grpc 1.24.0 → 1.25.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +306 -243
  3. data/etc/roots.pem +0 -100
  4. data/include/grpc/grpc_security.h +44 -18
  5. data/include/grpc/impl/codegen/grpc_types.h +15 -0
  6. data/include/grpc/impl/codegen/port_platform.h +27 -11
  7. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  8. data/src/boringssl/err_data.c +695 -650
  9. data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
  10. data/src/core/ext/filters/client_channel/client_channel.h +24 -0
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
  12. data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
  13. data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
  14. data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
  15. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
  17. data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
  18. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
  19. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
  20. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
  21. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
  22. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
  26. data/src/core/ext/filters/client_channel/resolver.cc +1 -2
  27. data/src/core/ext/filters/client_channel/resolver.h +8 -16
  28. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
  29. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
  30. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
  31. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
  32. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  33. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
  37. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
  38. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
  39. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
  40. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
  41. data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
  42. data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
  44. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
  45. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
  47. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  48. data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
  49. data/src/core/ext/filters/client_channel/service_config.h +8 -8
  50. data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
  51. data/src/core/ext/filters/client_channel/subchannel.h +7 -9
  52. data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
  53. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
  54. data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
  55. data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
  56. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
  57. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
  58. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
  59. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  60. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
  61. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
  62. data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
  63. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
  64. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
  65. data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
  66. data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
  67. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  68. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
  69. data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
  70. data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
  71. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
  72. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
  73. data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
  74. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
  75. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
  76. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
  77. data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
  78. data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
  79. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  80. data/src/core/lib/channel/channel_args.cc +16 -0
  81. data/src/core/lib/channel/channel_args.h +22 -0
  82. data/src/core/lib/channel/channelz.cc +5 -6
  83. data/src/core/lib/channel/channelz.h +1 -1
  84. data/src/core/lib/channel/connected_channel.cc +20 -20
  85. data/src/core/lib/channel/handshaker.h +3 -4
  86. data/src/core/lib/channel/handshaker_factory.h +1 -3
  87. data/src/core/lib/debug/trace.h +3 -2
  88. data/src/core/lib/gprpp/arena.cc +3 -3
  89. data/src/core/lib/gprpp/arena.h +2 -3
  90. data/src/core/lib/gprpp/inlined_vector.h +9 -0
  91. data/src/core/lib/gprpp/map.h +3 -501
  92. data/src/core/lib/gprpp/memory.h +45 -41
  93. data/src/core/lib/gprpp/mpscq.cc +108 -0
  94. data/src/core/lib/gprpp/mpscq.h +98 -0
  95. data/src/core/lib/gprpp/orphanable.h +6 -11
  96. data/src/core/lib/gprpp/ref_counted.h +25 -19
  97. data/src/core/lib/gprpp/set.h +33 -0
  98. data/src/core/lib/gprpp/thd.h +2 -4
  99. data/src/core/lib/http/httpcli.cc +1 -1
  100. data/src/core/lib/http/httpcli_security_connector.cc +15 -11
  101. data/src/core/lib/http/parser.cc +1 -1
  102. data/src/core/lib/iomgr/buffer_list.cc +4 -5
  103. data/src/core/lib/iomgr/buffer_list.h +5 -6
  104. data/src/core/lib/iomgr/call_combiner.cc +4 -5
  105. data/src/core/lib/iomgr/call_combiner.h +2 -2
  106. data/src/core/lib/iomgr/cfstream_handle.h +3 -5
  107. data/src/core/lib/iomgr/closure.h +8 -3
  108. data/src/core/lib/iomgr/combiner.cc +45 -82
  109. data/src/core/lib/iomgr/combiner.h +32 -8
  110. data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
  111. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
  112. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
  113. data/src/core/lib/iomgr/exec_ctx.h +4 -3
  114. data/src/core/lib/iomgr/executor.cc +4 -2
  115. data/src/core/lib/iomgr/executor.h +3 -0
  116. data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
  117. data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
  118. data/src/core/lib/iomgr/executor/threadpool.h +7 -11
  119. data/src/core/lib/iomgr/resource_quota.cc +55 -51
  120. data/src/core/lib/iomgr/resource_quota.h +13 -9
  121. data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
  122. data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
  123. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
  124. data/src/core/lib/iomgr/tcp_custom.cc +9 -7
  125. data/src/core/lib/iomgr/tcp_posix.cc +20 -16
  126. data/src/core/lib/iomgr/tcp_server.h +1 -4
  127. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
  128. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
  129. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
  130. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  131. data/src/core/lib/iomgr/udp_server.cc +3 -2
  132. data/src/core/lib/iomgr/udp_server.h +6 -12
  133. data/src/core/lib/json/json.h +1 -1
  134. data/src/core/lib/json/json_string.cc +2 -2
  135. data/src/core/lib/profiling/basic_timers.cc +2 -2
  136. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
  137. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
  138. data/src/core/lib/security/credentials/credentials.h +4 -20
  139. data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
  140. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
  141. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
  142. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
  143. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
  144. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
  145. data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
  146. data/src/core/lib/security/security_connector/security_connector.cc +1 -0
  147. data/src/core/lib/security/security_connector/security_connector.h +19 -17
  148. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
  149. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  150. data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
  151. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
  152. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
  153. data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
  154. data/src/core/lib/security/transport/security_handshaker.cc +29 -13
  155. data/src/core/lib/security/transport/security_handshaker.h +4 -2
  156. data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
  157. data/src/core/lib/slice/slice.cc +2 -10
  158. data/src/core/lib/slice/slice_hash_table.h +4 -6
  159. data/src/core/lib/slice/slice_intern.cc +42 -39
  160. data/src/core/lib/slice/slice_internal.h +3 -3
  161. data/src/core/lib/slice/slice_utils.h +21 -4
  162. data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
  163. data/src/core/lib/surface/call.cc +3 -3
  164. data/src/core/lib/surface/channel.cc +7 -0
  165. data/src/core/lib/surface/completion_queue.cc +12 -11
  166. data/src/core/lib/surface/completion_queue.h +4 -2
  167. data/src/core/lib/surface/init.cc +1 -0
  168. data/src/core/lib/surface/lame_client.cc +33 -18
  169. data/src/core/lib/surface/server.cc +77 -76
  170. data/src/core/lib/surface/version.cc +1 -1
  171. data/src/core/lib/transport/byte_stream.h +3 -7
  172. data/src/core/lib/transport/connectivity_state.cc +112 -98
  173. data/src/core/lib/transport/connectivity_state.h +100 -50
  174. data/src/core/lib/transport/static_metadata.cc +276 -288
  175. data/src/core/lib/transport/static_metadata.h +73 -76
  176. data/src/core/lib/transport/status_conversion.cc +1 -1
  177. data/src/core/lib/transport/status_metadata.cc +1 -1
  178. data/src/core/lib/transport/transport.cc +2 -2
  179. data/src/core/lib/transport/transport.h +12 -4
  180. data/src/core/lib/transport/transport_op_string.cc +14 -11
  181. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  182. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
  183. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
  184. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
  185. data/src/core/tsi/fake_transport_security.cc +7 -5
  186. data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
  187. data/src/core/tsi/local_transport_security.cc +8 -6
  188. data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
  189. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
  190. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
  191. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
  192. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
  193. data/src/core/tsi/ssl_transport_security.cc +12 -12
  194. data/src/core/tsi/ssl_transport_security.h +2 -2
  195. data/src/core/tsi/transport_security_grpc.cc +7 -0
  196. data/src/core/tsi/transport_security_grpc.h +6 -0
  197. data/src/ruby/ext/grpc/extconf.rb +1 -0
  198. data/src/ruby/ext/grpc/rb_call.c +1 -1
  199. data/src/ruby/ext/grpc/rb_channel.c +1 -1
  200. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  201. data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
  202. data/src/ruby/lib/grpc/version.rb +1 -1
  203. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  204. data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
  205. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
  206. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
  207. data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
  208. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
  209. data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
  210. data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
  211. data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
  212. data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
  213. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
  214. data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
  215. data/third_party/boringssl/crypto/base64/base64.c +2 -2
  216. data/third_party/boringssl/crypto/bio/bio.c +73 -9
  217. data/third_party/boringssl/crypto/bio/connect.c +4 -0
  218. data/third_party/boringssl/crypto/bio/fd.c +4 -0
  219. data/third_party/boringssl/crypto/bio/file.c +5 -2
  220. data/third_party/boringssl/crypto/bio/socket.c +4 -0
  221. data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
  222. data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
  223. data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
  224. data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
  225. data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
  226. data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
  227. data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
  228. data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
  229. data/third_party/boringssl/crypto/chacha/internal.h +45 -0
  230. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
  231. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
  232. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
  233. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
  234. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
  235. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
  236. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
  237. data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
  238. data/third_party/boringssl/crypto/conf/conf.c +7 -0
  239. data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
  240. data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
  241. data/third_party/boringssl/crypto/cpu-intel.c +45 -51
  242. data/third_party/boringssl/crypto/crypto.c +39 -22
  243. data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
  244. data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
  245. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
  246. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
  247. data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
  248. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
  249. data/third_party/boringssl/crypto/engine/engine.c +2 -1
  250. data/third_party/boringssl/crypto/err/err.c +2 -0
  251. data/third_party/boringssl/crypto/err/internal.h +2 -2
  252. data/third_party/boringssl/crypto/evp/evp.c +89 -8
  253. data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
  254. data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
  255. data/third_party/boringssl/crypto/evp/internal.h +18 -1
  256. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
  257. data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
  258. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
  259. data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
  260. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
  261. data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
  262. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
  263. data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
  264. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
  265. data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
  266. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
  267. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
  268. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
  269. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
  270. data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
  271. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
  272. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
  273. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
  274. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
  275. data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
  276. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
  277. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
  278. data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  279. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
  280. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
  281. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
  282. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
  283. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
  284. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
  285. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
  286. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
  287. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
  288. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
  289. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
  290. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
  291. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
  292. data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
  293. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
  294. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
  295. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
  296. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
  297. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
  298. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
  299. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
  300. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
  301. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
  302. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
  303. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
  304. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
  305. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
  306. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
  307. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
  308. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
  309. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
  310. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  311. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
  312. data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
  313. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
  314. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
  315. data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
  316. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
  317. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
  318. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
  319. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
  320. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
  321. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
  322. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
  323. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
  324. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
  325. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
  326. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
  327. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
  328. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
  329. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
  330. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
  331. data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
  332. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
  333. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
  334. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
  335. data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
  336. data/third_party/boringssl/crypto/hrss/internal.h +62 -0
  337. data/third_party/boringssl/crypto/internal.h +95 -20
  338. data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
  339. data/third_party/boringssl/crypto/mem.c +39 -2
  340. data/third_party/boringssl/crypto/obj/obj.c +4 -4
  341. data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
  342. data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
  343. data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
  344. data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
  345. data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
  346. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
  347. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
  348. data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
  349. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
  350. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
  351. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
  352. data/third_party/boringssl/crypto/pool/internal.h +1 -1
  353. data/third_party/boringssl/crypto/pool/pool.c +21 -0
  354. data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
  355. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
  356. data/third_party/boringssl/crypto/refcount_lock.c +2 -2
  357. data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
  358. data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
  359. data/third_party/boringssl/crypto/stack/stack.c +83 -32
  360. data/third_party/boringssl/crypto/thread_none.c +2 -2
  361. data/third_party/boringssl/crypto/thread_pthread.c +2 -2
  362. data/third_party/boringssl/crypto/thread_win.c +38 -19
  363. data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
  364. data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
  365. data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
  366. data/third_party/boringssl/crypto/x509/by_file.c +12 -10
  367. data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
  368. data/third_party/boringssl/crypto/x509/t_req.c +1 -3
  369. data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
  370. data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
  371. data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
  372. data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
  373. data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
  374. data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
  375. data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
  376. data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
  377. data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
  378. data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
  379. data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
  380. data/third_party/boringssl/crypto/x509/x509name.c +2 -3
  381. data/third_party/boringssl/crypto/x509/x_all.c +109 -210
  382. data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
  383. data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
  384. data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
  385. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
  386. data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
  387. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
  388. data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
  389. data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
  390. data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
  391. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
  392. data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
  393. data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
  394. data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
  395. data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
  396. data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
  397. data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
  398. data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
  399. data/third_party/boringssl/include/openssl/aead.h +45 -19
  400. data/third_party/boringssl/include/openssl/aes.h +32 -7
  401. data/third_party/boringssl/include/openssl/asn1.h +7 -77
  402. data/third_party/boringssl/include/openssl/base.h +120 -6
  403. data/third_party/boringssl/include/openssl/base64.h +4 -1
  404. data/third_party/boringssl/include/openssl/bio.h +112 -81
  405. data/third_party/boringssl/include/openssl/blowfish.h +3 -3
  406. data/third_party/boringssl/include/openssl/bn.h +55 -29
  407. data/third_party/boringssl/include/openssl/buf.h +2 -2
  408. data/third_party/boringssl/include/openssl/bytestring.h +54 -32
  409. data/third_party/boringssl/include/openssl/cast.h +2 -2
  410. data/third_party/boringssl/include/openssl/cipher.h +46 -16
  411. data/third_party/boringssl/include/openssl/cmac.h +6 -2
  412. data/third_party/boringssl/include/openssl/conf.h +3 -6
  413. data/third_party/boringssl/include/openssl/cpu.h +25 -9
  414. data/third_party/boringssl/include/openssl/crypto.h +32 -10
  415. data/third_party/boringssl/include/openssl/curve25519.h +4 -4
  416. data/third_party/boringssl/include/openssl/dh.h +3 -2
  417. data/third_party/boringssl/include/openssl/digest.h +21 -7
  418. data/third_party/boringssl/include/openssl/dsa.h +8 -2
  419. data/third_party/boringssl/include/openssl/e_os2.h +18 -0
  420. data/third_party/boringssl/include/openssl/ec.h +25 -21
  421. data/third_party/boringssl/include/openssl/ec_key.h +36 -8
  422. data/third_party/boringssl/include/openssl/ecdh.h +17 -0
  423. data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
  424. data/third_party/boringssl/include/openssl/engine.h +4 -4
  425. data/third_party/boringssl/include/openssl/err.h +3 -0
  426. data/third_party/boringssl/include/openssl/evp.h +199 -42
  427. data/third_party/boringssl/include/openssl/hmac.h +4 -4
  428. data/third_party/boringssl/include/openssl/hrss.h +100 -0
  429. data/third_party/boringssl/include/openssl/lhash.h +131 -23
  430. data/third_party/boringssl/include/openssl/md4.h +6 -4
  431. data/third_party/boringssl/include/openssl/md5.h +6 -4
  432. data/third_party/boringssl/include/openssl/mem.h +6 -2
  433. data/third_party/boringssl/include/openssl/nid.h +3 -0
  434. data/third_party/boringssl/include/openssl/obj.h +3 -0
  435. data/third_party/boringssl/include/openssl/pem.h +102 -64
  436. data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
  437. data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
  438. data/third_party/boringssl/include/openssl/pool.h +13 -2
  439. data/third_party/boringssl/include/openssl/ripemd.h +5 -4
  440. data/third_party/boringssl/include/openssl/rsa.h +46 -15
  441. data/third_party/boringssl/include/openssl/sha.h +40 -28
  442. data/third_party/boringssl/include/openssl/siphash.h +37 -0
  443. data/third_party/boringssl/include/openssl/span.h +17 -9
  444. data/third_party/boringssl/include/openssl/ssl.h +766 -393
  445. data/third_party/boringssl/include/openssl/ssl3.h +4 -3
  446. data/third_party/boringssl/include/openssl/stack.h +134 -77
  447. data/third_party/boringssl/include/openssl/thread.h +1 -1
  448. data/third_party/boringssl/include/openssl/tls1.h +25 -9
  449. data/third_party/boringssl/include/openssl/type_check.h +14 -15
  450. data/third_party/boringssl/include/openssl/x509.h +28 -3
  451. data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
  452. data/third_party/boringssl/include/openssl/x509v3.h +17 -13
  453. data/third_party/boringssl/ssl/d1_both.cc +9 -18
  454. data/third_party/boringssl/ssl/d1_lib.cc +4 -3
  455. data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
  456. data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
  457. data/third_party/boringssl/ssl/dtls_method.cc +0 -1
  458. data/third_party/boringssl/ssl/dtls_record.cc +28 -28
  459. data/third_party/boringssl/ssl/handoff.cc +295 -91
  460. data/third_party/boringssl/ssl/handshake.cc +133 -72
  461. data/third_party/boringssl/ssl/handshake_client.cc +218 -189
  462. data/third_party/boringssl/ssl/handshake_server.cc +399 -272
  463. data/third_party/boringssl/ssl/internal.h +1413 -928
  464. data/third_party/boringssl/ssl/s3_both.cc +175 -36
  465. data/third_party/boringssl/ssl/s3_lib.cc +9 -13
  466. data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
  467. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
  468. data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
  469. data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
  470. data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
  471. data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
  472. data/third_party/boringssl/ssl/ssl_file.cc +2 -0
  473. data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
  474. data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
  475. data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
  476. data/third_party/boringssl/ssl/ssl_session.cc +230 -178
  477. data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
  478. data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
  479. data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
  480. data/third_party/boringssl/ssl/t1_enc.cc +5 -96
  481. data/third_party/boringssl/ssl/t1_lib.cc +931 -678
  482. data/third_party/boringssl/ssl/tls13_both.cc +251 -121
  483. data/third_party/boringssl/ssl/tls13_client.cc +129 -73
  484. data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
  485. data/third_party/boringssl/ssl/tls13_server.cc +259 -192
  486. data/third_party/boringssl/ssl/tls_method.cc +26 -21
  487. data/third_party/boringssl/ssl/tls_record.cc +42 -47
  488. data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
  489. data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
  490. data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
  491. data/third_party/boringssl/third_party/fiat/p256.c +238 -999
  492. data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
  493. data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
  494. data/third_party/upb/upb/port_def.inc +1 -1
  495. data/third_party/upb/upb/table.c +2 -1
  496. metadata +72 -44
  497. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
  498. data/src/core/lib/gpr/mpscq.cc +0 -117
  499. data/src/core/lib/gpr/mpscq.h +0 -88
  500. data/src/core/lib/gprpp/abstract.h +0 -47
  501. data/src/core/lib/gprpp/pair.h +0 -38
  502. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  503. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  504. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  505. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -231,3 +231,7 @@ DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede3) {
231
231
  out->init = des_ede3_init_key;
232
232
  out->cipher = des_ede_ecb_cipher;
233
233
  }
234
+
235
+ const EVP_CIPHER* EVP_des_ede3_ecb(void) {
236
+ return EVP_des_ede3();
237
+ }
@@ -114,11 +114,10 @@ struct evp_aead_st {
114
114
 
115
115
  // aes_ctr_set_key initialises |*aes_key| using |key_bytes| bytes from |key|,
116
116
  // where |key_bytes| must either be 16, 24 or 32. If not NULL, |*out_block| is
117
- // set to a function that encrypts single blocks. If not NULL, |*gcm_ctx| is
117
+ // set to a function that encrypts single blocks. If not NULL, |*gcm_key| is
118
118
  // initialised to do GHASH with the given key. It returns a function for
119
- // optimised CTR-mode, or NULL if CTR-mode should be built using
120
- // |*out_block|.
121
- ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
119
+ // optimised CTR-mode, or NULL if CTR-mode should be built using |*out_block|.
120
+ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
122
121
  block128_f *out_block, const uint8_t *key,
123
122
  size_t key_bytes);
124
123
 
@@ -20,10 +20,11 @@
20
20
  #include "../internal.h"
21
21
 
22
22
 
23
- #if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN)
23
+ #if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \
24
+ !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN)
24
25
  #define DEFINE_BSS_GET(type, name) \
25
26
  static type name __attribute__((used)); \
26
- type *name##_bss_get(void);
27
+ type *name##_bss_get(void) __attribute__((const));
27
28
  // For FIPS builds we require that CRYPTO_ONCE_INIT be zero.
28
29
  #define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name)
29
30
  // For FIPS builds we require that CRYPTO_STATIC_MUTEX_INIT be zero.
@@ -115,8 +115,17 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
115
115
 
116
116
  void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) { EVP_MD_CTX_free(ctx); }
117
117
 
118
+ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, size_t len) {
119
+ OPENSSL_PUT_ERROR(DIGEST, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
120
+ return 0;
121
+ }
122
+
123
+ uint32_t EVP_MD_meth_get_flags(const EVP_MD *md) { return EVP_MD_flags(md); }
124
+
118
125
  int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
119
- if (in == NULL || in->digest == NULL) {
126
+ // |in->digest| may be NULL if this is a signing |EVP_MD_CTX| for, e.g.,
127
+ // Ed25519 which does not hash with |EVP_MD_CTX|.
128
+ if (in == NULL || (in->pctx == NULL && in->digest == NULL)) {
120
129
  OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_INPUT_NOT_INITIALIZED);
121
130
  return 0;
122
131
  }
@@ -131,29 +140,34 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
131
140
  }
132
141
  }
133
142
 
134
- uint8_t *tmp_buf;
135
- if (out->digest != in->digest) {
136
- assert(in->digest->ctx_size != 0);
137
- tmp_buf = OPENSSL_malloc(in->digest->ctx_size);
138
- if (tmp_buf == NULL) {
139
- if (pctx) {
140
- in->pctx_ops->free(pctx);
143
+ uint8_t *tmp_buf = NULL;
144
+ if (in->digest != NULL) {
145
+ if (out->digest != in->digest) {
146
+ assert(in->digest->ctx_size != 0);
147
+ tmp_buf = OPENSSL_malloc(in->digest->ctx_size);
148
+ if (tmp_buf == NULL) {
149
+ if (pctx) {
150
+ in->pctx_ops->free(pctx);
151
+ }
152
+ OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE);
153
+ return 0;
141
154
  }
142
- OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE);
143
- return 0;
155
+ } else {
156
+ // |md_data| will be the correct size in this case. It's removed from
157
+ // |out| so that |EVP_MD_CTX_cleanup| doesn't free it, and then it's
158
+ // reused.
159
+ tmp_buf = out->md_data;
160
+ out->md_data = NULL;
144
161
  }
145
- } else {
146
- // |md_data| will be the correct size in this case. It's removed from |out|
147
- // so that |EVP_MD_CTX_cleanup| doesn't free it, and then it's reused.
148
- tmp_buf = out->md_data;
149
- out->md_data = NULL;
150
162
  }
151
163
 
152
164
  EVP_MD_CTX_cleanup(out);
153
165
 
154
166
  out->digest = in->digest;
155
167
  out->md_data = tmp_buf;
156
- OPENSSL_memcpy(out->md_data, in->md_data, in->digest->ctx_size);
168
+ if (in->digest != NULL) {
169
+ OPENSSL_memcpy(out->md_data, in->md_data, in->digest->ctx_size);
170
+ }
157
171
  out->pctx = pctx;
158
172
  out->pctx_ops = in->pctx_ops;
159
173
  assert(out->pctx == NULL || out->pctx_ops != NULL);
@@ -166,9 +180,10 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
166
180
  return EVP_MD_CTX_copy_ex(out, in);
167
181
  }
168
182
 
169
- void EVP_MD_CTX_reset(EVP_MD_CTX *ctx) {
183
+ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) {
170
184
  EVP_MD_CTX_cleanup(ctx);
171
185
  EVP_MD_CTX_init(ctx);
186
+ return 1;
172
187
  }
173
188
 
174
189
  int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) {
@@ -223,12 +223,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
223
223
  }
224
224
 
225
225
 
226
- void HASH_TRANSFORM(HASH_CTX *c, const uint8_t *data) {
226
+ void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
227
227
  HASH_BLOCK_DATA_ORDER(c->h, data, 1);
228
228
  }
229
229
 
230
230
 
231
- int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
231
+ int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
232
232
  // |c->data| always has room for at least one byte. A full block would have
233
233
  // been consumed.
234
234
  size_t n = c->num;
@@ -258,7 +258,7 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
258
258
  c->num = 0;
259
259
  OPENSSL_memset(c->data, 0, HASH_CBLOCK);
260
260
 
261
- HASH_MAKE_STRING(c, md);
261
+ HASH_MAKE_STRING(c, out);
262
262
  return 1;
263
263
  }
264
264
 
@@ -316,7 +316,7 @@ static void ec_group_set0_generator(EC_GROUP *group, EC_POINT *generator) {
316
316
 
317
317
  EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
318
318
  const BIGNUM *b, BN_CTX *ctx) {
319
- if (BN_num_bytes(p) > EC_MAX_SCALAR_BYTES) {
319
+ if (BN_num_bytes(p) > EC_MAX_BYTES) {
320
320
  OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FIELD);
321
321
  return NULL;
322
322
  }
@@ -344,15 +344,14 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
344
344
  generator->group != group) {
345
345
  // |EC_GROUP_set_generator| may only be used with |EC_GROUP|s returned by
346
346
  // |EC_GROUP_new_curve_GFp| and may only used once on each group.
347
- // Additionally, |generator| must been created from
348
- // |EC_GROUP_new_curve_GFp|, not a copy, so that
349
- // |generator->group->generator| is set correctly.
347
+ // |generator| must have been created from |EC_GROUP_new_curve_GFp|, not a
348
+ // copy, so that |generator->group->generator| is set correctly.
350
349
  OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
351
350
  return 0;
352
351
  }
353
352
 
354
- if (BN_num_bytes(order) > EC_MAX_SCALAR_BYTES) {
355
- OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FIELD);
353
+ if (BN_num_bytes(order) > EC_MAX_BYTES) {
354
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
356
355
  return 0;
357
356
  }
358
357
 
@@ -367,25 +366,23 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
367
366
  // Note any curve which did not satisfy this must have been invalid or use a
368
367
  // tiny prime (less than 17). See the proof in |field_element_to_scalar| in
369
368
  // the ECDSA implementation.
369
+ int ret = 0;
370
+ EC_POINT *copy = NULL;
370
371
  BIGNUM *tmp = BN_new();
371
372
  if (tmp == NULL ||
372
373
  !BN_lshift1(tmp, order)) {
373
- BN_free(tmp);
374
- return 0;
374
+ goto err;
375
375
  }
376
- int ok = BN_cmp(tmp, &group->field) > 0;
377
- BN_free(tmp);
378
- if (!ok) {
376
+ if (BN_cmp(tmp, &group->field) <= 0) {
379
377
  OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
380
- return 0;
378
+ goto err;
381
379
  }
382
380
 
383
- EC_POINT *copy = EC_POINT_new(group);
381
+ copy = EC_POINT_new(group);
384
382
  if (copy == NULL ||
385
383
  !EC_POINT_copy(copy, generator) ||
386
384
  !BN_copy(&group->order, order)) {
387
- EC_POINT_free(copy);
388
- return 0;
385
+ goto err;
389
386
  }
390
387
  // Store the order in minimal form, so it can be used with |BN_ULONG| arrays.
391
388
  bn_set_minimal_width(&group->order);
@@ -393,11 +390,26 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
393
390
  BN_MONT_CTX_free(group->order_mont);
394
391
  group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, NULL);
395
392
  if (group->order_mont == NULL) {
396
- return 0;
393
+ goto err;
394
+ }
395
+
396
+ group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
397
+ if (group->field_greater_than_order) {
398
+ if (!BN_sub(tmp, &group->field, &group->order) ||
399
+ !bn_copy_words(group->field_minus_order.words, group->field.width,
400
+ tmp)) {
401
+ goto err;
402
+ }
397
403
  }
398
404
 
399
405
  ec_group_set0_generator(group, copy);
400
- return 1;
406
+ copy = NULL;
407
+ ret = 1;
408
+
409
+ err:
410
+ EC_POINT_free(copy);
411
+ BN_free(tmp);
412
+ return ret;
401
413
  }
402
414
 
403
415
  static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
@@ -449,6 +461,14 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
449
461
  goto err;
450
462
  }
451
463
 
464
+ group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
465
+ if (group->field_greater_than_order) {
466
+ if (!BN_sub(p, &group->field, &group->order) ||
467
+ !bn_copy_words(group->field_minus_order.words, group->field.width, p)) {
468
+ goto err;
469
+ }
470
+ }
471
+
452
472
  group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, ctx);
453
473
  if (group->order_mont == NULL) {
454
474
  OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
@@ -479,8 +499,8 @@ err:
479
499
  struct built_in_groups_st {
480
500
  EC_GROUP *groups[OPENSSL_NUM_BUILT_IN_CURVES];
481
501
  };
482
- DEFINE_BSS_GET(struct built_in_groups_st, built_in_groups);
483
- DEFINE_STATIC_MUTEX(built_in_groups_lock);
502
+ DEFINE_BSS_GET(struct built_in_groups_st, built_in_groups)
503
+ DEFINE_STATIC_MUTEX(built_in_groups_lock)
484
504
 
485
505
  EC_GROUP *EC_GROUP_new_by_curve_name(int nid) {
486
506
  struct built_in_groups_st *groups = built_in_groups_bss_get();
@@ -579,13 +599,14 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
579
599
  // structure. If |a| or |b| is incomplete (due to legacy OpenSSL mistakes,
580
600
  // custom curve construction is sadly done in two parts) but otherwise not the
581
601
  // same object, we consider them always unequal.
582
- return a->generator == NULL ||
602
+ return a->meth != b->meth ||
603
+ a->generator == NULL ||
583
604
  b->generator == NULL ||
584
605
  BN_cmp(&a->order, &b->order) != 0 ||
585
606
  BN_cmp(&a->field, &b->field) != 0 ||
586
- BN_cmp(&a->a, &b->a) != 0 ||
587
- BN_cmp(&a->b, &b->b) != 0 ||
588
- ec_GFp_simple_cmp(a, a->generator, b->generator, NULL) != 0;
607
+ !ec_felem_equal(a, &a->a, &b->a) ||
608
+ !ec_felem_equal(a, &a->b, &b->b) ||
609
+ ec_GFp_simple_cmp(a, &a->generator->raw, &b->generator->raw) != 0;
589
610
  }
590
611
 
591
612
  const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
@@ -604,6 +625,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
604
625
  return 1;
605
626
  }
606
627
 
628
+ int EC_GROUP_order_bits(const EC_GROUP *group) {
629
+ return BN_num_bits(&group->order);
630
+ }
631
+
607
632
  int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
608
633
  BN_CTX *ctx) {
609
634
  // All |EC_GROUP|s have cofactor 1.
@@ -612,36 +637,59 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
612
637
 
613
638
  int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, BIGNUM *out_a,
614
639
  BIGNUM *out_b, BN_CTX *ctx) {
615
- return ec_GFp_simple_group_get_curve(group, out_p, out_a, out_b, ctx);
640
+ return ec_GFp_simple_group_get_curve(group, out_p, out_a, out_b);
616
641
  }
617
642
 
618
643
  int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; }
619
644
 
620
645
  unsigned EC_GROUP_get_degree(const EC_GROUP *group) {
621
- return ec_GFp_simple_group_get_degree(group);
646
+ return BN_num_bits(&group->field);
622
647
  }
623
648
 
624
- EC_POINT *EC_POINT_new(const EC_GROUP *group) {
625
- EC_POINT *ret;
649
+ const char *EC_curve_nid2nist(int nid) {
650
+ switch (nid) {
651
+ case NID_secp224r1:
652
+ return "P-224";
653
+ case NID_X9_62_prime256v1:
654
+ return "P-256";
655
+ case NID_secp384r1:
656
+ return "P-384";
657
+ case NID_secp521r1:
658
+ return "P-521";
659
+ }
660
+ return NULL;
661
+ }
662
+
663
+ int EC_curve_nist2nid(const char *name) {
664
+ if (strcmp(name, "P-224") == 0) {
665
+ return NID_secp224r1;
666
+ }
667
+ if (strcmp(name, "P-256") == 0) {
668
+ return NID_X9_62_prime256v1;
669
+ }
670
+ if (strcmp(name, "P-384") == 0) {
671
+ return NID_secp384r1;
672
+ }
673
+ if (strcmp(name, "P-521") == 0) {
674
+ return NID_secp521r1;
675
+ }
676
+ return NID_undef;
677
+ }
626
678
 
679
+ EC_POINT *EC_POINT_new(const EC_GROUP *group) {
627
680
  if (group == NULL) {
628
681
  OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
629
682
  return NULL;
630
683
  }
631
684
 
632
- ret = OPENSSL_malloc(sizeof *ret);
685
+ EC_POINT *ret = OPENSSL_malloc(sizeof *ret);
633
686
  if (ret == NULL) {
634
687
  OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
635
688
  return NULL;
636
689
  }
637
690
 
638
691
  ret->group = EC_GROUP_dup(group);
639
- if (ret->group == NULL ||
640
- !ec_GFp_simple_point_init(ret)) {
641
- OPENSSL_free(ret);
642
- return NULL;
643
- }
644
-
692
+ ec_GFp_simple_point_init(&ret->raw);
645
693
  return ret;
646
694
  }
647
695
 
@@ -649,7 +697,6 @@ static void ec_point_free(EC_POINT *point, int free_group) {
649
697
  if (!point) {
650
698
  return;
651
699
  }
652
- ec_GFp_simple_point_finish(point);
653
700
  if (free_group) {
654
701
  EC_GROUP_free(point->group);
655
702
  }
@@ -670,7 +717,8 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) {
670
717
  if (dest == src) {
671
718
  return 1;
672
719
  }
673
- return ec_GFp_simple_point_copy(dest, src);
720
+ ec_GFp_simple_point_copy(&dest->raw, &src->raw);
721
+ return 1;
674
722
  }
675
723
 
676
724
  EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) {
@@ -693,7 +741,8 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) {
693
741
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
694
742
  return 0;
695
743
  }
696
- return ec_GFp_simple_point_set_to_infinity(group, point);
744
+ ec_GFp_simple_point_set_to_infinity(group, &point->raw);
745
+ return 1;
697
746
  }
698
747
 
699
748
  int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) {
@@ -701,7 +750,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) {
701
750
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
702
751
  return 0;
703
752
  }
704
- return ec_GFp_simple_is_at_infinity(group, point);
753
+ return ec_GFp_simple_is_at_infinity(group, &point->raw);
705
754
  }
706
755
 
707
756
  int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
@@ -710,7 +759,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
710
759
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
711
760
  return 0;
712
761
  }
713
- return ec_GFp_simple_is_on_curve(group, point, ctx);
762
+ return ec_GFp_simple_is_on_curve(group, &point->raw);
714
763
  }
715
764
 
716
765
  int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
@@ -720,26 +769,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
720
769
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
721
770
  return -1;
722
771
  }
723
- return ec_GFp_simple_cmp(group, a, b, ctx);
724
- }
725
-
726
- int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) {
727
- if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
728
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
729
- return 0;
730
- }
731
- return ec_GFp_simple_make_affine(group, point, ctx);
732
- }
733
-
734
- int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
735
- BN_CTX *ctx) {
736
- for (size_t i = 0; i < num; i++) {
737
- if (EC_GROUP_cmp(group, points[i]->group, NULL) != 0) {
738
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
739
- return 0;
740
- }
741
- }
742
- return ec_GFp_simple_points_make_affine(group, num, points, ctx);
772
+ return ec_GFp_simple_cmp(group, &a->raw, &b->raw);
743
773
  }
744
774
 
745
775
  int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
@@ -753,7 +783,15 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
753
783
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
754
784
  return 0;
755
785
  }
756
- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
786
+ EC_FELEM x_felem, y_felem;
787
+ if (!group->meth->point_get_affine_coordinates(group, &point->raw,
788
+ x == NULL ? NULL : &x_felem,
789
+ y == NULL ? NULL : &y_felem) ||
790
+ (x != NULL && !bn_set_words(x, x_felem.words, group->field.width)) ||
791
+ (y != NULL && !bn_set_words(y, y_felem.words, group->field.width))) {
792
+ return 0;
793
+ }
794
+ return 1;
757
795
  }
758
796
 
759
797
  int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
@@ -763,7 +801,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
763
801
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
764
802
  return 0;
765
803
  }
766
- if (!ec_GFp_simple_point_set_affine_coordinates(group, point, x, y, ctx)) {
804
+ if (!ec_GFp_simple_point_set_affine_coordinates(group, &point->raw, x, y)) {
767
805
  return 0;
768
806
  }
769
807
 
@@ -775,7 +813,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
775
813
  // constructing an arbitrary group. In this, we give up and hope they're
776
814
  // checking the return value.
777
815
  if (generator) {
778
- EC_POINT_copy(point, generator);
816
+ ec_GFp_simple_point_copy(&point->raw, &generator->raw);
779
817
  }
780
818
  OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
781
819
  return 0;
@@ -792,10 +830,10 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
792
830
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
793
831
  return 0;
794
832
  }
795
- return ec_GFp_simple_add(group, r, a, b, ctx);
833
+ group->meth->add(group, &r->raw, &a->raw, &b->raw);
834
+ return 1;
796
835
  }
797
836
 
798
-
799
837
  int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
800
838
  BN_CTX *ctx) {
801
839
  if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
@@ -803,7 +841,8 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
803
841
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
804
842
  return 0;
805
843
  }
806
- return ec_GFp_simple_dbl(group, r, a, ctx);
844
+ group->meth->dbl(group, &r->raw, &a->raw);
845
+ return 1;
807
846
  }
808
847
 
809
848
 
@@ -812,7 +851,8 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) {
812
851
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
813
852
  return 0;
814
853
  }
815
- return ec_GFp_simple_invert(group, a, ctx);
854
+ ec_GFp_simple_invert(group, &a->raw);
855
+ return 1;
816
856
  }
817
857
 
818
858
  static int arbitrary_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
@@ -829,7 +869,7 @@ static int arbitrary_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
829
869
  BIGNUM *tmp = BN_CTX_get(ctx);
830
870
  int ok = tmp != NULL &&
831
871
  BN_nnmod(tmp, in, order, ctx) &&
832
- ec_bignum_to_scalar_unchecked(group, out, tmp);
872
+ ec_bignum_to_scalar(group, out, tmp);
833
873
  BN_CTX_end(ctx);
834
874
  return ok;
835
875
  }
@@ -845,9 +885,13 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
845
885
  return 0;
846
886
  }
847
887
 
888
+ if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
889
+ (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
890
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
891
+ return 0;
892
+ }
893
+
848
894
  int ret = 0;
849
- EC_SCALAR g_scalar_storage, p_scalar_storage;
850
- EC_SCALAR *g_scalar_arg = NULL, *p_scalar_arg = NULL;
851
895
  BN_CTX *new_ctx = NULL;
852
896
  if (ctx == NULL) {
853
897
  new_ctx = BN_CTX_new();
@@ -857,69 +901,158 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
857
901
  ctx = new_ctx;
858
902
  }
859
903
 
904
+ // If both |g_scalar| and |p_scalar| are non-NULL,
905
+ // |ec_point_mul_scalar_public| would share the doublings between the two
906
+ // products, which would be more efficient. However, we conservatively assume
907
+ // the caller needs a constant-time operation. (ECDSA verification does not
908
+ // use this function.)
909
+ //
910
+ // Previously, the low-level constant-time multiplication function aligned
911
+ // with this function's calling convention, but this was misleading. Curves
912
+ // which combined the two multiplications did not avoid the doubling case
913
+ // in the incomplete addition formula and were not constant-time.
914
+
860
915
  if (g_scalar != NULL) {
861
- if (!arbitrary_bignum_to_scalar(group, &g_scalar_storage, g_scalar, ctx)) {
916
+ EC_SCALAR scalar;
917
+ if (!arbitrary_bignum_to_scalar(group, &scalar, g_scalar, ctx) ||
918
+ !ec_point_mul_scalar_base(group, &r->raw, &scalar)) {
862
919
  goto err;
863
920
  }
864
- g_scalar_arg = &g_scalar_storage;
865
921
  }
866
922
 
867
923
  if (p_scalar != NULL) {
868
- if (!arbitrary_bignum_to_scalar(group, &p_scalar_storage, p_scalar, ctx)) {
924
+ EC_SCALAR scalar;
925
+ EC_RAW_POINT tmp;
926
+ if (!arbitrary_bignum_to_scalar(group, &scalar, p_scalar, ctx) ||
927
+ !ec_point_mul_scalar(group, &tmp, &p->raw, &scalar)) {
869
928
  goto err;
870
929
  }
871
- p_scalar_arg = &p_scalar_storage;
930
+ if (g_scalar == NULL) {
931
+ OPENSSL_memcpy(&r->raw, &tmp, sizeof(EC_RAW_POINT));
932
+ } else {
933
+ group->meth->add(group, &r->raw, &r->raw, &tmp);
934
+ }
872
935
  }
873
936
 
874
- ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg, ctx);
937
+ ret = 1;
875
938
 
876
939
  err:
877
940
  BN_CTX_free(new_ctx);
878
- OPENSSL_cleanse(&g_scalar_storage, sizeof(g_scalar_storage));
879
- OPENSSL_cleanse(&p_scalar_storage, sizeof(p_scalar_storage));
880
941
  return ret;
881
942
  }
882
943
 
883
- int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r,
884
- const EC_SCALAR *g_scalar, const EC_POINT *p,
885
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
886
- if ((g_scalar == NULL && p_scalar == NULL) ||
887
- (p == NULL) != (p_scalar == NULL)) {
944
+ int ec_point_mul_scalar_public(const EC_GROUP *group, EC_RAW_POINT *r,
945
+ const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
946
+ const EC_SCALAR *p_scalar) {
947
+ if (g_scalar == NULL || p_scalar == NULL || p == NULL) {
888
948
  OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
889
949
  return 0;
890
950
  }
891
951
 
892
- if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
893
- (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
894
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
952
+ group->meth->mul_public(group, r, g_scalar, p, p_scalar);
953
+ return 1;
954
+ }
955
+
956
+ int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
957
+ const EC_RAW_POINT *p, const EC_SCALAR *scalar) {
958
+ if (p == NULL || scalar == NULL) {
959
+ OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
895
960
  return 0;
896
961
  }
897
962
 
898
- return group->meth->mul_public(group, r, g_scalar, p, p_scalar, ctx);
963
+ group->meth->mul(group, r, p, scalar);
964
+ return 1;
899
965
  }
900
966
 
901
- int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
902
- const EC_SCALAR *g_scalar, const EC_POINT *p,
903
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
904
- if ((g_scalar == NULL && p_scalar == NULL) ||
905
- (p == NULL) != (p_scalar == NULL)) {
967
+ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
968
+ const EC_SCALAR *scalar) {
969
+ if (scalar == NULL) {
906
970
  OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
907
971
  return 0;
908
972
  }
909
973
 
910
- if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
911
- (p != NULL && EC_GROUP_cmp(group, p->group, NULL) != 0)) {
912
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
974
+ group->meth->mul_base(group, r, scalar);
975
+ return 1;
976
+ }
977
+
978
+ int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
979
+ const EC_SCALAR *r) {
980
+ return group->meth->cmp_x_coordinate(group, p, r);
981
+ }
982
+
983
+ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
984
+ const EC_RAW_POINT *p) {
985
+ EC_FELEM x;
986
+ // For simplicity, in case of width mismatches between |group->field| and
987
+ // |group->order|, zero any untouched words in |x|.
988
+ OPENSSL_memset(&x, 0, sizeof(x));
989
+ if (!group->meth->point_get_affine_coordinates(group, p, &x, NULL)) {
990
+ return 0;
991
+ }
992
+
993
+ // We must have p < 2×order, assuming p is not tiny (p >= 17). Thus rather we
994
+ // can reduce by performing at most one subtraction.
995
+ //
996
+ // Proof: We only work with prime order curves, so the number of points on
997
+ // the curve is the order. Thus Hasse's theorem gives:
998
+ //
999
+ // |order - (p + 1)| <= 2×sqrt(p)
1000
+ // p + 1 - order <= 2×sqrt(p)
1001
+ // p + 1 - 2×sqrt(p) <= order
1002
+ // p + 1 - 2×(p/4) < order (p/4 > sqrt(p) for p >= 17)
1003
+ // p/2 < p/2 + 1 < order
1004
+ // p < 2×order
1005
+ //
1006
+ // Additionally, one can manually check this property for built-in curves. It
1007
+ // is enforced for legacy custom curves in |EC_GROUP_set_generator|.
1008
+
1009
+ // The above does not guarantee |group->field| is not one word larger than
1010
+ // |group->order|, so read one extra carry word.
1011
+ BN_ULONG carry =
1012
+ group->order.width < EC_MAX_WORDS ? x.words[group->order.width] : 0;
1013
+ bn_reduce_once(out->words, x.words, carry, group->order.d,
1014
+ group->order.width);
1015
+ return 1;
1016
+ }
1017
+
1018
+ int ec_point_get_affine_coordinate_bytes(const EC_GROUP *group, uint8_t *out_x,
1019
+ uint8_t *out_y, size_t *out_len,
1020
+ size_t max_out,
1021
+ const EC_RAW_POINT *p) {
1022
+ size_t len = BN_num_bytes(&group->field);
1023
+ assert(len <= EC_MAX_BYTES);
1024
+ if (max_out < len) {
1025
+ OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
913
1026
  return 0;
914
1027
  }
915
1028
 
916
- return group->meth->mul(group, r, g_scalar, p, p_scalar, ctx);
1029
+ EC_FELEM x, y;
1030
+ if (!group->meth->point_get_affine_coordinates(
1031
+ group, p, out_x == NULL ? NULL : &x, out_y == NULL ? NULL : &y)) {
1032
+ return 0;
1033
+ }
1034
+
1035
+ if (out_x != NULL) {
1036
+ for (size_t i = 0; i < len; i++) {
1037
+ out_x[i] = x.bytes[len - i - 1];
1038
+ }
1039
+ }
1040
+ if (out_y != NULL) {
1041
+ for (size_t i = 0; i < len; i++) {
1042
+ out_y[i] = y.bytes[len - i - 1];
1043
+ }
1044
+ }
1045
+ *out_len = len;
1046
+ return 1;
917
1047
  }
918
1048
 
919
1049
  void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {}
920
1050
 
921
1051
  const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) {
922
- return NULL;
1052
+ // This function exists purely to give callers a way to call
1053
+ // |EC_METHOD_get_field_type|. cryptography.io crashes if |EC_GROUP_method_of|
1054
+ // returns NULL, so return some other garbage pointer.
1055
+ return (const EC_METHOD *)0x12340000;
923
1056
  }
924
1057
 
925
1058
  int EC_METHOD_get_field_type(const EC_METHOD *meth) {
@@ -945,30 +1078,3 @@ size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
945
1078
 
946
1079
  return OPENSSL_NUM_BUILT_IN_CURVES;
947
1080
  }
948
-
949
- int ec_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
950
- const BIGNUM *in) {
951
- if (!ec_bignum_to_scalar_unchecked(group, out, in)) {
952
- return 0;
953
- }
954
- if (!bn_less_than_words(out->words, group->order.d, group->order.width)) {
955
- OPENSSL_PUT_ERROR(EC, EC_R_INVALID_SCALAR);
956
- return 0;
957
- }
958
- return 1;
959
- }
960
-
961
- int ec_bignum_to_scalar_unchecked(const EC_GROUP *group, EC_SCALAR *out,
962
- const BIGNUM *in) {
963
- if (!bn_copy_words(out->words, group->order.width, in)) {
964
- OPENSSL_PUT_ERROR(EC, EC_R_INVALID_SCALAR);
965
- return 0;
966
- }
967
- return 1;
968
- }
969
-
970
- int ec_random_nonzero_scalar(const EC_GROUP *group, EC_SCALAR *out,
971
- const uint8_t additional_data[32]) {
972
- return bn_rand_range_words(out->words, 1, group->order.d, group->order.width,
973
- additional_data);
974
- }