grpc 1.26.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1240) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7860 -11139
  3. data/etc/roots.pem +44 -0
  4. data/include/grpc/grpc.h +2 -2
  5. data/include/grpc/grpc_security.h +59 -24
  6. data/include/grpc/grpc_security_constants.h +28 -0
  7. data/include/grpc/impl/codegen/grpc_types.h +38 -21
  8. data/include/grpc/impl/codegen/port_platform.h +14 -3
  9. data/include/grpc/impl/codegen/sync.h +5 -3
  10. data/include/grpc/impl/codegen/sync_abseil.h +36 -0
  11. data/include/grpc/module.modulemap +25 -37
  12. data/include/grpc/support/sync_abseil.h +26 -0
  13. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  14. data/src/core/ext/filters/client_channel/client_channel.cc +273 -264
  15. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
  16. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
  17. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  18. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  19. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  20. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  21. data/src/core/ext/filters/client_channel/http_proxy.cc +25 -15
  22. data/src/core/ext/filters/client_channel/lb_policy.cc +20 -18
  23. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  24. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +423 -627
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  32. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +88 -121
  34. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +28 -57
  35. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
  36. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  37. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
  38. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  39. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +150 -101
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  45. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
  46. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
  47. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  48. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  49. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  50. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  51. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +129 -128
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +186 -135
  59. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  60. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  61. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
  62. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
  63. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  64. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
  65. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
  66. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  67. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  68. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  69. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
  70. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
  71. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
  72. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
  73. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  74. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  75. data/src/core/ext/filters/client_channel/service_config.cc +144 -253
  76. data/src/core/ext/filters/client_channel/service_config.h +32 -109
  77. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  78. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  79. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  80. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  81. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  82. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1556 -232
  83. data/src/core/ext/filters/client_channel/xds/xds_api.h +213 -114
  84. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +237 -345
  85. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +34 -46
  86. data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
  87. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +18 -11
  88. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1326 -399
  89. data/src/core/ext/filters/client_channel/xds/xds_client.h +124 -41
  90. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -138
  91. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +133 -154
  92. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  93. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  94. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  95. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  96. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  97. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  98. data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
  99. data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
  100. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
  101. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  102. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -29
  103. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  104. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  105. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  106. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  107. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  108. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  109. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  110. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  111. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  112. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  113. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  114. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  115. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  116. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  117. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  118. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
  119. data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
  120. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
  121. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
  122. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
  123. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
  124. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
  125. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
  126. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  129. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  130. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  131. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
  133. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
  134. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
  137. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
  141. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
  142. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
  145. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
  146. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
  147. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
  148. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
  151. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
  153. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
  154. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
  156. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
  157. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  158. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  159. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
  160. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
  161. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
  162. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
  163. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
  164. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
  165. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
  166. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
  167. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
  168. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
  169. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
  170. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
  171. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
  172. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
  173. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
  174. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
  175. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
  176. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
  177. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
  178. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
  179. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
  180. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
  181. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
  182. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
  183. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
  184. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
  185. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
  186. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
  187. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
  188. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
  189. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
  190. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
  191. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
  192. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
  193. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
  194. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
  195. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
  196. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
  197. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  198. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  199. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  200. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  201. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  202. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  203. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
  204. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
  205. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
  206. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
  207. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
  208. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
  209. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  210. data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
  211. data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
  212. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
  213. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
  214. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
  215. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
  216. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  217. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  218. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
  219. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
  220. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +13 -5
  221. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +34 -0
  222. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
  223. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
  224. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
  225. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
  226. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  227. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  228. data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
  229. data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
  230. data/src/core/lib/channel/channel_args.cc +15 -14
  231. data/src/core/lib/channel/channel_args.h +3 -1
  232. data/src/core/lib/channel/channel_stack.h +20 -13
  233. data/src/core/lib/channel/channel_trace.cc +32 -41
  234. data/src/core/lib/channel/channel_trace.h +3 -3
  235. data/src/core/lib/channel/channelz.cc +163 -254
  236. data/src/core/lib/channel/channelz.h +20 -12
  237. data/src/core/lib/channel/channelz_registry.cc +52 -77
  238. data/src/core/lib/channel/channelz_registry.h +4 -4
  239. data/src/core/lib/channel/connected_channel.cc +7 -5
  240. data/src/core/lib/channel/context.h +1 -1
  241. data/src/core/lib/channel/handshaker.cc +11 -13
  242. data/src/core/lib/channel/handshaker.h +4 -2
  243. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  244. data/src/core/lib/channel/status_util.cc +2 -3
  245. data/src/core/lib/compression/message_compress.cc +5 -1
  246. data/src/core/lib/debug/stats.cc +21 -27
  247. data/src/core/lib/debug/stats.h +3 -1
  248. data/src/core/lib/gpr/spinlock.h +2 -3
  249. data/src/core/lib/gpr/string.cc +2 -26
  250. data/src/core/lib/gpr/string.h +0 -16
  251. data/src/core/lib/gpr/sync_abseil.cc +116 -0
  252. data/src/core/lib/gpr/sync_posix.cc +8 -5
  253. data/src/core/lib/gpr/sync_windows.cc +4 -2
  254. data/src/core/lib/gpr/time.cc +4 -0
  255. data/src/core/lib/gpr/time_posix.cc +1 -1
  256. data/src/core/lib/gpr/time_precise.cc +1 -1
  257. data/src/core/lib/gprpp/atomic.h +6 -6
  258. data/src/core/lib/gprpp/fork.cc +1 -1
  259. data/src/core/lib/gprpp/host_port.cc +30 -36
  260. data/src/core/lib/gprpp/host_port.h +14 -17
  261. data/src/core/lib/gprpp/map.h +5 -11
  262. data/src/core/lib/gprpp/memory.h +2 -6
  263. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  264. data/src/core/lib/gprpp/sync.h +9 -0
  265. data/src/core/lib/http/format_request.cc +46 -65
  266. data/src/core/lib/http/httpcli.cc +2 -3
  267. data/src/core/lib/http/httpcli.h +2 -3
  268. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  269. data/src/core/lib/http/parser.h +2 -3
  270. data/src/core/lib/iomgr/buffer_list.cc +36 -35
  271. data/src/core/lib/iomgr/buffer_list.h +22 -21
  272. data/src/core/lib/iomgr/call_combiner.h +3 -2
  273. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  274. data/src/core/lib/iomgr/closure.h +2 -3
  275. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  276. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  277. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  278. data/src/core/lib/iomgr/error.cc +6 -9
  279. data/src/core/lib/iomgr/error.h +4 -5
  280. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  281. data/src/core/lib/iomgr/ev_apple.h +43 -0
  282. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  283. data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
  284. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  285. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  286. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  287. data/src/core/lib/iomgr/executor.cc +1 -1
  288. data/src/core/lib/iomgr/fork_posix.cc +4 -0
  289. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  290. data/src/core/lib/iomgr/load_file.cc +1 -0
  291. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
  292. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
  293. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  294. data/src/core/lib/iomgr/pollset_uv.h +32 -0
  295. data/src/core/lib/iomgr/port.h +1 -0
  296. data/src/core/lib/iomgr/python_util.h +46 -0
  297. data/src/core/lib/iomgr/resolve_address.h +4 -6
  298. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  299. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  300. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  301. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  302. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  303. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  304. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  305. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  306. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  307. data/src/core/lib/iomgr/socket_utils_common_posix.cc +21 -26
  308. data/src/core/lib/iomgr/socket_utils_posix.h +15 -0
  309. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  310. data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
  311. data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
  312. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  313. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  314. data/src/core/lib/iomgr/tcp_custom.h +3 -0
  315. data/src/core/lib/iomgr/tcp_posix.cc +608 -56
  316. data/src/core/lib/iomgr/tcp_server_custom.cc +20 -11
  317. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  318. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +13 -4
  319. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  320. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  321. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  322. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  323. data/src/core/lib/iomgr/timer_generic.h +39 -0
  324. data/src/core/lib/iomgr/timer_heap.h +2 -3
  325. data/src/core/lib/iomgr/udp_server.cc +9 -14
  326. data/src/core/lib/iomgr/work_serializer.cc +155 -0
  327. data/src/core/lib/iomgr/work_serializer.h +65 -0
  328. data/src/core/lib/json/json.h +209 -68
  329. data/src/core/lib/json/json_reader.cc +511 -319
  330. data/src/core/lib/json/json_writer.cc +202 -110
  331. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  332. data/src/core/lib/security/credentials/composite/composite_credentials.cc +19 -0
  333. data/src/core/lib/security/credentials/composite/composite_credentials.h +11 -4
  334. data/src/core/lib/security/credentials/credentials.cc +0 -84
  335. data/src/core/lib/security/credentials/credentials.h +18 -60
  336. data/src/core/lib/security/credentials/fake/fake_credentials.h +6 -1
  337. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
  338. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  339. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  340. data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
  341. data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
  342. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
  343. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  344. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
  345. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
  346. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +92 -61
  347. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
  348. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -4
  349. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +4 -1
  350. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +43 -13
  351. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +47 -11
  352. data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
  353. data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
  354. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +34 -6
  355. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +29 -9
  356. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
  357. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +5 -4
  358. data/src/core/lib/security/security_connector/local/local_security_connector.cc +32 -7
  359. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  360. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
  361. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  362. data/src/core/lib/security/security_connector/ssl_utils.cc +107 -16
  363. data/src/core/lib/security/security_connector/ssl_utils.h +24 -11
  364. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
  365. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
  366. data/src/core/lib/security/transport/client_auth_filter.cc +34 -2
  367. data/src/core/lib/security/transport/security_handshaker.cc +2 -2
  368. data/src/core/lib/security/util/json_util.cc +22 -15
  369. data/src/core/lib/security/util/json_util.h +2 -2
  370. data/src/core/lib/slice/slice_intern.cc +2 -3
  371. data/src/core/lib/slice/slice_internal.h +14 -0
  372. data/src/core/lib/slice/slice_utils.h +9 -0
  373. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  374. data/src/core/lib/surface/call.cc +2 -3
  375. data/src/core/lib/surface/call_log_batch.cc +50 -58
  376. data/src/core/lib/surface/channel.cc +53 -31
  377. data/src/core/lib/surface/channel.h +35 -4
  378. data/src/core/lib/surface/channel_ping.cc +2 -3
  379. data/src/core/lib/surface/completion_queue.cc +55 -34
  380. data/src/core/lib/surface/event_string.cc +18 -25
  381. data/src/core/lib/surface/event_string.h +3 -1
  382. data/src/core/lib/surface/init_secure.cc +1 -4
  383. data/src/core/lib/surface/server.cc +570 -369
  384. data/src/core/lib/surface/server.h +32 -0
  385. data/src/core/lib/surface/version.cc +2 -2
  386. data/src/core/lib/transport/byte_stream.h +7 -2
  387. data/src/core/lib/transport/connectivity_state.cc +7 -6
  388. data/src/core/lib/transport/connectivity_state.h +5 -3
  389. data/src/core/lib/transport/metadata.cc +3 -3
  390. data/src/core/lib/transport/metadata_batch.h +2 -3
  391. data/src/core/lib/transport/static_metadata.h +1 -1
  392. data/src/core/lib/transport/status_conversion.cc +6 -14
  393. data/src/core/lib/transport/transport.cc +2 -3
  394. data/src/core/lib/transport/transport.h +3 -2
  395. data/src/core/lib/transport/transport_op_string.cc +61 -102
  396. data/src/core/lib/uri/uri_parser.h +2 -3
  397. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  398. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  399. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
  400. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  401. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +44 -4
  402. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +10 -2
  403. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  404. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +3 -3
  405. data/src/core/tsi/fake_transport_security.cc +17 -18
  406. data/src/core/tsi/fake_transport_security.h +2 -0
  407. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  408. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  409. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  410. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
  411. data/src/core/tsi/ssl_transport_security.cc +197 -47
  412. data/src/core/tsi/ssl_transport_security.h +23 -9
  413. data/src/core/tsi/ssl_types.h +0 -2
  414. data/src/core/tsi/transport_security.cc +13 -0
  415. data/src/core/tsi/transport_security.h +6 -9
  416. data/src/core/tsi/transport_security_grpc.cc +2 -2
  417. data/src/core/tsi/transport_security_grpc.h +4 -5
  418. data/src/core/tsi/transport_security_interface.h +15 -3
  419. data/src/ruby/bin/math_pb.rb +5 -5
  420. data/src/ruby/ext/grpc/rb_call.c +9 -1
  421. data/src/ruby/ext/grpc/rb_call_credentials.c +4 -1
  422. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
  423. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
  424. data/src/ruby/lib/grpc/errors.rb +103 -42
  425. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  426. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  427. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  428. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  429. data/src/ruby/lib/grpc/structs.rb +1 -1
  430. data/src/ruby/lib/grpc/version.rb +1 -1
  431. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  432. data/src/ruby/pb/grpc/health/v1/health_pb.rb +3 -3
  433. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +1 -1
  434. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +34 -13
  435. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  436. data/src/ruby/spec/debug_message_spec.rb +134 -0
  437. data/src/ruby/spec/generic/service_spec.rb +2 -0
  438. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
  439. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
  440. data/src/ruby/spec/testdata/ca.pem +18 -13
  441. data/src/ruby/spec/testdata/client.key +26 -14
  442. data/src/ruby/spec/testdata/client.pem +18 -12
  443. data/src/ruby/spec/testdata/server1.key +26 -14
  444. data/src/ruby/spec/testdata/server1.pem +20 -14
  445. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
  446. data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
  447. data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
  448. data/third_party/abseil-cpp/absl/base/casts.h +184 -0
  449. data/third_party/abseil-cpp/absl/base/config.h +671 -0
  450. data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
  451. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
  452. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
  453. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
  454. data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
  455. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
  456. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
  457. data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
  458. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
  459. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
  460. data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
  461. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
  462. data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
  463. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
  464. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
  465. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
  466. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
  467. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
  468. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
  469. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
  470. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
  471. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
  472. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
  473. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
  474. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
  475. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
  476. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
  477. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
  478. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
  479. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
  480. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
  481. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
  482. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
  483. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
  484. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
  485. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
  486. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
  487. data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
  488. data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
  489. data/third_party/abseil-cpp/absl/base/macros.h +220 -0
  490. data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
  491. data/third_party/abseil-cpp/absl/base/options.h +211 -0
  492. data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
  493. data/third_party/abseil-cpp/absl/base/port.h +26 -0
  494. data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
  495. data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
  496. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
  497. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
  498. data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
  499. data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
  500. data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
  501. data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
  502. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
  503. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
  504. data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
  505. data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
  506. data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
  507. data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
  508. data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
  509. data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
  510. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
  511. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
  512. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
  513. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
  514. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
  515. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
  516. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
  517. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
  518. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
  519. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
  520. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
  521. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
  522. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
  523. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
  524. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
  525. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
  526. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
  527. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
  528. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
  529. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
  530. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
  531. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
  532. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
  533. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
  534. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
  535. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
  536. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
  537. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
  538. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
  539. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
  540. data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
  541. data/third_party/abseil-cpp/absl/strings/match.h +90 -0
  542. data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
  543. data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
  544. data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
  545. data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
  546. data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
  547. data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
  548. data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
  549. data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
  550. data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
  551. data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
  552. data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
  553. data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
  554. data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
  555. data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
  556. data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
  557. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  558. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  559. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  560. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  561. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  562. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  563. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  564. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  565. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  566. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  567. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  568. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  569. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  570. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  571. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  572. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  573. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  574. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  575. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  576. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  577. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  578. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  579. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  580. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  581. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  582. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  583. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  584. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  585. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  586. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  587. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  588. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
  589. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
  590. data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
  591. data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
  592. data/third_party/abseil-cpp/absl/types/optional.h +776 -0
  593. data/third_party/abseil-cpp/absl/types/span.h +713 -0
  594. data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
  595. data/third_party/boringssl-with-bazel/err_data.c +1439 -0
  596. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
  597. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
  598. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
  599. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
  600. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
  601. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
  602. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
  603. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
  604. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
  605. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
  606. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
  607. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
  608. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
  610. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
  611. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
  612. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
  613. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
  614. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
  615. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
  616. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
  617. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
  618. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
  619. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
  620. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
  621. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
  622. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
  623. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
  624. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
  625. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
  626. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
  627. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
  628. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
  629. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
  630. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
  631. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
  632. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
  633. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
  634. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
  635. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
  636. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
  637. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
  638. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
  639. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
  640. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
  641. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
  642. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
  643. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
  644. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
  645. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
  646. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
  647. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
  648. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
  649. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
  650. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
  651. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
  652. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
  653. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
  654. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
  655. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
  656. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
  657. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
  658. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
  659. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
  660. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
  661. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
  662. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
  663. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
  664. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
  665. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
  666. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
  667. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
  668. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
  669. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
  670. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
  671. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
  672. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
  673. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
  674. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
  675. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
  676. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
  677. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
  678. data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
  679. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
  680. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
  681. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
  682. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
  683. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
  684. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
  685. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
  686. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
  687. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  688. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  689. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
  690. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
  691. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
  692. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
  693. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
  694. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
  695. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
  696. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
  697. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
  698. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
  699. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
  700. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
  701. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
  702. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
  703. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
  704. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
  705. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
  706. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
  707. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
  708. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
  709. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
  710. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
  711. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
  712. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
  713. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
  714. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
  715. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
  716. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
  717. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
  718. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
  719. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
  720. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
  721. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
  722. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
  723. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
  724. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
  725. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
  726. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
  727. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
  728. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
  729. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
  730. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
  731. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
  732. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
  733. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
  734. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
  735. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
  737. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
  738. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
  739. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
  740. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
  741. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
  742. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
  743. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
  744. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
  745. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
  746. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
  747. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
  748. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
  749. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
  750. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
  751. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
  752. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
  753. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
  754. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
  755. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
  756. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
  757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
  758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
  759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
  760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
  761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
  762. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
  763. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
  764. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  765. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  766. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
  767. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
  768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
  769. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
  770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
  771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
  773. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
  774. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
  775. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
  776. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
  777. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
  778. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
  779. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
  780. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
  781. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
  782. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
  783. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
  784. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
  785. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
  786. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
  787. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
  788. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  789. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  790. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  791. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
  792. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
  793. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
  794. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
  795. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
  796. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
  797. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
  798. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
  799. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
  800. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
  801. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
  802. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
  803. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
  804. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
  805. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
  806. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
  807. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
  808. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
  809. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
  810. data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
  811. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
  812. data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
  813. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
  814. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
  815. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
  816. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
  817. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
  818. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
  819. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
  820. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
  821. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
  822. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
  823. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
  824. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
  825. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
  826. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
  827. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
  828. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
  829. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
  830. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
  831. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
  832. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
  833. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
  834. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
  835. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
  836. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
  837. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
  838. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
  839. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
  840. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
  841. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
  842. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
  843. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
  844. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
  845. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
  846. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
  847. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
  848. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
  849. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
  850. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
  851. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
  852. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
  853. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  854. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  855. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  856. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
  857. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
  858. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
  859. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
  860. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
  861. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
  862. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
  863. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
  864. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
  865. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
  866. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
  867. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
  868. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
  869. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
  870. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
  871. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
  872. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
  873. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
  874. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
  875. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
  876. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
  877. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
  878. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
  879. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
  880. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
  881. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
  882. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
  883. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
  884. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
  885. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
  886. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
  887. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
  888. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
  889. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
  890. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
  891. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
  892. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
  893. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
  894. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
  895. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
  896. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
  897. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
  898. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
  899. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
  900. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
  901. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
  902. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
  903. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
  904. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
  905. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
  906. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
  907. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
  908. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
  909. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
  910. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
  911. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
  912. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
  913. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
  914. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
  915. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
  916. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
  917. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
  918. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
  919. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
  920. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
  921. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
  922. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
  923. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
  924. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
  925. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
  926. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
  927. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
  928. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
  929. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
  930. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
  931. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
  932. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
  933. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
  934. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
  935. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
  936. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
  937. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
  938. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
  939. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
  940. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
  941. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
  942. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
  943. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
  944. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
  945. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
  946. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
  947. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
  948. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
  949. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
  950. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
  951. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
  952. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
  953. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
  954. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
  955. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
  956. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
  957. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
  958. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
  959. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
  960. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
  961. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
  962. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
  963. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
  964. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
  965. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
  966. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
  967. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
  968. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
  969. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
  970. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
  971. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
  972. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
  973. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
  974. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
  975. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
  976. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
  977. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
  978. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
  979. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
  980. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
  981. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
  982. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
  983. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
  984. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
  985. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
  986. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
  987. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
  988. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
  989. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
  990. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
  991. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
  992. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
  993. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
  994. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
  995. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
  996. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
  997. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
  998. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
  999. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
  1000. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
  1001. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
  1002. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
  1003. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
  1004. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
  1005. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
  1007. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
  1008. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
  1009. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
  1011. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
  1012. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
  1013. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  1016. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
  1019. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
  1020. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
  1021. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
  1022. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
  1023. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
  1024. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
  1025. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
  1026. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
  1027. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
  1028. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
  1029. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
  1030. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
  1031. data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
  1032. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
  1033. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
  1034. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
  1035. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
  1036. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
  1037. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
  1038. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
  1039. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
  1040. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
  1041. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
  1042. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
  1043. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
  1044. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
  1045. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
  1046. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
  1047. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
  1048. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
  1049. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
  1050. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
  1051. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
  1052. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
  1053. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
  1054. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
  1055. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
  1056. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
  1057. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
  1058. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
  1059. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
  1060. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
  1061. data/third_party/upb/upb/decode.c +4 -0
  1062. data/third_party/upb/upb/port.c +0 -1
  1063. data/third_party/upb/upb/port_def.inc +1 -3
  1064. data/third_party/upb/upb/table.c +2 -1
  1065. metadata +758 -509
  1066. data/src/boringssl/err_data.c +0 -1407
  1067. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1898
  1068. data/src/core/lib/gprpp/inlined_vector.h +0 -246
  1069. data/src/core/lib/gprpp/optional.h +0 -48
  1070. data/src/core/lib/gprpp/string_view.h +0 -165
  1071. data/src/core/lib/iomgr/logical_thread.cc +0 -103
  1072. data/src/core/lib/iomgr/logical_thread.h +0 -52
  1073. data/src/core/lib/json/json.cc +0 -94
  1074. data/src/core/lib/json/json_common.h +0 -34
  1075. data/src/core/lib/json/json_reader.h +0 -146
  1076. data/src/core/lib/json/json_string.cc +0 -367
  1077. data/src/core/lib/json/json_writer.h +0 -84
  1078. data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +0 -129
  1079. data/src/core/lib/security/credentials/tls/spiffe_credentials.h +0 -62
  1080. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +0 -541
  1081. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +0 -158
  1082. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
  1083. data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
  1084. data/third_party/boringssl/crypto/bio/connect.c +0 -546
  1085. data/third_party/boringssl/crypto/bio/fd.c +0 -280
  1086. data/third_party/boringssl/crypto/bio/file.c +0 -318
  1087. data/third_party/boringssl/crypto/bio/pair.c +0 -489
  1088. data/third_party/boringssl/crypto/buf/buf.c +0 -231
  1089. data/third_party/boringssl/crypto/bytestring/cbb.c +0 -680
  1090. data/third_party/boringssl/crypto/bytestring/cbs.c +0 -631
  1091. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
  1092. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -883
  1093. data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -219
  1094. data/third_party/boringssl/crypto/cpu-intel.c +0 -282
  1095. data/third_party/boringssl/crypto/crypto.c +0 -215
  1096. data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
  1097. data/third_party/boringssl/crypto/dh/check.c +0 -217
  1098. data/third_party/boringssl/crypto/dh/dh.c +0 -519
  1099. data/third_party/boringssl/crypto/dsa/dsa.c +0 -970
  1100. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +0 -96
  1101. data/third_party/boringssl/crypto/ecdh_extra/ecdh_extra.c +0 -124
  1102. data/third_party/boringssl/crypto/err/err.c +0 -849
  1103. data/third_party/boringssl/crypto/evp/p_ec.c +0 -287
  1104. data/third_party/boringssl/crypto/evp/p_rsa.c +0 -636
  1105. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +0 -249
  1106. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
  1107. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -240
  1108. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -108
  1109. data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -260
  1110. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1288
  1111. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -691
  1112. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -502
  1113. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -873
  1114. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1069
  1115. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1304
  1116. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
  1117. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -1080
  1118. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -479
  1119. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -483
  1120. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +0 -82
  1121. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -503
  1122. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -336
  1123. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1187
  1124. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
  1125. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -651
  1126. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
  1127. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -380
  1128. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
  1129. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -227
  1130. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +0 -122
  1131. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -313
  1132. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -877
  1133. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -451
  1134. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -127
  1135. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -363
  1136. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -481
  1137. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
  1138. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
  1139. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -879
  1140. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1335
  1141. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -535
  1142. data/third_party/boringssl/crypto/hrss/hrss.c +0 -2201
  1143. data/third_party/boringssl/crypto/hrss/internal.h +0 -62
  1144. data/third_party/boringssl/crypto/internal.h +0 -814
  1145. data/third_party/boringssl/crypto/mem.c +0 -272
  1146. data/third_party/boringssl/crypto/obj/obj.c +0 -554
  1147. data/third_party/boringssl/crypto/obj/obj_dat.h +0 -11550
  1148. data/third_party/boringssl/crypto/pem/pem_info.c +0 -361
  1149. data/third_party/boringssl/crypto/pem/pem_lib.c +0 -777
  1150. data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
  1151. data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
  1152. data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -219
  1153. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -385
  1154. data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
  1155. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
  1156. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
  1157. data/third_party/boringssl/crypto/pool/pool.c +0 -221
  1158. data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -56
  1159. data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
  1160. data/third_party/boringssl/crypto/siphash/siphash.c +0 -80
  1161. data/third_party/boringssl/crypto/thread_pthread.c +0 -206
  1162. data/third_party/boringssl/crypto/thread_win.c +0 -256
  1163. data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
  1164. data/third_party/boringssl/crypto/x509/by_dir.c +0 -458
  1165. data/third_party/boringssl/crypto/x509/by_file.c +0 -276
  1166. data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
  1167. data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
  1168. data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
  1169. data/third_party/boringssl/crypto/x509/x509_req.c +0 -342
  1170. data/third_party/boringssl/crypto/x509/x509_set.c +0 -169
  1171. data/third_party/boringssl/crypto/x509/x509_trs.c +0 -327
  1172. data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2483
  1173. data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -672
  1174. data/third_party/boringssl/crypto/x509/x509name.c +0 -388
  1175. data/third_party/boringssl/crypto/x509/x_all.c +0 -400
  1176. data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -629
  1177. data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
  1178. data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
  1179. data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -844
  1180. data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1396
  1181. data/third_party/boringssl/include/openssl/base.h +0 -571
  1182. data/third_party/boringssl/include/openssl/bn.h +0 -1045
  1183. data/third_party/boringssl/include/openssl/buf.h +0 -137
  1184. data/third_party/boringssl/include/openssl/bytestring.h +0 -527
  1185. data/third_party/boringssl/include/openssl/crypto.h +0 -144
  1186. data/third_party/boringssl/include/openssl/dh.h +0 -299
  1187. data/third_party/boringssl/include/openssl/digest.h +0 -330
  1188. data/third_party/boringssl/include/openssl/dsa.h +0 -441
  1189. data/third_party/boringssl/include/openssl/ec.h +0 -417
  1190. data/third_party/boringssl/include/openssl/ec_key.h +0 -370
  1191. data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
  1192. data/third_party/boringssl/include/openssl/err.h +0 -461
  1193. data/third_party/boringssl/include/openssl/evp.h +0 -1030
  1194. data/third_party/boringssl/include/openssl/mem.h +0 -160
  1195. data/third_party/boringssl/include/openssl/nid.h +0 -4245
  1196. data/third_party/boringssl/include/openssl/poly1305.h +0 -51
  1197. data/third_party/boringssl/include/openssl/rand.h +0 -125
  1198. data/third_party/boringssl/include/openssl/rsa.h +0 -787
  1199. data/third_party/boringssl/include/openssl/sha.h +0 -268
  1200. data/third_party/boringssl/include/openssl/ssl.h +0 -5113
  1201. data/third_party/boringssl/include/openssl/tls1.h +0 -634
  1202. data/third_party/boringssl/include/openssl/x509.h +0 -1205
  1203. data/third_party/boringssl/include/openssl/x509_vfy.h +0 -680
  1204. data/third_party/boringssl/ssl/d1_both.cc +0 -842
  1205. data/third_party/boringssl/ssl/d1_lib.cc +0 -268
  1206. data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
  1207. data/third_party/boringssl/ssl/dtls_method.cc +0 -192
  1208. data/third_party/boringssl/ssl/handoff.cc +0 -489
  1209. data/third_party/boringssl/ssl/handshake.cc +0 -691
  1210. data/third_party/boringssl/ssl/handshake_client.cc +0 -1871
  1211. data/third_party/boringssl/ssl/handshake_server.cc +0 -1801
  1212. data/third_party/boringssl/ssl/internal.h +0 -3549
  1213. data/third_party/boringssl/ssl/s3_both.cc +0 -724
  1214. data/third_party/boringssl/ssl/s3_lib.cc +0 -222
  1215. data/third_party/boringssl/ssl/s3_pkt.cc +0 -459
  1216. data/third_party/boringssl/ssl/ssl_asn1.cc +0 -828
  1217. data/third_party/boringssl/ssl/ssl_buffer.cc +0 -287
  1218. data/third_party/boringssl/ssl/ssl_cert.cc +0 -1016
  1219. data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1719
  1220. data/third_party/boringssl/ssl/ssl_lib.cc +0 -3011
  1221. data/third_party/boringssl/ssl/ssl_privkey.cc +0 -824
  1222. data/third_party/boringssl/ssl/ssl_session.cc +0 -1273
  1223. data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
  1224. data/third_party/boringssl/ssl/ssl_versions.cc +0 -394
  1225. data/third_party/boringssl/ssl/t1_enc.cc +0 -361
  1226. data/third_party/boringssl/ssl/t1_lib.cc +0 -4036
  1227. data/third_party/boringssl/ssl/tls13_both.cc +0 -689
  1228. data/third_party/boringssl/ssl/tls13_client.cc +0 -947
  1229. data/third_party/boringssl/ssl/tls13_enc.cc +0 -561
  1230. data/third_party/boringssl/ssl/tls13_server.cc +0 -1089
  1231. data/third_party/boringssl/ssl/tls_method.cc +0 -279
  1232. data/third_party/boringssl/ssl/tls_record.cc +0 -698
  1233. data/third_party/boringssl/third_party/fiat/curve25519.c +0 -2167
  1234. data/third_party/boringssl/third_party/fiat/curve25519_32.h +0 -911
  1235. data/third_party/boringssl/third_party/fiat/curve25519_64.h +0 -559
  1236. data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
  1237. data/third_party/boringssl/third_party/fiat/internal.h +0 -154
  1238. data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
  1239. data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
  1240. data/third_party/boringssl/third_party/fiat/p256_64.h +0 -1217
@@ -0,0 +1,328 @@
1
+ /* Originally written by Bodo Moeller for the OpenSSL project.
2
+ * ====================================================================
3
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
4
+ *
5
+ * Redistribution and use in source and binary forms, with or without
6
+ * modification, are permitted provided that the following conditions
7
+ * are met:
8
+ *
9
+ * 1. Redistributions of source code must retain the above copyright
10
+ * notice, this list of conditions and the following disclaimer.
11
+ *
12
+ * 2. Redistributions in binary form must reproduce the above copyright
13
+ * notice, this list of conditions and the following disclaimer in
14
+ * the documentation and/or other materials provided with the
15
+ * distribution.
16
+ *
17
+ * 3. All advertising materials mentioning features or use of this
18
+ * software must display the following acknowledgment:
19
+ * "This product includes software developed by the OpenSSL Project
20
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21
+ *
22
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23
+ * endorse or promote products derived from this software without
24
+ * prior written permission. For written permission, please contact
25
+ * openssl-core@openssl.org.
26
+ *
27
+ * 5. Products derived from this software may not be called "OpenSSL"
28
+ * nor may "OpenSSL" appear in their names without prior written
29
+ * permission of the OpenSSL Project.
30
+ *
31
+ * 6. Redistributions of any form whatsoever must retain the following
32
+ * acknowledgment:
33
+ * "This product includes software developed by the OpenSSL Project
34
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35
+ *
36
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
48
+ * ====================================================================
49
+ *
50
+ * This product includes cryptographic software written by Eric Young
51
+ * (eay@cryptsoft.com). This product includes software written by Tim
52
+ * Hudson (tjh@cryptsoft.com).
53
+ *
54
+ */
55
+ /* ====================================================================
56
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
57
+ *
58
+ * Portions of the attached software ("Contribution") are developed by
59
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
60
+ *
61
+ * The Contribution is licensed pursuant to the OpenSSL open source
62
+ * license provided above.
63
+ *
64
+ * The elliptic curve binary polynomial software is originally written by
65
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
66
+ * Laboratories. */
67
+
68
+ #include <openssl/ec.h>
69
+
70
+ #include <openssl/bn.h>
71
+ #include <openssl/err.h>
72
+
73
+ #include "internal.h"
74
+
75
+
76
+ size_t ec_point_to_bytes(const EC_GROUP *group, const EC_AFFINE *point,
77
+ point_conversion_form_t form, uint8_t *buf,
78
+ size_t len) {
79
+ if (form != POINT_CONVERSION_COMPRESSED &&
80
+ form != POINT_CONVERSION_UNCOMPRESSED) {
81
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FORM);
82
+ return 0;
83
+ }
84
+
85
+ const size_t field_len = BN_num_bytes(&group->field);
86
+ size_t output_len = 1 /* type byte */ + field_len;
87
+ if (form == POINT_CONVERSION_UNCOMPRESSED) {
88
+ // Uncompressed points have a second coordinate.
89
+ output_len += field_len;
90
+ }
91
+
92
+ // if 'buf' is NULL, just return required length
93
+ if (buf != NULL) {
94
+ if (len < output_len) {
95
+ OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
96
+ return 0;
97
+ }
98
+
99
+ size_t field_len_out;
100
+ ec_felem_to_bytes(group, buf + 1, &field_len_out, &point->X);
101
+ assert(field_len_out == field_len);
102
+
103
+ if (form == POINT_CONVERSION_UNCOMPRESSED) {
104
+ ec_felem_to_bytes(group, buf + 1 + field_len, &field_len_out, &point->Y);
105
+ assert(field_len_out == field_len);
106
+ buf[0] = form;
107
+ } else {
108
+ uint8_t y_buf[EC_MAX_BYTES];
109
+ ec_felem_to_bytes(group, y_buf, &field_len_out, &point->Y);
110
+ buf[0] = form + (y_buf[field_len_out - 1] & 1);
111
+ }
112
+ }
113
+
114
+ return output_len;
115
+ }
116
+
117
+ int ec_point_from_uncompressed(const EC_GROUP *group, EC_AFFINE *out,
118
+ const uint8_t *in, size_t len) {
119
+ const size_t field_len = BN_num_bytes(&group->field);
120
+ if (len != 1 + 2 * field_len || in[0] != POINT_CONVERSION_UNCOMPRESSED) {
121
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
122
+ return 0;
123
+ }
124
+
125
+ EC_FELEM x, y;
126
+ if (!ec_felem_from_bytes(group, &x, in + 1, field_len) ||
127
+ !ec_felem_from_bytes(group, &y, in + 1 + field_len, field_len) ||
128
+ !ec_point_set_affine_coordinates(group, out, &x, &y)) {
129
+ return 0;
130
+ }
131
+
132
+ return 1;
133
+ }
134
+
135
+ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
136
+ const uint8_t *buf, size_t len,
137
+ BN_CTX *ctx) {
138
+ if (len == 0) {
139
+ OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
140
+ return 0;
141
+ }
142
+
143
+ point_conversion_form_t form = buf[0];
144
+ if (form == POINT_CONVERSION_UNCOMPRESSED) {
145
+ EC_AFFINE affine;
146
+ if (!ec_point_from_uncompressed(group, &affine, buf, len)) {
147
+ // In the event of an error, defend against the caller not checking the
148
+ // return value by setting a known safe value.
149
+ ec_set_to_safe_point(group, &point->raw);
150
+ return 0;
151
+ }
152
+ ec_affine_to_jacobian(group, &point->raw, &affine);
153
+ return 1;
154
+ }
155
+
156
+ const int y_bit = form & 1;
157
+ const size_t field_len = BN_num_bytes(&group->field);
158
+ form = form & ~1u;
159
+ if (form != POINT_CONVERSION_COMPRESSED ||
160
+ len != 1 /* type byte */ + field_len) {
161
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
162
+ return 0;
163
+ }
164
+
165
+ // TODO(davidben): Integrate compressed coordinates with the lower-level EC
166
+ // abstractions. This requires a way to compute square roots, which is tricky
167
+ // for primes which are not 3 (mod 4), namely P-224 and custom curves. P-224's
168
+ // prime is particularly inconvenient for compressed coordinates. See
169
+ // https://cr.yp.to/papers/sqroot.pdf
170
+ BN_CTX *new_ctx = NULL;
171
+ if (ctx == NULL) {
172
+ ctx = new_ctx = BN_CTX_new();
173
+ if (ctx == NULL) {
174
+ return 0;
175
+ }
176
+ }
177
+
178
+ int ret = 0;
179
+ BN_CTX_start(ctx);
180
+ BIGNUM *x = BN_CTX_get(ctx);
181
+ if (x == NULL || !BN_bin2bn(buf + 1, field_len, x)) {
182
+ goto err;
183
+ }
184
+ if (BN_ucmp(x, &group->field) >= 0) {
185
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
186
+ goto err;
187
+ }
188
+
189
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) {
190
+ goto err;
191
+ }
192
+
193
+ ret = 1;
194
+
195
+ err:
196
+ BN_CTX_end(ctx);
197
+ BN_CTX_free(new_ctx);
198
+ return ret;
199
+ }
200
+
201
+ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
202
+ const uint8_t *buf, size_t len, BN_CTX *ctx) {
203
+ if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
204
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
205
+ return 0;
206
+ }
207
+ return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
208
+ }
209
+
210
+ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
211
+ point_conversion_form_t form, uint8_t *buf,
212
+ size_t len, BN_CTX *ctx) {
213
+ if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
214
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
215
+ return 0;
216
+ }
217
+ EC_AFFINE affine;
218
+ if (!ec_jacobian_to_affine(group, &affine, &point->raw)) {
219
+ return 0;
220
+ }
221
+ return ec_point_to_bytes(group, &affine, form, buf, len);
222
+ }
223
+
224
+ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
225
+ EC_POINT *point, const BIGNUM *x,
226
+ int y_bit, BN_CTX *ctx) {
227
+ if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
228
+ OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
229
+ return 0;
230
+ }
231
+
232
+ if (BN_is_negative(x) || BN_cmp(x, &group->field) >= 0) {
233
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT);
234
+ return 0;
235
+ }
236
+
237
+ BN_CTX *new_ctx = NULL;
238
+ int ret = 0;
239
+
240
+ ERR_clear_error();
241
+
242
+ if (ctx == NULL) {
243
+ ctx = new_ctx = BN_CTX_new();
244
+ if (ctx == NULL) {
245
+ return 0;
246
+ }
247
+ }
248
+
249
+ y_bit = (y_bit != 0);
250
+
251
+ BN_CTX_start(ctx);
252
+ BIGNUM *tmp1 = BN_CTX_get(ctx);
253
+ BIGNUM *tmp2 = BN_CTX_get(ctx);
254
+ BIGNUM *a = BN_CTX_get(ctx);
255
+ BIGNUM *b = BN_CTX_get(ctx);
256
+ BIGNUM *y = BN_CTX_get(ctx);
257
+ if (y == NULL ||
258
+ !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) {
259
+ goto err;
260
+ }
261
+
262
+ // Recover y. We have a Weierstrass equation
263
+ // y^2 = x^3 + a*x + b,
264
+ // so y is one of the square roots of x^3 + a*x + b.
265
+
266
+ // tmp1 := x^3
267
+ if (!BN_mod_sqr(tmp2, x, &group->field, ctx) ||
268
+ !BN_mod_mul(tmp1, tmp2, x, &group->field, ctx)) {
269
+ goto err;
270
+ }
271
+
272
+ // tmp1 := tmp1 + a*x
273
+ if (group->a_is_minus3) {
274
+ if (!bn_mod_lshift1_consttime(tmp2, x, &group->field, ctx) ||
275
+ !bn_mod_add_consttime(tmp2, tmp2, x, &group->field, ctx) ||
276
+ !bn_mod_sub_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
277
+ goto err;
278
+ }
279
+ } else {
280
+ if (!BN_mod_mul(tmp2, a, x, &group->field, ctx) ||
281
+ !bn_mod_add_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
282
+ goto err;
283
+ }
284
+ }
285
+
286
+ // tmp1 := tmp1 + b
287
+ if (!bn_mod_add_consttime(tmp1, tmp1, b, &group->field, ctx)) {
288
+ goto err;
289
+ }
290
+
291
+ if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
292
+ unsigned long err = ERR_peek_last_error();
293
+
294
+ if (ERR_GET_LIB(err) == ERR_LIB_BN &&
295
+ ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
296
+ ERR_clear_error();
297
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT);
298
+ } else {
299
+ OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
300
+ }
301
+ goto err;
302
+ }
303
+
304
+ if (y_bit != BN_is_odd(y)) {
305
+ if (BN_is_zero(y)) {
306
+ OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSION_BIT);
307
+ goto err;
308
+ }
309
+ if (!BN_usub(y, &group->field, y)) {
310
+ goto err;
311
+ }
312
+ }
313
+ if (y_bit != BN_is_odd(y)) {
314
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
315
+ goto err;
316
+ }
317
+
318
+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) {
319
+ goto err;
320
+ }
321
+
322
+ ret = 1;
323
+
324
+ err:
325
+ BN_CTX_end(ctx);
326
+ BN_CTX_free(new_ctx);
327
+ return ret;
328
+ }
@@ -0,0 +1,1178 @@
1
+ /* Copyright (c) 2015, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ // A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
16
+ //
17
+ // Inspired by Daniel J. Bernstein's public domain nistp224 implementation
18
+ // and Adam Langley's public domain 64-bit C implementation of curve25519.
19
+
20
+ #include <openssl/base.h>
21
+
22
+ #include <openssl/bn.h>
23
+ #include <openssl/ec.h>
24
+ #include <openssl/err.h>
25
+ #include <openssl/mem.h>
26
+
27
+ #include <string.h>
28
+
29
+ #include "internal.h"
30
+ #include "../delocate.h"
31
+ #include "../../internal.h"
32
+
33
+
34
+ #if defined(BORINGSSL_HAS_UINT128) && !defined(OPENSSL_SMALL)
35
+
36
+ // Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
37
+ // using 64-bit coefficients called 'limbs', and sometimes (for multiplication
38
+ // results) as b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 +
39
+ // 2^336*b_6 using 128-bit coefficients called 'widelimbs'. A 4-p224_limb
40
+ // representation is an 'p224_felem'; a 7-p224_widelimb representation is a
41
+ // 'p224_widefelem'. Even within felems, bits of adjacent limbs overlap, and we
42
+ // don't always reduce the representations: we ensure that inputs to each
43
+ // p224_felem multiplication satisfy a_i < 2^60, so outputs satisfy b_i <
44
+ // 4*2^60*2^60, and fit into a 128-bit word without overflow. The coefficients
45
+ // are then again partially reduced to obtain an p224_felem satisfying a_i <
46
+ // 2^57. We only reduce to the unique minimal representation at the end of the
47
+ // computation.
48
+
49
+ typedef uint64_t p224_limb;
50
+ typedef uint128_t p224_widelimb;
51
+
52
+ typedef p224_limb p224_felem[4];
53
+ typedef p224_widelimb p224_widefelem[7];
54
+
55
+ // Field element represented as a byte arrary. 28*8 = 224 bits is also the
56
+ // group order size for the elliptic curve, and we also use this type for
57
+ // scalars for point multiplication.
58
+ typedef uint8_t p224_felem_bytearray[28];
59
+
60
+ // Precomputed multiples of the standard generator
61
+ // Points are given in coordinates (X, Y, Z) where Z normally is 1
62
+ // (0 for the point at infinity).
63
+ // For each field element, slice a_0 is word 0, etc.
64
+ //
65
+ // The table has 2 * 16 elements, starting with the following:
66
+ // index | bits | point
67
+ // ------+---------+------------------------------
68
+ // 0 | 0 0 0 0 | 0G
69
+ // 1 | 0 0 0 1 | 1G
70
+ // 2 | 0 0 1 0 | 2^56G
71
+ // 3 | 0 0 1 1 | (2^56 + 1)G
72
+ // 4 | 0 1 0 0 | 2^112G
73
+ // 5 | 0 1 0 1 | (2^112 + 1)G
74
+ // 6 | 0 1 1 0 | (2^112 + 2^56)G
75
+ // 7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
76
+ // 8 | 1 0 0 0 | 2^168G
77
+ // 9 | 1 0 0 1 | (2^168 + 1)G
78
+ // 10 | 1 0 1 0 | (2^168 + 2^56)G
79
+ // 11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
80
+ // 12 | 1 1 0 0 | (2^168 + 2^112)G
81
+ // 13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
82
+ // 14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
83
+ // 15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
84
+ // followed by a copy of this with each element multiplied by 2^28.
85
+ //
86
+ // The reason for this is so that we can clock bits into four different
87
+ // locations when doing simple scalar multiplies against the base point,
88
+ // and then another four locations using the second 16 elements.
89
+ static const p224_felem g_p224_pre_comp[2][16][3] = {
90
+ {{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}},
91
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
92
+ {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
93
+ {1, 0, 0, 0}},
94
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
95
+ {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
96
+ {1, 0, 0, 0}},
97
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
98
+ {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
99
+ {1, 0, 0, 0}},
100
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
101
+ {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
102
+ {1, 0, 0, 0}},
103
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
104
+ {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
105
+ {1, 0, 0, 0}},
106
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
107
+ {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
108
+ {1, 0, 0, 0}},
109
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
110
+ {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
111
+ {1, 0, 0, 0}},
112
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
113
+ {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
114
+ {1, 0, 0, 0}},
115
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
116
+ {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
117
+ {1, 0, 0, 0}},
118
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
119
+ {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
120
+ {1, 0, 0, 0}},
121
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
122
+ {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
123
+ {1, 0, 0, 0}},
124
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
125
+ {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
126
+ {1, 0, 0, 0}},
127
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
128
+ {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
129
+ {1, 0, 0, 0}},
130
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
131
+ {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
132
+ {1, 0, 0, 0}},
133
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
134
+ {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
135
+ {1, 0, 0, 0}}},
136
+ {{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}},
137
+ {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
138
+ {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
139
+ {1, 0, 0, 0}},
140
+ {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
141
+ {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
142
+ {1, 0, 0, 0}},
143
+ {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
144
+ {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
145
+ {1, 0, 0, 0}},
146
+ {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
147
+ {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
148
+ {1, 0, 0, 0}},
149
+ {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
150
+ {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
151
+ {1, 0, 0, 0}},
152
+ {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
153
+ {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
154
+ {1, 0, 0, 0}},
155
+ {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
156
+ {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
157
+ {1, 0, 0, 0}},
158
+ {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
159
+ {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
160
+ {1, 0, 0, 0}},
161
+ {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
162
+ {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
163
+ {1, 0, 0, 0}},
164
+ {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
165
+ {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
166
+ {1, 0, 0, 0}},
167
+ {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
168
+ {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
169
+ {1, 0, 0, 0}},
170
+ {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
171
+ {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
172
+ {1, 0, 0, 0}},
173
+ {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
174
+ {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
175
+ {1, 0, 0, 0}},
176
+ {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
177
+ {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
178
+ {1, 0, 0, 0}},
179
+ {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
180
+ {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
181
+ {1, 0, 0, 0}}}};
182
+
183
+ static uint64_t p224_load_u64(const uint8_t in[8]) {
184
+ uint64_t ret;
185
+ OPENSSL_memcpy(&ret, in, sizeof(ret));
186
+ return ret;
187
+ }
188
+
189
+ // Helper functions to convert field elements to/from internal representation
190
+ static void p224_bin28_to_felem(p224_felem out, const uint8_t in[28]) {
191
+ out[0] = p224_load_u64(in) & 0x00ffffffffffffff;
192
+ out[1] = p224_load_u64(in + 7) & 0x00ffffffffffffff;
193
+ out[2] = p224_load_u64(in + 14) & 0x00ffffffffffffff;
194
+ out[3] = p224_load_u64(in + 20) >> 8;
195
+ }
196
+
197
+ static void p224_felem_to_bin28(uint8_t out[28], const p224_felem in) {
198
+ for (size_t i = 0; i < 7; ++i) {
199
+ out[i] = in[0] >> (8 * i);
200
+ out[i + 7] = in[1] >> (8 * i);
201
+ out[i + 14] = in[2] >> (8 * i);
202
+ out[i + 21] = in[3] >> (8 * i);
203
+ }
204
+ }
205
+
206
+ static void p224_generic_to_felem(p224_felem out, const EC_FELEM *in) {
207
+ p224_bin28_to_felem(out, in->bytes);
208
+ }
209
+
210
+ // Requires 0 <= in < 2*p (always call p224_felem_reduce first)
211
+ static void p224_felem_to_generic(EC_FELEM *out, const p224_felem in) {
212
+ // Reduce to unique minimal representation.
213
+ static const int64_t two56 = ((p224_limb)1) << 56;
214
+ // 0 <= in < 2*p, p = 2^224 - 2^96 + 1
215
+ // if in > p , reduce in = in - 2^224 + 2^96 - 1
216
+ int64_t tmp[4], a;
217
+ tmp[0] = in[0];
218
+ tmp[1] = in[1];
219
+ tmp[2] = in[2];
220
+ tmp[3] = in[3];
221
+ // Case 1: a = 1 iff in >= 2^224
222
+ a = (in[3] >> 56);
223
+ tmp[0] -= a;
224
+ tmp[1] += a << 40;
225
+ tmp[3] &= 0x00ffffffffffffff;
226
+ // Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 and
227
+ // the lower part is non-zero
228
+ a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
229
+ (((int64_t)(in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
230
+ a &= 0x00ffffffffffffff;
231
+ // turn a into an all-one mask (if a = 0) or an all-zero mask
232
+ a = (a - 1) >> 63;
233
+ // subtract 2^224 - 2^96 + 1 if a is all-one
234
+ tmp[3] &= a ^ 0xffffffffffffffff;
235
+ tmp[2] &= a ^ 0xffffffffffffffff;
236
+ tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
237
+ tmp[0] -= 1 & a;
238
+
239
+ // eliminate negative coefficients: if tmp[0] is negative, tmp[1] must
240
+ // be non-zero, so we only need one step
241
+ a = tmp[0] >> 63;
242
+ tmp[0] += two56 & a;
243
+ tmp[1] -= 1 & a;
244
+
245
+ // carry 1 -> 2 -> 3
246
+ tmp[2] += tmp[1] >> 56;
247
+ tmp[1] &= 0x00ffffffffffffff;
248
+
249
+ tmp[3] += tmp[2] >> 56;
250
+ tmp[2] &= 0x00ffffffffffffff;
251
+
252
+ // Now 0 <= tmp < p
253
+ p224_felem tmp2;
254
+ tmp2[0] = tmp[0];
255
+ tmp2[1] = tmp[1];
256
+ tmp2[2] = tmp[2];
257
+ tmp2[3] = tmp[3];
258
+
259
+ p224_felem_to_bin28(out->bytes, tmp2);
260
+ // 224 is not a multiple of 64, so zero the remaining bytes.
261
+ OPENSSL_memset(out->bytes + 28, 0, 32 - 28);
262
+ }
263
+
264
+
265
+ // Field operations, using the internal representation of field elements.
266
+ // NB! These operations are specific to our point multiplication and cannot be
267
+ // expected to be correct in general - e.g., multiplication with a large scalar
268
+ // will cause an overflow.
269
+
270
+ static void p224_felem_assign(p224_felem out, const p224_felem in) {
271
+ out[0] = in[0];
272
+ out[1] = in[1];
273
+ out[2] = in[2];
274
+ out[3] = in[3];
275
+ }
276
+
277
+ // Sum two field elements: out += in
278
+ static void p224_felem_sum(p224_felem out, const p224_felem in) {
279
+ out[0] += in[0];
280
+ out[1] += in[1];
281
+ out[2] += in[2];
282
+ out[3] += in[3];
283
+ }
284
+
285
+ // Subtract field elements: out -= in
286
+ // Assumes in[i] < 2^57
287
+ static void p224_felem_diff(p224_felem out, const p224_felem in) {
288
+ static const p224_limb two58p2 =
289
+ (((p224_limb)1) << 58) + (((p224_limb)1) << 2);
290
+ static const p224_limb two58m2 =
291
+ (((p224_limb)1) << 58) - (((p224_limb)1) << 2);
292
+ static const p224_limb two58m42m2 =
293
+ (((p224_limb)1) << 58) - (((p224_limb)1) << 42) - (((p224_limb)1) << 2);
294
+
295
+ // Add 0 mod 2^224-2^96+1 to ensure out > in
296
+ out[0] += two58p2;
297
+ out[1] += two58m42m2;
298
+ out[2] += two58m2;
299
+ out[3] += two58m2;
300
+
301
+ out[0] -= in[0];
302
+ out[1] -= in[1];
303
+ out[2] -= in[2];
304
+ out[3] -= in[3];
305
+ }
306
+
307
+ // Subtract in unreduced 128-bit mode: out -= in
308
+ // Assumes in[i] < 2^119
309
+ static void p224_widefelem_diff(p224_widefelem out, const p224_widefelem in) {
310
+ static const p224_widelimb two120 = ((p224_widelimb)1) << 120;
311
+ static const p224_widelimb two120m64 =
312
+ (((p224_widelimb)1) << 120) - (((p224_widelimb)1) << 64);
313
+ static const p224_widelimb two120m104m64 = (((p224_widelimb)1) << 120) -
314
+ (((p224_widelimb)1) << 104) -
315
+ (((p224_widelimb)1) << 64);
316
+
317
+ // Add 0 mod 2^224-2^96+1 to ensure out > in
318
+ out[0] += two120;
319
+ out[1] += two120m64;
320
+ out[2] += two120m64;
321
+ out[3] += two120;
322
+ out[4] += two120m104m64;
323
+ out[5] += two120m64;
324
+ out[6] += two120m64;
325
+
326
+ out[0] -= in[0];
327
+ out[1] -= in[1];
328
+ out[2] -= in[2];
329
+ out[3] -= in[3];
330
+ out[4] -= in[4];
331
+ out[5] -= in[5];
332
+ out[6] -= in[6];
333
+ }
334
+
335
+ // Subtract in mixed mode: out128 -= in64
336
+ // in[i] < 2^63
337
+ static void p224_felem_diff_128_64(p224_widefelem out, const p224_felem in) {
338
+ static const p224_widelimb two64p8 =
339
+ (((p224_widelimb)1) << 64) + (((p224_widelimb)1) << 8);
340
+ static const p224_widelimb two64m8 =
341
+ (((p224_widelimb)1) << 64) - (((p224_widelimb)1) << 8);
342
+ static const p224_widelimb two64m48m8 = (((p224_widelimb)1) << 64) -
343
+ (((p224_widelimb)1) << 48) -
344
+ (((p224_widelimb)1) << 8);
345
+
346
+ // Add 0 mod 2^224-2^96+1 to ensure out > in
347
+ out[0] += two64p8;
348
+ out[1] += two64m48m8;
349
+ out[2] += two64m8;
350
+ out[3] += two64m8;
351
+
352
+ out[0] -= in[0];
353
+ out[1] -= in[1];
354
+ out[2] -= in[2];
355
+ out[3] -= in[3];
356
+ }
357
+
358
+ // Multiply a field element by a scalar: out = out * scalar
359
+ // The scalars we actually use are small, so results fit without overflow
360
+ static void p224_felem_scalar(p224_felem out, const p224_limb scalar) {
361
+ out[0] *= scalar;
362
+ out[1] *= scalar;
363
+ out[2] *= scalar;
364
+ out[3] *= scalar;
365
+ }
366
+
367
+ // Multiply an unreduced field element by a scalar: out = out * scalar
368
+ // The scalars we actually use are small, so results fit without overflow
369
+ static void p224_widefelem_scalar(p224_widefelem out,
370
+ const p224_widelimb scalar) {
371
+ out[0] *= scalar;
372
+ out[1] *= scalar;
373
+ out[2] *= scalar;
374
+ out[3] *= scalar;
375
+ out[4] *= scalar;
376
+ out[5] *= scalar;
377
+ out[6] *= scalar;
378
+ }
379
+
380
+ // Square a field element: out = in^2
381
+ static void p224_felem_square(p224_widefelem out, const p224_felem in) {
382
+ p224_limb tmp0, tmp1, tmp2;
383
+ tmp0 = 2 * in[0];
384
+ tmp1 = 2 * in[1];
385
+ tmp2 = 2 * in[2];
386
+ out[0] = ((p224_widelimb)in[0]) * in[0];
387
+ out[1] = ((p224_widelimb)in[0]) * tmp1;
388
+ out[2] = ((p224_widelimb)in[0]) * tmp2 + ((p224_widelimb)in[1]) * in[1];
389
+ out[3] = ((p224_widelimb)in[3]) * tmp0 + ((p224_widelimb)in[1]) * tmp2;
390
+ out[4] = ((p224_widelimb)in[3]) * tmp1 + ((p224_widelimb)in[2]) * in[2];
391
+ out[5] = ((p224_widelimb)in[3]) * tmp2;
392
+ out[6] = ((p224_widelimb)in[3]) * in[3];
393
+ }
394
+
395
+ // Multiply two field elements: out = in1 * in2
396
+ static void p224_felem_mul(p224_widefelem out, const p224_felem in1,
397
+ const p224_felem in2) {
398
+ out[0] = ((p224_widelimb)in1[0]) * in2[0];
399
+ out[1] = ((p224_widelimb)in1[0]) * in2[1] + ((p224_widelimb)in1[1]) * in2[0];
400
+ out[2] = ((p224_widelimb)in1[0]) * in2[2] + ((p224_widelimb)in1[1]) * in2[1] +
401
+ ((p224_widelimb)in1[2]) * in2[0];
402
+ out[3] = ((p224_widelimb)in1[0]) * in2[3] + ((p224_widelimb)in1[1]) * in2[2] +
403
+ ((p224_widelimb)in1[2]) * in2[1] + ((p224_widelimb)in1[3]) * in2[0];
404
+ out[4] = ((p224_widelimb)in1[1]) * in2[3] + ((p224_widelimb)in1[2]) * in2[2] +
405
+ ((p224_widelimb)in1[3]) * in2[1];
406
+ out[5] = ((p224_widelimb)in1[2]) * in2[3] + ((p224_widelimb)in1[3]) * in2[2];
407
+ out[6] = ((p224_widelimb)in1[3]) * in2[3];
408
+ }
409
+
410
+ // Reduce seven 128-bit coefficients to four 64-bit coefficients.
411
+ // Requires in[i] < 2^126,
412
+ // ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
413
+ static void p224_felem_reduce(p224_felem out, const p224_widefelem in) {
414
+ static const p224_widelimb two127p15 =
415
+ (((p224_widelimb)1) << 127) + (((p224_widelimb)1) << 15);
416
+ static const p224_widelimb two127m71 =
417
+ (((p224_widelimb)1) << 127) - (((p224_widelimb)1) << 71);
418
+ static const p224_widelimb two127m71m55 = (((p224_widelimb)1) << 127) -
419
+ (((p224_widelimb)1) << 71) -
420
+ (((p224_widelimb)1) << 55);
421
+ p224_widelimb output[5];
422
+
423
+ // Add 0 mod 2^224-2^96+1 to ensure all differences are positive
424
+ output[0] = in[0] + two127p15;
425
+ output[1] = in[1] + two127m71m55;
426
+ output[2] = in[2] + two127m71;
427
+ output[3] = in[3];
428
+ output[4] = in[4];
429
+
430
+ // Eliminate in[4], in[5], in[6]
431
+ output[4] += in[6] >> 16;
432
+ output[3] += (in[6] & 0xffff) << 40;
433
+ output[2] -= in[6];
434
+
435
+ output[3] += in[5] >> 16;
436
+ output[2] += (in[5] & 0xffff) << 40;
437
+ output[1] -= in[5];
438
+
439
+ output[2] += output[4] >> 16;
440
+ output[1] += (output[4] & 0xffff) << 40;
441
+ output[0] -= output[4];
442
+
443
+ // Carry 2 -> 3 -> 4
444
+ output[3] += output[2] >> 56;
445
+ output[2] &= 0x00ffffffffffffff;
446
+
447
+ output[4] = output[3] >> 56;
448
+ output[3] &= 0x00ffffffffffffff;
449
+
450
+ // Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72
451
+
452
+ // Eliminate output[4]
453
+ output[2] += output[4] >> 16;
454
+ // output[2] < 2^56 + 2^56 = 2^57
455
+ output[1] += (output[4] & 0xffff) << 40;
456
+ output[0] -= output[4];
457
+
458
+ // Carry 0 -> 1 -> 2 -> 3
459
+ output[1] += output[0] >> 56;
460
+ out[0] = output[0] & 0x00ffffffffffffff;
461
+
462
+ output[2] += output[1] >> 56;
463
+ // output[2] < 2^57 + 2^72
464
+ out[1] = output[1] & 0x00ffffffffffffff;
465
+ output[3] += output[2] >> 56;
466
+ // output[3] <= 2^56 + 2^16
467
+ out[2] = output[2] & 0x00ffffffffffffff;
468
+
469
+ // out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
470
+ // out[3] <= 2^56 + 2^16 (due to final carry),
471
+ // so out < 2*p
472
+ out[3] = output[3];
473
+ }
474
+
475
+ // Get negative value: out = -in
476
+ // Requires in[i] < 2^63,
477
+ // ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
478
+ static void p224_felem_neg(p224_felem out, const p224_felem in) {
479
+ p224_widefelem tmp = {0};
480
+ p224_felem_diff_128_64(tmp, in);
481
+ p224_felem_reduce(out, tmp);
482
+ }
483
+
484
+ // Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
485
+ // elements are reduced to in < 2^225, so we only need to check three cases: 0,
486
+ // 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
487
+ static p224_limb p224_felem_is_zero(const p224_felem in) {
488
+ p224_limb zero = in[0] | in[1] | in[2] | in[3];
489
+ zero = (((int64_t)(zero)-1) >> 63) & 1;
490
+
491
+ p224_limb two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000) |
492
+ (in[2] ^ 0x00ffffffffffffff) |
493
+ (in[3] ^ 0x00ffffffffffffff);
494
+ two224m96p1 = (((int64_t)(two224m96p1)-1) >> 63) & 1;
495
+ p224_limb two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000) |
496
+ (in[2] ^ 0x00ffffffffffffff) |
497
+ (in[3] ^ 0x01ffffffffffffff);
498
+ two225m97p2 = (((int64_t)(two225m97p2)-1) >> 63) & 1;
499
+ return (zero | two224m96p1 | two225m97p2);
500
+ }
501
+
502
+ // Invert a field element
503
+ // Computation chain copied from djb's code
504
+ static void p224_felem_inv(p224_felem out, const p224_felem in) {
505
+ p224_felem ftmp, ftmp2, ftmp3, ftmp4;
506
+ p224_widefelem tmp;
507
+
508
+ p224_felem_square(tmp, in);
509
+ p224_felem_reduce(ftmp, tmp); // 2
510
+ p224_felem_mul(tmp, in, ftmp);
511
+ p224_felem_reduce(ftmp, tmp); // 2^2 - 1
512
+ p224_felem_square(tmp, ftmp);
513
+ p224_felem_reduce(ftmp, tmp); // 2^3 - 2
514
+ p224_felem_mul(tmp, in, ftmp);
515
+ p224_felem_reduce(ftmp, tmp); // 2^3 - 1
516
+ p224_felem_square(tmp, ftmp);
517
+ p224_felem_reduce(ftmp2, tmp); // 2^4 - 2
518
+ p224_felem_square(tmp, ftmp2);
519
+ p224_felem_reduce(ftmp2, tmp); // 2^5 - 4
520
+ p224_felem_square(tmp, ftmp2);
521
+ p224_felem_reduce(ftmp2, tmp); // 2^6 - 8
522
+ p224_felem_mul(tmp, ftmp2, ftmp);
523
+ p224_felem_reduce(ftmp, tmp); // 2^6 - 1
524
+ p224_felem_square(tmp, ftmp);
525
+ p224_felem_reduce(ftmp2, tmp); // 2^7 - 2
526
+ for (size_t i = 0; i < 5; ++i) { // 2^12 - 2^6
527
+ p224_felem_square(tmp, ftmp2);
528
+ p224_felem_reduce(ftmp2, tmp);
529
+ }
530
+ p224_felem_mul(tmp, ftmp2, ftmp);
531
+ p224_felem_reduce(ftmp2, tmp); // 2^12 - 1
532
+ p224_felem_square(tmp, ftmp2);
533
+ p224_felem_reduce(ftmp3, tmp); // 2^13 - 2
534
+ for (size_t i = 0; i < 11; ++i) { // 2^24 - 2^12
535
+ p224_felem_square(tmp, ftmp3);
536
+ p224_felem_reduce(ftmp3, tmp);
537
+ }
538
+ p224_felem_mul(tmp, ftmp3, ftmp2);
539
+ p224_felem_reduce(ftmp2, tmp); // 2^24 - 1
540
+ p224_felem_square(tmp, ftmp2);
541
+ p224_felem_reduce(ftmp3, tmp); // 2^25 - 2
542
+ for (size_t i = 0; i < 23; ++i) { // 2^48 - 2^24
543
+ p224_felem_square(tmp, ftmp3);
544
+ p224_felem_reduce(ftmp3, tmp);
545
+ }
546
+ p224_felem_mul(tmp, ftmp3, ftmp2);
547
+ p224_felem_reduce(ftmp3, tmp); // 2^48 - 1
548
+ p224_felem_square(tmp, ftmp3);
549
+ p224_felem_reduce(ftmp4, tmp); // 2^49 - 2
550
+ for (size_t i = 0; i < 47; ++i) { // 2^96 - 2^48
551
+ p224_felem_square(tmp, ftmp4);
552
+ p224_felem_reduce(ftmp4, tmp);
553
+ }
554
+ p224_felem_mul(tmp, ftmp3, ftmp4);
555
+ p224_felem_reduce(ftmp3, tmp); // 2^96 - 1
556
+ p224_felem_square(tmp, ftmp3);
557
+ p224_felem_reduce(ftmp4, tmp); // 2^97 - 2
558
+ for (size_t i = 0; i < 23; ++i) { // 2^120 - 2^24
559
+ p224_felem_square(tmp, ftmp4);
560
+ p224_felem_reduce(ftmp4, tmp);
561
+ }
562
+ p224_felem_mul(tmp, ftmp2, ftmp4);
563
+ p224_felem_reduce(ftmp2, tmp); // 2^120 - 1
564
+ for (size_t i = 0; i < 6; ++i) { // 2^126 - 2^6
565
+ p224_felem_square(tmp, ftmp2);
566
+ p224_felem_reduce(ftmp2, tmp);
567
+ }
568
+ p224_felem_mul(tmp, ftmp2, ftmp);
569
+ p224_felem_reduce(ftmp, tmp); // 2^126 - 1
570
+ p224_felem_square(tmp, ftmp);
571
+ p224_felem_reduce(ftmp, tmp); // 2^127 - 2
572
+ p224_felem_mul(tmp, ftmp, in);
573
+ p224_felem_reduce(ftmp, tmp); // 2^127 - 1
574
+ for (size_t i = 0; i < 97; ++i) { // 2^224 - 2^97
575
+ p224_felem_square(tmp, ftmp);
576
+ p224_felem_reduce(ftmp, tmp);
577
+ }
578
+ p224_felem_mul(tmp, ftmp, ftmp3);
579
+ p224_felem_reduce(out, tmp); // 2^224 - 2^96 - 1
580
+ }
581
+
582
+ // Copy in constant time:
583
+ // if icopy == 1, copy in to out,
584
+ // if icopy == 0, copy out to itself.
585
+ static void p224_copy_conditional(p224_felem out, const p224_felem in,
586
+ p224_limb icopy) {
587
+ // icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one
588
+ const p224_limb copy = -icopy;
589
+ for (size_t i = 0; i < 4; ++i) {
590
+ const p224_limb tmp = copy & (in[i] ^ out[i]);
591
+ out[i] ^= tmp;
592
+ }
593
+ }
594
+
595
+ // ELLIPTIC CURVE POINT OPERATIONS
596
+ //
597
+ // Points are represented in Jacobian projective coordinates:
598
+ // (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
599
+ // or to the point at infinity if Z == 0.
600
+
601
+ // Double an elliptic curve point:
602
+ // (X', Y', Z') = 2 * (X, Y, Z), where
603
+ // X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
604
+ // Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
605
+ // Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
606
+ // Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
607
+ // while x_out == y_in is not (maybe this works, but it's not tested).
608
+ static void p224_point_double(p224_felem x_out, p224_felem y_out,
609
+ p224_felem z_out, const p224_felem x_in,
610
+ const p224_felem y_in, const p224_felem z_in) {
611
+ p224_widefelem tmp, tmp2;
612
+ p224_felem delta, gamma, beta, alpha, ftmp, ftmp2;
613
+
614
+ p224_felem_assign(ftmp, x_in);
615
+ p224_felem_assign(ftmp2, x_in);
616
+
617
+ // delta = z^2
618
+ p224_felem_square(tmp, z_in);
619
+ p224_felem_reduce(delta, tmp);
620
+
621
+ // gamma = y^2
622
+ p224_felem_square(tmp, y_in);
623
+ p224_felem_reduce(gamma, tmp);
624
+
625
+ // beta = x*gamma
626
+ p224_felem_mul(tmp, x_in, gamma);
627
+ p224_felem_reduce(beta, tmp);
628
+
629
+ // alpha = 3*(x-delta)*(x+delta)
630
+ p224_felem_diff(ftmp, delta);
631
+ // ftmp[i] < 2^57 + 2^58 + 2 < 2^59
632
+ p224_felem_sum(ftmp2, delta);
633
+ // ftmp2[i] < 2^57 + 2^57 = 2^58
634
+ p224_felem_scalar(ftmp2, 3);
635
+ // ftmp2[i] < 3 * 2^58 < 2^60
636
+ p224_felem_mul(tmp, ftmp, ftmp2);
637
+ // tmp[i] < 2^60 * 2^59 * 4 = 2^121
638
+ p224_felem_reduce(alpha, tmp);
639
+
640
+ // x' = alpha^2 - 8*beta
641
+ p224_felem_square(tmp, alpha);
642
+ // tmp[i] < 4 * 2^57 * 2^57 = 2^116
643
+ p224_felem_assign(ftmp, beta);
644
+ p224_felem_scalar(ftmp, 8);
645
+ // ftmp[i] < 8 * 2^57 = 2^60
646
+ p224_felem_diff_128_64(tmp, ftmp);
647
+ // tmp[i] < 2^116 + 2^64 + 8 < 2^117
648
+ p224_felem_reduce(x_out, tmp);
649
+
650
+ // z' = (y + z)^2 - gamma - delta
651
+ p224_felem_sum(delta, gamma);
652
+ // delta[i] < 2^57 + 2^57 = 2^58
653
+ p224_felem_assign(ftmp, y_in);
654
+ p224_felem_sum(ftmp, z_in);
655
+ // ftmp[i] < 2^57 + 2^57 = 2^58
656
+ p224_felem_square(tmp, ftmp);
657
+ // tmp[i] < 4 * 2^58 * 2^58 = 2^118
658
+ p224_felem_diff_128_64(tmp, delta);
659
+ // tmp[i] < 2^118 + 2^64 + 8 < 2^119
660
+ p224_felem_reduce(z_out, tmp);
661
+
662
+ // y' = alpha*(4*beta - x') - 8*gamma^2
663
+ p224_felem_scalar(beta, 4);
664
+ // beta[i] < 4 * 2^57 = 2^59
665
+ p224_felem_diff(beta, x_out);
666
+ // beta[i] < 2^59 + 2^58 + 2 < 2^60
667
+ p224_felem_mul(tmp, alpha, beta);
668
+ // tmp[i] < 4 * 2^57 * 2^60 = 2^119
669
+ p224_felem_square(tmp2, gamma);
670
+ // tmp2[i] < 4 * 2^57 * 2^57 = 2^116
671
+ p224_widefelem_scalar(tmp2, 8);
672
+ // tmp2[i] < 8 * 2^116 = 2^119
673
+ p224_widefelem_diff(tmp, tmp2);
674
+ // tmp[i] < 2^119 + 2^120 < 2^121
675
+ p224_felem_reduce(y_out, tmp);
676
+ }
677
+
678
+ // Add two elliptic curve points:
679
+ // (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
680
+ // X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
681
+ // 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
682
+ // Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 *
683
+ // X_1)^2 - X_3) -
684
+ // Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
685
+ // Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
686
+ //
687
+ // This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
688
+
689
+ // This function is not entirely constant-time: it includes a branch for
690
+ // checking whether the two input points are equal, (while not equal to the
691
+ // point at infinity). This case never happens during single point
692
+ // multiplication, so there is no timing leak for ECDH or ECDSA signing.
693
+ static void p224_point_add(p224_felem x3, p224_felem y3, p224_felem z3,
694
+ const p224_felem x1, const p224_felem y1,
695
+ const p224_felem z1, const int mixed,
696
+ const p224_felem x2, const p224_felem y2,
697
+ const p224_felem z2) {
698
+ p224_felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
699
+ p224_widefelem tmp, tmp2;
700
+ p224_limb z1_is_zero, z2_is_zero, x_equal, y_equal;
701
+
702
+ if (!mixed) {
703
+ // ftmp2 = z2^2
704
+ p224_felem_square(tmp, z2);
705
+ p224_felem_reduce(ftmp2, tmp);
706
+
707
+ // ftmp4 = z2^3
708
+ p224_felem_mul(tmp, ftmp2, z2);
709
+ p224_felem_reduce(ftmp4, tmp);
710
+
711
+ // ftmp4 = z2^3*y1
712
+ p224_felem_mul(tmp2, ftmp4, y1);
713
+ p224_felem_reduce(ftmp4, tmp2);
714
+
715
+ // ftmp2 = z2^2*x1
716
+ p224_felem_mul(tmp2, ftmp2, x1);
717
+ p224_felem_reduce(ftmp2, tmp2);
718
+ } else {
719
+ // We'll assume z2 = 1 (special case z2 = 0 is handled later)
720
+
721
+ // ftmp4 = z2^3*y1
722
+ p224_felem_assign(ftmp4, y1);
723
+
724
+ // ftmp2 = z2^2*x1
725
+ p224_felem_assign(ftmp2, x1);
726
+ }
727
+
728
+ // ftmp = z1^2
729
+ p224_felem_square(tmp, z1);
730
+ p224_felem_reduce(ftmp, tmp);
731
+
732
+ // ftmp3 = z1^3
733
+ p224_felem_mul(tmp, ftmp, z1);
734
+ p224_felem_reduce(ftmp3, tmp);
735
+
736
+ // tmp = z1^3*y2
737
+ p224_felem_mul(tmp, ftmp3, y2);
738
+ // tmp[i] < 4 * 2^57 * 2^57 = 2^116
739
+
740
+ // ftmp3 = z1^3*y2 - z2^3*y1
741
+ p224_felem_diff_128_64(tmp, ftmp4);
742
+ // tmp[i] < 2^116 + 2^64 + 8 < 2^117
743
+ p224_felem_reduce(ftmp3, tmp);
744
+
745
+ // tmp = z1^2*x2
746
+ p224_felem_mul(tmp, ftmp, x2);
747
+ // tmp[i] < 4 * 2^57 * 2^57 = 2^116
748
+
749
+ // ftmp = z1^2*x2 - z2^2*x1
750
+ p224_felem_diff_128_64(tmp, ftmp2);
751
+ // tmp[i] < 2^116 + 2^64 + 8 < 2^117
752
+ p224_felem_reduce(ftmp, tmp);
753
+
754
+ // the formulae are incorrect if the points are equal
755
+ // so we check for this and do doubling if this happens
756
+ x_equal = p224_felem_is_zero(ftmp);
757
+ y_equal = p224_felem_is_zero(ftmp3);
758
+ z1_is_zero = p224_felem_is_zero(z1);
759
+ z2_is_zero = p224_felem_is_zero(z2);
760
+ // In affine coordinates, (X_1, Y_1) == (X_2, Y_2)
761
+ p224_limb is_nontrivial_double =
762
+ x_equal & y_equal & (1 - z1_is_zero) & (1 - z2_is_zero);
763
+ if (is_nontrivial_double) {
764
+ p224_point_double(x3, y3, z3, x1, y1, z1);
765
+ return;
766
+ }
767
+
768
+ // ftmp5 = z1*z2
769
+ if (!mixed) {
770
+ p224_felem_mul(tmp, z1, z2);
771
+ p224_felem_reduce(ftmp5, tmp);
772
+ } else {
773
+ // special case z2 = 0 is handled later
774
+ p224_felem_assign(ftmp5, z1);
775
+ }
776
+
777
+ // z_out = (z1^2*x2 - z2^2*x1)*(z1*z2)
778
+ p224_felem_mul(tmp, ftmp, ftmp5);
779
+ p224_felem_reduce(z_out, tmp);
780
+
781
+ // ftmp = (z1^2*x2 - z2^2*x1)^2
782
+ p224_felem_assign(ftmp5, ftmp);
783
+ p224_felem_square(tmp, ftmp);
784
+ p224_felem_reduce(ftmp, tmp);
785
+
786
+ // ftmp5 = (z1^2*x2 - z2^2*x1)^3
787
+ p224_felem_mul(tmp, ftmp, ftmp5);
788
+ p224_felem_reduce(ftmp5, tmp);
789
+
790
+ // ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2
791
+ p224_felem_mul(tmp, ftmp2, ftmp);
792
+ p224_felem_reduce(ftmp2, tmp);
793
+
794
+ // tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3
795
+ p224_felem_mul(tmp, ftmp4, ftmp5);
796
+ // tmp[i] < 4 * 2^57 * 2^57 = 2^116
797
+
798
+ // tmp2 = (z1^3*y2 - z2^3*y1)^2
799
+ p224_felem_square(tmp2, ftmp3);
800
+ // tmp2[i] < 4 * 2^57 * 2^57 < 2^116
801
+
802
+ // tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3
803
+ p224_felem_diff_128_64(tmp2, ftmp5);
804
+ // tmp2[i] < 2^116 + 2^64 + 8 < 2^117
805
+
806
+ // ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
807
+ p224_felem_assign(ftmp5, ftmp2);
808
+ p224_felem_scalar(ftmp5, 2);
809
+ // ftmp5[i] < 2 * 2^57 = 2^58
810
+
811
+ /* x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
812
+ 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
813
+ p224_felem_diff_128_64(tmp2, ftmp5);
814
+ // tmp2[i] < 2^117 + 2^64 + 8 < 2^118
815
+ p224_felem_reduce(x_out, tmp2);
816
+
817
+ // ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out
818
+ p224_felem_diff(ftmp2, x_out);
819
+ // ftmp2[i] < 2^57 + 2^58 + 2 < 2^59
820
+
821
+ // tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out)
822
+ p224_felem_mul(tmp2, ftmp3, ftmp2);
823
+ // tmp2[i] < 4 * 2^57 * 2^59 = 2^118
824
+
825
+ /* y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
826
+ z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
827
+ p224_widefelem_diff(tmp2, tmp);
828
+ // tmp2[i] < 2^118 + 2^120 < 2^121
829
+ p224_felem_reduce(y_out, tmp2);
830
+
831
+ // the result (x_out, y_out, z_out) is incorrect if one of the inputs is
832
+ // the point at infinity, so we need to check for this separately
833
+
834
+ // if point 1 is at infinity, copy point 2 to output, and vice versa
835
+ p224_copy_conditional(x_out, x2, z1_is_zero);
836
+ p224_copy_conditional(x_out, x1, z2_is_zero);
837
+ p224_copy_conditional(y_out, y2, z1_is_zero);
838
+ p224_copy_conditional(y_out, y1, z2_is_zero);
839
+ p224_copy_conditional(z_out, z2, z1_is_zero);
840
+ p224_copy_conditional(z_out, z1, z2_is_zero);
841
+ p224_felem_assign(x3, x_out);
842
+ p224_felem_assign(y3, y_out);
843
+ p224_felem_assign(z3, z_out);
844
+ }
845
+
846
+ // p224_select_point selects the |idx|th point from a precomputation table and
847
+ // copies it to out.
848
+ static void p224_select_point(const uint64_t idx, size_t size,
849
+ const p224_felem pre_comp[/*size*/][3],
850
+ p224_felem out[3]) {
851
+ p224_limb *outlimbs = &out[0][0];
852
+ OPENSSL_memset(outlimbs, 0, 3 * sizeof(p224_felem));
853
+
854
+ for (size_t i = 0; i < size; i++) {
855
+ const p224_limb *inlimbs = &pre_comp[i][0][0];
856
+ uint64_t mask = i ^ idx;
857
+ mask |= mask >> 4;
858
+ mask |= mask >> 2;
859
+ mask |= mask >> 1;
860
+ mask &= 1;
861
+ mask--;
862
+ for (size_t j = 0; j < 4 * 3; j++) {
863
+ outlimbs[j] |= inlimbs[j] & mask;
864
+ }
865
+ }
866
+ }
867
+
868
+ // p224_get_bit returns the |i|th bit in |in|
869
+ static char p224_get_bit(const p224_felem_bytearray in, size_t i) {
870
+ if (i >= 224) {
871
+ return 0;
872
+ }
873
+ return (in[i >> 3] >> (i & 7)) & 1;
874
+ }
875
+
876
+ // Takes the Jacobian coordinates (X, Y, Z) of a point and returns
877
+ // (X', Y') = (X/Z^2, Y/Z^3)
878
+ static int ec_GFp_nistp224_point_get_affine_coordinates(
879
+ const EC_GROUP *group, const EC_RAW_POINT *point, EC_FELEM *x,
880
+ EC_FELEM *y) {
881
+ if (ec_GFp_simple_is_at_infinity(group, point)) {
882
+ OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
883
+ return 0;
884
+ }
885
+
886
+ p224_felem z1, z2;
887
+ p224_widefelem tmp;
888
+ p224_generic_to_felem(z1, &point->Z);
889
+ p224_felem_inv(z2, z1);
890
+ p224_felem_square(tmp, z2);
891
+ p224_felem_reduce(z1, tmp);
892
+
893
+ if (x != NULL) {
894
+ p224_felem x_in, x_out;
895
+ p224_generic_to_felem(x_in, &point->X);
896
+ p224_felem_mul(tmp, x_in, z1);
897
+ p224_felem_reduce(x_out, tmp);
898
+ p224_felem_to_generic(x, x_out);
899
+ }
900
+
901
+ if (y != NULL) {
902
+ p224_felem y_in, y_out;
903
+ p224_generic_to_felem(y_in, &point->Y);
904
+ p224_felem_mul(tmp, z1, z2);
905
+ p224_felem_reduce(z1, tmp);
906
+ p224_felem_mul(tmp, y_in, z1);
907
+ p224_felem_reduce(y_out, tmp);
908
+ p224_felem_to_generic(y, y_out);
909
+ }
910
+
911
+ return 1;
912
+ }
913
+
914
+ static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_RAW_POINT *r,
915
+ const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
916
+ p224_felem x1, y1, z1, x2, y2, z2;
917
+ p224_generic_to_felem(x1, &a->X);
918
+ p224_generic_to_felem(y1, &a->Y);
919
+ p224_generic_to_felem(z1, &a->Z);
920
+ p224_generic_to_felem(x2, &b->X);
921
+ p224_generic_to_felem(y2, &b->Y);
922
+ p224_generic_to_felem(z2, &b->Z);
923
+ p224_point_add(x1, y1, z1, x1, y1, z1, 0 /* both Jacobian */, x2, y2, z2);
924
+ // The outputs are already reduced, but still need to be contracted.
925
+ p224_felem_to_generic(&r->X, x1);
926
+ p224_felem_to_generic(&r->Y, y1);
927
+ p224_felem_to_generic(&r->Z, z1);
928
+ }
929
+
930
+ static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
931
+ const EC_RAW_POINT *a) {
932
+ p224_felem x, y, z;
933
+ p224_generic_to_felem(x, &a->X);
934
+ p224_generic_to_felem(y, &a->Y);
935
+ p224_generic_to_felem(z, &a->Z);
936
+ p224_point_double(x, y, z, x, y, z);
937
+ // The outputs are already reduced, but still need to be contracted.
938
+ p224_felem_to_generic(&r->X, x);
939
+ p224_felem_to_generic(&r->Y, y);
940
+ p224_felem_to_generic(&r->Z, z);
941
+ }
942
+
943
+ static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
944
+ const EC_RAW_POINT *p) {
945
+ OPENSSL_memset(out[0], 0, sizeof(p224_felem) * 3);
946
+
947
+ p224_generic_to_felem(out[1][0], &p->X);
948
+ p224_generic_to_felem(out[1][1], &p->Y);
949
+ p224_generic_to_felem(out[1][2], &p->Z);
950
+
951
+ for (size_t j = 2; j <= 16; ++j) {
952
+ if (j & 1) {
953
+ p224_point_add(out[j][0], out[j][1], out[j][2], out[1][0], out[1][1],
954
+ out[1][2], 0, out[j - 1][0], out[j - 1][1], out[j - 1][2]);
955
+ } else {
956
+ p224_point_double(out[j][0], out[j][1], out[j][2], out[j / 2][0],
957
+ out[j / 2][1], out[j / 2][2]);
958
+ }
959
+ }
960
+ }
961
+
962
+ static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
963
+ const EC_RAW_POINT *p,
964
+ const EC_SCALAR *scalar) {
965
+ p224_felem p_pre_comp[17][3];
966
+ ec_GFp_nistp224_make_precomp(p_pre_comp, p);
967
+
968
+ // Set nq to the point at infinity.
969
+ p224_felem nq[3], tmp[4];
970
+ OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
971
+
972
+ int skip = 1; // Save two point operations in the first round.
973
+ for (size_t i = 220; i < 221; i--) {
974
+ if (!skip) {
975
+ p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
976
+ }
977
+
978
+ // Add every 5 doublings.
979
+ if (i % 5 == 0) {
980
+ uint64_t bits = p224_get_bit(scalar->bytes, i + 4) << 5;
981
+ bits |= p224_get_bit(scalar->bytes, i + 3) << 4;
982
+ bits |= p224_get_bit(scalar->bytes, i + 2) << 3;
983
+ bits |= p224_get_bit(scalar->bytes, i + 1) << 2;
984
+ bits |= p224_get_bit(scalar->bytes, i) << 1;
985
+ bits |= p224_get_bit(scalar->bytes, i - 1);
986
+ uint8_t sign, digit;
987
+ ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
988
+
989
+ // Select the point to add or subtract.
990
+ p224_select_point(digit, 17, (const p224_felem(*)[3])p_pre_comp, tmp);
991
+ p224_felem_neg(tmp[3], tmp[1]); // (X, -Y, Z) is the negative point
992
+ p224_copy_conditional(tmp[1], tmp[3], sign);
993
+
994
+ if (!skip) {
995
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
996
+ tmp[0], tmp[1], tmp[2]);
997
+ } else {
998
+ OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
999
+ skip = 0;
1000
+ }
1001
+ }
1002
+ }
1003
+
1004
+ // Reduce the output to its unique minimal representation.
1005
+ p224_felem_to_generic(&r->X, nq[0]);
1006
+ p224_felem_to_generic(&r->Y, nq[1]);
1007
+ p224_felem_to_generic(&r->Z, nq[2]);
1008
+ }
1009
+
1010
+ static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
1011
+ EC_RAW_POINT *r,
1012
+ const EC_SCALAR *scalar) {
1013
+ // Set nq to the point at infinity.
1014
+ p224_felem nq[3], tmp[3];
1015
+ OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
1016
+
1017
+ int skip = 1; // Save two point operations in the first round.
1018
+ for (size_t i = 27; i < 28; i--) {
1019
+ // double
1020
+ if (!skip) {
1021
+ p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
1022
+ }
1023
+
1024
+ // First, look 28 bits upwards.
1025
+ uint64_t bits = p224_get_bit(scalar->bytes, i + 196) << 3;
1026
+ bits |= p224_get_bit(scalar->bytes, i + 140) << 2;
1027
+ bits |= p224_get_bit(scalar->bytes, i + 84) << 1;
1028
+ bits |= p224_get_bit(scalar->bytes, i + 28);
1029
+ // Select the point to add, in constant time.
1030
+ p224_select_point(bits, 16, g_p224_pre_comp[1], tmp);
1031
+
1032
+ if (!skip) {
1033
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
1034
+ tmp[0], tmp[1], tmp[2]);
1035
+ } else {
1036
+ OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
1037
+ skip = 0;
1038
+ }
1039
+
1040
+ // Second, look at the current position/
1041
+ bits = p224_get_bit(scalar->bytes, i + 168) << 3;
1042
+ bits |= p224_get_bit(scalar->bytes, i + 112) << 2;
1043
+ bits |= p224_get_bit(scalar->bytes, i + 56) << 1;
1044
+ bits |= p224_get_bit(scalar->bytes, i);
1045
+ // Select the point to add, in constant time.
1046
+ p224_select_point(bits, 16, g_p224_pre_comp[0], tmp);
1047
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
1048
+ tmp[0], tmp[1], tmp[2]);
1049
+ }
1050
+
1051
+ // Reduce the output to its unique minimal representation.
1052
+ p224_felem_to_generic(&r->X, nq[0]);
1053
+ p224_felem_to_generic(&r->Y, nq[1]);
1054
+ p224_felem_to_generic(&r->Z, nq[2]);
1055
+ }
1056
+
1057
+ static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group,
1058
+ EC_RAW_POINT *r,
1059
+ const EC_SCALAR *g_scalar,
1060
+ const EC_RAW_POINT *p,
1061
+ const EC_SCALAR *p_scalar) {
1062
+ // TODO(davidben): If P-224 ECDSA verify performance ever matters, using
1063
+ // |ec_compute_wNAF| for |p_scalar| would likely be an easy improvement.
1064
+ p224_felem p_pre_comp[17][3];
1065
+ ec_GFp_nistp224_make_precomp(p_pre_comp, p);
1066
+
1067
+ // Set nq to the point at infinity.
1068
+ p224_felem nq[3], tmp[3];
1069
+ OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
1070
+
1071
+ // Loop over both scalars msb-to-lsb, interleaving additions of multiples of
1072
+ // the generator (two in each of the last 28 rounds) and additions of p (every
1073
+ // 5th round).
1074
+ int skip = 1; // Save two point operations in the first round.
1075
+ for (size_t i = 220; i < 221; i--) {
1076
+ if (!skip) {
1077
+ p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
1078
+ }
1079
+
1080
+ // Add multiples of the generator.
1081
+ if (i <= 27) {
1082
+ // First, look 28 bits upwards.
1083
+ uint64_t bits = p224_get_bit(g_scalar->bytes, i + 196) << 3;
1084
+ bits |= p224_get_bit(g_scalar->bytes, i + 140) << 2;
1085
+ bits |= p224_get_bit(g_scalar->bytes, i + 84) << 1;
1086
+ bits |= p224_get_bit(g_scalar->bytes, i + 28);
1087
+
1088
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
1089
+ g_p224_pre_comp[1][bits][0], g_p224_pre_comp[1][bits][1],
1090
+ g_p224_pre_comp[1][bits][2]);
1091
+ assert(!skip);
1092
+
1093
+ // Second, look at the current position.
1094
+ bits = p224_get_bit(g_scalar->bytes, i + 168) << 3;
1095
+ bits |= p224_get_bit(g_scalar->bytes, i + 112) << 2;
1096
+ bits |= p224_get_bit(g_scalar->bytes, i + 56) << 1;
1097
+ bits |= p224_get_bit(g_scalar->bytes, i);
1098
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
1099
+ g_p224_pre_comp[0][bits][0], g_p224_pre_comp[0][bits][1],
1100
+ g_p224_pre_comp[0][bits][2]);
1101
+ }
1102
+
1103
+ // Incorporate |p_scalar| every 5 doublings.
1104
+ if (i % 5 == 0) {
1105
+ uint64_t bits = p224_get_bit(p_scalar->bytes, i + 4) << 5;
1106
+ bits |= p224_get_bit(p_scalar->bytes, i + 3) << 4;
1107
+ bits |= p224_get_bit(p_scalar->bytes, i + 2) << 3;
1108
+ bits |= p224_get_bit(p_scalar->bytes, i + 1) << 2;
1109
+ bits |= p224_get_bit(p_scalar->bytes, i) << 1;
1110
+ bits |= p224_get_bit(p_scalar->bytes, i - 1);
1111
+ uint8_t sign, digit;
1112
+ ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
1113
+
1114
+ // Select the point to add or subtract.
1115
+ OPENSSL_memcpy(tmp, p_pre_comp[digit], 3 * sizeof(p224_felem));
1116
+ if (sign) {
1117
+ p224_felem_neg(tmp[1], tmp[1]); // (X, -Y, Z) is the negative point
1118
+ }
1119
+
1120
+ if (!skip) {
1121
+ p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
1122
+ tmp[0], tmp[1], tmp[2]);
1123
+ } else {
1124
+ OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
1125
+ skip = 0;
1126
+ }
1127
+ }
1128
+ }
1129
+
1130
+ // Reduce the output to its unique minimal representation.
1131
+ p224_felem_to_generic(&r->X, nq[0]);
1132
+ p224_felem_to_generic(&r->Y, nq[1]);
1133
+ p224_felem_to_generic(&r->Z, nq[2]);
1134
+ }
1135
+
1136
+ static void ec_GFp_nistp224_felem_mul(const EC_GROUP *group, EC_FELEM *r,
1137
+ const EC_FELEM *a, const EC_FELEM *b) {
1138
+ p224_felem felem1, felem2;
1139
+ p224_widefelem wide;
1140
+ p224_generic_to_felem(felem1, a);
1141
+ p224_generic_to_felem(felem2, b);
1142
+ p224_felem_mul(wide, felem1, felem2);
1143
+ p224_felem_reduce(felem1, wide);
1144
+ p224_felem_to_generic(r, felem1);
1145
+ }
1146
+
1147
+ static void ec_GFp_nistp224_felem_sqr(const EC_GROUP *group, EC_FELEM *r,
1148
+ const EC_FELEM *a) {
1149
+ p224_felem felem;
1150
+ p224_generic_to_felem(felem, a);
1151
+ p224_widefelem wide;
1152
+ p224_felem_square(wide, felem);
1153
+ p224_felem_reduce(felem, wide);
1154
+ p224_felem_to_generic(r, felem);
1155
+ }
1156
+
1157
+ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
1158
+ out->group_init = ec_GFp_simple_group_init;
1159
+ out->group_finish = ec_GFp_simple_group_finish;
1160
+ out->group_set_curve = ec_GFp_simple_group_set_curve;
1161
+ out->point_get_affine_coordinates =
1162
+ ec_GFp_nistp224_point_get_affine_coordinates;
1163
+ out->add = ec_GFp_nistp224_add;
1164
+ out->dbl = ec_GFp_nistp224_dbl;
1165
+ out->mul = ec_GFp_nistp224_point_mul;
1166
+ out->mul_base = ec_GFp_nistp224_point_mul_base;
1167
+ out->mul_public = ec_GFp_nistp224_point_mul_public;
1168
+ out->felem_mul = ec_GFp_nistp224_felem_mul;
1169
+ out->felem_sqr = ec_GFp_nistp224_felem_sqr;
1170
+ out->felem_to_bytes = ec_GFp_simple_felem_to_bytes;
1171
+ out->felem_from_bytes = ec_GFp_simple_felem_from_bytes;
1172
+ out->scalar_inv0_montgomery = ec_simple_scalar_inv0_montgomery;
1173
+ out->scalar_to_montgomery_inv_vartime =
1174
+ ec_simple_scalar_to_montgomery_inv_vartime;
1175
+ out->cmp_x_coordinate = ec_GFp_simple_cmp_x_coordinate;
1176
+ }
1177
+
1178
+ #endif // BORINGSSL_HAS_UINT128 && !SMALL