grpc 1.24.0 → 1.25.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +306 -243
  3. data/etc/roots.pem +0 -100
  4. data/include/grpc/grpc_security.h +44 -18
  5. data/include/grpc/impl/codegen/grpc_types.h +15 -0
  6. data/include/grpc/impl/codegen/port_platform.h +27 -11
  7. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  8. data/src/boringssl/err_data.c +695 -650
  9. data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
  10. data/src/core/ext/filters/client_channel/client_channel.h +24 -0
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
  12. data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
  13. data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
  14. data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
  15. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
  17. data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
  18. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
  19. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
  20. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
  21. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
  22. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
  26. data/src/core/ext/filters/client_channel/resolver.cc +1 -2
  27. data/src/core/ext/filters/client_channel/resolver.h +8 -16
  28. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
  29. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
  30. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
  31. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
  32. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  33. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
  37. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
  38. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
  39. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
  40. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
  41. data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
  42. data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
  44. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
  45. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
  47. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  48. data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
  49. data/src/core/ext/filters/client_channel/service_config.h +8 -8
  50. data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
  51. data/src/core/ext/filters/client_channel/subchannel.h +7 -9
  52. data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
  53. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
  54. data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
  55. data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
  56. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
  57. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
  58. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
  59. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  60. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
  61. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
  62. data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
  63. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
  64. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
  65. data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
  66. data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
  67. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  68. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
  69. data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
  70. data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
  71. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
  72. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
  73. data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
  74. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
  75. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
  76. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
  77. data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
  78. data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
  79. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  80. data/src/core/lib/channel/channel_args.cc +16 -0
  81. data/src/core/lib/channel/channel_args.h +22 -0
  82. data/src/core/lib/channel/channelz.cc +5 -6
  83. data/src/core/lib/channel/channelz.h +1 -1
  84. data/src/core/lib/channel/connected_channel.cc +20 -20
  85. data/src/core/lib/channel/handshaker.h +3 -4
  86. data/src/core/lib/channel/handshaker_factory.h +1 -3
  87. data/src/core/lib/debug/trace.h +3 -2
  88. data/src/core/lib/gprpp/arena.cc +3 -3
  89. data/src/core/lib/gprpp/arena.h +2 -3
  90. data/src/core/lib/gprpp/inlined_vector.h +9 -0
  91. data/src/core/lib/gprpp/map.h +3 -501
  92. data/src/core/lib/gprpp/memory.h +45 -41
  93. data/src/core/lib/gprpp/mpscq.cc +108 -0
  94. data/src/core/lib/gprpp/mpscq.h +98 -0
  95. data/src/core/lib/gprpp/orphanable.h +6 -11
  96. data/src/core/lib/gprpp/ref_counted.h +25 -19
  97. data/src/core/lib/gprpp/set.h +33 -0
  98. data/src/core/lib/gprpp/thd.h +2 -4
  99. data/src/core/lib/http/httpcli.cc +1 -1
  100. data/src/core/lib/http/httpcli_security_connector.cc +15 -11
  101. data/src/core/lib/http/parser.cc +1 -1
  102. data/src/core/lib/iomgr/buffer_list.cc +4 -5
  103. data/src/core/lib/iomgr/buffer_list.h +5 -6
  104. data/src/core/lib/iomgr/call_combiner.cc +4 -5
  105. data/src/core/lib/iomgr/call_combiner.h +2 -2
  106. data/src/core/lib/iomgr/cfstream_handle.h +3 -5
  107. data/src/core/lib/iomgr/closure.h +8 -3
  108. data/src/core/lib/iomgr/combiner.cc +45 -82
  109. data/src/core/lib/iomgr/combiner.h +32 -8
  110. data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
  111. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
  112. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
  113. data/src/core/lib/iomgr/exec_ctx.h +4 -3
  114. data/src/core/lib/iomgr/executor.cc +4 -2
  115. data/src/core/lib/iomgr/executor.h +3 -0
  116. data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
  117. data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
  118. data/src/core/lib/iomgr/executor/threadpool.h +7 -11
  119. data/src/core/lib/iomgr/resource_quota.cc +55 -51
  120. data/src/core/lib/iomgr/resource_quota.h +13 -9
  121. data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
  122. data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
  123. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
  124. data/src/core/lib/iomgr/tcp_custom.cc +9 -7
  125. data/src/core/lib/iomgr/tcp_posix.cc +20 -16
  126. data/src/core/lib/iomgr/tcp_server.h +1 -4
  127. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
  128. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
  129. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
  130. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  131. data/src/core/lib/iomgr/udp_server.cc +3 -2
  132. data/src/core/lib/iomgr/udp_server.h +6 -12
  133. data/src/core/lib/json/json.h +1 -1
  134. data/src/core/lib/json/json_string.cc +2 -2
  135. data/src/core/lib/profiling/basic_timers.cc +2 -2
  136. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
  137. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
  138. data/src/core/lib/security/credentials/credentials.h +4 -20
  139. data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
  140. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
  141. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
  142. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
  143. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
  144. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
  145. data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
  146. data/src/core/lib/security/security_connector/security_connector.cc +1 -0
  147. data/src/core/lib/security/security_connector/security_connector.h +19 -17
  148. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
  149. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  150. data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
  151. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
  152. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
  153. data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
  154. data/src/core/lib/security/transport/security_handshaker.cc +29 -13
  155. data/src/core/lib/security/transport/security_handshaker.h +4 -2
  156. data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
  157. data/src/core/lib/slice/slice.cc +2 -10
  158. data/src/core/lib/slice/slice_hash_table.h +4 -6
  159. data/src/core/lib/slice/slice_intern.cc +42 -39
  160. data/src/core/lib/slice/slice_internal.h +3 -3
  161. data/src/core/lib/slice/slice_utils.h +21 -4
  162. data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
  163. data/src/core/lib/surface/call.cc +3 -3
  164. data/src/core/lib/surface/channel.cc +7 -0
  165. data/src/core/lib/surface/completion_queue.cc +12 -11
  166. data/src/core/lib/surface/completion_queue.h +4 -2
  167. data/src/core/lib/surface/init.cc +1 -0
  168. data/src/core/lib/surface/lame_client.cc +33 -18
  169. data/src/core/lib/surface/server.cc +77 -76
  170. data/src/core/lib/surface/version.cc +1 -1
  171. data/src/core/lib/transport/byte_stream.h +3 -7
  172. data/src/core/lib/transport/connectivity_state.cc +112 -98
  173. data/src/core/lib/transport/connectivity_state.h +100 -50
  174. data/src/core/lib/transport/static_metadata.cc +276 -288
  175. data/src/core/lib/transport/static_metadata.h +73 -76
  176. data/src/core/lib/transport/status_conversion.cc +1 -1
  177. data/src/core/lib/transport/status_metadata.cc +1 -1
  178. data/src/core/lib/transport/transport.cc +2 -2
  179. data/src/core/lib/transport/transport.h +12 -4
  180. data/src/core/lib/transport/transport_op_string.cc +14 -11
  181. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  182. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
  183. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
  184. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
  185. data/src/core/tsi/fake_transport_security.cc +7 -5
  186. data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
  187. data/src/core/tsi/local_transport_security.cc +8 -6
  188. data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
  189. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
  190. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
  191. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
  192. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
  193. data/src/core/tsi/ssl_transport_security.cc +12 -12
  194. data/src/core/tsi/ssl_transport_security.h +2 -2
  195. data/src/core/tsi/transport_security_grpc.cc +7 -0
  196. data/src/core/tsi/transport_security_grpc.h +6 -0
  197. data/src/ruby/ext/grpc/extconf.rb +1 -0
  198. data/src/ruby/ext/grpc/rb_call.c +1 -1
  199. data/src/ruby/ext/grpc/rb_channel.c +1 -1
  200. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  201. data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
  202. data/src/ruby/lib/grpc/version.rb +1 -1
  203. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  204. data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
  205. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
  206. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
  207. data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
  208. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
  209. data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
  210. data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
  211. data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
  212. data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
  213. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
  214. data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
  215. data/third_party/boringssl/crypto/base64/base64.c +2 -2
  216. data/third_party/boringssl/crypto/bio/bio.c +73 -9
  217. data/third_party/boringssl/crypto/bio/connect.c +4 -0
  218. data/third_party/boringssl/crypto/bio/fd.c +4 -0
  219. data/third_party/boringssl/crypto/bio/file.c +5 -2
  220. data/third_party/boringssl/crypto/bio/socket.c +4 -0
  221. data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
  222. data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
  223. data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
  224. data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
  225. data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
  226. data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
  227. data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
  228. data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
  229. data/third_party/boringssl/crypto/chacha/internal.h +45 -0
  230. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
  231. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
  232. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
  233. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
  234. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
  235. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
  236. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
  237. data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
  238. data/third_party/boringssl/crypto/conf/conf.c +7 -0
  239. data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
  240. data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
  241. data/third_party/boringssl/crypto/cpu-intel.c +45 -51
  242. data/third_party/boringssl/crypto/crypto.c +39 -22
  243. data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
  244. data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
  245. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
  246. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
  247. data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
  248. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
  249. data/third_party/boringssl/crypto/engine/engine.c +2 -1
  250. data/third_party/boringssl/crypto/err/err.c +2 -0
  251. data/third_party/boringssl/crypto/err/internal.h +2 -2
  252. data/third_party/boringssl/crypto/evp/evp.c +89 -8
  253. data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
  254. data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
  255. data/third_party/boringssl/crypto/evp/internal.h +18 -1
  256. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
  257. data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
  258. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
  259. data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
  260. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
  261. data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
  262. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
  263. data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
  264. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
  265. data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
  266. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
  267. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
  268. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
  269. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
  270. data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
  271. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
  272. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
  273. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
  274. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
  275. data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
  276. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
  277. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
  278. data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  279. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
  280. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
  281. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
  282. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
  283. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
  284. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
  285. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
  286. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
  287. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
  288. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
  289. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
  290. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
  291. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
  292. data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
  293. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
  294. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
  295. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
  296. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
  297. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
  298. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
  299. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
  300. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
  301. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
  302. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
  303. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
  304. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
  305. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
  306. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
  307. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
  308. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
  309. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
  310. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  311. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
  312. data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
  313. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
  314. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
  315. data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
  316. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
  317. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
  318. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
  319. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
  320. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
  321. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
  322. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
  323. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
  324. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
  325. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
  326. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
  327. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
  328. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
  329. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
  330. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
  331. data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
  332. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
  333. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
  334. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
  335. data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
  336. data/third_party/boringssl/crypto/hrss/internal.h +62 -0
  337. data/third_party/boringssl/crypto/internal.h +95 -20
  338. data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
  339. data/third_party/boringssl/crypto/mem.c +39 -2
  340. data/third_party/boringssl/crypto/obj/obj.c +4 -4
  341. data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
  342. data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
  343. data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
  344. data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
  345. data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
  346. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
  347. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
  348. data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
  349. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
  350. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
  351. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
  352. data/third_party/boringssl/crypto/pool/internal.h +1 -1
  353. data/third_party/boringssl/crypto/pool/pool.c +21 -0
  354. data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
  355. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
  356. data/third_party/boringssl/crypto/refcount_lock.c +2 -2
  357. data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
  358. data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
  359. data/third_party/boringssl/crypto/stack/stack.c +83 -32
  360. data/third_party/boringssl/crypto/thread_none.c +2 -2
  361. data/third_party/boringssl/crypto/thread_pthread.c +2 -2
  362. data/third_party/boringssl/crypto/thread_win.c +38 -19
  363. data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
  364. data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
  365. data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
  366. data/third_party/boringssl/crypto/x509/by_file.c +12 -10
  367. data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
  368. data/third_party/boringssl/crypto/x509/t_req.c +1 -3
  369. data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
  370. data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
  371. data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
  372. data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
  373. data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
  374. data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
  375. data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
  376. data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
  377. data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
  378. data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
  379. data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
  380. data/third_party/boringssl/crypto/x509/x509name.c +2 -3
  381. data/third_party/boringssl/crypto/x509/x_all.c +109 -210
  382. data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
  383. data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
  384. data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
  385. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
  386. data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
  387. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
  388. data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
  389. data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
  390. data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
  391. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
  392. data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
  393. data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
  394. data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
  395. data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
  396. data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
  397. data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
  398. data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
  399. data/third_party/boringssl/include/openssl/aead.h +45 -19
  400. data/third_party/boringssl/include/openssl/aes.h +32 -7
  401. data/third_party/boringssl/include/openssl/asn1.h +7 -77
  402. data/third_party/boringssl/include/openssl/base.h +120 -6
  403. data/third_party/boringssl/include/openssl/base64.h +4 -1
  404. data/third_party/boringssl/include/openssl/bio.h +112 -81
  405. data/third_party/boringssl/include/openssl/blowfish.h +3 -3
  406. data/third_party/boringssl/include/openssl/bn.h +55 -29
  407. data/third_party/boringssl/include/openssl/buf.h +2 -2
  408. data/third_party/boringssl/include/openssl/bytestring.h +54 -32
  409. data/third_party/boringssl/include/openssl/cast.h +2 -2
  410. data/third_party/boringssl/include/openssl/cipher.h +46 -16
  411. data/third_party/boringssl/include/openssl/cmac.h +6 -2
  412. data/third_party/boringssl/include/openssl/conf.h +3 -6
  413. data/third_party/boringssl/include/openssl/cpu.h +25 -9
  414. data/third_party/boringssl/include/openssl/crypto.h +32 -10
  415. data/third_party/boringssl/include/openssl/curve25519.h +4 -4
  416. data/third_party/boringssl/include/openssl/dh.h +3 -2
  417. data/third_party/boringssl/include/openssl/digest.h +21 -7
  418. data/third_party/boringssl/include/openssl/dsa.h +8 -2
  419. data/third_party/boringssl/include/openssl/e_os2.h +18 -0
  420. data/third_party/boringssl/include/openssl/ec.h +25 -21
  421. data/third_party/boringssl/include/openssl/ec_key.h +36 -8
  422. data/third_party/boringssl/include/openssl/ecdh.h +17 -0
  423. data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
  424. data/third_party/boringssl/include/openssl/engine.h +4 -4
  425. data/third_party/boringssl/include/openssl/err.h +3 -0
  426. data/third_party/boringssl/include/openssl/evp.h +199 -42
  427. data/third_party/boringssl/include/openssl/hmac.h +4 -4
  428. data/third_party/boringssl/include/openssl/hrss.h +100 -0
  429. data/third_party/boringssl/include/openssl/lhash.h +131 -23
  430. data/third_party/boringssl/include/openssl/md4.h +6 -4
  431. data/third_party/boringssl/include/openssl/md5.h +6 -4
  432. data/third_party/boringssl/include/openssl/mem.h +6 -2
  433. data/third_party/boringssl/include/openssl/nid.h +3 -0
  434. data/third_party/boringssl/include/openssl/obj.h +3 -0
  435. data/third_party/boringssl/include/openssl/pem.h +102 -64
  436. data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
  437. data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
  438. data/third_party/boringssl/include/openssl/pool.h +13 -2
  439. data/third_party/boringssl/include/openssl/ripemd.h +5 -4
  440. data/third_party/boringssl/include/openssl/rsa.h +46 -15
  441. data/third_party/boringssl/include/openssl/sha.h +40 -28
  442. data/third_party/boringssl/include/openssl/siphash.h +37 -0
  443. data/third_party/boringssl/include/openssl/span.h +17 -9
  444. data/third_party/boringssl/include/openssl/ssl.h +766 -393
  445. data/third_party/boringssl/include/openssl/ssl3.h +4 -3
  446. data/third_party/boringssl/include/openssl/stack.h +134 -77
  447. data/third_party/boringssl/include/openssl/thread.h +1 -1
  448. data/third_party/boringssl/include/openssl/tls1.h +25 -9
  449. data/third_party/boringssl/include/openssl/type_check.h +14 -15
  450. data/third_party/boringssl/include/openssl/x509.h +28 -3
  451. data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
  452. data/third_party/boringssl/include/openssl/x509v3.h +17 -13
  453. data/third_party/boringssl/ssl/d1_both.cc +9 -18
  454. data/third_party/boringssl/ssl/d1_lib.cc +4 -3
  455. data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
  456. data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
  457. data/third_party/boringssl/ssl/dtls_method.cc +0 -1
  458. data/third_party/boringssl/ssl/dtls_record.cc +28 -28
  459. data/third_party/boringssl/ssl/handoff.cc +295 -91
  460. data/third_party/boringssl/ssl/handshake.cc +133 -72
  461. data/third_party/boringssl/ssl/handshake_client.cc +218 -189
  462. data/third_party/boringssl/ssl/handshake_server.cc +399 -272
  463. data/third_party/boringssl/ssl/internal.h +1413 -928
  464. data/third_party/boringssl/ssl/s3_both.cc +175 -36
  465. data/third_party/boringssl/ssl/s3_lib.cc +9 -13
  466. data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
  467. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
  468. data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
  469. data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
  470. data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
  471. data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
  472. data/third_party/boringssl/ssl/ssl_file.cc +2 -0
  473. data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
  474. data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
  475. data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
  476. data/third_party/boringssl/ssl/ssl_session.cc +230 -178
  477. data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
  478. data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
  479. data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
  480. data/third_party/boringssl/ssl/t1_enc.cc +5 -96
  481. data/third_party/boringssl/ssl/t1_lib.cc +931 -678
  482. data/third_party/boringssl/ssl/tls13_both.cc +251 -121
  483. data/third_party/boringssl/ssl/tls13_client.cc +129 -73
  484. data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
  485. data/third_party/boringssl/ssl/tls13_server.cc +259 -192
  486. data/third_party/boringssl/ssl/tls_method.cc +26 -21
  487. data/third_party/boringssl/ssl/tls_record.cc +42 -47
  488. data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
  489. data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
  490. data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
  491. data/third_party/boringssl/third_party/fiat/p256.c +238 -999
  492. data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
  493. data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
  494. data/third_party/upb/upb/port_def.inc +1 -1
  495. data/third_party/upb/upb/table.c +2 -1
  496. metadata +72 -44
  497. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
  498. data/src/core/lib/gpr/mpscq.cc +0 -117
  499. data/src/core/lib/gpr/mpscq.h +0 -88
  500. data/src/core/lib/gprpp/abstract.h +0 -47
  501. data/src/core/lib/gprpp/pair.h +0 -38
  502. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  503. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  504. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  505. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -82,7 +82,7 @@
82
82
  #include "../../internal.h"
83
83
 
84
84
 
85
- DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class);
85
+ DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class)
86
86
 
87
87
  static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
88
88
  EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR));
@@ -267,7 +267,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {
267
267
  return 0;
268
268
  }
269
269
 
270
- if (EC_GROUP_cmp(key->group, pub_key->group, NULL) != 0) {
270
+ if (pub_key != NULL && EC_GROUP_cmp(key->group, pub_key->group, NULL) != 0) {
271
271
  OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
272
272
  return 0;
273
273
  }
@@ -322,8 +322,8 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
322
322
  if (eckey->priv_key != NULL) {
323
323
  point = EC_POINT_new(eckey->group);
324
324
  if (point == NULL ||
325
- !ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar,
326
- NULL, NULL, ctx)) {
325
+ !ec_point_mul_scalar_base(eckey->group, &point->raw,
326
+ &eckey->priv_key->scalar)) {
327
327
  OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
328
328
  goto err;
329
329
  }
@@ -369,8 +369,8 @@ int EC_KEY_check_fips(const EC_KEY *key) {
369
369
  return 1;
370
370
  }
371
371
 
372
- int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
373
- BIGNUM *y) {
372
+ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, const BIGNUM *x,
373
+ const BIGNUM *y) {
374
374
  EC_POINT *point = NULL;
375
375
  int ok = 0;
376
376
 
@@ -394,6 +394,33 @@ err:
394
394
  return ok;
395
395
  }
396
396
 
397
+ size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form,
398
+ unsigned char **out_buf, BN_CTX *ctx) {
399
+ if (key == NULL || key->pub_key == NULL || key->group == NULL) {
400
+ return 0;
401
+ }
402
+
403
+ const size_t len =
404
+ EC_POINT_point2oct(key->group, key->pub_key, form, NULL, 0, ctx);
405
+ if (len == 0) {
406
+ return 0;
407
+ }
408
+
409
+ uint8_t *buf = OPENSSL_malloc(len);
410
+ if (buf == NULL) {
411
+ return 0;
412
+ }
413
+
414
+ if (EC_POINT_point2oct(key->group, key->pub_key, form, buf, len, ctx) !=
415
+ len) {
416
+ OPENSSL_free(buf);
417
+ return 0;
418
+ }
419
+
420
+ *out_buf = buf;
421
+ return len;
422
+ }
423
+
397
424
  int EC_KEY_generate_key(EC_KEY *key) {
398
425
  if (key == NULL || key->group == NULL) {
399
426
  OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
@@ -413,8 +440,7 @@ int EC_KEY_generate_key(EC_KEY *key) {
413
440
  // Generate the private key by testing candidates (FIPS 186-4 B.4.2).
414
441
  !ec_random_nonzero_scalar(key->group, &priv_key->scalar,
415
442
  kDefaultAdditionalData) ||
416
- !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL,
417
- NULL)) {
443
+ !ec_point_mul_scalar_base(key->group, &pub_key->raw, &priv_key->scalar)) {
418
444
  EC_POINT_free(pub_key);
419
445
  ec_wrapped_scalar_free(priv_key);
420
446
  return 0;
@@ -123,137 +123,344 @@ err:
123
123
  return ret;
124
124
  }
125
125
 
126
- int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
127
- const BIGNUM *b, BN_CTX *ctx) {
128
- if (group->mont == NULL) {
129
- OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED);
130
- return 0;
131
- }
126
+ static void ec_GFp_mont_felem_to_montgomery(const EC_GROUP *group,
127
+ EC_FELEM *out, const EC_FELEM *in) {
128
+ bn_to_montgomery_small(out->words, in->words, group->field.width,
129
+ group->mont);
130
+ }
132
131
 
133
- return BN_mod_mul_montgomery(r, a, b, group->mont, ctx);
132
+ static void ec_GFp_mont_felem_from_montgomery(const EC_GROUP *group,
133
+ EC_FELEM *out,
134
+ const EC_FELEM *in) {
135
+ bn_from_montgomery_small(out->words, in->words, group->field.width,
136
+ group->mont);
134
137
  }
135
138
 
136
- int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
137
- BN_CTX *ctx) {
138
- if (group->mont == NULL) {
139
- OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED);
140
- return 0;
141
- }
139
+ static void ec_GFp_mont_felem_inv(const EC_GROUP *group, EC_FELEM *out,
140
+ const EC_FELEM *a) {
141
+ bn_mod_inverse_prime_mont_small(out->words, a->words, group->field.width,
142
+ group->mont);
143
+ }
142
144
 
143
- return BN_mod_mul_montgomery(r, a, a, group->mont, ctx);
145
+ void ec_GFp_mont_felem_mul(const EC_GROUP *group, EC_FELEM *r,
146
+ const EC_FELEM *a, const EC_FELEM *b) {
147
+ bn_mod_mul_montgomery_small(r->words, a->words, b->words, group->field.width,
148
+ group->mont);
144
149
  }
145
150
 
146
- int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
147
- BN_CTX *ctx) {
151
+ void ec_GFp_mont_felem_sqr(const EC_GROUP *group, EC_FELEM *r,
152
+ const EC_FELEM *a) {
153
+ bn_mod_mul_montgomery_small(r->words, a->words, a->words, group->field.width,
154
+ group->mont);
155
+ }
156
+
157
+ int ec_GFp_mont_bignum_to_felem(const EC_GROUP *group, EC_FELEM *out,
158
+ const BIGNUM *in) {
148
159
  if (group->mont == NULL) {
149
160
  OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED);
150
161
  return 0;
151
162
  }
152
163
 
153
- return BN_to_montgomery(r, a, group->mont, ctx);
164
+ if (!bn_copy_words(out->words, group->field.width, in)) {
165
+ return 0;
166
+ }
167
+ ec_GFp_mont_felem_to_montgomery(group, out, out);
168
+ return 1;
154
169
  }
155
170
 
156
- int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
157
- BN_CTX *ctx) {
171
+ int ec_GFp_mont_felem_to_bignum(const EC_GROUP *group, BIGNUM *out,
172
+ const EC_FELEM *in) {
158
173
  if (group->mont == NULL) {
159
174
  OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED);
160
175
  return 0;
161
176
  }
162
177
 
163
- return BN_from_montgomery(r, a, group->mont, ctx);
178
+ EC_FELEM tmp;
179
+ ec_GFp_mont_felem_from_montgomery(group, &tmp, in);
180
+ return bn_set_words(out, tmp.words, group->field.width);
164
181
  }
165
182
 
166
183
  static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group,
167
- const EC_POINT *point,
168
- BIGNUM *x, BIGNUM *y,
169
- BN_CTX *ctx) {
170
- if (EC_POINT_is_at_infinity(group, point)) {
184
+ const EC_RAW_POINT *point,
185
+ EC_FELEM *x, EC_FELEM *y) {
186
+ if (ec_GFp_simple_is_at_infinity(group, point)) {
171
187
  OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
172
188
  return 0;
173
189
  }
174
190
 
175
- BN_CTX *new_ctx = NULL;
176
- if (ctx == NULL) {
177
- ctx = new_ctx = BN_CTX_new();
178
- if (ctx == NULL) {
179
- return 0;
180
- }
191
+ // Transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3).
192
+
193
+ EC_FELEM z1, z2;
194
+ ec_GFp_mont_felem_inv(group, &z2, &point->Z);
195
+ ec_GFp_mont_felem_sqr(group, &z1, &z2);
196
+
197
+ // Instead of using |ec_GFp_mont_felem_from_montgomery| to convert the |x|
198
+ // coordinate and then calling |ec_GFp_mont_felem_from_montgomery| again to
199
+ // convert the |y| coordinate below, convert the common factor |z1| once now,
200
+ // saving one reduction.
201
+ ec_GFp_mont_felem_from_montgomery(group, &z1, &z1);
202
+
203
+ if (x != NULL) {
204
+ ec_GFp_mont_felem_mul(group, x, &point->X, &z1);
181
205
  }
182
206
 
183
- int ret = 0;
207
+ if (y != NULL) {
208
+ ec_GFp_mont_felem_mul(group, &z1, &z1, &z2);
209
+ ec_GFp_mont_felem_mul(group, y, &point->Y, &z1);
210
+ }
184
211
 
185
- BN_CTX_start(ctx);
212
+ return 1;
213
+ }
186
214
 
187
- if (BN_cmp(&point->Z, &group->one) == 0) {
188
- // |point| is already affine.
189
- if (x != NULL && !BN_from_montgomery(x, &point->X, group->mont, ctx)) {
190
- goto err;
191
- }
192
- if (y != NULL && !BN_from_montgomery(y, &point->Y, group->mont, ctx)) {
193
- goto err;
194
- }
195
- } else {
196
- // transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3)
197
-
198
- BIGNUM *Z_1 = BN_CTX_get(ctx);
199
- BIGNUM *Z_2 = BN_CTX_get(ctx);
200
- BIGNUM *Z_3 = BN_CTX_get(ctx);
201
- if (Z_1 == NULL ||
202
- Z_2 == NULL ||
203
- Z_3 == NULL) {
204
- goto err;
205
- }
215
+ void ec_GFp_mont_add(const EC_GROUP *group, EC_RAW_POINT *out,
216
+ const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
217
+ if (a == b) {
218
+ ec_GFp_mont_dbl(group, out, a);
219
+ return;
220
+ }
206
221
 
207
- // The straightforward way to calculate the inverse of a Montgomery-encoded
208
- // value where the result is Montgomery-encoded is:
209
- //
210
- // |BN_from_montgomery| + invert + |BN_to_montgomery|.
222
+ // The method is taken from:
223
+ // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#addition-add-2007-bl
224
+ //
225
+ // Coq transcription and correctness proof:
226
+ // <https://github.com/davidben/fiat-crypto/blob/c7b95f62b2a54b559522573310e9b487327d219a/src/Curves/Weierstrass/Jacobian.v#L467>
227
+ // <https://github.com/davidben/fiat-crypto/blob/c7b95f62b2a54b559522573310e9b487327d219a/src/Curves/Weierstrass/Jacobian.v#L544>
228
+ EC_FELEM x_out, y_out, z_out;
229
+ BN_ULONG z1nz = ec_felem_non_zero_mask(group, &a->Z);
230
+ BN_ULONG z2nz = ec_felem_non_zero_mask(group, &b->Z);
231
+
232
+ // z1z1 = z1z1 = z1**2
233
+ EC_FELEM z1z1;
234
+ ec_GFp_mont_felem_sqr(group, &z1z1, &a->Z);
235
+
236
+ // z2z2 = z2**2
237
+ EC_FELEM z2z2;
238
+ ec_GFp_mont_felem_sqr(group, &z2z2, &b->Z);
239
+
240
+ // u1 = x1*z2z2
241
+ EC_FELEM u1;
242
+ ec_GFp_mont_felem_mul(group, &u1, &a->X, &z2z2);
243
+
244
+ // two_z1z2 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2
245
+ EC_FELEM two_z1z2;
246
+ ec_felem_add(group, &two_z1z2, &a->Z, &b->Z);
247
+ ec_GFp_mont_felem_sqr(group, &two_z1z2, &two_z1z2);
248
+ ec_felem_sub(group, &two_z1z2, &two_z1z2, &z1z1);
249
+ ec_felem_sub(group, &two_z1z2, &two_z1z2, &z2z2);
250
+
251
+ // s1 = y1 * z2**3
252
+ EC_FELEM s1;
253
+ ec_GFp_mont_felem_mul(group, &s1, &b->Z, &z2z2);
254
+ ec_GFp_mont_felem_mul(group, &s1, &s1, &a->Y);
255
+
256
+ // u2 = x2*z1z1
257
+ EC_FELEM u2;
258
+ ec_GFp_mont_felem_mul(group, &u2, &b->X, &z1z1);
259
+
260
+ // h = u2 - u1
261
+ EC_FELEM h;
262
+ ec_felem_sub(group, &h, &u2, &u1);
263
+
264
+ BN_ULONG xneq = ec_felem_non_zero_mask(group, &h);
265
+
266
+ // z_out = two_z1z2 * h
267
+ ec_GFp_mont_felem_mul(group, &z_out, &h, &two_z1z2);
268
+
269
+ // z1z1z1 = z1 * z1z1
270
+ EC_FELEM z1z1z1;
271
+ ec_GFp_mont_felem_mul(group, &z1z1z1, &a->Z, &z1z1);
272
+
273
+ // s2 = y2 * z1**3
274
+ EC_FELEM s2;
275
+ ec_GFp_mont_felem_mul(group, &s2, &b->Y, &z1z1z1);
276
+
277
+ // r = (s2 - s1)*2
278
+ EC_FELEM r;
279
+ ec_felem_sub(group, &r, &s2, &s1);
280
+ ec_felem_add(group, &r, &r, &r);
281
+
282
+ BN_ULONG yneq = ec_felem_non_zero_mask(group, &r);
283
+
284
+ // This case will never occur in the constant-time |ec_GFp_mont_mul|.
285
+ BN_ULONG is_nontrivial_double = ~xneq & ~yneq & z1nz & z2nz;
286
+ if (is_nontrivial_double) {
287
+ ec_GFp_mont_dbl(group, out, a);
288
+ return;
289
+ }
290
+
291
+ // I = (2h)**2
292
+ EC_FELEM i;
293
+ ec_felem_add(group, &i, &h, &h);
294
+ ec_GFp_mont_felem_sqr(group, &i, &i);
295
+
296
+ // J = h * I
297
+ EC_FELEM j;
298
+ ec_GFp_mont_felem_mul(group, &j, &h, &i);
299
+
300
+ // V = U1 * I
301
+ EC_FELEM v;
302
+ ec_GFp_mont_felem_mul(group, &v, &u1, &i);
303
+
304
+ // x_out = r**2 - J - 2V
305
+ ec_GFp_mont_felem_sqr(group, &x_out, &r);
306
+ ec_felem_sub(group, &x_out, &x_out, &j);
307
+ ec_felem_sub(group, &x_out, &x_out, &v);
308
+ ec_felem_sub(group, &x_out, &x_out, &v);
309
+
310
+ // y_out = r(V-x_out) - 2 * s1 * J
311
+ ec_felem_sub(group, &y_out, &v, &x_out);
312
+ ec_GFp_mont_felem_mul(group, &y_out, &y_out, &r);
313
+ EC_FELEM s1j;
314
+ ec_GFp_mont_felem_mul(group, &s1j, &s1, &j);
315
+ ec_felem_sub(group, &y_out, &y_out, &s1j);
316
+ ec_felem_sub(group, &y_out, &y_out, &s1j);
317
+
318
+ ec_felem_select(group, &x_out, z1nz, &x_out, &b->X);
319
+ ec_felem_select(group, &out->X, z2nz, &x_out, &a->X);
320
+ ec_felem_select(group, &y_out, z1nz, &y_out, &b->Y);
321
+ ec_felem_select(group, &out->Y, z2nz, &y_out, &a->Y);
322
+ ec_felem_select(group, &z_out, z1nz, &z_out, &b->Z);
323
+ ec_felem_select(group, &out->Z, z2nz, &z_out, &a->Z);
324
+ }
325
+
326
+ void ec_GFp_mont_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
327
+ const EC_RAW_POINT *a) {
328
+ if (group->a_is_minus3) {
329
+ // The method is taken from:
330
+ // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
211
331
  //
212
- // This is equivalent, but more efficient, because |BN_from_montgomery|
213
- // is more efficient (at least in theory) than |BN_to_montgomery|, since it
214
- // doesn't have to do the multiplication before the reduction.
332
+ // Coq transcription and correctness proof:
333
+ // <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L93>
334
+ // <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L201>
335
+ EC_FELEM delta, gamma, beta, ftmp, ftmp2, tmptmp, alpha, fourbeta;
336
+ // delta = z^2
337
+ ec_GFp_mont_felem_sqr(group, &delta, &a->Z);
338
+ // gamma = y^2
339
+ ec_GFp_mont_felem_sqr(group, &gamma, &a->Y);
340
+ // beta = x*gamma
341
+ ec_GFp_mont_felem_mul(group, &beta, &a->X, &gamma);
342
+
343
+ // alpha = 3*(x-delta)*(x+delta)
344
+ ec_felem_sub(group, &ftmp, &a->X, &delta);
345
+ ec_felem_add(group, &ftmp2, &a->X, &delta);
346
+
347
+ ec_felem_add(group, &tmptmp, &ftmp2, &ftmp2);
348
+ ec_felem_add(group, &ftmp2, &ftmp2, &tmptmp);
349
+ ec_GFp_mont_felem_mul(group, &alpha, &ftmp, &ftmp2);
350
+
351
+ // x' = alpha^2 - 8*beta
352
+ ec_GFp_mont_felem_sqr(group, &r->X, &alpha);
353
+ ec_felem_add(group, &fourbeta, &beta, &beta);
354
+ ec_felem_add(group, &fourbeta, &fourbeta, &fourbeta);
355
+ ec_felem_add(group, &tmptmp, &fourbeta, &fourbeta);
356
+ ec_felem_sub(group, &r->X, &r->X, &tmptmp);
357
+
358
+ // z' = (y + z)^2 - gamma - delta
359
+ ec_felem_add(group, &delta, &gamma, &delta);
360
+ ec_felem_add(group, &ftmp, &a->Y, &a->Z);
361
+ ec_GFp_mont_felem_sqr(group, &r->Z, &ftmp);
362
+ ec_felem_sub(group, &r->Z, &r->Z, &delta);
363
+
364
+ // y' = alpha*(4*beta - x') - 8*gamma^2
365
+ ec_felem_sub(group, &r->Y, &fourbeta, &r->X);
366
+ ec_felem_add(group, &gamma, &gamma, &gamma);
367
+ ec_GFp_mont_felem_sqr(group, &gamma, &gamma);
368
+ ec_GFp_mont_felem_mul(group, &r->Y, &alpha, &r->Y);
369
+ ec_felem_add(group, &gamma, &gamma, &gamma);
370
+ ec_felem_sub(group, &r->Y, &r->Y, &gamma);
371
+ } else {
372
+ // The method is taken from:
373
+ // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-2007-bl
215
374
  //
216
- // Use Fermat's Little Theorem instead of |BN_mod_inverse_odd| since this
217
- // inversion may be done as the final step of private key operations.
218
- // Unfortunately, this is suboptimal for ECDSA verification.
219
- if (!BN_from_montgomery(Z_1, &point->Z, group->mont, ctx) ||
220
- !BN_from_montgomery(Z_1, Z_1, group->mont, ctx) ||
221
- !bn_mod_inverse_prime(Z_1, Z_1, &group->field, ctx, group->mont)) {
222
- goto err;
223
- }
375
+ // Coq transcription and correctness proof:
376
+ // <https://github.com/davidben/fiat-crypto/blob/c7b95f62b2a54b559522573310e9b487327d219a/src/Curves/Weierstrass/Jacobian.v#L102>
377
+ // <https://github.com/davidben/fiat-crypto/blob/c7b95f62b2a54b559522573310e9b487327d219a/src/Curves/Weierstrass/Jacobian.v#L534>
378
+ EC_FELEM xx, yy, yyyy, zz;
379
+ ec_GFp_mont_felem_sqr(group, &xx, &a->X);
380
+ ec_GFp_mont_felem_sqr(group, &yy, &a->Y);
381
+ ec_GFp_mont_felem_sqr(group, &yyyy, &yy);
382
+ ec_GFp_mont_felem_sqr(group, &zz, &a->Z);
383
+
384
+ // s = 2*((x_in + yy)^2 - xx - yyyy)
385
+ EC_FELEM s;
386
+ ec_felem_add(group, &s, &a->X, &yy);
387
+ ec_GFp_mont_felem_sqr(group, &s, &s);
388
+ ec_felem_sub(group, &s, &s, &xx);
389
+ ec_felem_sub(group, &s, &s, &yyyy);
390
+ ec_felem_add(group, &s, &s, &s);
391
+
392
+ // m = 3*xx + a*zz^2
393
+ EC_FELEM m;
394
+ ec_GFp_mont_felem_sqr(group, &m, &zz);
395
+ ec_GFp_mont_felem_mul(group, &m, &group->a, &m);
396
+ ec_felem_add(group, &m, &m, &xx);
397
+ ec_felem_add(group, &m, &m, &xx);
398
+ ec_felem_add(group, &m, &m, &xx);
399
+
400
+ // x_out = m^2 - 2*s
401
+ ec_GFp_mont_felem_sqr(group, &r->X, &m);
402
+ ec_felem_sub(group, &r->X, &r->X, &s);
403
+ ec_felem_sub(group, &r->X, &r->X, &s);
404
+
405
+ // z_out = (y_in + z_in)^2 - yy - zz
406
+ ec_felem_add(group, &r->Z, &a->Y, &a->Z);
407
+ ec_GFp_mont_felem_sqr(group, &r->Z, &r->Z);
408
+ ec_felem_sub(group, &r->Z, &r->Z, &yy);
409
+ ec_felem_sub(group, &r->Z, &r->Z, &zz);
410
+
411
+ // y_out = m*(s-x_out) - 8*yyyy
412
+ ec_felem_add(group, &yyyy, &yyyy, &yyyy);
413
+ ec_felem_add(group, &yyyy, &yyyy, &yyyy);
414
+ ec_felem_add(group, &yyyy, &yyyy, &yyyy);
415
+ ec_felem_sub(group, &r->Y, &s, &r->X);
416
+ ec_GFp_mont_felem_mul(group, &r->Y, &r->Y, &m);
417
+ ec_felem_sub(group, &r->Y, &r->Y, &yyyy);
418
+ }
419
+ }
224
420
 
225
- if (!BN_mod_mul_montgomery(Z_2, Z_1, Z_1, group->mont, ctx)) {
226
- goto err;
227
- }
421
+ static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
422
+ const EC_RAW_POINT *p,
423
+ const EC_SCALAR *r) {
424
+ if (!group->field_greater_than_order ||
425
+ group->field.width != group->order.width) {
426
+ // Do not bother optimizing this case. p > order in all commonly-used
427
+ // curves.
428
+ return ec_GFp_simple_cmp_x_coordinate(group, p, r);
429
+ }
228
430
 
229
- // Instead of using |BN_from_montgomery| to convert the |x| coordinate
230
- // and then calling |BN_from_montgomery| again to convert the |y|
231
- // coordinate below, convert the common factor |Z_2| once now, saving one
232
- // reduction.
233
- if (!BN_from_montgomery(Z_2, Z_2, group->mont, ctx)) {
234
- goto err;
235
- }
431
+ if (ec_GFp_simple_is_at_infinity(group, p)) {
432
+ return 0;
433
+ }
236
434
 
237
- if (x != NULL) {
238
- if (!BN_mod_mul_montgomery(x, &point->X, Z_2, group->mont, ctx)) {
239
- goto err;
240
- }
241
- }
435
+ // We wish to compare X/Z^2 with r. This is equivalent to comparing X with
436
+ // r*Z^2. Note that X and Z are represented in Montgomery form, while r is
437
+ // not.
438
+ EC_FELEM r_Z2, Z2_mont, X;
439
+ ec_GFp_mont_felem_mul(group, &Z2_mont, &p->Z, &p->Z);
440
+ // r < order < p, so this is valid.
441
+ OPENSSL_memcpy(r_Z2.words, r->words, group->field.width * sizeof(BN_ULONG));
442
+ ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
443
+ ec_GFp_mont_felem_from_montgomery(group, &X, &p->X);
444
+
445
+ if (ec_felem_equal(group, &r_Z2, &X)) {
446
+ return 1;
447
+ }
242
448
 
243
- if (y != NULL) {
244
- if (!BN_mod_mul_montgomery(Z_3, Z_2, Z_1, group->mont, ctx) ||
245
- !BN_mod_mul_montgomery(y, &point->Y, Z_3, group->mont, ctx)) {
246
- goto err;
247
- }
449
+ // During signing the x coefficient is reduced modulo the group order.
450
+ // Therefore there is a small possibility, less than 1/2^128, that group_order
451
+ // < p.x < P. in that case we need not only to compare against |r| but also to
452
+ // compare against r+group_order.
453
+ if (bn_less_than_words(r->words, group->field_minus_order.words,
454
+ group->field.width)) {
455
+ // We can ignore the carry because: r + group_order < p < 2^256.
456
+ bn_add_words(r_Z2.words, r->words, group->order.d, group->field.width);
457
+ ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
458
+ if (ec_felem_equal(group, &r_Z2, &X)) {
459
+ return 1;
248
460
  }
249
461
  }
250
462
 
251
- ret = 1;
252
-
253
- err:
254
- BN_CTX_end(ctx);
255
- BN_CTX_free(new_ctx);
256
- return ret;
463
+ return 0;
257
464
  }
258
465
 
259
466
  DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_mont_method) {
@@ -261,10 +468,16 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_mont_method) {
261
468
  out->group_finish = ec_GFp_mont_group_finish;
262
469
  out->group_set_curve = ec_GFp_mont_group_set_curve;
263
470
  out->point_get_affine_coordinates = ec_GFp_mont_point_get_affine_coordinates;
264
- out->mul = ec_wNAF_mul /* XXX: Not constant time. */;
265
- out->mul_public = ec_wNAF_mul;
266
- out->field_mul = ec_GFp_mont_field_mul;
267
- out->field_sqr = ec_GFp_mont_field_sqr;
268
- out->field_encode = ec_GFp_mont_field_encode;
269
- out->field_decode = ec_GFp_mont_field_decode;
471
+ out->add = ec_GFp_mont_add;
472
+ out->dbl = ec_GFp_mont_dbl;
473
+ out->mul = ec_GFp_mont_mul;
474
+ out->mul_base = ec_GFp_mont_mul_base;
475
+ out->mul_public = ec_GFp_mont_mul_public;
476
+ out->felem_mul = ec_GFp_mont_felem_mul;
477
+ out->felem_sqr = ec_GFp_mont_felem_sqr;
478
+ out->bignum_to_felem = ec_GFp_mont_bignum_to_felem;
479
+ out->felem_to_bignum = ec_GFp_mont_felem_to_bignum;
480
+ out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
481
+ out->scalar_inv_montgomery_vartime = ec_GFp_simple_mont_inv_mod_ord_vartime;
482
+ out->cmp_x_coordinate = ec_GFp_mont_cmp_x_coordinate;
270
483
  }