t words;
|
266
|
+
BN_ULONG mask;
|
267
|
+
if (!bn_range_to_mask(&words, &mask, min_inclusive, max_exclusive, len)) {
|
268
|
+
return 0;
|
269
|
+
}
|
270
|
+
|
257
271
|
// Fill any unused words with zero.
|
258
272
|
OPENSSL_memset(out + words, 0, (len - words) * sizeof(BN_ULONG));
|
259
273
|
|
@@ -278,6 +292,7 @@ int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive,
|
|
278
292
|
|
279
293
|
int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
|
280
294
|
const BIGNUM *max_exclusive) {
|
295
|
+
static const uint8_t kDefaultAdditionalData[32] = {0};
|
281
296
|
if (!bn_wexpand(r, max_exclusive->width) ||
|
282
297
|
!bn_rand_range_words(r->d, min_inclusive, max_exclusive->d,
|
283
298
|
max_exclusive->width, kDefaultAdditionalData)) {
|
@@ -289,6 +304,44 @@ int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
|
|
289
304
|
return 1;
|
290
305
|
}
|
291
306
|
|
307
|
+
int bn_rand_secret_range(BIGNUM *r, int *out_is_uniform, BN_ULONG min_inclusive,
|
308
|
+
const BIGNUM *max_exclusive) {
|
309
|
+
size_t words;
|
310
|
+
BN_ULONG mask;
|
311
|
+
if (!bn_range_to_mask(&words, &mask, min_inclusive, max_exclusive->d,
|
312
|
+
max_exclusive->width) ||
|
313
|
+
!bn_wexpand(r, words)) {
|
314
|
+
return 0;
|
315
|
+
}
|
316
|
+
|
317
|
+
assert(words > 0);
|
318
|
+
assert(mask != 0);
|
319
|
+
// The range must be large enough for bit tricks to fix invalid values.
|
320
|
+
if (words == 1 && min_inclusive > mask >> 1) {
|
321
|
+
OPENSSL_PUT_ERROR(BN, BN_R_INVALID_RANGE);
|
322
|
+
return 0;
|
323
|
+
}
|
324
|
+
|
325
|
+
// Select a uniform random number with num_bits(max_exclusive) bits.
|
326
|
+
RAND_bytes((uint8_t *)r->d, words * sizeof(BN_ULONG));
|
327
|
+
r->d[words - 1] &= mask;
|
328
|
+
|
329
|
+
// Check, in constant-time, if the value is in range.
|
330
|
+
*out_is_uniform =
|
331
|
+
bn_in_range_words(r->d, min_inclusive, max_exclusive->d, words);
|
332
|
+
crypto_word_t in_range = *out_is_uniform;
|
333
|
+
in_range = 0 - in_range;
|
334
|
+
|
335
|
+
// If the value is not in range, force it to be in range.
|
336
|
+
r->d[0] |= constant_time_select_w(in_range, 0, min_inclusive);
|
337
|
+
r->d[words - 1] &= constant_time_select_w(in_range, BN_MASK2, mask >> 1);
|
338
|
+
assert(bn_in_range_words(r->d, min_inclusive, max_exclusive->d, words));
|
339
|
+
|
340
|
+
r->neg = 0;
|
341
|
+
r->width = words;
|
342
|
+
return 1;
|
343
|
+
}
|
344
|
+
|
292
345
|
int BN_rand_range(BIGNUM *r, const BIGNUM *range) {
|
293
346
|
return BN_rand_range_ex(r, 0, range);
|
294
347
|
}
|
@@ -59,6 +59,7 @@
|
|
59
59
|
#include <string.h>
|
60
60
|
|
61
61
|
#include <openssl/err.h>
|
62
|
+
#include <openssl/type_check.h>
|
62
63
|
|
63
64
|
#include "internal.h"
|
64
65
|
|
@@ -132,99 +133,88 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) {
|
|
132
133
|
return 1;
|
133
134
|
}
|
134
135
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
136
|
+
static void bn_rshift_words(BN_ULONG *r, const BN_ULONG *a, unsigned shift,
|
137
|
+
size_t num) {
|
138
|
+
unsigned shift_bits = shift % BN_BITS2;
|
139
|
+
size_t shift_words = shift / BN_BITS2;
|
140
|
+
if (shift_words >= num) {
|
141
|
+
OPENSSL_memset(r, 0, num * sizeof(BN_ULONG));
|
142
|
+
return;
|
143
|
+
}
|
144
|
+
if (shift_bits == 0) {
|
145
|
+
OPENSSL_memmove(r, a + shift_words, (num - shift_words) * sizeof(BN_ULONG));
|
146
|
+
} else {
|
147
|
+
for (size_t i = shift_words; i < num - 1; i++) {
|
148
|
+
r[i - shift_words] =
|
149
|
+
(a[i] >> shift_bits) | (a[i + 1] << (BN_BITS2 - shift_bits));
|
150
|
+
}
|
151
|
+
r[num - 1 - shift_words] = a[num - 1] >> shift_bits;
|
152
|
+
}
|
153
|
+
OPENSSL_memset(r + num - shift_words, 0, shift_words * sizeof(BN_ULONG));
|
154
|
+
}
|
139
155
|
|
156
|
+
int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) {
|
140
157
|
if (n < 0) {
|
141
158
|
OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
|
142
159
|
return 0;
|
143
160
|
}
|
144
161
|
|
145
|
-
|
146
|
-
|
147
|
-
rb = n % BN_BITS2;
|
148
|
-
lb = BN_BITS2 - rb;
|
149
|
-
if (nw >= a_width || a_width == 0) {
|
150
|
-
BN_zero(r);
|
151
|
-
return 1;
|
152
|
-
}
|
153
|
-
i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
|
154
|
-
if (r != a) {
|
155
|
-
r->neg = a->neg;
|
156
|
-
if (!bn_wexpand(r, i)) {
|
157
|
-
return 0;
|
158
|
-
}
|
159
|
-
} else {
|
160
|
-
if (n == 0) {
|
161
|
-
return 1; // or the copying loop will go berserk
|
162
|
-
}
|
162
|
+
if (!bn_wexpand(r, a->width)) {
|
163
|
+
return 0;
|
163
164
|
}
|
165
|
+
bn_rshift_words(r->d, a->d, n, a->width);
|
166
|
+
r->neg = a->neg;
|
167
|
+
r->width = a->width;
|
168
|
+
bn_set_minimal_width(r);
|
169
|
+
return 1;
|
170
|
+
}
|
164
171
|
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
if (
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
} else {
|
175
|
-
l = *(f++);
|
176
|
-
for (i = j - 1; i != 0; i--) {
|
177
|
-
tmp = l >> rb;
|
178
|
-
l = *(f++);
|
179
|
-
*(t++) = tmp | (l << lb);
|
180
|
-
}
|
181
|
-
l >>= rb;
|
182
|
-
if (l) {
|
183
|
-
*(t) = l;
|
184
|
-
}
|
172
|
+
int bn_rshift_secret_shift(BIGNUM *r, const BIGNUM *a, unsigned n,
|
173
|
+
BN_CTX *ctx) {
|
174
|
+
int ret = 0;
|
175
|
+
BN_CTX_start(ctx);
|
176
|
+
BIGNUM *tmp = BN_CTX_get(ctx);
|
177
|
+
if (tmp == NULL ||
|
178
|
+
!BN_copy(r, a) ||
|
179
|
+
!bn_wexpand(tmp, r->width)) {
|
180
|
+
goto err;
|
185
181
|
}
|
186
182
|
|
187
|
-
|
188
|
-
|
183
|
+
// Shift conditionally by powers of two.
|
184
|
+
unsigned max_bits = BN_BITS2 * r->width;
|
185
|
+
for (unsigned i = 0; (max_bits >> i) != 0; i++) {
|
186
|
+
BN_ULONG mask = (n >> i) & 1;
|
187
|
+
mask = 0 - mask;
|
188
|
+
bn_rshift_words(tmp->d, r->d, 1u << i, r->width);
|
189
|
+
bn_select_words(r->d, mask, tmp->d /* apply shift */,
|
190
|
+
r->d /* ignore shift */, r->width);
|
189
191
|
}
|
190
192
|
|
191
|
-
|
192
|
-
}
|
193
|
+
ret = 1;
|
193
194
|
|
194
|
-
|
195
|
-
|
196
|
-
|
195
|
+
err:
|
196
|
+
BN_CTX_end(ctx);
|
197
|
+
return ret;
|
198
|
+
}
|
197
199
|
|
198
|
-
|
199
|
-
|
200
|
-
return
|
201
|
-
}
|
202
|
-
i = bn_minimal_width(a);
|
203
|
-
ap = a->d;
|
204
|
-
j = i - (ap[i - 1] == 1);
|
205
|
-
if (a != r) {
|
206
|
-
if (!bn_wexpand(r, j)) {
|
207
|
-
return 0;
|
208
|
-
}
|
209
|
-
r->neg = a->neg;
|
210
|
-
}
|
211
|
-
rp = r->d;
|
212
|
-
t = ap[--i];
|
213
|
-
c = t << (BN_BITS2 - 1);
|
214
|
-
if (t >>= 1) {
|
215
|
-
rp[i] = t;
|
200
|
+
void bn_rshift1_words(BN_ULONG *r, const BN_ULONG *a, size_t num) {
|
201
|
+
if (num == 0) {
|
202
|
+
return;
|
216
203
|
}
|
217
|
-
|
218
|
-
|
219
|
-
rp[i] = (t >> 1) | c;
|
220
|
-
c = t << (BN_BITS2 - 1);
|
204
|
+
for (size_t i = 0; i < num - 1; i++) {
|
205
|
+
r[i] = (a[i] >> 1) | (a[i + 1] << (BN_BITS2 - 1));
|
221
206
|
}
|
222
|
-
r
|
207
|
+
r[num - 1] = a[num - 1] >> 1;
|
208
|
+
}
|
223
209
|
|
224
|
-
|
225
|
-
|
210
|
+
int BN_rshift1(BIGNUM *r, const BIGNUM *a) {
|
211
|
+
if (!bn_wexpand(r, a->width)) {
|
212
|
+
return 0;
|
226
213
|
}
|
227
|
-
|
214
|
+
bn_rshift1_words(r->d, a->d, a->width);
|
215
|
+
r->width = a->width;
|
216
|
+
r->neg = a->neg;
|
217
|
+
bn_set_minimal_width(r);
|
228
218
|
return 1;
|
229
219
|
}
|
230
220
|
|
@@ -292,7 +282,7 @@ int BN_mask_bits(BIGNUM *a, int n) {
|
|
292
282
|
int w = n / BN_BITS2;
|
293
283
|
int b = n % BN_BITS2;
|
294
284
|
if (w >= a->width) {
|
295
|
-
return
|
285
|
+
return 1;
|
296
286
|
}
|
297
287
|
if (b == 0) {
|
298
288
|
a->width = w;
|
@@ -305,18 +295,70 @@ int BN_mask_bits(BIGNUM *a, int n) {
|
|
305
295
|
return 1;
|
306
296
|
}
|
307
297
|
|
298
|
+
static int bn_count_low_zero_bits_word(BN_ULONG l) {
|
299
|
+
OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
|
300
|
+
crypto_word_t_too_small);
|
301
|
+
OPENSSL_COMPILE_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
|
302
|
+
crypto_word_t_too_small_2);
|
303
|
+
OPENSSL_COMPILE_ASSERT(BN_BITS2 == sizeof(BN_ULONG) * 8,
|
304
|
+
bn_ulong_has_padding_bits);
|
305
|
+
// C has very bizarre rules for types smaller than an int.
|
306
|
+
OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) >= sizeof(int),
|
307
|
+
bn_ulong_is_promoted_to_int);
|
308
|
+
|
309
|
+
crypto_word_t mask;
|
310
|
+
int bits = 0;
|
311
|
+
|
312
|
+
#if BN_BITS2 > 32
|
313
|
+
// Check if the lower half of |x| are all zero.
|
314
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 32));
|
315
|
+
// If the lower half is all zeros, it is included in the bit count and we
|
316
|
+
// count the upper half. Otherwise, we count the lower half.
|
317
|
+
bits += 32 & mask;
|
318
|
+
l = constant_time_select_w(mask, l >> 32, l);
|
319
|
+
#endif
|
320
|
+
|
321
|
+
// The remaining blocks are analogous iterations at lower powers of two.
|
322
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 16));
|
323
|
+
bits += 16 & mask;
|
324
|
+
l = constant_time_select_w(mask, l >> 16, l);
|
325
|
+
|
326
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 8));
|
327
|
+
bits += 8 & mask;
|
328
|
+
l = constant_time_select_w(mask, l >> 8, l);
|
329
|
+
|
330
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 4));
|
331
|
+
bits += 4 & mask;
|
332
|
+
l = constant_time_select_w(mask, l >> 4, l);
|
333
|
+
|
334
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 2));
|
335
|
+
bits += 2 & mask;
|
336
|
+
l = constant_time_select_w(mask, l >> 2, l);
|
337
|
+
|
338
|
+
mask = constant_time_is_zero_w(l << (BN_BITS2 - 1));
|
339
|
+
bits += 1 & mask;
|
340
|
+
|
341
|
+
return bits;
|
342
|
+
}
|
343
|
+
|
308
344
|
int BN_count_low_zero_bits(const BIGNUM *bn) {
|
345
|
+
OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
|
346
|
+
crypto_word_t_too_small);
|
347
|
+
OPENSSL_COMPILE_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
|
348
|
+
crypto_word_t_too_small_2);
|
349
|
+
|
350
|
+
int ret = 0;
|
351
|
+
crypto_word_t saw_nonzero = 0;
|
309
352
|
for (int i = 0; i < bn->width; i++) {
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
}
|
353
|
+
crypto_word_t nonzero = ~constant_time_is_zero_w(bn->d[i]);
|
354
|
+
crypto_word_t first_nonzero = ~saw_nonzero & nonzero;
|
355
|
+
saw_nonzero |= nonzero;
|
356
|
+
|
357
|
+
int bits = bn_count_low_zero_bits_word(bn->d[i]);
|
358
|
+
ret |= first_nonzero & (i * BN_BITS2 + bits);
|
317
359
|
}
|
318
360
|
|
319
|
-
//
|
320
|
-
//
|
321
|
-
return
|
361
|
+
// If got to the end of |bn| and saw no non-zero words, |bn| is zero. |ret|
|
362
|
+
// will then remain zero.
|
363
|
+
return ret;
|
322
364
|
}
|
@@ -84,6 +84,25 @@
|
|
84
84
|
|
85
85
|
DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class);
|
86
86
|
|
87
|
+
static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
|
88
|
+
EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR));
|
89
|
+
if (wrapped == NULL) {
|
90
|
+
OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
|
91
|
+
return NULL;
|
92
|
+
}
|
93
|
+
|
94
|
+
OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR));
|
95
|
+
wrapped->bignum.d = wrapped->scalar.words;
|
96
|
+
wrapped->bignum.width = group->order.width;
|
97
|
+
wrapped->bignum.dmax = group->order.width;
|
98
|
+
wrapped->bignum.flags = BN_FLG_STATIC_DATA;
|
99
|
+
return wrapped;
|
100
|
+
}
|
101
|
+
|
102
|
+
static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) {
|
103
|
+
OPENSSL_free(scalar);
|
104
|
+
}
|
105
|
+
|
87
106
|
EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
|
88
107
|
|
89
108
|
EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
|
@@ -151,7 +170,7 @@ void EC_KEY_free(EC_KEY *r) {
|
|
151
170
|
|
152
171
|
EC_GROUP_free(r->group);
|
153
172
|
EC_POINT_free(r->pub_key);
|
154
|
-
|
173
|
+
ec_wrapped_scalar_free(r->priv_key);
|
155
174
|
BN_free(r->fixed_k);
|
156
175
|
|
157
176
|
CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
|
@@ -159,65 +178,29 @@ void EC_KEY_free(EC_KEY *r) {
|
|
159
178
|
OPENSSL_free(r);
|
160
179
|
}
|
161
180
|
|
162
|
-
EC_KEY *
|
163
|
-
if (
|
181
|
+
EC_KEY *EC_KEY_dup(const EC_KEY *src) {
|
182
|
+
if (src == NULL) {
|
164
183
|
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
|
165
184
|
return NULL;
|
166
185
|
}
|
167
|
-
// Copy the parameters.
|
168
|
-
if (src->group) {
|
169
|
-
// TODO(fork): duplicating the group seems wasteful.
|
170
|
-
EC_GROUP_free(dest->group);
|
171
|
-
dest->group = EC_GROUP_dup(src->group);
|
172
|
-
if (dest->group == NULL) {
|
173
|
-
return NULL;
|
174
|
-
}
|
175
|
-
}
|
176
186
|
|
177
|
-
// Copy the public key.
|
178
|
-
if (src->pub_key && src->group) {
|
179
|
-
EC_POINT_free(dest->pub_key);
|
180
|
-
dest->pub_key = EC_POINT_dup(src->pub_key, src->group);
|
181
|
-
if (dest->pub_key == NULL) {
|
182
|
-
return NULL;
|
183
|
-
}
|
184
|
-
}
|
185
|
-
|
186
|
-
// copy the private key
|
187
|
-
if (src->priv_key) {
|
188
|
-
if (dest->priv_key == NULL) {
|
189
|
-
dest->priv_key = BN_new();
|
190
|
-
if (dest->priv_key == NULL) {
|
191
|
-
return NULL;
|
192
|
-
}
|
193
|
-
}
|
194
|
-
if (!BN_copy(dest->priv_key, src->priv_key)) {
|
195
|
-
return NULL;
|
196
|
-
}
|
197
|
-
}
|
198
|
-
// copy method/extra data
|
199
|
-
if (src->ecdsa_meth) {
|
200
|
-
METHOD_unref(dest->ecdsa_meth);
|
201
|
-
dest->ecdsa_meth = src->ecdsa_meth;
|
202
|
-
METHOD_ref(dest->ecdsa_meth);
|
203
|
-
}
|
204
|
-
|
205
|
-
// copy the rest
|
206
|
-
dest->enc_flag = src->enc_flag;
|
207
|
-
dest->conv_form = src->conv_form;
|
208
|
-
|
209
|
-
return dest;
|
210
|
-
}
|
211
|
-
|
212
|
-
EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) {
|
213
187
|
EC_KEY *ret = EC_KEY_new();
|
214
188
|
if (ret == NULL) {
|
215
189
|
return NULL;
|
216
190
|
}
|
217
|
-
|
191
|
+
|
192
|
+
if ((src->group != NULL &&
|
193
|
+
!EC_KEY_set_group(ret, src->group)) ||
|
194
|
+
(src->pub_key != NULL &&
|
195
|
+
!EC_KEY_set_public_key(ret, src->pub_key)) ||
|
196
|
+
(src->priv_key != NULL &&
|
197
|
+
!EC_KEY_set_private_key(ret, EC_KEY_get0_private_key(src)))) {
|
218
198
|
EC_KEY_free(ret);
|
219
199
|
return NULL;
|
220
200
|
}
|
201
|
+
|
202
|
+
ret->enc_flag = src->enc_flag;
|
203
|
+
ret->conv_form = src->conv_form;
|
221
204
|
return ret;
|
222
205
|
}
|
223
206
|
|
@@ -251,7 +234,7 @@ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) {
|
|
251
234
|
}
|
252
235
|
|
253
236
|
const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {
|
254
|
-
return key->priv_key;
|
237
|
+
return key->priv_key != NULL ? &key->priv_key->bignum : NULL;
|
255
238
|
}
|
256
239
|
|
257
240
|
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {
|
@@ -260,14 +243,18 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {
|
|
260
243
|
return 0;
|
261
244
|
}
|
262
245
|
|
263
|
-
|
264
|
-
|
246
|
+
EC_WRAPPED_SCALAR *scalar = ec_wrapped_scalar_new(key->group);
|
247
|
+
if (scalar == NULL) {
|
248
|
+
return 0;
|
249
|
+
}
|
250
|
+
if (!ec_bignum_to_scalar(key->group, &scalar->scalar, priv_key)) {
|
265
251
|
OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
|
252
|
+
ec_wrapped_scalar_free(scalar);
|
266
253
|
return 0;
|
267
254
|
}
|
268
|
-
|
269
|
-
key->priv_key =
|
270
|
-
return
|
255
|
+
ec_wrapped_scalar_free(key->priv_key);
|
256
|
+
key->priv_key = scalar;
|
257
|
+
return 1;
|
271
258
|
}
|
272
259
|
|
273
260
|
const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {
|
@@ -332,15 +319,11 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
|
|
332
319
|
}
|
333
320
|
// in case the priv_key is present :
|
334
321
|
// check if generator * priv_key == pub_key
|
335
|
-
if (eckey->priv_key) {
|
336
|
-
if (BN_is_negative(eckey->priv_key) ||
|
337
|
-
BN_cmp(eckey->priv_key, EC_GROUP_get0_order(eckey->group)) >= 0) {
|
338
|
-
OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
|
339
|
-
goto err;
|
340
|
-
}
|
322
|
+
if (eckey->priv_key != NULL) {
|
341
323
|
point = EC_POINT_new(eckey->group);
|
342
324
|
if (point == NULL ||
|
343
|
-
!
|
325
|
+
!ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar,
|
326
|
+
NULL, NULL, ctx)) {
|
344
327
|
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
|
345
328
|
goto err;
|
346
329
|
}
|
@@ -411,65 +394,37 @@ err:
|
|
411
394
|
return ok;
|
412
395
|
}
|
413
396
|
|
414
|
-
int EC_KEY_generate_key(EC_KEY *
|
415
|
-
|
416
|
-
BIGNUM *priv_key = NULL;
|
417
|
-
EC_POINT *pub_key = NULL;
|
418
|
-
|
419
|
-
if (!eckey || !eckey->group) {
|
397
|
+
int EC_KEY_generate_key(EC_KEY *key) {
|
398
|
+
if (key == NULL || key->group == NULL) {
|
420
399
|
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
|
421
400
|
return 0;
|
422
401
|
}
|
423
402
|
|
424
|
-
|
425
|
-
|
426
|
-
if (priv_key == NULL) {
|
427
|
-
goto err;
|
428
|
-
}
|
429
|
-
} else {
|
430
|
-
priv_key = eckey->priv_key;
|
431
|
-
}
|
432
|
-
|
433
|
-
const BIGNUM *order = EC_GROUP_get0_order(eckey->group);
|
434
|
-
|
435
|
-
// Check that the size of the group order is FIPS compliant (FIPS 186-4
|
436
|
-
// B.4.2).
|
437
|
-
if (BN_num_bits(order) < 160) {
|
403
|
+
// Check that the group order is FIPS compliant (FIPS 186-4 B.4.2).
|
404
|
+
if (BN_num_bits(EC_GROUP_get0_order(key->group)) < 160) {
|
438
405
|
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
|
439
|
-
|
440
|
-
}
|
441
|
-
|
442
|
-
// Generate the private key by testing candidates (FIPS 186-4 B.4.2).
|
443
|
-
if (!BN_rand_range_ex(priv_key, 1, order)) {
|
444
|
-
goto err;
|
445
|
-
}
|
446
|
-
|
447
|
-
if (eckey->pub_key == NULL) {
|
448
|
-
pub_key = EC_POINT_new(eckey->group);
|
449
|
-
if (pub_key == NULL) {
|
450
|
-
goto err;
|
451
|
-
}
|
452
|
-
} else {
|
453
|
-
pub_key = eckey->pub_key;
|
454
|
-
}
|
455
|
-
|
456
|
-
if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL)) {
|
457
|
-
goto err;
|
406
|
+
return 0;
|
458
407
|
}
|
459
408
|
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
|
409
|
+
static const uint8_t kDefaultAdditionalData[32] = {0};
|
410
|
+
EC_WRAPPED_SCALAR *priv_key = ec_wrapped_scalar_new(key->group);
|
411
|
+
EC_POINT *pub_key = EC_POINT_new(key->group);
|
412
|
+
if (priv_key == NULL || pub_key == NULL ||
|
413
|
+
// Generate the private key by testing candidates (FIPS 186-4 B.4.2).
|
414
|
+
!ec_random_nonzero_scalar(key->group, &priv_key->scalar,
|
415
|
+
kDefaultAdditionalData) ||
|
416
|
+
!ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL,
|
417
|
+
NULL)) {
|
467
418
|
EC_POINT_free(pub_key);
|
419
|
+
ec_wrapped_scalar_free(priv_key);
|
420
|
+
return 0;
|
468
421
|
}
|
469
|
-
|
470
|
-
|
471
|
-
|
472
|
-
|
422
|
+
|
423
|
+
ec_wrapped_scalar_free(key->priv_key);
|
424
|
+
key->priv_key = priv_key;
|
425
|
+
EC_POINT_free(key->pub_key);
|
426
|
+
key->pub_key = pub_key;
|
427
|
+
return 1;
|
473
428
|
}
|
474
429
|
|
475
430
|
int EC_KEY_generate_key_fips(EC_KEY *eckey) {
|