grpc 1.26.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7860 -11139
- data/etc/roots.pem +44 -0
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +59 -24
- data/include/grpc/grpc_security_constants.h +28 -0
- data/include/grpc/impl/codegen/grpc_types.h +38 -21
- data/include/grpc/impl/codegen/port_platform.h +14 -3
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +25 -37
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +273 -264
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +25 -15
- data/src/core/ext/filters/client_channel/lb_policy.cc +20 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +423 -627
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +88 -121
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +28 -57
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +150 -101
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +129 -128
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +186 -135
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +144 -253
- data/src/core/ext/filters/client_channel/service_config.h +32 -109
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1556 -232
- data/src/core/ext/filters/client_channel/xds/xds_api.h +213 -114
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +237 -345
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +34 -46
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +18 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1326 -399
- data/src/core/ext/filters/client_channel/xds/xds_client.h +124 -41
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -138
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +133 -154
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
- data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -29
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
- data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +13 -5
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +34 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
- data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +163 -254
- data/src/core/lib/channel/channelz.h +20 -12
- data/src/core/lib/channel/channelz_registry.cc +52 -77
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +116 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gpr/time_precise.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +30 -36
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +4 -5
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/executor.cc +1 -1
- data/src/core/lib/iomgr/fork_posix.cc +4 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/iomgr/pollset_uv.h +32 -0
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +21 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +15 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.h +3 -0
- data/src/core/lib/iomgr/tcp_posix.cc +608 -56
- data/src/core/lib/iomgr/tcp_server_custom.cc +20 -11
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +13 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/iomgr/timer_generic.h +39 -0
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +209 -68
- data/src/core/lib/json/json_reader.cc +511 -319
- data/src/core/lib/json/json_writer.cc +202 -110
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +19 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +11 -4
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +18 -60
- data/src/core/lib/security/credentials/fake/fake_credentials.h +6 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +92 -61
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +4 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +43 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +47 -11
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +34 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +29 -9
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +5 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +32 -7
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +107 -16
- data/src/core/lib/security/security_connector/ssl_utils.h +24 -11
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +34 -2
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +55 -34
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +44 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +10 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +3 -3
- data/src/core/tsi/fake_transport_security.cc +17 -18
- data/src/core/tsi/fake_transport_security.h +2 -0
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +197 -47
- data/src/core/tsi/ssl_transport_security.h +23 -9
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.cc +13 -0
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.cc +2 -2
- data/src/core/tsi/transport_security_grpc.h +4 -5
- data/src/core/tsi/transport_security_interface.h +15 -3
- data/src/ruby/bin/math_pb.rb +5 -5
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +4 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/grpc/health/v1/health_pb.rb +3 -3
- data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +34 -13
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
- data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
- data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
- data/third_party/abseil-cpp/absl/base/casts.h +184 -0
- data/third_party/abseil-cpp/absl/base/config.h +671 -0
- data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
- data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
- data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
- data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
- data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
- data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
- data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
- data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
- data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
- data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
- data/third_party/abseil-cpp/absl/base/macros.h +220 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
- data/third_party/abseil-cpp/absl/base/options.h +211 -0
- data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
- data/third_party/abseil-cpp/absl/base/port.h +26 -0
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
- data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
- data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
- data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
- data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
- data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
- data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
- data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
- data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
- data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
- data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
- data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
- data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
- data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
- data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
- data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
- data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
- data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
- data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
- data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
- data/third_party/abseil-cpp/absl/strings/match.h +90 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
- data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
- data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
- data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
- data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
- data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
- data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
- data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
- data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
- data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
- data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
- data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
- data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
- data/third_party/abseil-cpp/absl/types/optional.h +776 -0
- data/third_party/abseil-cpp/absl/types/span.h +713 -0
- data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
- data/third_party/boringssl-with-bazel/err_data.c +1439 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
- data/third_party/upb/upb/decode.c +4 -0
- data/third_party/upb/upb/port.c +0 -1
- data/third_party/upb/upb/port_def.inc +1 -3
- data/third_party/upb/upb/table.c +2 -1
- metadata +758 -509
- data/src/boringssl/err_data.c +0 -1407
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1898
- data/src/core/lib/gprpp/inlined_vector.h +0 -246
- data/src/core/lib/gprpp/optional.h +0 -48
- data/src/core/lib/gprpp/string_view.h +0 -165
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/src/core/lib/json/json_common.h +0 -34
- data/src/core/lib/json/json_reader.h +0 -146
- data/src/core/lib/json/json_string.cc +0 -367
- data/src/core/lib/json/json_writer.h +0 -84
- data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +0 -129
- data/src/core/lib/security/credentials/tls/spiffe_credentials.h +0 -62
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +0 -541
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +0 -158
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
- data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
- data/third_party/boringssl/crypto/bio/connect.c +0 -546
- data/third_party/boringssl/crypto/bio/fd.c +0 -280
- data/third_party/boringssl/crypto/bio/file.c +0 -318
- data/third_party/boringssl/crypto/bio/pair.c +0 -489
- data/third_party/boringssl/crypto/buf/buf.c +0 -231
- data/third_party/boringssl/crypto/bytestring/cbb.c +0 -680
- data/third_party/boringssl/crypto/bytestring/cbs.c +0 -631
- data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -883
- data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -219
- data/third_party/boringssl/crypto/cpu-intel.c +0 -282
- data/third_party/boringssl/crypto/crypto.c +0 -215
- data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
- data/third_party/boringssl/crypto/dh/check.c +0 -217
- data/third_party/boringssl/crypto/dh/dh.c +0 -519
- data/third_party/boringssl/crypto/dsa/dsa.c +0 -970
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +0 -96
- data/third_party/boringssl/crypto/ecdh_extra/ecdh_extra.c +0 -124
- data/third_party/boringssl/crypto/err/err.c +0 -849
- data/third_party/boringssl/crypto/evp/p_ec.c +0 -287
- data/third_party/boringssl/crypto/evp/p_rsa.c +0 -636
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +0 -249
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -240
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -108
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -260
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1288
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -691
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -502
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -873
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1069
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1304
- data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -1080
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -479
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -483
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +0 -82
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -503
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -336
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1187
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -651
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -380
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -227
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +0 -122
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -313
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -877
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -451
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -127
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -363
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -481
- data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -879
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1335
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -535
- data/third_party/boringssl/crypto/hrss/hrss.c +0 -2201
- data/third_party/boringssl/crypto/hrss/internal.h +0 -62
- data/third_party/boringssl/crypto/internal.h +0 -814
- data/third_party/boringssl/crypto/mem.c +0 -272
- data/third_party/boringssl/crypto/obj/obj.c +0 -554
- data/third_party/boringssl/crypto/obj/obj_dat.h +0 -11550
- data/third_party/boringssl/crypto/pem/pem_info.c +0 -361
- data/third_party/boringssl/crypto/pem/pem_lib.c +0 -777
- data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
- data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
- data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -219
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -385
- data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
- data/third_party/boringssl/crypto/pool/pool.c +0 -221
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -56
- data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
- data/third_party/boringssl/crypto/siphash/siphash.c +0 -80
- data/third_party/boringssl/crypto/thread_pthread.c +0 -206
- data/third_party/boringssl/crypto/thread_win.c +0 -256
- data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
- data/third_party/boringssl/crypto/x509/by_dir.c +0 -458
- data/third_party/boringssl/crypto/x509/by_file.c +0 -276
- data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
- data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
- data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
- data/third_party/boringssl/crypto/x509/x509_req.c +0 -342
- data/third_party/boringssl/crypto/x509/x509_set.c +0 -169
- data/third_party/boringssl/crypto/x509/x509_trs.c +0 -327
- data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2483
- data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -672
- data/third_party/boringssl/crypto/x509/x509name.c +0 -388
- data/third_party/boringssl/crypto/x509/x_all.c +0 -400
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -629
- data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
- data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -844
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1396
- data/third_party/boringssl/include/openssl/base.h +0 -571
- data/third_party/boringssl/include/openssl/bn.h +0 -1045
- data/third_party/boringssl/include/openssl/buf.h +0 -137
- data/third_party/boringssl/include/openssl/bytestring.h +0 -527
- data/third_party/boringssl/include/openssl/crypto.h +0 -144
- data/third_party/boringssl/include/openssl/dh.h +0 -299
- data/third_party/boringssl/include/openssl/digest.h +0 -330
- data/third_party/boringssl/include/openssl/dsa.h +0 -441
- data/third_party/boringssl/include/openssl/ec.h +0 -417
- data/third_party/boringssl/include/openssl/ec_key.h +0 -370
- data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
- data/third_party/boringssl/include/openssl/err.h +0 -461
- data/third_party/boringssl/include/openssl/evp.h +0 -1030
- data/third_party/boringssl/include/openssl/mem.h +0 -160
- data/third_party/boringssl/include/openssl/nid.h +0 -4245
- data/third_party/boringssl/include/openssl/poly1305.h +0 -51
- data/third_party/boringssl/include/openssl/rand.h +0 -125
- data/third_party/boringssl/include/openssl/rsa.h +0 -787
- data/third_party/boringssl/include/openssl/sha.h +0 -268
- data/third_party/boringssl/include/openssl/ssl.h +0 -5113
- data/third_party/boringssl/include/openssl/tls1.h +0 -634
- data/third_party/boringssl/include/openssl/x509.h +0 -1205
- data/third_party/boringssl/include/openssl/x509_vfy.h +0 -680
- data/third_party/boringssl/ssl/d1_both.cc +0 -842
- data/third_party/boringssl/ssl/d1_lib.cc +0 -268
- data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
- data/third_party/boringssl/ssl/dtls_method.cc +0 -192
- data/third_party/boringssl/ssl/handoff.cc +0 -489
- data/third_party/boringssl/ssl/handshake.cc +0 -691
- data/third_party/boringssl/ssl/handshake_client.cc +0 -1871
- data/third_party/boringssl/ssl/handshake_server.cc +0 -1801
- data/third_party/boringssl/ssl/internal.h +0 -3549
- data/third_party/boringssl/ssl/s3_both.cc +0 -724
- data/third_party/boringssl/ssl/s3_lib.cc +0 -222
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -459
- data/third_party/boringssl/ssl/ssl_asn1.cc +0 -828
- data/third_party/boringssl/ssl/ssl_buffer.cc +0 -287
- data/third_party/boringssl/ssl/ssl_cert.cc +0 -1016
- data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1719
- data/third_party/boringssl/ssl/ssl_lib.cc +0 -3011
- data/third_party/boringssl/ssl/ssl_privkey.cc +0 -824
- data/third_party/boringssl/ssl/ssl_session.cc +0 -1273
- data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
- data/third_party/boringssl/ssl/ssl_versions.cc +0 -394
- data/third_party/boringssl/ssl/t1_enc.cc +0 -361
- data/third_party/boringssl/ssl/t1_lib.cc +0 -4036
- data/third_party/boringssl/ssl/tls13_both.cc +0 -689
- data/third_party/boringssl/ssl/tls13_client.cc +0 -947
- data/third_party/boringssl/ssl/tls13_enc.cc +0 -561
- data/third_party/boringssl/ssl/tls13_server.cc +0 -1089
- data/third_party/boringssl/ssl/tls_method.cc +0 -279
- data/third_party/boringssl/ssl/tls_record.cc +0 -698
- data/third_party/boringssl/third_party/fiat/curve25519.c +0 -2167
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +0 -911
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +0 -559
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
- data/third_party/boringssl/third_party/fiat/internal.h +0 -154
- data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
- data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
- data/third_party/boringssl/third_party/fiat/p256_64.h +0 -1217
@@ -0,0 +1,328 @@
|
|
1
|
+
/* Originally written by Bodo Moeller for the OpenSSL project.
|
2
|
+
* ====================================================================
|
3
|
+
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
4
|
+
*
|
5
|
+
* Redistribution and use in source and binary forms, with or without
|
6
|
+
* modification, are permitted provided that the following conditions
|
7
|
+
* are met:
|
8
|
+
*
|
9
|
+
* 1. Redistributions of source code must retain the above copyright
|
10
|
+
* notice, this list of conditions and the following disclaimer.
|
11
|
+
*
|
12
|
+
* 2. Redistributions in binary form must reproduce the above copyright
|
13
|
+
* notice, this list of conditions and the following disclaimer in
|
14
|
+
* the documentation and/or other materials provided with the
|
15
|
+
* distribution.
|
16
|
+
*
|
17
|
+
* 3. All advertising materials mentioning features or use of this
|
18
|
+
* software must display the following acknowledgment:
|
19
|
+
* "This product includes software developed by the OpenSSL Project
|
20
|
+
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
21
|
+
*
|
22
|
+
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
23
|
+
* endorse or promote products derived from this software without
|
24
|
+
* prior written permission. For written permission, please contact
|
25
|
+
* openssl-core@openssl.org.
|
26
|
+
*
|
27
|
+
* 5. Products derived from this software may not be called "OpenSSL"
|
28
|
+
* nor may "OpenSSL" appear in their names without prior written
|
29
|
+
* permission of the OpenSSL Project.
|
30
|
+
*
|
31
|
+
* 6. Redistributions of any form whatsoever must retain the following
|
32
|
+
* acknowledgment:
|
33
|
+
* "This product includes software developed by the OpenSSL Project
|
34
|
+
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
35
|
+
*
|
36
|
+
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
37
|
+
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
38
|
+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
39
|
+
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
40
|
+
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
41
|
+
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
42
|
+
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
43
|
+
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
44
|
+
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
45
|
+
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
46
|
+
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
47
|
+
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
48
|
+
* ====================================================================
|
49
|
+
*
|
50
|
+
* This product includes cryptographic software written by Eric Young
|
51
|
+
* (eay@cryptsoft.com). This product includes software written by Tim
|
52
|
+
* Hudson (tjh@cryptsoft.com).
|
53
|
+
*
|
54
|
+
*/
|
55
|
+
/* ====================================================================
|
56
|
+
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
57
|
+
*
|
58
|
+
* Portions of the attached software ("Contribution") are developed by
|
59
|
+
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
60
|
+
*
|
61
|
+
* The Contribution is licensed pursuant to the OpenSSL open source
|
62
|
+
* license provided above.
|
63
|
+
*
|
64
|
+
* The elliptic curve binary polynomial software is originally written by
|
65
|
+
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
66
|
+
* Laboratories. */
|
67
|
+
|
68
|
+
#include <openssl/ec.h>
|
69
|
+
|
70
|
+
#include <openssl/bn.h>
|
71
|
+
#include <openssl/err.h>
|
72
|
+
|
73
|
+
#include "internal.h"
|
74
|
+
|
75
|
+
|
76
|
+
size_t ec_point_to_bytes(const EC_GROUP *group, const EC_AFFINE *point,
|
77
|
+
point_conversion_form_t form, uint8_t *buf,
|
78
|
+
size_t len) {
|
79
|
+
if (form != POINT_CONVERSION_COMPRESSED &&
|
80
|
+
form != POINT_CONVERSION_UNCOMPRESSED) {
|
81
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FORM);
|
82
|
+
return 0;
|
83
|
+
}
|
84
|
+
|
85
|
+
const size_t field_len = BN_num_bytes(&group->field);
|
86
|
+
size_t output_len = 1 /* type byte */ + field_len;
|
87
|
+
if (form == POINT_CONVERSION_UNCOMPRESSED) {
|
88
|
+
// Uncompressed points have a second coordinate.
|
89
|
+
output_len += field_len;
|
90
|
+
}
|
91
|
+
|
92
|
+
// if 'buf' is NULL, just return required length
|
93
|
+
if (buf != NULL) {
|
94
|
+
if (len < output_len) {
|
95
|
+
OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
|
96
|
+
return 0;
|
97
|
+
}
|
98
|
+
|
99
|
+
size_t field_len_out;
|
100
|
+
ec_felem_to_bytes(group, buf + 1, &field_len_out, &point->X);
|
101
|
+
assert(field_len_out == field_len);
|
102
|
+
|
103
|
+
if (form == POINT_CONVERSION_UNCOMPRESSED) {
|
104
|
+
ec_felem_to_bytes(group, buf + 1 + field_len, &field_len_out, &point->Y);
|
105
|
+
assert(field_len_out == field_len);
|
106
|
+
buf[0] = form;
|
107
|
+
} else {
|
108
|
+
uint8_t y_buf[EC_MAX_BYTES];
|
109
|
+
ec_felem_to_bytes(group, y_buf, &field_len_out, &point->Y);
|
110
|
+
buf[0] = form + (y_buf[field_len_out - 1] & 1);
|
111
|
+
}
|
112
|
+
}
|
113
|
+
|
114
|
+
return output_len;
|
115
|
+
}
|
116
|
+
|
117
|
+
int ec_point_from_uncompressed(const EC_GROUP *group, EC_AFFINE *out,
|
118
|
+
const uint8_t *in, size_t len) {
|
119
|
+
const size_t field_len = BN_num_bytes(&group->field);
|
120
|
+
if (len != 1 + 2 * field_len || in[0] != POINT_CONVERSION_UNCOMPRESSED) {
|
121
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
|
122
|
+
return 0;
|
123
|
+
}
|
124
|
+
|
125
|
+
EC_FELEM x, y;
|
126
|
+
if (!ec_felem_from_bytes(group, &x, in + 1, field_len) ||
|
127
|
+
!ec_felem_from_bytes(group, &y, in + 1 + field_len, field_len) ||
|
128
|
+
!ec_point_set_affine_coordinates(group, out, &x, &y)) {
|
129
|
+
return 0;
|
130
|
+
}
|
131
|
+
|
132
|
+
return 1;
|
133
|
+
}
|
134
|
+
|
135
|
+
static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
136
|
+
const uint8_t *buf, size_t len,
|
137
|
+
BN_CTX *ctx) {
|
138
|
+
if (len == 0) {
|
139
|
+
OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
|
140
|
+
return 0;
|
141
|
+
}
|
142
|
+
|
143
|
+
point_conversion_form_t form = buf[0];
|
144
|
+
if (form == POINT_CONVERSION_UNCOMPRESSED) {
|
145
|
+
EC_AFFINE affine;
|
146
|
+
if (!ec_point_from_uncompressed(group, &affine, buf, len)) {
|
147
|
+
// In the event of an error, defend against the caller not checking the
|
148
|
+
// return value by setting a known safe value.
|
149
|
+
ec_set_to_safe_point(group, &point->raw);
|
150
|
+
return 0;
|
151
|
+
}
|
152
|
+
ec_affine_to_jacobian(group, &point->raw, &affine);
|
153
|
+
return 1;
|
154
|
+
}
|
155
|
+
|
156
|
+
const int y_bit = form & 1;
|
157
|
+
const size_t field_len = BN_num_bytes(&group->field);
|
158
|
+
form = form & ~1u;
|
159
|
+
if (form != POINT_CONVERSION_COMPRESSED ||
|
160
|
+
len != 1 /* type byte */ + field_len) {
|
161
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
|
162
|
+
return 0;
|
163
|
+
}
|
164
|
+
|
165
|
+
// TODO(davidben): Integrate compressed coordinates with the lower-level EC
|
166
|
+
// abstractions. This requires a way to compute square roots, which is tricky
|
167
|
+
// for primes which are not 3 (mod 4), namely P-224 and custom curves. P-224's
|
168
|
+
// prime is particularly inconvenient for compressed coordinates. See
|
169
|
+
// https://cr.yp.to/papers/sqroot.pdf
|
170
|
+
BN_CTX *new_ctx = NULL;
|
171
|
+
if (ctx == NULL) {
|
172
|
+
ctx = new_ctx = BN_CTX_new();
|
173
|
+
if (ctx == NULL) {
|
174
|
+
return 0;
|
175
|
+
}
|
176
|
+
}
|
177
|
+
|
178
|
+
int ret = 0;
|
179
|
+
BN_CTX_start(ctx);
|
180
|
+
BIGNUM *x = BN_CTX_get(ctx);
|
181
|
+
if (x == NULL || !BN_bin2bn(buf + 1, field_len, x)) {
|
182
|
+
goto err;
|
183
|
+
}
|
184
|
+
if (BN_ucmp(x, &group->field) >= 0) {
|
185
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
|
186
|
+
goto err;
|
187
|
+
}
|
188
|
+
|
189
|
+
if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) {
|
190
|
+
goto err;
|
191
|
+
}
|
192
|
+
|
193
|
+
ret = 1;
|
194
|
+
|
195
|
+
err:
|
196
|
+
BN_CTX_end(ctx);
|
197
|
+
BN_CTX_free(new_ctx);
|
198
|
+
return ret;
|
199
|
+
}
|
200
|
+
|
201
|
+
int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
|
202
|
+
const uint8_t *buf, size_t len, BN_CTX *ctx) {
|
203
|
+
if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
|
204
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
|
205
|
+
return 0;
|
206
|
+
}
|
207
|
+
return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
|
208
|
+
}
|
209
|
+
|
210
|
+
size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
|
211
|
+
point_conversion_form_t form, uint8_t *buf,
|
212
|
+
size_t len, BN_CTX *ctx) {
|
213
|
+
if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
|
214
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
|
215
|
+
return 0;
|
216
|
+
}
|
217
|
+
EC_AFFINE affine;
|
218
|
+
if (!ec_jacobian_to_affine(group, &affine, &point->raw)) {
|
219
|
+
return 0;
|
220
|
+
}
|
221
|
+
return ec_point_to_bytes(group, &affine, form, buf, len);
|
222
|
+
}
|
223
|
+
|
224
|
+
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
|
225
|
+
EC_POINT *point, const BIGNUM *x,
|
226
|
+
int y_bit, BN_CTX *ctx) {
|
227
|
+
if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
|
228
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
|
229
|
+
return 0;
|
230
|
+
}
|
231
|
+
|
232
|
+
if (BN_is_negative(x) || BN_cmp(x, &group->field) >= 0) {
|
233
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT);
|
234
|
+
return 0;
|
235
|
+
}
|
236
|
+
|
237
|
+
BN_CTX *new_ctx = NULL;
|
238
|
+
int ret = 0;
|
239
|
+
|
240
|
+
ERR_clear_error();
|
241
|
+
|
242
|
+
if (ctx == NULL) {
|
243
|
+
ctx = new_ctx = BN_CTX_new();
|
244
|
+
if (ctx == NULL) {
|
245
|
+
return 0;
|
246
|
+
}
|
247
|
+
}
|
248
|
+
|
249
|
+
y_bit = (y_bit != 0);
|
250
|
+
|
251
|
+
BN_CTX_start(ctx);
|
252
|
+
BIGNUM *tmp1 = BN_CTX_get(ctx);
|
253
|
+
BIGNUM *tmp2 = BN_CTX_get(ctx);
|
254
|
+
BIGNUM *a = BN_CTX_get(ctx);
|
255
|
+
BIGNUM *b = BN_CTX_get(ctx);
|
256
|
+
BIGNUM *y = BN_CTX_get(ctx);
|
257
|
+
if (y == NULL ||
|
258
|
+
!EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) {
|
259
|
+
goto err;
|
260
|
+
}
|
261
|
+
|
262
|
+
// Recover y. We have a Weierstrass equation
|
263
|
+
// y^2 = x^3 + a*x + b,
|
264
|
+
// so y is one of the square roots of x^3 + a*x + b.
|
265
|
+
|
266
|
+
// tmp1 := x^3
|
267
|
+
if (!BN_mod_sqr(tmp2, x, &group->field, ctx) ||
|
268
|
+
!BN_mod_mul(tmp1, tmp2, x, &group->field, ctx)) {
|
269
|
+
goto err;
|
270
|
+
}
|
271
|
+
|
272
|
+
// tmp1 := tmp1 + a*x
|
273
|
+
if (group->a_is_minus3) {
|
274
|
+
if (!bn_mod_lshift1_consttime(tmp2, x, &group->field, ctx) ||
|
275
|
+
!bn_mod_add_consttime(tmp2, tmp2, x, &group->field, ctx) ||
|
276
|
+
!bn_mod_sub_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
|
277
|
+
goto err;
|
278
|
+
}
|
279
|
+
} else {
|
280
|
+
if (!BN_mod_mul(tmp2, a, x, &group->field, ctx) ||
|
281
|
+
!bn_mod_add_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
|
282
|
+
goto err;
|
283
|
+
}
|
284
|
+
}
|
285
|
+
|
286
|
+
// tmp1 := tmp1 + b
|
287
|
+
if (!bn_mod_add_consttime(tmp1, tmp1, b, &group->field, ctx)) {
|
288
|
+
goto err;
|
289
|
+
}
|
290
|
+
|
291
|
+
if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
|
292
|
+
unsigned long err = ERR_peek_last_error();
|
293
|
+
|
294
|
+
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
|
295
|
+
ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
|
296
|
+
ERR_clear_error();
|
297
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT);
|
298
|
+
} else {
|
299
|
+
OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
|
300
|
+
}
|
301
|
+
goto err;
|
302
|
+
}
|
303
|
+
|
304
|
+
if (y_bit != BN_is_odd(y)) {
|
305
|
+
if (BN_is_zero(y)) {
|
306
|
+
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSION_BIT);
|
307
|
+
goto err;
|
308
|
+
}
|
309
|
+
if (!BN_usub(y, &group->field, y)) {
|
310
|
+
goto err;
|
311
|
+
}
|
312
|
+
}
|
313
|
+
if (y_bit != BN_is_odd(y)) {
|
314
|
+
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
|
315
|
+
goto err;
|
316
|
+
}
|
317
|
+
|
318
|
+
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) {
|
319
|
+
goto err;
|
320
|
+
}
|
321
|
+
|
322
|
+
ret = 1;
|
323
|
+
|
324
|
+
err:
|
325
|
+
BN_CTX_end(ctx);
|
326
|
+
BN_CTX_free(new_ctx);
|
327
|
+
return ret;
|
328
|
+
}
|
@@ -0,0 +1,1178 @@
|
|
1
|
+
/* Copyright (c) 2015, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
// A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
|
16
|
+
//
|
17
|
+
// Inspired by Daniel J. Bernstein's public domain nistp224 implementation
|
18
|
+
// and Adam Langley's public domain 64-bit C implementation of curve25519.
|
19
|
+
|
20
|
+
#include <openssl/base.h>
|
21
|
+
|
22
|
+
#include <openssl/bn.h>
|
23
|
+
#include <openssl/ec.h>
|
24
|
+
#include <openssl/err.h>
|
25
|
+
#include <openssl/mem.h>
|
26
|
+
|
27
|
+
#include <string.h>
|
28
|
+
|
29
|
+
#include "internal.h"
|
30
|
+
#include "../delocate.h"
|
31
|
+
#include "../../internal.h"
|
32
|
+
|
33
|
+
|
34
|
+
#if defined(BORINGSSL_HAS_UINT128) && !defined(OPENSSL_SMALL)
|
35
|
+
|
36
|
+
// Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
|
37
|
+
// using 64-bit coefficients called 'limbs', and sometimes (for multiplication
|
38
|
+
// results) as b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 +
|
39
|
+
// 2^336*b_6 using 128-bit coefficients called 'widelimbs'. A 4-p224_limb
|
40
|
+
// representation is an 'p224_felem'; a 7-p224_widelimb representation is a
|
41
|
+
// 'p224_widefelem'. Even within felems, bits of adjacent limbs overlap, and we
|
42
|
+
// don't always reduce the representations: we ensure that inputs to each
|
43
|
+
// p224_felem multiplication satisfy a_i < 2^60, so outputs satisfy b_i <
|
44
|
+
// 4*2^60*2^60, and fit into a 128-bit word without overflow. The coefficients
|
45
|
+
// are then again partially reduced to obtain an p224_felem satisfying a_i <
|
46
|
+
// 2^57. We only reduce to the unique minimal representation at the end of the
|
47
|
+
// computation.
|
48
|
+
|
49
|
+
typedef uint64_t p224_limb;
|
50
|
+
typedef uint128_t p224_widelimb;
|
51
|
+
|
52
|
+
typedef p224_limb p224_felem[4];
|
53
|
+
typedef p224_widelimb p224_widefelem[7];
|
54
|
+
|
55
|
+
// Field element represented as a byte arrary. 28*8 = 224 bits is also the
|
56
|
+
// group order size for the elliptic curve, and we also use this type for
|
57
|
+
// scalars for point multiplication.
|
58
|
+
typedef uint8_t p224_felem_bytearray[28];
|
59
|
+
|
60
|
+
// Precomputed multiples of the standard generator
|
61
|
+
// Points are given in coordinates (X, Y, Z) where Z normally is 1
|
62
|
+
// (0 for the point at infinity).
|
63
|
+
// For each field element, slice a_0 is word 0, etc.
|
64
|
+
//
|
65
|
+
// The table has 2 * 16 elements, starting with the following:
|
66
|
+
// index | bits | point
|
67
|
+
// ------+---------+------------------------------
|
68
|
+
// 0 | 0 0 0 0 | 0G
|
69
|
+
// 1 | 0 0 0 1 | 1G
|
70
|
+
// 2 | 0 0 1 0 | 2^56G
|
71
|
+
// 3 | 0 0 1 1 | (2^56 + 1)G
|
72
|
+
// 4 | 0 1 0 0 | 2^112G
|
73
|
+
// 5 | 0 1 0 1 | (2^112 + 1)G
|
74
|
+
// 6 | 0 1 1 0 | (2^112 + 2^56)G
|
75
|
+
// 7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
|
76
|
+
// 8 | 1 0 0 0 | 2^168G
|
77
|
+
// 9 | 1 0 0 1 | (2^168 + 1)G
|
78
|
+
// 10 | 1 0 1 0 | (2^168 + 2^56)G
|
79
|
+
// 11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
|
80
|
+
// 12 | 1 1 0 0 | (2^168 + 2^112)G
|
81
|
+
// 13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
|
82
|
+
// 14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
|
83
|
+
// 15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
|
84
|
+
// followed by a copy of this with each element multiplied by 2^28.
|
85
|
+
//
|
86
|
+
// The reason for this is so that we can clock bits into four different
|
87
|
+
// locations when doing simple scalar multiplies against the base point,
|
88
|
+
// and then another four locations using the second 16 elements.
|
89
|
+
static const p224_felem g_p224_pre_comp[2][16][3] = {
|
90
|
+
{{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}},
|
91
|
+
{{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
|
92
|
+
{0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
|
93
|
+
{1, 0, 0, 0}},
|
94
|
+
{{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
|
95
|
+
{0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
|
96
|
+
{1, 0, 0, 0}},
|
97
|
+
{{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
|
98
|
+
{0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
|
99
|
+
{1, 0, 0, 0}},
|
100
|
+
{{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
|
101
|
+
{0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
|
102
|
+
{1, 0, 0, 0}},
|
103
|
+
{{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
|
104
|
+
{0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
|
105
|
+
{1, 0, 0, 0}},
|
106
|
+
{{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
|
107
|
+
{0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
|
108
|
+
{1, 0, 0, 0}},
|
109
|
+
{{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
|
110
|
+
{0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
|
111
|
+
{1, 0, 0, 0}},
|
112
|
+
{{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
|
113
|
+
{0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
|
114
|
+
{1, 0, 0, 0}},
|
115
|
+
{{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
|
116
|
+
{0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
|
117
|
+
{1, 0, 0, 0}},
|
118
|
+
{{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
|
119
|
+
{0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
|
120
|
+
{1, 0, 0, 0}},
|
121
|
+
{{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
|
122
|
+
{0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
|
123
|
+
{1, 0, 0, 0}},
|
124
|
+
{{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
|
125
|
+
{0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
|
126
|
+
{1, 0, 0, 0}},
|
127
|
+
{{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
|
128
|
+
{0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
|
129
|
+
{1, 0, 0, 0}},
|
130
|
+
{{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
|
131
|
+
{0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
|
132
|
+
{1, 0, 0, 0}},
|
133
|
+
{{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
|
134
|
+
{0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
|
135
|
+
{1, 0, 0, 0}}},
|
136
|
+
{{{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}},
|
137
|
+
{{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
|
138
|
+
{0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
|
139
|
+
{1, 0, 0, 0}},
|
140
|
+
{{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
|
141
|
+
{0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
|
142
|
+
{1, 0, 0, 0}},
|
143
|
+
{{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
|
144
|
+
{0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
|
145
|
+
{1, 0, 0, 0}},
|
146
|
+
{{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
|
147
|
+
{0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
|
148
|
+
{1, 0, 0, 0}},
|
149
|
+
{{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
|
150
|
+
{0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
|
151
|
+
{1, 0, 0, 0}},
|
152
|
+
{{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
|
153
|
+
{0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
|
154
|
+
{1, 0, 0, 0}},
|
155
|
+
{{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
|
156
|
+
{0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
|
157
|
+
{1, 0, 0, 0}},
|
158
|
+
{{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
|
159
|
+
{0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
|
160
|
+
{1, 0, 0, 0}},
|
161
|
+
{{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
|
162
|
+
{0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
|
163
|
+
{1, 0, 0, 0}},
|
164
|
+
{{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
|
165
|
+
{0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
|
166
|
+
{1, 0, 0, 0}},
|
167
|
+
{{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
|
168
|
+
{0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
|
169
|
+
{1, 0, 0, 0}},
|
170
|
+
{{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
|
171
|
+
{0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
|
172
|
+
{1, 0, 0, 0}},
|
173
|
+
{{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
|
174
|
+
{0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
|
175
|
+
{1, 0, 0, 0}},
|
176
|
+
{{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
|
177
|
+
{0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
|
178
|
+
{1, 0, 0, 0}},
|
179
|
+
{{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
|
180
|
+
{0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
|
181
|
+
{1, 0, 0, 0}}}};
|
182
|
+
|
183
|
+
static uint64_t p224_load_u64(const uint8_t in[8]) {
|
184
|
+
uint64_t ret;
|
185
|
+
OPENSSL_memcpy(&ret, in, sizeof(ret));
|
186
|
+
return ret;
|
187
|
+
}
|
188
|
+
|
189
|
+
// Helper functions to convert field elements to/from internal representation
|
190
|
+
static void p224_bin28_to_felem(p224_felem out, const uint8_t in[28]) {
|
191
|
+
out[0] = p224_load_u64(in) & 0x00ffffffffffffff;
|
192
|
+
out[1] = p224_load_u64(in + 7) & 0x00ffffffffffffff;
|
193
|
+
out[2] = p224_load_u64(in + 14) & 0x00ffffffffffffff;
|
194
|
+
out[3] = p224_load_u64(in + 20) >> 8;
|
195
|
+
}
|
196
|
+
|
197
|
+
static void p224_felem_to_bin28(uint8_t out[28], const p224_felem in) {
|
198
|
+
for (size_t i = 0; i < 7; ++i) {
|
199
|
+
out[i] = in[0] >> (8 * i);
|
200
|
+
out[i + 7] = in[1] >> (8 * i);
|
201
|
+
out[i + 14] = in[2] >> (8 * i);
|
202
|
+
out[i + 21] = in[3] >> (8 * i);
|
203
|
+
}
|
204
|
+
}
|
205
|
+
|
206
|
+
static void p224_generic_to_felem(p224_felem out, const EC_FELEM *in) {
|
207
|
+
p224_bin28_to_felem(out, in->bytes);
|
208
|
+
}
|
209
|
+
|
210
|
+
// Requires 0 <= in < 2*p (always call p224_felem_reduce first)
|
211
|
+
static void p224_felem_to_generic(EC_FELEM *out, const p224_felem in) {
|
212
|
+
// Reduce to unique minimal representation.
|
213
|
+
static const int64_t two56 = ((p224_limb)1) << 56;
|
214
|
+
// 0 <= in < 2*p, p = 2^224 - 2^96 + 1
|
215
|
+
// if in > p , reduce in = in - 2^224 + 2^96 - 1
|
216
|
+
int64_t tmp[4], a;
|
217
|
+
tmp[0] = in[0];
|
218
|
+
tmp[1] = in[1];
|
219
|
+
tmp[2] = in[2];
|
220
|
+
tmp[3] = in[3];
|
221
|
+
// Case 1: a = 1 iff in >= 2^224
|
222
|
+
a = (in[3] >> 56);
|
223
|
+
tmp[0] -= a;
|
224
|
+
tmp[1] += a << 40;
|
225
|
+
tmp[3] &= 0x00ffffffffffffff;
|
226
|
+
// Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 and
|
227
|
+
// the lower part is non-zero
|
228
|
+
a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
|
229
|
+
(((int64_t)(in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
|
230
|
+
a &= 0x00ffffffffffffff;
|
231
|
+
// turn a into an all-one mask (if a = 0) or an all-zero mask
|
232
|
+
a = (a - 1) >> 63;
|
233
|
+
// subtract 2^224 - 2^96 + 1 if a is all-one
|
234
|
+
tmp[3] &= a ^ 0xffffffffffffffff;
|
235
|
+
tmp[2] &= a ^ 0xffffffffffffffff;
|
236
|
+
tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
|
237
|
+
tmp[0] -= 1 & a;
|
238
|
+
|
239
|
+
// eliminate negative coefficients: if tmp[0] is negative, tmp[1] must
|
240
|
+
// be non-zero, so we only need one step
|
241
|
+
a = tmp[0] >> 63;
|
242
|
+
tmp[0] += two56 & a;
|
243
|
+
tmp[1] -= 1 & a;
|
244
|
+
|
245
|
+
// carry 1 -> 2 -> 3
|
246
|
+
tmp[2] += tmp[1] >> 56;
|
247
|
+
tmp[1] &= 0x00ffffffffffffff;
|
248
|
+
|
249
|
+
tmp[3] += tmp[2] >> 56;
|
250
|
+
tmp[2] &= 0x00ffffffffffffff;
|
251
|
+
|
252
|
+
// Now 0 <= tmp < p
|
253
|
+
p224_felem tmp2;
|
254
|
+
tmp2[0] = tmp[0];
|
255
|
+
tmp2[1] = tmp[1];
|
256
|
+
tmp2[2] = tmp[2];
|
257
|
+
tmp2[3] = tmp[3];
|
258
|
+
|
259
|
+
p224_felem_to_bin28(out->bytes, tmp2);
|
260
|
+
// 224 is not a multiple of 64, so zero the remaining bytes.
|
261
|
+
OPENSSL_memset(out->bytes + 28, 0, 32 - 28);
|
262
|
+
}
|
263
|
+
|
264
|
+
|
265
|
+
// Field operations, using the internal representation of field elements.
|
266
|
+
// NB! These operations are specific to our point multiplication and cannot be
|
267
|
+
// expected to be correct in general - e.g., multiplication with a large scalar
|
268
|
+
// will cause an overflow.
|
269
|
+
|
270
|
+
static void p224_felem_assign(p224_felem out, const p224_felem in) {
|
271
|
+
out[0] = in[0];
|
272
|
+
out[1] = in[1];
|
273
|
+
out[2] = in[2];
|
274
|
+
out[3] = in[3];
|
275
|
+
}
|
276
|
+
|
277
|
+
// Sum two field elements: out += in
|
278
|
+
static void p224_felem_sum(p224_felem out, const p224_felem in) {
|
279
|
+
out[0] += in[0];
|
280
|
+
out[1] += in[1];
|
281
|
+
out[2] += in[2];
|
282
|
+
out[3] += in[3];
|
283
|
+
}
|
284
|
+
|
285
|
+
// Subtract field elements: out -= in
|
286
|
+
// Assumes in[i] < 2^57
|
287
|
+
static void p224_felem_diff(p224_felem out, const p224_felem in) {
|
288
|
+
static const p224_limb two58p2 =
|
289
|
+
(((p224_limb)1) << 58) + (((p224_limb)1) << 2);
|
290
|
+
static const p224_limb two58m2 =
|
291
|
+
(((p224_limb)1) << 58) - (((p224_limb)1) << 2);
|
292
|
+
static const p224_limb two58m42m2 =
|
293
|
+
(((p224_limb)1) << 58) - (((p224_limb)1) << 42) - (((p224_limb)1) << 2);
|
294
|
+
|
295
|
+
// Add 0 mod 2^224-2^96+1 to ensure out > in
|
296
|
+
out[0] += two58p2;
|
297
|
+
out[1] += two58m42m2;
|
298
|
+
out[2] += two58m2;
|
299
|
+
out[3] += two58m2;
|
300
|
+
|
301
|
+
out[0] -= in[0];
|
302
|
+
out[1] -= in[1];
|
303
|
+
out[2] -= in[2];
|
304
|
+
out[3] -= in[3];
|
305
|
+
}
|
306
|
+
|
307
|
+
// Subtract in unreduced 128-bit mode: out -= in
|
308
|
+
// Assumes in[i] < 2^119
|
309
|
+
static void p224_widefelem_diff(p224_widefelem out, const p224_widefelem in) {
|
310
|
+
static const p224_widelimb two120 = ((p224_widelimb)1) << 120;
|
311
|
+
static const p224_widelimb two120m64 =
|
312
|
+
(((p224_widelimb)1) << 120) - (((p224_widelimb)1) << 64);
|
313
|
+
static const p224_widelimb two120m104m64 = (((p224_widelimb)1) << 120) -
|
314
|
+
(((p224_widelimb)1) << 104) -
|
315
|
+
(((p224_widelimb)1) << 64);
|
316
|
+
|
317
|
+
// Add 0 mod 2^224-2^96+1 to ensure out > in
|
318
|
+
out[0] += two120;
|
319
|
+
out[1] += two120m64;
|
320
|
+
out[2] += two120m64;
|
321
|
+
out[3] += two120;
|
322
|
+
out[4] += two120m104m64;
|
323
|
+
out[5] += two120m64;
|
324
|
+
out[6] += two120m64;
|
325
|
+
|
326
|
+
out[0] -= in[0];
|
327
|
+
out[1] -= in[1];
|
328
|
+
out[2] -= in[2];
|
329
|
+
out[3] -= in[3];
|
330
|
+
out[4] -= in[4];
|
331
|
+
out[5] -= in[5];
|
332
|
+
out[6] -= in[6];
|
333
|
+
}
|
334
|
+
|
335
|
+
// Subtract in mixed mode: out128 -= in64
|
336
|
+
// in[i] < 2^63
|
337
|
+
static void p224_felem_diff_128_64(p224_widefelem out, const p224_felem in) {
|
338
|
+
static const p224_widelimb two64p8 =
|
339
|
+
(((p224_widelimb)1) << 64) + (((p224_widelimb)1) << 8);
|
340
|
+
static const p224_widelimb two64m8 =
|
341
|
+
(((p224_widelimb)1) << 64) - (((p224_widelimb)1) << 8);
|
342
|
+
static const p224_widelimb two64m48m8 = (((p224_widelimb)1) << 64) -
|
343
|
+
(((p224_widelimb)1) << 48) -
|
344
|
+
(((p224_widelimb)1) << 8);
|
345
|
+
|
346
|
+
// Add 0 mod 2^224-2^96+1 to ensure out > in
|
347
|
+
out[0] += two64p8;
|
348
|
+
out[1] += two64m48m8;
|
349
|
+
out[2] += two64m8;
|
350
|
+
out[3] += two64m8;
|
351
|
+
|
352
|
+
out[0] -= in[0];
|
353
|
+
out[1] -= in[1];
|
354
|
+
out[2] -= in[2];
|
355
|
+
out[3] -= in[3];
|
356
|
+
}
|
357
|
+
|
358
|
+
// Multiply a field element by a scalar: out = out * scalar
|
359
|
+
// The scalars we actually use are small, so results fit without overflow
|
360
|
+
static void p224_felem_scalar(p224_felem out, const p224_limb scalar) {
|
361
|
+
out[0] *= scalar;
|
362
|
+
out[1] *= scalar;
|
363
|
+
out[2] *= scalar;
|
364
|
+
out[3] *= scalar;
|
365
|
+
}
|
366
|
+
|
367
|
+
// Multiply an unreduced field element by a scalar: out = out * scalar
|
368
|
+
// The scalars we actually use are small, so results fit without overflow
|
369
|
+
static void p224_widefelem_scalar(p224_widefelem out,
|
370
|
+
const p224_widelimb scalar) {
|
371
|
+
out[0] *= scalar;
|
372
|
+
out[1] *= scalar;
|
373
|
+
out[2] *= scalar;
|
374
|
+
out[3] *= scalar;
|
375
|
+
out[4] *= scalar;
|
376
|
+
out[5] *= scalar;
|
377
|
+
out[6] *= scalar;
|
378
|
+
}
|
379
|
+
|
380
|
+
// Square a field element: out = in^2
|
381
|
+
static void p224_felem_square(p224_widefelem out, const p224_felem in) {
|
382
|
+
p224_limb tmp0, tmp1, tmp2;
|
383
|
+
tmp0 = 2 * in[0];
|
384
|
+
tmp1 = 2 * in[1];
|
385
|
+
tmp2 = 2 * in[2];
|
386
|
+
out[0] = ((p224_widelimb)in[0]) * in[0];
|
387
|
+
out[1] = ((p224_widelimb)in[0]) * tmp1;
|
388
|
+
out[2] = ((p224_widelimb)in[0]) * tmp2 + ((p224_widelimb)in[1]) * in[1];
|
389
|
+
out[3] = ((p224_widelimb)in[3]) * tmp0 + ((p224_widelimb)in[1]) * tmp2;
|
390
|
+
out[4] = ((p224_widelimb)in[3]) * tmp1 + ((p224_widelimb)in[2]) * in[2];
|
391
|
+
out[5] = ((p224_widelimb)in[3]) * tmp2;
|
392
|
+
out[6] = ((p224_widelimb)in[3]) * in[3];
|
393
|
+
}
|
394
|
+
|
395
|
+
// Multiply two field elements: out = in1 * in2
|
396
|
+
static void p224_felem_mul(p224_widefelem out, const p224_felem in1,
|
397
|
+
const p224_felem in2) {
|
398
|
+
out[0] = ((p224_widelimb)in1[0]) * in2[0];
|
399
|
+
out[1] = ((p224_widelimb)in1[0]) * in2[1] + ((p224_widelimb)in1[1]) * in2[0];
|
400
|
+
out[2] = ((p224_widelimb)in1[0]) * in2[2] + ((p224_widelimb)in1[1]) * in2[1] +
|
401
|
+
((p224_widelimb)in1[2]) * in2[0];
|
402
|
+
out[3] = ((p224_widelimb)in1[0]) * in2[3] + ((p224_widelimb)in1[1]) * in2[2] +
|
403
|
+
((p224_widelimb)in1[2]) * in2[1] + ((p224_widelimb)in1[3]) * in2[0];
|
404
|
+
out[4] = ((p224_widelimb)in1[1]) * in2[3] + ((p224_widelimb)in1[2]) * in2[2] +
|
405
|
+
((p224_widelimb)in1[3]) * in2[1];
|
406
|
+
out[5] = ((p224_widelimb)in1[2]) * in2[3] + ((p224_widelimb)in1[3]) * in2[2];
|
407
|
+
out[6] = ((p224_widelimb)in1[3]) * in2[3];
|
408
|
+
}
|
409
|
+
|
410
|
+
// Reduce seven 128-bit coefficients to four 64-bit coefficients.
|
411
|
+
// Requires in[i] < 2^126,
|
412
|
+
// ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
|
413
|
+
static void p224_felem_reduce(p224_felem out, const p224_widefelem in) {
|
414
|
+
static const p224_widelimb two127p15 =
|
415
|
+
(((p224_widelimb)1) << 127) + (((p224_widelimb)1) << 15);
|
416
|
+
static const p224_widelimb two127m71 =
|
417
|
+
(((p224_widelimb)1) << 127) - (((p224_widelimb)1) << 71);
|
418
|
+
static const p224_widelimb two127m71m55 = (((p224_widelimb)1) << 127) -
|
419
|
+
(((p224_widelimb)1) << 71) -
|
420
|
+
(((p224_widelimb)1) << 55);
|
421
|
+
p224_widelimb output[5];
|
422
|
+
|
423
|
+
// Add 0 mod 2^224-2^96+1 to ensure all differences are positive
|
424
|
+
output[0] = in[0] + two127p15;
|
425
|
+
output[1] = in[1] + two127m71m55;
|
426
|
+
output[2] = in[2] + two127m71;
|
427
|
+
output[3] = in[3];
|
428
|
+
output[4] = in[4];
|
429
|
+
|
430
|
+
// Eliminate in[4], in[5], in[6]
|
431
|
+
output[4] += in[6] >> 16;
|
432
|
+
output[3] += (in[6] & 0xffff) << 40;
|
433
|
+
output[2] -= in[6];
|
434
|
+
|
435
|
+
output[3] += in[5] >> 16;
|
436
|
+
output[2] += (in[5] & 0xffff) << 40;
|
437
|
+
output[1] -= in[5];
|
438
|
+
|
439
|
+
output[2] += output[4] >> 16;
|
440
|
+
output[1] += (output[4] & 0xffff) << 40;
|
441
|
+
output[0] -= output[4];
|
442
|
+
|
443
|
+
// Carry 2 -> 3 -> 4
|
444
|
+
output[3] += output[2] >> 56;
|
445
|
+
output[2] &= 0x00ffffffffffffff;
|
446
|
+
|
447
|
+
output[4] = output[3] >> 56;
|
448
|
+
output[3] &= 0x00ffffffffffffff;
|
449
|
+
|
450
|
+
// Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72
|
451
|
+
|
452
|
+
// Eliminate output[4]
|
453
|
+
output[2] += output[4] >> 16;
|
454
|
+
// output[2] < 2^56 + 2^56 = 2^57
|
455
|
+
output[1] += (output[4] & 0xffff) << 40;
|
456
|
+
output[0] -= output[4];
|
457
|
+
|
458
|
+
// Carry 0 -> 1 -> 2 -> 3
|
459
|
+
output[1] += output[0] >> 56;
|
460
|
+
out[0] = output[0] & 0x00ffffffffffffff;
|
461
|
+
|
462
|
+
output[2] += output[1] >> 56;
|
463
|
+
// output[2] < 2^57 + 2^72
|
464
|
+
out[1] = output[1] & 0x00ffffffffffffff;
|
465
|
+
output[3] += output[2] >> 56;
|
466
|
+
// output[3] <= 2^56 + 2^16
|
467
|
+
out[2] = output[2] & 0x00ffffffffffffff;
|
468
|
+
|
469
|
+
// out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
|
470
|
+
// out[3] <= 2^56 + 2^16 (due to final carry),
|
471
|
+
// so out < 2*p
|
472
|
+
out[3] = output[3];
|
473
|
+
}
|
474
|
+
|
475
|
+
// Get negative value: out = -in
|
476
|
+
// Requires in[i] < 2^63,
|
477
|
+
// ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
|
478
|
+
static void p224_felem_neg(p224_felem out, const p224_felem in) {
|
479
|
+
p224_widefelem tmp = {0};
|
480
|
+
p224_felem_diff_128_64(tmp, in);
|
481
|
+
p224_felem_reduce(out, tmp);
|
482
|
+
}
|
483
|
+
|
484
|
+
// Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
|
485
|
+
// elements are reduced to in < 2^225, so we only need to check three cases: 0,
|
486
|
+
// 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
|
487
|
+
static p224_limb p224_felem_is_zero(const p224_felem in) {
|
488
|
+
p224_limb zero = in[0] | in[1] | in[2] | in[3];
|
489
|
+
zero = (((int64_t)(zero)-1) >> 63) & 1;
|
490
|
+
|
491
|
+
p224_limb two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000) |
|
492
|
+
(in[2] ^ 0x00ffffffffffffff) |
|
493
|
+
(in[3] ^ 0x00ffffffffffffff);
|
494
|
+
two224m96p1 = (((int64_t)(two224m96p1)-1) >> 63) & 1;
|
495
|
+
p224_limb two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000) |
|
496
|
+
(in[2] ^ 0x00ffffffffffffff) |
|
497
|
+
(in[3] ^ 0x01ffffffffffffff);
|
498
|
+
two225m97p2 = (((int64_t)(two225m97p2)-1) >> 63) & 1;
|
499
|
+
return (zero | two224m96p1 | two225m97p2);
|
500
|
+
}
|
501
|
+
|
502
|
+
// Invert a field element
|
503
|
+
// Computation chain copied from djb's code
|
504
|
+
static void p224_felem_inv(p224_felem out, const p224_felem in) {
|
505
|
+
p224_felem ftmp, ftmp2, ftmp3, ftmp4;
|
506
|
+
p224_widefelem tmp;
|
507
|
+
|
508
|
+
p224_felem_square(tmp, in);
|
509
|
+
p224_felem_reduce(ftmp, tmp); // 2
|
510
|
+
p224_felem_mul(tmp, in, ftmp);
|
511
|
+
p224_felem_reduce(ftmp, tmp); // 2^2 - 1
|
512
|
+
p224_felem_square(tmp, ftmp);
|
513
|
+
p224_felem_reduce(ftmp, tmp); // 2^3 - 2
|
514
|
+
p224_felem_mul(tmp, in, ftmp);
|
515
|
+
p224_felem_reduce(ftmp, tmp); // 2^3 - 1
|
516
|
+
p224_felem_square(tmp, ftmp);
|
517
|
+
p224_felem_reduce(ftmp2, tmp); // 2^4 - 2
|
518
|
+
p224_felem_square(tmp, ftmp2);
|
519
|
+
p224_felem_reduce(ftmp2, tmp); // 2^5 - 4
|
520
|
+
p224_felem_square(tmp, ftmp2);
|
521
|
+
p224_felem_reduce(ftmp2, tmp); // 2^6 - 8
|
522
|
+
p224_felem_mul(tmp, ftmp2, ftmp);
|
523
|
+
p224_felem_reduce(ftmp, tmp); // 2^6 - 1
|
524
|
+
p224_felem_square(tmp, ftmp);
|
525
|
+
p224_felem_reduce(ftmp2, tmp); // 2^7 - 2
|
526
|
+
for (size_t i = 0; i < 5; ++i) { // 2^12 - 2^6
|
527
|
+
p224_felem_square(tmp, ftmp2);
|
528
|
+
p224_felem_reduce(ftmp2, tmp);
|
529
|
+
}
|
530
|
+
p224_felem_mul(tmp, ftmp2, ftmp);
|
531
|
+
p224_felem_reduce(ftmp2, tmp); // 2^12 - 1
|
532
|
+
p224_felem_square(tmp, ftmp2);
|
533
|
+
p224_felem_reduce(ftmp3, tmp); // 2^13 - 2
|
534
|
+
for (size_t i = 0; i < 11; ++i) { // 2^24 - 2^12
|
535
|
+
p224_felem_square(tmp, ftmp3);
|
536
|
+
p224_felem_reduce(ftmp3, tmp);
|
537
|
+
}
|
538
|
+
p224_felem_mul(tmp, ftmp3, ftmp2);
|
539
|
+
p224_felem_reduce(ftmp2, tmp); // 2^24 - 1
|
540
|
+
p224_felem_square(tmp, ftmp2);
|
541
|
+
p224_felem_reduce(ftmp3, tmp); // 2^25 - 2
|
542
|
+
for (size_t i = 0; i < 23; ++i) { // 2^48 - 2^24
|
543
|
+
p224_felem_square(tmp, ftmp3);
|
544
|
+
p224_felem_reduce(ftmp3, tmp);
|
545
|
+
}
|
546
|
+
p224_felem_mul(tmp, ftmp3, ftmp2);
|
547
|
+
p224_felem_reduce(ftmp3, tmp); // 2^48 - 1
|
548
|
+
p224_felem_square(tmp, ftmp3);
|
549
|
+
p224_felem_reduce(ftmp4, tmp); // 2^49 - 2
|
550
|
+
for (size_t i = 0; i < 47; ++i) { // 2^96 - 2^48
|
551
|
+
p224_felem_square(tmp, ftmp4);
|
552
|
+
p224_felem_reduce(ftmp4, tmp);
|
553
|
+
}
|
554
|
+
p224_felem_mul(tmp, ftmp3, ftmp4);
|
555
|
+
p224_felem_reduce(ftmp3, tmp); // 2^96 - 1
|
556
|
+
p224_felem_square(tmp, ftmp3);
|
557
|
+
p224_felem_reduce(ftmp4, tmp); // 2^97 - 2
|
558
|
+
for (size_t i = 0; i < 23; ++i) { // 2^120 - 2^24
|
559
|
+
p224_felem_square(tmp, ftmp4);
|
560
|
+
p224_felem_reduce(ftmp4, tmp);
|
561
|
+
}
|
562
|
+
p224_felem_mul(tmp, ftmp2, ftmp4);
|
563
|
+
p224_felem_reduce(ftmp2, tmp); // 2^120 - 1
|
564
|
+
for (size_t i = 0; i < 6; ++i) { // 2^126 - 2^6
|
565
|
+
p224_felem_square(tmp, ftmp2);
|
566
|
+
p224_felem_reduce(ftmp2, tmp);
|
567
|
+
}
|
568
|
+
p224_felem_mul(tmp, ftmp2, ftmp);
|
569
|
+
p224_felem_reduce(ftmp, tmp); // 2^126 - 1
|
570
|
+
p224_felem_square(tmp, ftmp);
|
571
|
+
p224_felem_reduce(ftmp, tmp); // 2^127 - 2
|
572
|
+
p224_felem_mul(tmp, ftmp, in);
|
573
|
+
p224_felem_reduce(ftmp, tmp); // 2^127 - 1
|
574
|
+
for (size_t i = 0; i < 97; ++i) { // 2^224 - 2^97
|
575
|
+
p224_felem_square(tmp, ftmp);
|
576
|
+
p224_felem_reduce(ftmp, tmp);
|
577
|
+
}
|
578
|
+
p224_felem_mul(tmp, ftmp, ftmp3);
|
579
|
+
p224_felem_reduce(out, tmp); // 2^224 - 2^96 - 1
|
580
|
+
}
|
581
|
+
|
582
|
+
// Copy in constant time:
|
583
|
+
// if icopy == 1, copy in to out,
|
584
|
+
// if icopy == 0, copy out to itself.
|
585
|
+
static void p224_copy_conditional(p224_felem out, const p224_felem in,
|
586
|
+
p224_limb icopy) {
|
587
|
+
// icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one
|
588
|
+
const p224_limb copy = -icopy;
|
589
|
+
for (size_t i = 0; i < 4; ++i) {
|
590
|
+
const p224_limb tmp = copy & (in[i] ^ out[i]);
|
591
|
+
out[i] ^= tmp;
|
592
|
+
}
|
593
|
+
}
|
594
|
+
|
595
|
+
// ELLIPTIC CURVE POINT OPERATIONS
|
596
|
+
//
|
597
|
+
// Points are represented in Jacobian projective coordinates:
|
598
|
+
// (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
|
599
|
+
// or to the point at infinity if Z == 0.
|
600
|
+
|
601
|
+
// Double an elliptic curve point:
|
602
|
+
// (X', Y', Z') = 2 * (X, Y, Z), where
|
603
|
+
// X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
|
604
|
+
// Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
|
605
|
+
// Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
|
606
|
+
// Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
|
607
|
+
// while x_out == y_in is not (maybe this works, but it's not tested).
|
608
|
+
static void p224_point_double(p224_felem x_out, p224_felem y_out,
|
609
|
+
p224_felem z_out, const p224_felem x_in,
|
610
|
+
const p224_felem y_in, const p224_felem z_in) {
|
611
|
+
p224_widefelem tmp, tmp2;
|
612
|
+
p224_felem delta, gamma, beta, alpha, ftmp, ftmp2;
|
613
|
+
|
614
|
+
p224_felem_assign(ftmp, x_in);
|
615
|
+
p224_felem_assign(ftmp2, x_in);
|
616
|
+
|
617
|
+
// delta = z^2
|
618
|
+
p224_felem_square(tmp, z_in);
|
619
|
+
p224_felem_reduce(delta, tmp);
|
620
|
+
|
621
|
+
// gamma = y^2
|
622
|
+
p224_felem_square(tmp, y_in);
|
623
|
+
p224_felem_reduce(gamma, tmp);
|
624
|
+
|
625
|
+
// beta = x*gamma
|
626
|
+
p224_felem_mul(tmp, x_in, gamma);
|
627
|
+
p224_felem_reduce(beta, tmp);
|
628
|
+
|
629
|
+
// alpha = 3*(x-delta)*(x+delta)
|
630
|
+
p224_felem_diff(ftmp, delta);
|
631
|
+
// ftmp[i] < 2^57 + 2^58 + 2 < 2^59
|
632
|
+
p224_felem_sum(ftmp2, delta);
|
633
|
+
// ftmp2[i] < 2^57 + 2^57 = 2^58
|
634
|
+
p224_felem_scalar(ftmp2, 3);
|
635
|
+
// ftmp2[i] < 3 * 2^58 < 2^60
|
636
|
+
p224_felem_mul(tmp, ftmp, ftmp2);
|
637
|
+
// tmp[i] < 2^60 * 2^59 * 4 = 2^121
|
638
|
+
p224_felem_reduce(alpha, tmp);
|
639
|
+
|
640
|
+
// x' = alpha^2 - 8*beta
|
641
|
+
p224_felem_square(tmp, alpha);
|
642
|
+
// tmp[i] < 4 * 2^57 * 2^57 = 2^116
|
643
|
+
p224_felem_assign(ftmp, beta);
|
644
|
+
p224_felem_scalar(ftmp, 8);
|
645
|
+
// ftmp[i] < 8 * 2^57 = 2^60
|
646
|
+
p224_felem_diff_128_64(tmp, ftmp);
|
647
|
+
// tmp[i] < 2^116 + 2^64 + 8 < 2^117
|
648
|
+
p224_felem_reduce(x_out, tmp);
|
649
|
+
|
650
|
+
// z' = (y + z)^2 - gamma - delta
|
651
|
+
p224_felem_sum(delta, gamma);
|
652
|
+
// delta[i] < 2^57 + 2^57 = 2^58
|
653
|
+
p224_felem_assign(ftmp, y_in);
|
654
|
+
p224_felem_sum(ftmp, z_in);
|
655
|
+
// ftmp[i] < 2^57 + 2^57 = 2^58
|
656
|
+
p224_felem_square(tmp, ftmp);
|
657
|
+
// tmp[i] < 4 * 2^58 * 2^58 = 2^118
|
658
|
+
p224_felem_diff_128_64(tmp, delta);
|
659
|
+
// tmp[i] < 2^118 + 2^64 + 8 < 2^119
|
660
|
+
p224_felem_reduce(z_out, tmp);
|
661
|
+
|
662
|
+
// y' = alpha*(4*beta - x') - 8*gamma^2
|
663
|
+
p224_felem_scalar(beta, 4);
|
664
|
+
// beta[i] < 4 * 2^57 = 2^59
|
665
|
+
p224_felem_diff(beta, x_out);
|
666
|
+
// beta[i] < 2^59 + 2^58 + 2 < 2^60
|
667
|
+
p224_felem_mul(tmp, alpha, beta);
|
668
|
+
// tmp[i] < 4 * 2^57 * 2^60 = 2^119
|
669
|
+
p224_felem_square(tmp2, gamma);
|
670
|
+
// tmp2[i] < 4 * 2^57 * 2^57 = 2^116
|
671
|
+
p224_widefelem_scalar(tmp2, 8);
|
672
|
+
// tmp2[i] < 8 * 2^116 = 2^119
|
673
|
+
p224_widefelem_diff(tmp, tmp2);
|
674
|
+
// tmp[i] < 2^119 + 2^120 < 2^121
|
675
|
+
p224_felem_reduce(y_out, tmp);
|
676
|
+
}
|
677
|
+
|
678
|
+
// Add two elliptic curve points:
|
679
|
+
// (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
|
680
|
+
// X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
|
681
|
+
// 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
|
682
|
+
// Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 *
|
683
|
+
// X_1)^2 - X_3) -
|
684
|
+
// Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
|
685
|
+
// Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
|
686
|
+
//
|
687
|
+
// This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
|
688
|
+
|
689
|
+
// This function is not entirely constant-time: it includes a branch for
|
690
|
+
// checking whether the two input points are equal, (while not equal to the
|
691
|
+
// point at infinity). This case never happens during single point
|
692
|
+
// multiplication, so there is no timing leak for ECDH or ECDSA signing.
|
693
|
+
static void p224_point_add(p224_felem x3, p224_felem y3, p224_felem z3,
|
694
|
+
const p224_felem x1, const p224_felem y1,
|
695
|
+
const p224_felem z1, const int mixed,
|
696
|
+
const p224_felem x2, const p224_felem y2,
|
697
|
+
const p224_felem z2) {
|
698
|
+
p224_felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
|
699
|
+
p224_widefelem tmp, tmp2;
|
700
|
+
p224_limb z1_is_zero, z2_is_zero, x_equal, y_equal;
|
701
|
+
|
702
|
+
if (!mixed) {
|
703
|
+
// ftmp2 = z2^2
|
704
|
+
p224_felem_square(tmp, z2);
|
705
|
+
p224_felem_reduce(ftmp2, tmp);
|
706
|
+
|
707
|
+
// ftmp4 = z2^3
|
708
|
+
p224_felem_mul(tmp, ftmp2, z2);
|
709
|
+
p224_felem_reduce(ftmp4, tmp);
|
710
|
+
|
711
|
+
// ftmp4 = z2^3*y1
|
712
|
+
p224_felem_mul(tmp2, ftmp4, y1);
|
713
|
+
p224_felem_reduce(ftmp4, tmp2);
|
714
|
+
|
715
|
+
// ftmp2 = z2^2*x1
|
716
|
+
p224_felem_mul(tmp2, ftmp2, x1);
|
717
|
+
p224_felem_reduce(ftmp2, tmp2);
|
718
|
+
} else {
|
719
|
+
// We'll assume z2 = 1 (special case z2 = 0 is handled later)
|
720
|
+
|
721
|
+
// ftmp4 = z2^3*y1
|
722
|
+
p224_felem_assign(ftmp4, y1);
|
723
|
+
|
724
|
+
// ftmp2 = z2^2*x1
|
725
|
+
p224_felem_assign(ftmp2, x1);
|
726
|
+
}
|
727
|
+
|
728
|
+
// ftmp = z1^2
|
729
|
+
p224_felem_square(tmp, z1);
|
730
|
+
p224_felem_reduce(ftmp, tmp);
|
731
|
+
|
732
|
+
// ftmp3 = z1^3
|
733
|
+
p224_felem_mul(tmp, ftmp, z1);
|
734
|
+
p224_felem_reduce(ftmp3, tmp);
|
735
|
+
|
736
|
+
// tmp = z1^3*y2
|
737
|
+
p224_felem_mul(tmp, ftmp3, y2);
|
738
|
+
// tmp[i] < 4 * 2^57 * 2^57 = 2^116
|
739
|
+
|
740
|
+
// ftmp3 = z1^3*y2 - z2^3*y1
|
741
|
+
p224_felem_diff_128_64(tmp, ftmp4);
|
742
|
+
// tmp[i] < 2^116 + 2^64 + 8 < 2^117
|
743
|
+
p224_felem_reduce(ftmp3, tmp);
|
744
|
+
|
745
|
+
// tmp = z1^2*x2
|
746
|
+
p224_felem_mul(tmp, ftmp, x2);
|
747
|
+
// tmp[i] < 4 * 2^57 * 2^57 = 2^116
|
748
|
+
|
749
|
+
// ftmp = z1^2*x2 - z2^2*x1
|
750
|
+
p224_felem_diff_128_64(tmp, ftmp2);
|
751
|
+
// tmp[i] < 2^116 + 2^64 + 8 < 2^117
|
752
|
+
p224_felem_reduce(ftmp, tmp);
|
753
|
+
|
754
|
+
// the formulae are incorrect if the points are equal
|
755
|
+
// so we check for this and do doubling if this happens
|
756
|
+
x_equal = p224_felem_is_zero(ftmp);
|
757
|
+
y_equal = p224_felem_is_zero(ftmp3);
|
758
|
+
z1_is_zero = p224_felem_is_zero(z1);
|
759
|
+
z2_is_zero = p224_felem_is_zero(z2);
|
760
|
+
// In affine coordinates, (X_1, Y_1) == (X_2, Y_2)
|
761
|
+
p224_limb is_nontrivial_double =
|
762
|
+
x_equal & y_equal & (1 - z1_is_zero) & (1 - z2_is_zero);
|
763
|
+
if (is_nontrivial_double) {
|
764
|
+
p224_point_double(x3, y3, z3, x1, y1, z1);
|
765
|
+
return;
|
766
|
+
}
|
767
|
+
|
768
|
+
// ftmp5 = z1*z2
|
769
|
+
if (!mixed) {
|
770
|
+
p224_felem_mul(tmp, z1, z2);
|
771
|
+
p224_felem_reduce(ftmp5, tmp);
|
772
|
+
} else {
|
773
|
+
// special case z2 = 0 is handled later
|
774
|
+
p224_felem_assign(ftmp5, z1);
|
775
|
+
}
|
776
|
+
|
777
|
+
// z_out = (z1^2*x2 - z2^2*x1)*(z1*z2)
|
778
|
+
p224_felem_mul(tmp, ftmp, ftmp5);
|
779
|
+
p224_felem_reduce(z_out, tmp);
|
780
|
+
|
781
|
+
// ftmp = (z1^2*x2 - z2^2*x1)^2
|
782
|
+
p224_felem_assign(ftmp5, ftmp);
|
783
|
+
p224_felem_square(tmp, ftmp);
|
784
|
+
p224_felem_reduce(ftmp, tmp);
|
785
|
+
|
786
|
+
// ftmp5 = (z1^2*x2 - z2^2*x1)^3
|
787
|
+
p224_felem_mul(tmp, ftmp, ftmp5);
|
788
|
+
p224_felem_reduce(ftmp5, tmp);
|
789
|
+
|
790
|
+
// ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2
|
791
|
+
p224_felem_mul(tmp, ftmp2, ftmp);
|
792
|
+
p224_felem_reduce(ftmp2, tmp);
|
793
|
+
|
794
|
+
// tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3
|
795
|
+
p224_felem_mul(tmp, ftmp4, ftmp5);
|
796
|
+
// tmp[i] < 4 * 2^57 * 2^57 = 2^116
|
797
|
+
|
798
|
+
// tmp2 = (z1^3*y2 - z2^3*y1)^2
|
799
|
+
p224_felem_square(tmp2, ftmp3);
|
800
|
+
// tmp2[i] < 4 * 2^57 * 2^57 < 2^116
|
801
|
+
|
802
|
+
// tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3
|
803
|
+
p224_felem_diff_128_64(tmp2, ftmp5);
|
804
|
+
// tmp2[i] < 2^116 + 2^64 + 8 < 2^117
|
805
|
+
|
806
|
+
// ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
|
807
|
+
p224_felem_assign(ftmp5, ftmp2);
|
808
|
+
p224_felem_scalar(ftmp5, 2);
|
809
|
+
// ftmp5[i] < 2 * 2^57 = 2^58
|
810
|
+
|
811
|
+
/* x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
|
812
|
+
2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
|
813
|
+
p224_felem_diff_128_64(tmp2, ftmp5);
|
814
|
+
// tmp2[i] < 2^117 + 2^64 + 8 < 2^118
|
815
|
+
p224_felem_reduce(x_out, tmp2);
|
816
|
+
|
817
|
+
// ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out
|
818
|
+
p224_felem_diff(ftmp2, x_out);
|
819
|
+
// ftmp2[i] < 2^57 + 2^58 + 2 < 2^59
|
820
|
+
|
821
|
+
// tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out)
|
822
|
+
p224_felem_mul(tmp2, ftmp3, ftmp2);
|
823
|
+
// tmp2[i] < 4 * 2^57 * 2^59 = 2^118
|
824
|
+
|
825
|
+
/* y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
|
826
|
+
z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
|
827
|
+
p224_widefelem_diff(tmp2, tmp);
|
828
|
+
// tmp2[i] < 2^118 + 2^120 < 2^121
|
829
|
+
p224_felem_reduce(y_out, tmp2);
|
830
|
+
|
831
|
+
// the result (x_out, y_out, z_out) is incorrect if one of the inputs is
|
832
|
+
// the point at infinity, so we need to check for this separately
|
833
|
+
|
834
|
+
// if point 1 is at infinity, copy point 2 to output, and vice versa
|
835
|
+
p224_copy_conditional(x_out, x2, z1_is_zero);
|
836
|
+
p224_copy_conditional(x_out, x1, z2_is_zero);
|
837
|
+
p224_copy_conditional(y_out, y2, z1_is_zero);
|
838
|
+
p224_copy_conditional(y_out, y1, z2_is_zero);
|
839
|
+
p224_copy_conditional(z_out, z2, z1_is_zero);
|
840
|
+
p224_copy_conditional(z_out, z1, z2_is_zero);
|
841
|
+
p224_felem_assign(x3, x_out);
|
842
|
+
p224_felem_assign(y3, y_out);
|
843
|
+
p224_felem_assign(z3, z_out);
|
844
|
+
}
|
845
|
+
|
846
|
+
// p224_select_point selects the |idx|th point from a precomputation table and
|
847
|
+
// copies it to out.
|
848
|
+
static void p224_select_point(const uint64_t idx, size_t size,
|
849
|
+
const p224_felem pre_comp[/*size*/][3],
|
850
|
+
p224_felem out[3]) {
|
851
|
+
p224_limb *outlimbs = &out[0][0];
|
852
|
+
OPENSSL_memset(outlimbs, 0, 3 * sizeof(p224_felem));
|
853
|
+
|
854
|
+
for (size_t i = 0; i < size; i++) {
|
855
|
+
const p224_limb *inlimbs = &pre_comp[i][0][0];
|
856
|
+
uint64_t mask = i ^ idx;
|
857
|
+
mask |= mask >> 4;
|
858
|
+
mask |= mask >> 2;
|
859
|
+
mask |= mask >> 1;
|
860
|
+
mask &= 1;
|
861
|
+
mask--;
|
862
|
+
for (size_t j = 0; j < 4 * 3; j++) {
|
863
|
+
outlimbs[j] |= inlimbs[j] & mask;
|
864
|
+
}
|
865
|
+
}
|
866
|
+
}
|
867
|
+
|
868
|
+
// p224_get_bit returns the |i|th bit in |in|
|
869
|
+
static char p224_get_bit(const p224_felem_bytearray in, size_t i) {
|
870
|
+
if (i >= 224) {
|
871
|
+
return 0;
|
872
|
+
}
|
873
|
+
return (in[i >> 3] >> (i & 7)) & 1;
|
874
|
+
}
|
875
|
+
|
876
|
+
// Takes the Jacobian coordinates (X, Y, Z) of a point and returns
|
877
|
+
// (X', Y') = (X/Z^2, Y/Z^3)
|
878
|
+
static int ec_GFp_nistp224_point_get_affine_coordinates(
|
879
|
+
const EC_GROUP *group, const EC_RAW_POINT *point, EC_FELEM *x,
|
880
|
+
EC_FELEM *y) {
|
881
|
+
if (ec_GFp_simple_is_at_infinity(group, point)) {
|
882
|
+
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
|
883
|
+
return 0;
|
884
|
+
}
|
885
|
+
|
886
|
+
p224_felem z1, z2;
|
887
|
+
p224_widefelem tmp;
|
888
|
+
p224_generic_to_felem(z1, &point->Z);
|
889
|
+
p224_felem_inv(z2, z1);
|
890
|
+
p224_felem_square(tmp, z2);
|
891
|
+
p224_felem_reduce(z1, tmp);
|
892
|
+
|
893
|
+
if (x != NULL) {
|
894
|
+
p224_felem x_in, x_out;
|
895
|
+
p224_generic_to_felem(x_in, &point->X);
|
896
|
+
p224_felem_mul(tmp, x_in, z1);
|
897
|
+
p224_felem_reduce(x_out, tmp);
|
898
|
+
p224_felem_to_generic(x, x_out);
|
899
|
+
}
|
900
|
+
|
901
|
+
if (y != NULL) {
|
902
|
+
p224_felem y_in, y_out;
|
903
|
+
p224_generic_to_felem(y_in, &point->Y);
|
904
|
+
p224_felem_mul(tmp, z1, z2);
|
905
|
+
p224_felem_reduce(z1, tmp);
|
906
|
+
p224_felem_mul(tmp, y_in, z1);
|
907
|
+
p224_felem_reduce(y_out, tmp);
|
908
|
+
p224_felem_to_generic(y, y_out);
|
909
|
+
}
|
910
|
+
|
911
|
+
return 1;
|
912
|
+
}
|
913
|
+
|
914
|
+
static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_RAW_POINT *r,
|
915
|
+
const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
|
916
|
+
p224_felem x1, y1, z1, x2, y2, z2;
|
917
|
+
p224_generic_to_felem(x1, &a->X);
|
918
|
+
p224_generic_to_felem(y1, &a->Y);
|
919
|
+
p224_generic_to_felem(z1, &a->Z);
|
920
|
+
p224_generic_to_felem(x2, &b->X);
|
921
|
+
p224_generic_to_felem(y2, &b->Y);
|
922
|
+
p224_generic_to_felem(z2, &b->Z);
|
923
|
+
p224_point_add(x1, y1, z1, x1, y1, z1, 0 /* both Jacobian */, x2, y2, z2);
|
924
|
+
// The outputs are already reduced, but still need to be contracted.
|
925
|
+
p224_felem_to_generic(&r->X, x1);
|
926
|
+
p224_felem_to_generic(&r->Y, y1);
|
927
|
+
p224_felem_to_generic(&r->Z, z1);
|
928
|
+
}
|
929
|
+
|
930
|
+
static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
|
931
|
+
const EC_RAW_POINT *a) {
|
932
|
+
p224_felem x, y, z;
|
933
|
+
p224_generic_to_felem(x, &a->X);
|
934
|
+
p224_generic_to_felem(y, &a->Y);
|
935
|
+
p224_generic_to_felem(z, &a->Z);
|
936
|
+
p224_point_double(x, y, z, x, y, z);
|
937
|
+
// The outputs are already reduced, but still need to be contracted.
|
938
|
+
p224_felem_to_generic(&r->X, x);
|
939
|
+
p224_felem_to_generic(&r->Y, y);
|
940
|
+
p224_felem_to_generic(&r->Z, z);
|
941
|
+
}
|
942
|
+
|
943
|
+
static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
|
944
|
+
const EC_RAW_POINT *p) {
|
945
|
+
OPENSSL_memset(out[0], 0, sizeof(p224_felem) * 3);
|
946
|
+
|
947
|
+
p224_generic_to_felem(out[1][0], &p->X);
|
948
|
+
p224_generic_to_felem(out[1][1], &p->Y);
|
949
|
+
p224_generic_to_felem(out[1][2], &p->Z);
|
950
|
+
|
951
|
+
for (size_t j = 2; j <= 16; ++j) {
|
952
|
+
if (j & 1) {
|
953
|
+
p224_point_add(out[j][0], out[j][1], out[j][2], out[1][0], out[1][1],
|
954
|
+
out[1][2], 0, out[j - 1][0], out[j - 1][1], out[j - 1][2]);
|
955
|
+
} else {
|
956
|
+
p224_point_double(out[j][0], out[j][1], out[j][2], out[j / 2][0],
|
957
|
+
out[j / 2][1], out[j / 2][2]);
|
958
|
+
}
|
959
|
+
}
|
960
|
+
}
|
961
|
+
|
962
|
+
static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
|
963
|
+
const EC_RAW_POINT *p,
|
964
|
+
const EC_SCALAR *scalar) {
|
965
|
+
p224_felem p_pre_comp[17][3];
|
966
|
+
ec_GFp_nistp224_make_precomp(p_pre_comp, p);
|
967
|
+
|
968
|
+
// Set nq to the point at infinity.
|
969
|
+
p224_felem nq[3], tmp[4];
|
970
|
+
OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
|
971
|
+
|
972
|
+
int skip = 1; // Save two point operations in the first round.
|
973
|
+
for (size_t i = 220; i < 221; i--) {
|
974
|
+
if (!skip) {
|
975
|
+
p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
|
976
|
+
}
|
977
|
+
|
978
|
+
// Add every 5 doublings.
|
979
|
+
if (i % 5 == 0) {
|
980
|
+
uint64_t bits = p224_get_bit(scalar->bytes, i + 4) << 5;
|
981
|
+
bits |= p224_get_bit(scalar->bytes, i + 3) << 4;
|
982
|
+
bits |= p224_get_bit(scalar->bytes, i + 2) << 3;
|
983
|
+
bits |= p224_get_bit(scalar->bytes, i + 1) << 2;
|
984
|
+
bits |= p224_get_bit(scalar->bytes, i) << 1;
|
985
|
+
bits |= p224_get_bit(scalar->bytes, i - 1);
|
986
|
+
uint8_t sign, digit;
|
987
|
+
ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
|
988
|
+
|
989
|
+
// Select the point to add or subtract.
|
990
|
+
p224_select_point(digit, 17, (const p224_felem(*)[3])p_pre_comp, tmp);
|
991
|
+
p224_felem_neg(tmp[3], tmp[1]); // (X, -Y, Z) is the negative point
|
992
|
+
p224_copy_conditional(tmp[1], tmp[3], sign);
|
993
|
+
|
994
|
+
if (!skip) {
|
995
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
|
996
|
+
tmp[0], tmp[1], tmp[2]);
|
997
|
+
} else {
|
998
|
+
OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
|
999
|
+
skip = 0;
|
1000
|
+
}
|
1001
|
+
}
|
1002
|
+
}
|
1003
|
+
|
1004
|
+
// Reduce the output to its unique minimal representation.
|
1005
|
+
p224_felem_to_generic(&r->X, nq[0]);
|
1006
|
+
p224_felem_to_generic(&r->Y, nq[1]);
|
1007
|
+
p224_felem_to_generic(&r->Z, nq[2]);
|
1008
|
+
}
|
1009
|
+
|
1010
|
+
static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
|
1011
|
+
EC_RAW_POINT *r,
|
1012
|
+
const EC_SCALAR *scalar) {
|
1013
|
+
// Set nq to the point at infinity.
|
1014
|
+
p224_felem nq[3], tmp[3];
|
1015
|
+
OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
|
1016
|
+
|
1017
|
+
int skip = 1; // Save two point operations in the first round.
|
1018
|
+
for (size_t i = 27; i < 28; i--) {
|
1019
|
+
// double
|
1020
|
+
if (!skip) {
|
1021
|
+
p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
|
1022
|
+
}
|
1023
|
+
|
1024
|
+
// First, look 28 bits upwards.
|
1025
|
+
uint64_t bits = p224_get_bit(scalar->bytes, i + 196) << 3;
|
1026
|
+
bits |= p224_get_bit(scalar->bytes, i + 140) << 2;
|
1027
|
+
bits |= p224_get_bit(scalar->bytes, i + 84) << 1;
|
1028
|
+
bits |= p224_get_bit(scalar->bytes, i + 28);
|
1029
|
+
// Select the point to add, in constant time.
|
1030
|
+
p224_select_point(bits, 16, g_p224_pre_comp[1], tmp);
|
1031
|
+
|
1032
|
+
if (!skip) {
|
1033
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
|
1034
|
+
tmp[0], tmp[1], tmp[2]);
|
1035
|
+
} else {
|
1036
|
+
OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
|
1037
|
+
skip = 0;
|
1038
|
+
}
|
1039
|
+
|
1040
|
+
// Second, look at the current position/
|
1041
|
+
bits = p224_get_bit(scalar->bytes, i + 168) << 3;
|
1042
|
+
bits |= p224_get_bit(scalar->bytes, i + 112) << 2;
|
1043
|
+
bits |= p224_get_bit(scalar->bytes, i + 56) << 1;
|
1044
|
+
bits |= p224_get_bit(scalar->bytes, i);
|
1045
|
+
// Select the point to add, in constant time.
|
1046
|
+
p224_select_point(bits, 16, g_p224_pre_comp[0], tmp);
|
1047
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
|
1048
|
+
tmp[0], tmp[1], tmp[2]);
|
1049
|
+
}
|
1050
|
+
|
1051
|
+
// Reduce the output to its unique minimal representation.
|
1052
|
+
p224_felem_to_generic(&r->X, nq[0]);
|
1053
|
+
p224_felem_to_generic(&r->Y, nq[1]);
|
1054
|
+
p224_felem_to_generic(&r->Z, nq[2]);
|
1055
|
+
}
|
1056
|
+
|
1057
|
+
static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group,
|
1058
|
+
EC_RAW_POINT *r,
|
1059
|
+
const EC_SCALAR *g_scalar,
|
1060
|
+
const EC_RAW_POINT *p,
|
1061
|
+
const EC_SCALAR *p_scalar) {
|
1062
|
+
// TODO(davidben): If P-224 ECDSA verify performance ever matters, using
|
1063
|
+
// |ec_compute_wNAF| for |p_scalar| would likely be an easy improvement.
|
1064
|
+
p224_felem p_pre_comp[17][3];
|
1065
|
+
ec_GFp_nistp224_make_precomp(p_pre_comp, p);
|
1066
|
+
|
1067
|
+
// Set nq to the point at infinity.
|
1068
|
+
p224_felem nq[3], tmp[3];
|
1069
|
+
OPENSSL_memset(nq, 0, 3 * sizeof(p224_felem));
|
1070
|
+
|
1071
|
+
// Loop over both scalars msb-to-lsb, interleaving additions of multiples of
|
1072
|
+
// the generator (two in each of the last 28 rounds) and additions of p (every
|
1073
|
+
// 5th round).
|
1074
|
+
int skip = 1; // Save two point operations in the first round.
|
1075
|
+
for (size_t i = 220; i < 221; i--) {
|
1076
|
+
if (!skip) {
|
1077
|
+
p224_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
|
1078
|
+
}
|
1079
|
+
|
1080
|
+
// Add multiples of the generator.
|
1081
|
+
if (i <= 27) {
|
1082
|
+
// First, look 28 bits upwards.
|
1083
|
+
uint64_t bits = p224_get_bit(g_scalar->bytes, i + 196) << 3;
|
1084
|
+
bits |= p224_get_bit(g_scalar->bytes, i + 140) << 2;
|
1085
|
+
bits |= p224_get_bit(g_scalar->bytes, i + 84) << 1;
|
1086
|
+
bits |= p224_get_bit(g_scalar->bytes, i + 28);
|
1087
|
+
|
1088
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
|
1089
|
+
g_p224_pre_comp[1][bits][0], g_p224_pre_comp[1][bits][1],
|
1090
|
+
g_p224_pre_comp[1][bits][2]);
|
1091
|
+
assert(!skip);
|
1092
|
+
|
1093
|
+
// Second, look at the current position.
|
1094
|
+
bits = p224_get_bit(g_scalar->bytes, i + 168) << 3;
|
1095
|
+
bits |= p224_get_bit(g_scalar->bytes, i + 112) << 2;
|
1096
|
+
bits |= p224_get_bit(g_scalar->bytes, i + 56) << 1;
|
1097
|
+
bits |= p224_get_bit(g_scalar->bytes, i);
|
1098
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
|
1099
|
+
g_p224_pre_comp[0][bits][0], g_p224_pre_comp[0][bits][1],
|
1100
|
+
g_p224_pre_comp[0][bits][2]);
|
1101
|
+
}
|
1102
|
+
|
1103
|
+
// Incorporate |p_scalar| every 5 doublings.
|
1104
|
+
if (i % 5 == 0) {
|
1105
|
+
uint64_t bits = p224_get_bit(p_scalar->bytes, i + 4) << 5;
|
1106
|
+
bits |= p224_get_bit(p_scalar->bytes, i + 3) << 4;
|
1107
|
+
bits |= p224_get_bit(p_scalar->bytes, i + 2) << 3;
|
1108
|
+
bits |= p224_get_bit(p_scalar->bytes, i + 1) << 2;
|
1109
|
+
bits |= p224_get_bit(p_scalar->bytes, i) << 1;
|
1110
|
+
bits |= p224_get_bit(p_scalar->bytes, i - 1);
|
1111
|
+
uint8_t sign, digit;
|
1112
|
+
ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
|
1113
|
+
|
1114
|
+
// Select the point to add or subtract.
|
1115
|
+
OPENSSL_memcpy(tmp, p_pre_comp[digit], 3 * sizeof(p224_felem));
|
1116
|
+
if (sign) {
|
1117
|
+
p224_felem_neg(tmp[1], tmp[1]); // (X, -Y, Z) is the negative point
|
1118
|
+
}
|
1119
|
+
|
1120
|
+
if (!skip) {
|
1121
|
+
p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
|
1122
|
+
tmp[0], tmp[1], tmp[2]);
|
1123
|
+
} else {
|
1124
|
+
OPENSSL_memcpy(nq, tmp, 3 * sizeof(p224_felem));
|
1125
|
+
skip = 0;
|
1126
|
+
}
|
1127
|
+
}
|
1128
|
+
}
|
1129
|
+
|
1130
|
+
// Reduce the output to its unique minimal representation.
|
1131
|
+
p224_felem_to_generic(&r->X, nq[0]);
|
1132
|
+
p224_felem_to_generic(&r->Y, nq[1]);
|
1133
|
+
p224_felem_to_generic(&r->Z, nq[2]);
|
1134
|
+
}
|
1135
|
+
|
1136
|
+
static void ec_GFp_nistp224_felem_mul(const EC_GROUP *group, EC_FELEM *r,
|
1137
|
+
const EC_FELEM *a, const EC_FELEM *b) {
|
1138
|
+
p224_felem felem1, felem2;
|
1139
|
+
p224_widefelem wide;
|
1140
|
+
p224_generic_to_felem(felem1, a);
|
1141
|
+
p224_generic_to_felem(felem2, b);
|
1142
|
+
p224_felem_mul(wide, felem1, felem2);
|
1143
|
+
p224_felem_reduce(felem1, wide);
|
1144
|
+
p224_felem_to_generic(r, felem1);
|
1145
|
+
}
|
1146
|
+
|
1147
|
+
static void ec_GFp_nistp224_felem_sqr(const EC_GROUP *group, EC_FELEM *r,
|
1148
|
+
const EC_FELEM *a) {
|
1149
|
+
p224_felem felem;
|
1150
|
+
p224_generic_to_felem(felem, a);
|
1151
|
+
p224_widefelem wide;
|
1152
|
+
p224_felem_square(wide, felem);
|
1153
|
+
p224_felem_reduce(felem, wide);
|
1154
|
+
p224_felem_to_generic(r, felem);
|
1155
|
+
}
|
1156
|
+
|
1157
|
+
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
|
1158
|
+
out->group_init = ec_GFp_simple_group_init;
|
1159
|
+
out->group_finish = ec_GFp_simple_group_finish;
|
1160
|
+
out->group_set_curve = ec_GFp_simple_group_set_curve;
|
1161
|
+
out->point_get_affine_coordinates =
|
1162
|
+
ec_GFp_nistp224_point_get_affine_coordinates;
|
1163
|
+
out->add = ec_GFp_nistp224_add;
|
1164
|
+
out->dbl = ec_GFp_nistp224_dbl;
|
1165
|
+
out->mul = ec_GFp_nistp224_point_mul;
|
1166
|
+
out->mul_base = ec_GFp_nistp224_point_mul_base;
|
1167
|
+
out->mul_public = ec_GFp_nistp224_point_mul_public;
|
1168
|
+
out->felem_mul = ec_GFp_nistp224_felem_mul;
|
1169
|
+
out->felem_sqr = ec_GFp_nistp224_felem_sqr;
|
1170
|
+
out->felem_to_bytes = ec_GFp_simple_felem_to_bytes;
|
1171
|
+
out->felem_from_bytes = ec_GFp_simple_felem_from_bytes;
|
1172
|
+
out->scalar_inv0_montgomery = ec_simple_scalar_inv0_montgomery;
|
1173
|
+
out->scalar_to_montgomery_inv_vartime =
|
1174
|
+
ec_simple_scalar_to_montgomery_inv_vartime;
|
1175
|
+
out->cmp_x_coordinate = ec_GFp_simple_cmp_x_coordinate;
|
1176
|
+
}
|
1177
|
+
|
1178
|
+
#endif // BORINGSSL_HAS_UINT128 && !SMALL
|