grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -185,6 +185,20 @@ extern "C" {
|
|
185
185
|
#error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT"
|
186
186
|
#endif
|
187
187
|
|
188
|
+
#if !defined(OPENSSL_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
189
|
+
#define BN_CAN_USE_INLINE_ASM
|
190
|
+
#endif
|
191
|
+
|
192
|
+
// |BN_mod_exp_mont_consttime| is based on the assumption that the L1 data
|
193
|
+
// cache line width of the target processor is at least the following value.
|
194
|
+
#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH 64
|
195
|
+
|
196
|
+
// The number of |BN_ULONG|s needed for the |BN_mod_exp_mont_consttime| stack-
|
197
|
+
// allocated storage buffer. The buffer is just the right size for the RSAZ
|
198
|
+
// and is about ~1KB larger than what's necessary (4480 bytes) for 1024-bit
|
199
|
+
// inputs.
|
200
|
+
#define MOD_EXP_CTIME_STORAGE_LEN \
|
201
|
+
(((320u * 3u) + (32u * 9u * 16u)) / sizeof(BN_ULONG))
|
188
202
|
|
189
203
|
#define STATIC_BIGNUM(x) \
|
190
204
|
{ \
|
@@ -322,8 +336,64 @@ int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive,
|
|
322
336
|
int bn_rand_secret_range(BIGNUM *r, int *out_is_uniform, BN_ULONG min_inclusive,
|
323
337
|
const BIGNUM *max_exclusive);
|
324
338
|
|
339
|
+
#if !defined(OPENSSL_NO_ASM) && \
|
340
|
+
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
341
|
+
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
342
|
+
#define OPENSSL_BN_ASM_MONT
|
343
|
+
// bn_mul_mont writes |ap| * |bp| mod |np| to |rp|, each |num| words
|
344
|
+
// long. Inputs and outputs are in Montgomery form. |n0| is a pointer to the
|
345
|
+
// corresponding field in |BN_MONT_CTX|. It returns one if |bn_mul_mont| handles
|
346
|
+
// inputs of this size and zero otherwise.
|
347
|
+
//
|
348
|
+
// TODO(davidben): The x86_64 implementation expects a 32-bit input and masks
|
349
|
+
// off upper bits. The aarch64 implementation expects a 64-bit input and does
|
350
|
+
// not. |size_t| is the safer option but not strictly correct for x86_64. But
|
351
|
+
// this function implicitly already has a bound on the size of |num| because it
|
352
|
+
// internally creates |num|-sized stack allocation.
|
353
|
+
//
|
354
|
+
// See also discussion in |ToWord| in abi_test.h for notes on smaller-than-word
|
355
|
+
// inputs.
|
325
356
|
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
326
|
-
const BN_ULONG *np, const BN_ULONG *n0,
|
357
|
+
const BN_ULONG *np, const BN_ULONG *n0, size_t num);
|
358
|
+
#endif
|
359
|
+
|
360
|
+
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
|
361
|
+
#define OPENSSL_BN_ASM_MONT5
|
362
|
+
|
363
|
+
// bn_mul_mont_gather5 multiples loads index |power| of |table|, multiplies it
|
364
|
+
// by |ap| modulo |np|, and stores the result in |rp|. The values are |num|
|
365
|
+
// words long and represented in Montgomery form. |n0| is a pointer to the
|
366
|
+
// corresponding field in |BN_MONT_CTX|.
|
367
|
+
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
|
368
|
+
const BN_ULONG *table, const BN_ULONG *np,
|
369
|
+
const BN_ULONG *n0, int num, int power);
|
370
|
+
|
371
|
+
// bn_scatter5 stores |inp| to index |power| of |table|. |inp| and each entry of
|
372
|
+
// |table| are |num| words long. |power| must be less than 32. |table| must be
|
373
|
+
// 32*|num| words long.
|
374
|
+
void bn_scatter5(const BN_ULONG *inp, size_t num, BN_ULONG *table,
|
375
|
+
size_t power);
|
376
|
+
|
377
|
+
// bn_gather5 loads index |power| of |table| and stores it in |out|. |out| and
|
378
|
+
// each entry of |table| are |num| words long. |power| must be less than 32.
|
379
|
+
void bn_gather5(BN_ULONG *out, size_t num, BN_ULONG *table, size_t power);
|
380
|
+
|
381
|
+
// bn_power5 squares |ap| five times and multiplies it by the value stored at
|
382
|
+
// index |power| of |table|, modulo |np|. It stores the result in |rp|. The
|
383
|
+
// values are |num| words long and represented in Montgomery form. |n0| is a
|
384
|
+
// pointer to the corresponding field in |BN_MONT_CTX|. |num| must be divisible
|
385
|
+
// by 8.
|
386
|
+
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table,
|
387
|
+
const BN_ULONG *np, const BN_ULONG *n0, int num, int power);
|
388
|
+
|
389
|
+
// bn_from_montgomery converts |ap| from Montgomery form modulo |np| and writes
|
390
|
+
// the result in |rp|, each of which is |num| words long. It returns one on
|
391
|
+
// success and zero if it cannot handle inputs of length |num|. |n0| is a
|
392
|
+
// pointer to the corresponding field in |BN_MONT_CTX|.
|
393
|
+
int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
|
394
|
+
const BN_ULONG *not_used, const BN_ULONG *np,
|
395
|
+
const BN_ULONG *n0, int num);
|
396
|
+
#endif // !OPENSSL_NO_ASM && OPENSSL_X86_64
|
327
397
|
|
328
398
|
uint64_t bn_mont_n0(const BIGNUM *n);
|
329
399
|
|
@@ -367,14 +437,68 @@ OPENSSL_EXPORT uint16_t bn_mod_u16_consttime(const BIGNUM *bn, uint16_t d);
|
|
367
437
|
// of the first several odd primes and zero otherwise.
|
368
438
|
int bn_odd_number_is_obviously_composite(const BIGNUM *bn);
|
369
439
|
|
440
|
+
// A BN_MILLER_RABIN stores state common to each Miller-Rabin iteration. It is
|
441
|
+
// initialized within an existing |BN_CTX| scope and may not be used after
|
442
|
+
// that scope is released with |BN_CTX_end|. Field names match those in FIPS
|
443
|
+
// 186-4, section C.3.1.
|
444
|
+
typedef struct {
|
445
|
+
// w1 is w-1.
|
446
|
+
BIGNUM *w1;
|
447
|
+
// m is (w-1)/2^a.
|
448
|
+
BIGNUM *m;
|
449
|
+
// one_mont is 1 (mod w) in Montgomery form.
|
450
|
+
BIGNUM *one_mont;
|
451
|
+
// w1_mont is w-1 (mod w) in Montgomery form.
|
452
|
+
BIGNUM *w1_mont;
|
453
|
+
// w_bits is BN_num_bits(w).
|
454
|
+
int w_bits;
|
455
|
+
// a is the largest integer such that 2^a divides w-1.
|
456
|
+
int a;
|
457
|
+
} BN_MILLER_RABIN;
|
458
|
+
|
459
|
+
// bn_miller_rabin_init initializes |miller_rabin| for testing if |mont->N| is
|
460
|
+
// prime. It returns one on success and zero on error.
|
461
|
+
OPENSSL_EXPORT int bn_miller_rabin_init(BN_MILLER_RABIN *miller_rabin,
|
462
|
+
const BN_MONT_CTX *mont, BN_CTX *ctx);
|
463
|
+
|
464
|
+
// bn_miller_rabin_iteration performs one Miller-Rabin iteration, checking if
|
465
|
+
// |b| is a composite witness for |mont->N|. |miller_rabin| must have been
|
466
|
+
// initialized with |bn_miller_rabin_setup|. On success, it returns one and sets
|
467
|
+
// |*out_is_possibly_prime| to one if |mont->N| may still be prime or zero if
|
468
|
+
// |b| shows it is composite. On allocation or internal failure, it returns
|
469
|
+
// zero.
|
470
|
+
OPENSSL_EXPORT int bn_miller_rabin_iteration(
|
471
|
+
const BN_MILLER_RABIN *miller_rabin, int *out_is_possibly_prime,
|
472
|
+
const BIGNUM *b, const BN_MONT_CTX *mont, BN_CTX *ctx);
|
473
|
+
|
370
474
|
// bn_rshift1_words sets |r| to |a| >> 1, where both arrays are |num| bits wide.
|
371
475
|
void bn_rshift1_words(BN_ULONG *r, const BN_ULONG *a, size_t num);
|
372
476
|
|
477
|
+
// bn_rshift_words sets |r| to |a| >> |shift|, where both arrays are |num| bits
|
478
|
+
// wide.
|
479
|
+
void bn_rshift_words(BN_ULONG *r, const BN_ULONG *a, unsigned shift,
|
480
|
+
size_t num);
|
481
|
+
|
373
482
|
// bn_rshift_secret_shift behaves like |BN_rshift| but runs in time independent
|
374
483
|
// of both |a| and |n|.
|
375
484
|
OPENSSL_EXPORT int bn_rshift_secret_shift(BIGNUM *r, const BIGNUM *a,
|
376
485
|
unsigned n, BN_CTX *ctx);
|
377
486
|
|
487
|
+
// bn_reduce_once sets |r| to |a| mod |m| where 0 <= |a| < 2*|m|. It returns
|
488
|
+
// zero if |a| < |m| and a mask of all ones if |a| >= |m|. Each array is |num|
|
489
|
+
// words long, but |a| has an additional word specified by |carry|. |carry| must
|
490
|
+
// be zero or one, as implied by the bounds on |a|.
|
491
|
+
//
|
492
|
+
// |r|, |a|, and |m| may not alias. Use |bn_reduce_once_in_place| if |r| and |a|
|
493
|
+
// must alias.
|
494
|
+
BN_ULONG bn_reduce_once(BN_ULONG *r, const BN_ULONG *a, BN_ULONG carry,
|
495
|
+
const BN_ULONG *m, size_t num);
|
496
|
+
|
497
|
+
// bn_reduce_once_in_place behaves like |bn_reduce_once| but acts in-place on
|
498
|
+
// |r|, using |tmp| as scratch space. |r|, |tmp|, and |m| may not alias.
|
499
|
+
BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, BN_ULONG carry, const BN_ULONG *m,
|
500
|
+
BN_ULONG *tmp, size_t num);
|
501
|
+
|
378
502
|
|
379
503
|
// Constant-time non-modular arithmetic.
|
380
504
|
//
|
@@ -434,10 +558,22 @@ OPENSSL_EXPORT int bn_lcm_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
|
434
558
|
//
|
435
559
|
// The following functions implement basic constant-time modular arithmetic.
|
436
560
|
|
561
|
+
// bn_mod_add_words sets |r| to |a| + |b| (mod |m|), using |tmp| as scratch
|
562
|
+
// space. Each array is |num| words long. |a| and |b| must be < |m|. Any pair of
|
563
|
+
// |r|, |a|, and |b| may alias.
|
564
|
+
void bn_mod_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
565
|
+
const BN_ULONG *m, BN_ULONG *tmp, size_t num);
|
566
|
+
|
437
567
|
// bn_mod_add_consttime acts like |BN_mod_add_quick| but takes a |BN_CTX|.
|
438
568
|
int bn_mod_add_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
439
569
|
const BIGNUM *m, BN_CTX *ctx);
|
440
570
|
|
571
|
+
// bn_mod_sub_words sets |r| to |a| - |b| (mod |m|), using |tmp| as scratch
|
572
|
+
// space. Each array is |num| words long. |a| and |b| must be < |m|. Any pair of
|
573
|
+
// |r|, |a|, and |b| may alias.
|
574
|
+
void bn_mod_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
575
|
+
const BN_ULONG *m, BN_ULONG *tmp, size_t num);
|
576
|
+
|
441
577
|
// bn_mod_sub_consttime acts like |BN_mod_sub_quick| but takes a |BN_CTX|.
|
442
578
|
int bn_mod_sub_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
443
579
|
const BIGNUM *m, BN_CTX *ctx);
|
@@ -493,77 +629,59 @@ int bn_mod_inverse_secret_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p,
|
|
493
629
|
#endif
|
494
630
|
|
495
631
|
// bn_mul_small sets |r| to |a|*|b|. |num_r| must be |num_a| + |num_b|. |r| may
|
496
|
-
// not alias with |a| or |b|.
|
497
|
-
|
498
|
-
int bn_mul_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a, size_t num_a,
|
632
|
+
// not alias with |a| or |b|.
|
633
|
+
void bn_mul_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a, size_t num_a,
|
499
634
|
const BN_ULONG *b, size_t num_b);
|
500
635
|
|
501
636
|
// bn_sqr_small sets |r| to |a|^2. |num_a| must be at most |BN_SMALL_MAX_WORDS|.
|
502
|
-
// |num_r| must be |num_a|*2. |r| and |a| may not alias.
|
503
|
-
|
504
|
-
int bn_sqr_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a, size_t num_a);
|
637
|
+
// |num_r| must be |num_a|*2. |r| and |a| may not alias.
|
638
|
+
void bn_sqr_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a, size_t num_a);
|
505
639
|
|
506
640
|
// In the following functions, the modulus must be at most |BN_SMALL_MAX_WORDS|
|
507
641
|
// words long.
|
508
642
|
|
509
643
|
// bn_to_montgomery_small sets |r| to |a| translated to the Montgomery domain.
|
510
|
-
// |
|
511
|
-
//
|
512
|
-
|
513
|
-
|
514
|
-
size_t num_a, const BN_MONT_CTX *mont);
|
644
|
+
// |r| and |a| are |num| words long, which must be |mont->N.width|. |a| must be
|
645
|
+
// fully reduced and may alias |r|.
|
646
|
+
void bn_to_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
647
|
+
const BN_MONT_CTX *mont);
|
515
648
|
|
516
649
|
// bn_from_montgomery_small sets |r| to |a| translated out of the Montgomery
|
517
|
-
// domain. |
|
518
|
-
//
|
519
|
-
|
520
|
-
|
521
|
-
int bn_from_montgomery_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a,
|
522
|
-
size_t num_a, const BN_MONT_CTX *mont);
|
523
|
-
|
524
|
-
// bn_one_to_montgomery_small sets |r| to one in Montgomery form. It returns one
|
525
|
-
// on success and zero on error. |num_r| must be the length of the modulus,
|
526
|
-
// which is |mont->N.top|. This function treats the bit width of the modulus as
|
527
|
-
// public.
|
528
|
-
int bn_one_to_montgomery_small(BN_ULONG *r, size_t num_r,
|
529
|
-
const BN_MONT_CTX *mont);
|
650
|
+
// domain. |r| and |a| are |num| words long, which must be |mont->N.width|. |a|
|
651
|
+
// must be fully-reduced and may alias |r|.
|
652
|
+
void bn_from_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
653
|
+
const BN_MONT_CTX *mont);
|
530
654
|
|
531
655
|
// bn_mod_mul_montgomery_small sets |r| to |a| * |b| mod |mont->N|. Both inputs
|
532
|
-
// and outputs are in the Montgomery domain.
|
533
|
-
//
|
534
|
-
//
|
535
|
-
|
536
|
-
|
537
|
-
|
538
|
-
// Montgomery divisor, 2^(N.top * BN_BITS2). This should generally be satisfied
|
539
|
-
// by ensuring |a| and |b| are fully reduced, however ECDSA has one computation
|
540
|
-
// which requires the more general bound.
|
541
|
-
int bn_mod_mul_montgomery_small(BN_ULONG *r, size_t num_r, const BN_ULONG *a,
|
542
|
-
size_t num_a, const BN_ULONG *b, size_t num_b,
|
543
|
-
const BN_MONT_CTX *mont);
|
656
|
+
// and outputs are in the Montgomery domain. Each array is |num| words long,
|
657
|
+
// which must be |mont->N.width|. Any two of |r|, |a|, and |b| may alias. |a|
|
658
|
+
// and |b| must be reduced on input.
|
659
|
+
void bn_mod_mul_montgomery_small(BN_ULONG *r, const BN_ULONG *a,
|
660
|
+
const BN_ULONG *b, size_t num,
|
661
|
+
const BN_MONT_CTX *mont);
|
544
662
|
|
545
663
|
// bn_mod_exp_mont_small sets |r| to |a|^|p| mod |mont->N|. It returns one on
|
546
664
|
// success and zero on programmer or internal error. Both inputs and outputs are
|
547
|
-
// in the Montgomery domain. |
|
548
|
-
//
|
549
|
-
// function runs in time independent of |a|, but |p| and |mont->N| are
|
550
|
-
// values.
|
665
|
+
// in the Montgomery domain. |r| and |a| are |num| words long, which must be
|
666
|
+
// |mont->N.width| and at most |BN_SMALL_MAX_WORDS|. |a| must be fully-reduced.
|
667
|
+
// This function runs in time independent of |a|, but |p| and |mont->N| are
|
668
|
+
// public values. |a| must be fully-reduced and may alias with |r|.
|
551
669
|
//
|
552
670
|
// Note this function differs from |BN_mod_exp_mont| which uses Montgomery
|
553
671
|
// reduction but takes input and output outside the Montgomery domain. Combine
|
554
672
|
// this function with |bn_from_montgomery_small| and |bn_to_montgomery_small|
|
555
673
|
// if necessary.
|
556
|
-
|
557
|
-
|
558
|
-
|
674
|
+
void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
675
|
+
const BN_ULONG *p, size_t num_p,
|
676
|
+
const BN_MONT_CTX *mont);
|
559
677
|
|
560
678
|
// bn_mod_inverse_prime_mont_small sets |r| to |a|^-1 mod |mont->N|. |mont->N|
|
561
|
-
// must be a prime. |
|
562
|
-
// most |BN_SMALL_MAX_WORDS|. |a| must be fully-reduced
|
563
|
-
// time independent of |a|, but
|
564
|
-
|
565
|
-
|
566
|
-
|
679
|
+
// must be a prime. |r| and |a| are |num| words long, which must be
|
680
|
+
// |mont->N.width| and at most |BN_SMALL_MAX_WORDS|. |a| must be fully-reduced
|
681
|
+
// and may alias |r|. This function runs in time independent of |a|, but
|
682
|
+
// |mont->N| is a public value.
|
683
|
+
void bn_mod_inverse_prime_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
684
|
+
const BN_MONT_CTX *mont);
|
567
685
|
|
568
686
|
|
569
687
|
#if defined(__cplusplus)
|
@@ -109,6 +109,8 @@
|
|
109
109
|
#include <openssl/bn.h>
|
110
110
|
|
111
111
|
#include <assert.h>
|
112
|
+
#include <stdio.h>
|
113
|
+
#include <stdlib.h>
|
112
114
|
#include <string.h>
|
113
115
|
|
114
116
|
#include <openssl/err.h>
|
@@ -120,13 +122,6 @@
|
|
120
122
|
#include "../../internal.h"
|
121
123
|
|
122
124
|
|
123
|
-
#if !defined(OPENSSL_NO_ASM) && \
|
124
|
-
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
125
|
-
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
126
|
-
#define OPENSSL_BN_ASM_MONT
|
127
|
-
#endif
|
128
|
-
|
129
|
-
|
130
125
|
BN_MONT_CTX *BN_MONT_CTX_new(void) {
|
131
126
|
BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX));
|
132
127
|
|
@@ -165,12 +160,7 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) {
|
|
165
160
|
return to;
|
166
161
|
}
|
167
162
|
|
168
|
-
|
169
|
-
BN_MONT_CTX_N0_LIMBS_VALUE_INVALID);
|
170
|
-
OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS ==
|
171
|
-
sizeof(uint64_t), BN_MONT_CTX_set_64_bit_mismatch);
|
172
|
-
|
173
|
-
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) {
|
163
|
+
static int bn_mont_ctx_set_N_and_n0(BN_MONT_CTX *mont, const BIGNUM *mod) {
|
174
164
|
if (BN_is_zero(mod)) {
|
175
165
|
OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO);
|
176
166
|
return 0;
|
@@ -200,6 +190,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) {
|
|
200
190
|
// others, we could use a shorter R value and use faster |BN_ULONG|-based
|
201
191
|
// math instead of |uint64_t|-based math, which would be double-precision.
|
202
192
|
// However, currently only the assembler files know which is which.
|
193
|
+
OPENSSL_STATIC_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
|
194
|
+
"BN_MONT_CTX_N0_LIMBS value is invalid");
|
195
|
+
OPENSSL_STATIC_ASSERT(
|
196
|
+
sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t),
|
197
|
+
"uint64_t is insufficient precision for n0");
|
203
198
|
uint64_t n0 = bn_mont_n0(&mont->N);
|
204
199
|
mont->n0[0] = (BN_ULONG)n0;
|
205
200
|
#if BN_MONT_CTX_N0_LIMBS == 2
|
@@ -207,6 +202,13 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) {
|
|
207
202
|
#else
|
208
203
|
mont->n0[1] = 0;
|
209
204
|
#endif
|
205
|
+
return 1;
|
206
|
+
}
|
207
|
+
|
208
|
+
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) {
|
209
|
+
if (!bn_mont_ctx_set_N_and_n0(mont, mod)) {
|
210
|
+
return 0;
|
211
|
+
}
|
210
212
|
|
211
213
|
BN_CTX *new_ctx = NULL;
|
212
214
|
if (ctx == NULL) {
|
@@ -223,7 +225,10 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) {
|
|
223
225
|
// BN_BITS2|, is correct because R**2 will still be a multiple of the latter
|
224
226
|
// as |BN_MONT_CTX_N0_LIMBS| is either one or two.
|
225
227
|
unsigned lgBigR = mont->N.width * BN_BITS2;
|
226
|
-
|
228
|
+
BN_zero(&mont->RR);
|
229
|
+
int ok = BN_set_bit(&mont->RR, lgBigR * 2) &&
|
230
|
+
BN_mod(&mont->RR, &mont->RR, &mont->N, ctx) &&
|
231
|
+
bn_resize_words(&mont->RR, mont->N.width);
|
227
232
|
BN_CTX_free(new_ctx);
|
228
233
|
return ok;
|
229
234
|
}
|
@@ -238,6 +243,24 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) {
|
|
238
243
|
return mont;
|
239
244
|
}
|
240
245
|
|
246
|
+
BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) {
|
247
|
+
BN_MONT_CTX *mont = BN_MONT_CTX_new();
|
248
|
+
if (mont == NULL ||
|
249
|
+
!bn_mont_ctx_set_N_and_n0(mont, mod)) {
|
250
|
+
goto err;
|
251
|
+
}
|
252
|
+
unsigned lgBigR = mont->N.width * BN_BITS2;
|
253
|
+
if (!bn_mod_exp_base_2_consttime(&mont->RR, lgBigR * 2, &mont->N, ctx) ||
|
254
|
+
!bn_resize_words(&mont->RR, mont->N.width)) {
|
255
|
+
goto err;
|
256
|
+
}
|
257
|
+
return mont;
|
258
|
+
|
259
|
+
err:
|
260
|
+
BN_MONT_CTX_free(mont);
|
261
|
+
return NULL;
|
262
|
+
}
|
263
|
+
|
241
264
|
int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
|
242
265
|
const BIGNUM *mod, BN_CTX *bn_ctx) {
|
243
266
|
CRYPTO_MUTEX_lock_read(lock);
|
@@ -289,18 +312,7 @@ static int bn_from_montgomery_in_place(BN_ULONG *r, size_t num_r, BN_ULONG *a,
|
|
289
312
|
a += num_n;
|
290
313
|
|
291
314
|
// |a| thus requires at most one additional subtraction |n| to be reduced.
|
292
|
-
|
293
|
-
OPENSSL_COMPILE_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
|
294
|
-
crypto_word_t_too_small);
|
295
|
-
BN_ULONG v = bn_sub_words(r, a, n, num_n) - carry;
|
296
|
-
// |v| is one if |a| - |n| underflowed or zero if it did not. Note |v| cannot
|
297
|
-
// be -1. That would imply the subtraction did not fit in |num_n| words, and
|
298
|
-
// we know at most one subtraction is needed.
|
299
|
-
v = 0u - v;
|
300
|
-
for (size_t i = 0; i < num_n; i++) {
|
301
|
-
r[i] = constant_time_select_w(v, a[i], r[i]);
|
302
|
-
a[i] = 0;
|
303
|
-
}
|
315
|
+
bn_reduce_once(r, a, carry, n, num_n);
|
304
316
|
return 1;
|
305
317
|
}
|
306
318
|
|
@@ -438,89 +450,53 @@ int bn_less_than_montgomery_R(const BIGNUM *bn, const BN_MONT_CTX *mont) {
|
|
438
450
|
bn_fits_in_words(bn, mont->N.width);
|
439
451
|
}
|
440
452
|
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
mont->RR.width, mont);
|
453
|
+
void bn_to_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
454
|
+
const BN_MONT_CTX *mont) {
|
455
|
+
bn_mod_mul_montgomery_small(r, a, mont->RR.d, num, mont);
|
445
456
|
}
|
446
457
|
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
452
|
-
return 0;
|
458
|
+
void bn_from_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
459
|
+
const BN_MONT_CTX *mont) {
|
460
|
+
if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS) {
|
461
|
+
abort();
|
453
462
|
}
|
454
463
|
BN_ULONG tmp[BN_SMALL_MAX_WORDS * 2];
|
455
|
-
|
456
|
-
|
457
|
-
|
458
|
-
|
459
|
-
OPENSSL_cleanse(tmp, num_tmp * sizeof(BN_ULONG));
|
460
|
-
return ret;
|
461
|
-
}
|
462
|
-
|
463
|
-
int bn_one_to_montgomery_small(BN_ULONG *r, size_t num_r,
|
464
|
-
const BN_MONT_CTX *mont) {
|
465
|
-
const BN_ULONG *n = mont->N.d;
|
466
|
-
size_t num_n = mont->N.width;
|
467
|
-
if (num_n == 0 || num_r != num_n) {
|
468
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
469
|
-
return 0;
|
464
|
+
OPENSSL_memcpy(tmp, a, num * sizeof(BN_ULONG));
|
465
|
+
OPENSSL_memset(tmp + num, 0, num * sizeof(BN_ULONG));
|
466
|
+
if (!bn_from_montgomery_in_place(r, num, tmp, 2 * num, mont)) {
|
467
|
+
abort();
|
470
468
|
}
|
471
|
-
|
472
|
-
// If the high bit of |n| is set, R = 2^(num_n*BN_BITS2) < 2 * |n|, so we
|
473
|
-
// compute R - |n| rather than perform Montgomery reduction.
|
474
|
-
if (num_n > 0 && (n[num_n - 1] >> (BN_BITS2 - 1)) != 0) {
|
475
|
-
r[0] = 0 - n[0];
|
476
|
-
for (size_t i = 1; i < num_n; i++) {
|
477
|
-
r[i] = ~n[i];
|
478
|
-
}
|
479
|
-
return 1;
|
480
|
-
}
|
481
|
-
|
482
|
-
return bn_from_montgomery_small(r, num_r, mont->RR.d, mont->RR.width, mont);
|
469
|
+
OPENSSL_cleanse(tmp, 2 * num * sizeof(BN_ULONG));
|
483
470
|
}
|
484
471
|
|
485
|
-
|
486
|
-
|
487
|
-
|
488
|
-
|
489
|
-
|
490
|
-
num_n > BN_SMALL_MAX_WORDS) {
|
491
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
492
|
-
return 0;
|
472
|
+
void bn_mod_mul_montgomery_small(BN_ULONG *r, const BN_ULONG *a,
|
473
|
+
const BN_ULONG *b, size_t num,
|
474
|
+
const BN_MONT_CTX *mont) {
|
475
|
+
if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS) {
|
476
|
+
abort();
|
493
477
|
}
|
494
478
|
|
495
479
|
#if defined(OPENSSL_BN_ASM_MONT)
|
496
480
|
// |bn_mul_mont| requires at least 128 bits of limbs, at least for x86.
|
497
|
-
if (
|
498
|
-
|
499
|
-
|
500
|
-
if (!bn_mul_mont(r, a, b, mont->N.d, mont->n0, num_n)) {
|
501
|
-
assert(0); // The check above ensures this won't happen.
|
502
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_INTERNAL_ERROR);
|
503
|
-
return 0;
|
481
|
+
if (num >= (128 / BN_BITS2)) {
|
482
|
+
if (!bn_mul_mont(r, a, b, mont->N.d, mont->n0, num)) {
|
483
|
+
abort(); // The check above ensures this won't happen.
|
504
484
|
}
|
505
|
-
return
|
485
|
+
return;
|
506
486
|
}
|
507
487
|
#endif
|
508
488
|
|
509
489
|
// Compute the product.
|
510
490
|
BN_ULONG tmp[2 * BN_SMALL_MAX_WORDS];
|
511
|
-
|
512
|
-
|
513
|
-
|
514
|
-
|
515
|
-
return 0;
|
516
|
-
}
|
517
|
-
} else if (!bn_mul_small(tmp, num_ab, a, num_a, b, num_b)) {
|
518
|
-
return 0;
|
491
|
+
if (a == b) {
|
492
|
+
bn_sqr_small(tmp, 2 * num, a, num);
|
493
|
+
} else {
|
494
|
+
bn_mul_small(tmp, 2 * num, a, num, b, num);
|
519
495
|
}
|
520
496
|
|
521
|
-
//
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
497
|
+
// Reduce.
|
498
|
+
if (!bn_from_montgomery_in_place(r, num, tmp, 2 * num, mont)) {
|
499
|
+
abort();
|
500
|
+
}
|
501
|
+
OPENSSL_cleanse(tmp, 2 * num * sizeof(BN_ULONG));
|
526
502
|
}
|