grpc 1.28.0 → 1.30.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (503) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7694 -11190
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +30 -9
  5. data/include/grpc/grpc_security_constants.h +1 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +19 -21
  7. data/include/grpc/impl/codegen/port_platform.h +6 -2
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +212 -241
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  13. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  14. data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
  15. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  16. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  17. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  28. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  29. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  34. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
  35. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  36. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  37. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  38. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  48. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
  49. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  50. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  51. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
  53. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  54. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  55. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  56. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
  57. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  58. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
  59. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
  60. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  61. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  62. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  63. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  64. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  65. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  66. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  67. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  68. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  69. data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
  70. data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
  71. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
  72. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
  73. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  74. data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
  75. data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
  76. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  77. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
  78. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  79. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  80. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  81. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  82. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  83. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  84. data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
  85. data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
  86. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
  89. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  90. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  92. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  93. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  94. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  96. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  97. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  98. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  99. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  100. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  101. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  102. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  103. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  104. data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
  105. data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
  106. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  107. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
  108. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  109. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  110. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  111. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  112. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  113. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  114. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  115. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
  116. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
  117. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  118. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  119. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  120. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  121. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  122. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  123. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
  124. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
  125. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  126. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  129. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  130. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
  131. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  133. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
  134. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  141. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
  142. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  145. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
  146. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  147. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
  148. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  151. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
  153. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
  154. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  156. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
  157. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  158. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
  159. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  160. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  161. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  162. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  163. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  164. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  165. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  166. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  167. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
  168. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  170. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  171. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  172. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  174. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  175. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  176. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  177. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  178. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  179. data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
  180. data/src/core/lib/channel/channel_args.cc +15 -14
  181. data/src/core/lib/channel/channel_args.h +3 -1
  182. data/src/core/lib/channel/channel_stack.h +20 -13
  183. data/src/core/lib/channel/channelz.cc +5 -6
  184. data/src/core/lib/channel/channelz.h +3 -2
  185. data/src/core/lib/channel/channelz_registry.cc +5 -3
  186. data/src/core/lib/channel/connected_channel.cc +7 -5
  187. data/src/core/lib/channel/context.h +1 -1
  188. data/src/core/lib/channel/handshaker.cc +11 -13
  189. data/src/core/lib/channel/handshaker.h +4 -2
  190. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  191. data/src/core/lib/channel/status_util.cc +2 -3
  192. data/src/core/lib/compression/message_compress.cc +5 -1
  193. data/src/core/lib/debug/stats.cc +21 -27
  194. data/src/core/lib/debug/stats.h +3 -1
  195. data/src/core/lib/gpr/spinlock.h +2 -3
  196. data/src/core/lib/gpr/string.cc +2 -26
  197. data/src/core/lib/gpr/string.h +0 -16
  198. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  199. data/src/core/lib/gpr/time.cc +4 -0
  200. data/src/core/lib/gpr/time_posix.cc +1 -1
  201. data/src/core/lib/gprpp/atomic.h +6 -6
  202. data/src/core/lib/gprpp/fork.cc +1 -1
  203. data/src/core/lib/gprpp/host_port.cc +29 -35
  204. data/src/core/lib/gprpp/host_port.h +14 -17
  205. data/src/core/lib/gprpp/map.h +5 -11
  206. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  207. data/src/core/lib/http/format_request.cc +46 -65
  208. data/src/core/lib/http/httpcli.cc +2 -3
  209. data/src/core/lib/http/httpcli.h +2 -3
  210. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  211. data/src/core/lib/http/parser.h +2 -3
  212. data/src/core/lib/iomgr/buffer_list.h +22 -21
  213. data/src/core/lib/iomgr/call_combiner.h +3 -2
  214. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  215. data/src/core/lib/iomgr/closure.h +2 -3
  216. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  217. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  218. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  219. data/src/core/lib/iomgr/error.cc +6 -9
  220. data/src/core/lib/iomgr/error.h +0 -1
  221. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  222. data/src/core/lib/iomgr/ev_apple.h +43 -0
  223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  224. data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
  225. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  226. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  227. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  228. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  229. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  230. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  231. data/src/core/lib/iomgr/port.h +1 -0
  232. data/src/core/lib/iomgr/python_util.h +46 -0
  233. data/src/core/lib/iomgr/resolve_address.h +4 -6
  234. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  235. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  236. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  237. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  238. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  239. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  240. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  241. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  242. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  243. data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
  244. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  245. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  246. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
  247. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  248. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  249. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
  250. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  251. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
  252. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  253. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  254. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  255. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  256. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  257. data/src/core/lib/iomgr/timer_heap.h +2 -3
  258. data/src/core/lib/iomgr/udp_server.cc +9 -14
  259. data/src/core/lib/json/json.h +3 -2
  260. data/src/core/lib/json/json_reader.cc +5 -5
  261. data/src/core/lib/json/json_writer.cc +13 -12
  262. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  263. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  264. data/src/core/lib/security/credentials/credentials.cc +0 -84
  265. data/src/core/lib/security/credentials/credentials.h +8 -59
  266. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  267. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
  268. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  269. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  270. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  271. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  272. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  273. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  274. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  275. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
  276. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  277. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
  278. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  279. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  280. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
  281. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  282. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
  283. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  284. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  285. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  286. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
  287. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  288. data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
  289. data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
  290. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
  291. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  292. data/src/core/lib/security/transport/auth_filters.h +0 -5
  293. data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
  294. data/src/core/lib/slice/slice_intern.cc +2 -3
  295. data/src/core/lib/slice/slice_internal.h +14 -0
  296. data/src/core/lib/slice/slice_utils.h +9 -0
  297. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  298. data/src/core/lib/surface/call.cc +2 -3
  299. data/src/core/lib/surface/call_log_batch.cc +50 -58
  300. data/src/core/lib/surface/channel.cc +53 -31
  301. data/src/core/lib/surface/channel.h +35 -4
  302. data/src/core/lib/surface/channel_ping.cc +2 -3
  303. data/src/core/lib/surface/completion_queue.cc +33 -33
  304. data/src/core/lib/surface/event_string.cc +18 -25
  305. data/src/core/lib/surface/event_string.h +3 -1
  306. data/src/core/lib/surface/init_secure.cc +1 -4
  307. data/src/core/lib/surface/server.cc +570 -369
  308. data/src/core/lib/surface/server.h +32 -0
  309. data/src/core/lib/surface/version.cc +2 -2
  310. data/src/core/lib/transport/byte_stream.h +7 -2
  311. data/src/core/lib/transport/connectivity_state.cc +7 -6
  312. data/src/core/lib/transport/connectivity_state.h +5 -3
  313. data/src/core/lib/transport/metadata.cc +3 -3
  314. data/src/core/lib/transport/metadata_batch.h +2 -3
  315. data/src/core/lib/transport/static_metadata.h +1 -1
  316. data/src/core/lib/transport/status_conversion.cc +6 -14
  317. data/src/core/lib/transport/transport.cc +2 -3
  318. data/src/core/lib/transport/transport.h +3 -2
  319. data/src/core/lib/transport/transport_op_string.cc +61 -102
  320. data/src/core/lib/uri/uri_parser.h +2 -3
  321. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  322. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  323. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
  324. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  325. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
  326. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  327. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  328. data/src/core/tsi/fake_transport_security.cc +10 -15
  329. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  330. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  331. data/src/core/tsi/ssl_transport_security.cc +52 -39
  332. data/src/core/tsi/ssl_transport_security.h +8 -8
  333. data/src/core/tsi/ssl_types.h +0 -2
  334. data/src/core/tsi/transport_security.h +6 -9
  335. data/src/core/tsi/transport_security_grpc.h +2 -3
  336. data/src/core/tsi/transport_security_interface.h +3 -3
  337. data/src/ruby/ext/grpc/rb_call.c +9 -1
  338. data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
  339. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  340. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  341. data/src/ruby/lib/grpc/errors.rb +103 -42
  342. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  343. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  344. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  345. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  346. data/src/ruby/lib/grpc/structs.rb +1 -1
  347. data/src/ruby/lib/grpc/version.rb +1 -1
  348. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  349. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  350. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  351. data/src/ruby/spec/debug_message_spec.rb +134 -0
  352. data/src/ruby/spec/generic/service_spec.rb +2 -0
  353. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  354. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
  355. data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
  356. data/src/ruby/spec/support/services.rb +10 -4
  357. data/src/ruby/spec/testdata/ca.pem +18 -13
  358. data/src/ruby/spec/testdata/client.key +26 -14
  359. data/src/ruby/spec/testdata/client.pem +18 -12
  360. data/src/ruby/spec/testdata/server1.key +26 -14
  361. data/src/ruby/spec/testdata/server1.pem +20 -14
  362. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  363. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  364. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  365. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  366. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  367. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  368. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  369. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  370. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  371. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  372. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  373. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  374. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  375. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  376. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  377. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  378. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  379. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  380. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  381. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  382. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  383. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  384. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  385. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  386. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  387. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  388. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  389. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  390. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  391. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  392. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  393. data/third_party/boringssl-with-bazel/err_data.c +329 -297
  394. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  395. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  396. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  397. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  398. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  399. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  400. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  401. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  402. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  403. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  404. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  405. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  407. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  443. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
  444. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  445. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  446. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  447. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  449. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  451. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  452. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  455. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
  456. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  457. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  458. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  459. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  460. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  461. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  462. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  463. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  464. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  465. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  466. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
  467. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  468. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  469. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
  470. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  471. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  472. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  473. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  474. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  475. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
  476. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
  477. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
  478. data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
  479. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  480. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  481. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  482. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  483. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  484. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
  485. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  486. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
  487. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  488. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
  489. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  490. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  491. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
  492. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  493. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
  494. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  495. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  496. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  497. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  498. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  499. metadata +115 -39
  500. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
  501. data/src/core/lib/gprpp/string_view.h +0 -60
  502. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  503. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c CHANGED
@@ -243,6 +243,22 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) {
243
243
  }
244
244
 
245
245
 
246
+ static void sha512_256_init(EVP_MD_CTX *ctx) {
247
+ CHECK(SHA512_256_Init(ctx->md_data));
248
+ }
249
+
250
+ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
251
+ out->type = NID_sha512_256;
252
+ out->md_size = SHA512_256_DIGEST_LENGTH;
253
+ out->flags = 0;
254
+ out->init = sha512_256_init;
255
+ out->update = sha512_update;
256
+ out->final = sha512_final;
257
+ out->block_size = 128;
258
+ out->ctx_size = sizeof(SHA512_CTX);
259
+ }
260
+
261
+
246
262
  typedef struct {
247
263
  MD5_CTX md5;
248
264
  SHA_CTX sha1;
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c CHANGED
@@ -84,7 +84,7 @@
84
84
  static void ec_point_free(EC_POINT *point, int free_group);
85
85
 
86
86
  static const uint8_t kP224Params[6 * 28] = {
87
- // p
87
+ // p = 2^224 - 2^96 + 1
88
88
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
89
89
  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90
90
  0x00, 0x00, 0x00, 0x01,
@@ -111,7 +111,7 @@ static const uint8_t kP224Params[6 * 28] = {
111
111
  };
112
112
 
113
113
  static const uint8_t kP256Params[6 * 32] = {
114
- // p
114
+ // p = 2^256 - 2^224 + 2^192 + 2^96 - 1
115
115
  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
116
116
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
117
117
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -138,7 +138,7 @@ static const uint8_t kP256Params[6 * 32] = {
138
138
  };
139
139
 
140
140
  static const uint8_t kP384Params[6 * 48] = {
141
- // p
141
+ // p = 2^384 - 2^128 - 2^96 + 2^32 - 1
142
142
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
143
143
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
144
144
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -171,7 +171,7 @@ static const uint8_t kP384Params[6 * 48] = {
171
171
  };
172
172
 
173
173
  static const uint8_t kP521Params[6 * 66] = {
174
- // p
174
+ // p = 2^521 - 1
175
175
  0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
176
176
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
177
177
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -301,17 +301,49 @@ EC_GROUP *ec_group_new(const EC_METHOD *meth) {
301
301
  return ret;
302
302
  }
303
303
 
304
- static void ec_group_set0_generator(EC_GROUP *group, EC_POINT *generator) {
304
+ static int ec_group_set_generator(EC_GROUP *group, const EC_AFFINE *generator,
305
+ const BIGNUM *order) {
305
306
  assert(group->generator == NULL);
306
- assert(group == generator->group);
307
+
308
+ if (!BN_copy(&group->order, order)) {
309
+ return 0;
310
+ }
311
+ // Store the order in minimal form, so it can be used with |BN_ULONG| arrays.
312
+ bn_set_minimal_width(&group->order);
313
+
314
+ BN_MONT_CTX_free(group->order_mont);
315
+ group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, NULL);
316
+ if (group->order_mont == NULL) {
317
+ return 0;
318
+ }
319
+
320
+ group->field_greater_than_order = BN_cmp(&group->field, order) > 0;
321
+ if (group->field_greater_than_order) {
322
+ BIGNUM tmp;
323
+ BN_init(&tmp);
324
+ int ok =
325
+ BN_sub(&tmp, &group->field, order) &&
326
+ bn_copy_words(group->field_minus_order.words, group->field.width, &tmp);
327
+ BN_free(&tmp);
328
+ if (!ok) {
329
+ return 0;
330
+ }
331
+ }
332
+
333
+ group->generator = EC_POINT_new(group);
334
+ if (group->generator == NULL) {
335
+ return 0;
336
+ }
337
+ ec_affine_to_jacobian(group, &group->generator->raw, generator);
338
+ assert(ec_felem_equal(group, &group->one, &group->generator->raw.Z));
307
339
 
308
340
  // Avoid a reference cycle. |group->generator| does not maintain an owning
309
341
  // pointer to |group|.
310
- group->generator = generator;
311
342
  int is_zero = CRYPTO_refcount_dec_and_test_zero(&group->references);
312
343
 
313
344
  assert(!is_zero);
314
345
  (void)is_zero;
346
+ return 1;
315
347
  }
316
348
 
317
349
  EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
@@ -321,20 +353,37 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
321
353
  return NULL;
322
354
  }
323
355
 
324
- EC_GROUP *ret = ec_group_new(EC_GFp_mont_method());
325
- if (ret == NULL) {
326
- return NULL;
356
+ BN_CTX *new_ctx = NULL;
357
+ if (ctx == NULL) {
358
+ ctx = new_ctx = BN_CTX_new();
359
+ if (ctx == NULL) {
360
+ return NULL;
361
+ }
327
362
  }
328
363
 
329
- if (ret->meth->group_set_curve == NULL) {
330
- OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
331
- EC_GROUP_free(ret);
332
- return NULL;
364
+ // Historically, |a| and |b| were not required to be fully reduced.
365
+ // TODO(davidben): Can this be removed?
366
+ EC_GROUP *ret = NULL;
367
+ BN_CTX_start(ctx);
368
+ BIGNUM *a_reduced = BN_CTX_get(ctx);
369
+ BIGNUM *b_reduced = BN_CTX_get(ctx);
370
+ if (a_reduced == NULL || b_reduced == NULL ||
371
+ !BN_nnmod(a_reduced, a, p, ctx) ||
372
+ !BN_nnmod(b_reduced, b, p, ctx)) {
373
+ goto err;
333
374
  }
334
- if (!ret->meth->group_set_curve(ret, p, a, b, ctx)) {
375
+
376
+ ret = ec_group_new(EC_GFp_mont_method());
377
+ if (ret == NULL ||
378
+ !ret->meth->group_set_curve(ret, p, a_reduced, b_reduced, ctx)) {
335
379
  EC_GROUP_free(ret);
336
- return NULL;
380
+ ret = NULL;
381
+ goto err;
337
382
  }
383
+
384
+ err:
385
+ BN_CTX_end(ctx);
386
+ BN_CTX_free(new_ctx);
338
387
  return ret;
339
388
  }
340
389
 
@@ -367,7 +416,6 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
367
416
  // tiny prime (less than 17). See the proof in |field_element_to_scalar| in
368
417
  // the ECDSA implementation.
369
418
  int ret = 0;
370
- EC_POINT *copy = NULL;
371
419
  BIGNUM *tmp = BN_new();
372
420
  if (tmp == NULL ||
373
421
  !BN_lshift1(tmp, order)) {
@@ -378,44 +426,22 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
378
426
  goto err;
379
427
  }
380
428
 
381
- copy = EC_POINT_new(group);
382
- if (copy == NULL ||
383
- !EC_POINT_copy(copy, generator) ||
384
- !BN_copy(&group->order, order)) {
385
- goto err;
386
- }
387
- // Store the order in minimal form, so it can be used with |BN_ULONG| arrays.
388
- bn_set_minimal_width(&group->order);
389
-
390
- BN_MONT_CTX_free(group->order_mont);
391
- group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, NULL);
392
- if (group->order_mont == NULL) {
429
+ EC_AFFINE affine;
430
+ if (!ec_jacobian_to_affine(group, &affine, &generator->raw) ||
431
+ !ec_group_set_generator(group, &affine, order)) {
393
432
  goto err;
394
433
  }
395
434
 
396
- group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
397
- if (group->field_greater_than_order) {
398
- if (!BN_sub(tmp, &group->field, &group->order) ||
399
- !bn_copy_words(group->field_minus_order.words, group->field.width,
400
- tmp)) {
401
- goto err;
402
- }
403
- }
404
-
405
- ec_group_set0_generator(group, copy);
406
- copy = NULL;
407
435
  ret = 1;
408
436
 
409
437
  err:
410
- EC_POINT_free(copy);
411
438
  BN_free(tmp);
412
439
  return ret;
413
440
  }
414
441
 
415
442
  static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
416
443
  EC_GROUP *group = NULL;
417
- EC_POINT *P = NULL;
418
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
444
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL;
419
445
  int ok = 0;
420
446
 
421
447
  BN_CTX *ctx = BN_CTX_new();
@@ -429,7 +455,8 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
429
455
 
430
456
  if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
431
457
  !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
432
- !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
458
+ !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) ||
459
+ !(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))) {
433
460
  OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
434
461
  goto err;
435
462
  }
@@ -441,42 +468,18 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
441
468
  goto err;
442
469
  }
443
470
 
444
- if ((P = EC_POINT_new(group)) == NULL) {
445
- OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
446
- goto err;
447
- }
448
-
449
- if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) ||
450
- !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
451
- OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
452
- goto err;
453
- }
454
-
455
- if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
456
- OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
457
- goto err;
458
- }
459
- if (!BN_bin2bn(params + 5 * param_len, param_len, &group->order)) {
460
- OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
471
+ EC_AFFINE G;
472
+ EC_FELEM x, y;
473
+ if (!ec_felem_from_bytes(group, &x, params + 3 * param_len, param_len) ||
474
+ !ec_felem_from_bytes(group, &y, params + 4 * param_len, param_len) ||
475
+ !ec_point_set_affine_coordinates(group, &G, &x, &y)) {
461
476
  goto err;
462
477
  }
463
478
 
464
- group->field_greater_than_order = BN_cmp(&group->field, &group->order) > 0;
465
- if (group->field_greater_than_order) {
466
- if (!BN_sub(p, &group->field, &group->order) ||
467
- !bn_copy_words(group->field_minus_order.words, group->field.width, p)) {
468
- goto err;
469
- }
470
- }
471
-
472
- group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, ctx);
473
- if (group->order_mont == NULL) {
474
- OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
479
+ if (!ec_group_set_generator(group, &G, order)) {
475
480
  goto err;
476
481
  }
477
482
 
478
- ec_group_set0_generator(group, P);
479
- P = NULL;
480
483
  ok = 1;
481
484
 
482
485
  err:
@@ -484,13 +487,11 @@ err:
484
487
  EC_GROUP_free(group);
485
488
  group = NULL;
486
489
  }
487
- EC_POINT_free(P);
488
490
  BN_CTX_free(ctx);
489
491
  BN_free(p);
490
492
  BN_free(a);
491
493
  BN_free(b);
492
- BN_free(x);
493
- BN_free(y);
494
+ BN_free(order);
494
495
  return group;
495
496
  }
496
497
 
@@ -606,7 +607,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
606
607
  BN_cmp(&a->field, &b->field) != 0 ||
607
608
  !ec_felem_equal(a, &a->a, &b->a) ||
608
609
  !ec_felem_equal(a, &a->b, &b->b) ||
609
- ec_GFp_simple_cmp(a, &a->generator->raw, &b->generator->raw) != 0;
610
+ !ec_GFp_simple_points_equal(a, &a->generator->raw, &b->generator->raw);
610
611
  }
611
612
 
612
613
  const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
@@ -769,7 +770,9 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
769
770
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
770
771
  return -1;
771
772
  }
772
- return ec_GFp_simple_cmp(group, &a->raw, &b->raw);
773
+
774
+ // Note |EC_POINT_cmp| returns zero for equality and non-zero for inequality.
775
+ return ec_GFp_simple_points_equal(group, &a->raw, &b->raw) ? 0 : 1;
773
776
  }
774
777
 
775
778
  int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
@@ -787,10 +790,64 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
787
790
  if (!group->meth->point_get_affine_coordinates(group, &point->raw,
788
791
  x == NULL ? NULL : &x_felem,
789
792
  y == NULL ? NULL : &y_felem) ||
790
- (x != NULL && !bn_set_words(x, x_felem.words, group->field.width)) ||
791
- (y != NULL && !bn_set_words(y, y_felem.words, group->field.width))) {
793
+ (x != NULL && !ec_felem_to_bignum(group, x, &x_felem)) ||
794
+ (y != NULL && !ec_felem_to_bignum(group, y, &y_felem))) {
795
+ return 0;
796
+ }
797
+ return 1;
798
+ }
799
+
800
+ void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
801
+ const EC_AFFINE *p) {
802
+ out->X = p->X;
803
+ out->Y = p->Y;
804
+ out->Z = group->one;
805
+ }
806
+
807
+ int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
808
+ const EC_RAW_POINT *p) {
809
+ return group->meth->point_get_affine_coordinates(group, p, &out->X, &out->Y);
810
+ }
811
+
812
+ int ec_jacobian_to_affine_batch(const EC_GROUP *group, EC_AFFINE *out,
813
+ const EC_RAW_POINT *in, size_t num) {
814
+ if (group->meth->jacobian_to_affine_batch == NULL) {
815
+ OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
816
+ return 0;
817
+ }
818
+ return group->meth->jacobian_to_affine_batch(group, out, in, num);
819
+ }
820
+
821
+ int ec_point_set_affine_coordinates(const EC_GROUP *group, EC_AFFINE *out,
822
+ const EC_FELEM *x, const EC_FELEM *y) {
823
+ void (*const felem_mul)(const EC_GROUP *, EC_FELEM *r, const EC_FELEM *a,
824
+ const EC_FELEM *b) = group->meth->felem_mul;
825
+ void (*const felem_sqr)(const EC_GROUP *, EC_FELEM *r, const EC_FELEM *a) =
826
+ group->meth->felem_sqr;
827
+
828
+ // Check if the point is on the curve.
829
+ EC_FELEM lhs, rhs;
830
+ felem_sqr(group, &lhs, y); // lhs = y^2
831
+ felem_sqr(group, &rhs, x); // rhs = x^2
832
+ ec_felem_add(group, &rhs, &rhs, &group->a); // rhs = x^2 + a
833
+ felem_mul(group, &rhs, &rhs, x); // rhs = x^3 + ax
834
+ ec_felem_add(group, &rhs, &rhs, &group->b); // rhs = x^3 + ax + b
835
+ if (!ec_felem_equal(group, &lhs, &rhs)) {
836
+ OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
837
+ // In the event of an error, defend against the caller not checking the
838
+ // return value by setting a known safe value. Note this may not be possible
839
+ // if the caller is in the process of constructing an arbitrary group and
840
+ // the generator is missing.
841
+ if (group->generator != NULL) {
842
+ assert(ec_felem_equal(group, &group->one, &group->generator->raw.Z));
843
+ out->X = group->generator->raw.X;
844
+ out->Y = group->generator->raw.Y;
845
+ }
792
846
  return 0;
793
847
  }
848
+
849
+ out->X = *x;
850
+ out->Y = *y;
794
851
  return 1;
795
852
  }
796
853
 
@@ -801,24 +858,24 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
801
858
  OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
802
859
  return 0;
803
860
  }
804
- if (!ec_GFp_simple_point_set_affine_coordinates(group, &point->raw, x, y)) {
861
+
862
+ if (x == NULL || y == NULL) {
863
+ OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
805
864
  return 0;
806
865
  }
807
866
 
808
- if (!EC_POINT_is_on_curve(group, point, ctx)) {
867
+ EC_FELEM x_felem, y_felem;
868
+ EC_AFFINE affine;
869
+ if (!ec_bignum_to_felem(group, &x_felem, x) ||
870
+ !ec_bignum_to_felem(group, &y_felem, y) ||
871
+ !ec_point_set_affine_coordinates(group, &affine, &x_felem, &y_felem)) {
809
872
  // In the event of an error, defend against the caller not checking the
810
- // return value by setting a known safe value: the base point.
811
- const EC_POINT *generator = EC_GROUP_get0_generator(group);
812
- // The generator can be missing if the caller is in the process of
813
- // constructing an arbitrary group. In this, we give up and hope they're
814
- // checking the return value.
815
- if (generator) {
816
- ec_GFp_simple_point_copy(&point->raw, &generator->raw);
817
- }
818
- OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
873
+ // return value by setting a known safe value.
874
+ ec_set_to_safe_point(group, &point->raw);
819
875
  return 0;
820
876
  }
821
877
 
878
+ ec_affine_to_jacobian(group, &point->raw, &affine);
822
879
  return 1;
823
880
  }
824
881
 
@@ -949,10 +1006,27 @@ int ec_point_mul_scalar_public(const EC_GROUP *group, EC_RAW_POINT *r,
949
1006
  return 0;
950
1007
  }
951
1008
 
1009
+ if (group->meth->mul_public == NULL) {
1010
+ return group->meth->mul_public_batch(group, r, g_scalar, p, p_scalar, 1);
1011
+ }
1012
+
952
1013
  group->meth->mul_public(group, r, g_scalar, p, p_scalar);
953
1014
  return 1;
954
1015
  }
955
1016
 
1017
+ int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
1018
+ const EC_SCALAR *g_scalar,
1019
+ const EC_RAW_POINT *points,
1020
+ const EC_SCALAR *scalars, size_t num) {
1021
+ if (group->meth->mul_public_batch == NULL) {
1022
+ OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1023
+ return 0;
1024
+ }
1025
+
1026
+ return group->meth->mul_public_batch(group, r, g_scalar, points, scalars,
1027
+ num);
1028
+ }
1029
+
956
1030
  int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
957
1031
  const EC_RAW_POINT *p, const EC_SCALAR *scalar) {
958
1032
  if (p == NULL || scalar == NULL) {
@@ -961,6 +1035,14 @@ int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
961
1035
  }
962
1036
 
963
1037
  group->meth->mul(group, r, p, scalar);
1038
+
1039
+ // Check the result is on the curve to defend against fault attacks or bugs.
1040
+ // This has negligible cost compared to the multiplication.
1041
+ if (!ec_GFp_simple_is_on_curve(group, r)) {
1042
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
1043
+ return 0;
1044
+ }
1045
+
964
1046
  return 1;
965
1047
  }
966
1048
 
@@ -972,9 +1054,93 @@ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
972
1054
  }
973
1055
 
974
1056
  group->meth->mul_base(group, r, scalar);
1057
+
1058
+ // Check the result is on the curve to defend against fault attacks or bugs.
1059
+ // This has negligible cost compared to the multiplication.
1060
+ if (!ec_GFp_simple_is_on_curve(group, r)) {
1061
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
1062
+ return 0;
1063
+ }
1064
+
1065
+ return 1;
1066
+ }
1067
+
1068
+ int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_RAW_POINT *r,
1069
+ const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
1070
+ const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
1071
+ const EC_RAW_POINT *p2,
1072
+ const EC_SCALAR *scalar2) {
1073
+ if (group->meth->mul_batch == NULL) {
1074
+ OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1075
+ return 0;
1076
+ }
1077
+
1078
+ group->meth->mul_batch(group, r, p0, scalar0, p1, scalar1, p2, scalar2);
1079
+
1080
+ // Check the result is on the curve to defend against fault attacks or bugs.
1081
+ // This has negligible cost compared to the multiplication.
1082
+ if (!ec_GFp_simple_is_on_curve(group, r)) {
1083
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
1084
+ return 0;
1085
+ }
1086
+
1087
+ return 1;
1088
+ }
1089
+
1090
+ int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
1091
+ const EC_RAW_POINT *p) {
1092
+ if (group->meth->init_precomp == NULL) {
1093
+ OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1094
+ return 0;
1095
+ }
1096
+
1097
+ return group->meth->init_precomp(group, out, p);
1098
+ }
1099
+
1100
+ int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
1101
+ const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
1102
+ const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
1103
+ const EC_PRECOMP *p2,
1104
+ const EC_SCALAR *scalar2) {
1105
+ if (group->meth->mul_precomp == NULL) {
1106
+ OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1107
+ return 0;
1108
+ }
1109
+
1110
+ group->meth->mul_precomp(group, r, p0, scalar0, p1, scalar1, p2, scalar2);
1111
+
1112
+ // Check the result is on the curve to defend against fault attacks or bugs.
1113
+ // This has negligible cost compared to the multiplication.
1114
+ if (!ec_GFp_simple_is_on_curve(group, r)) {
1115
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
1116
+ return 0;
1117
+ }
1118
+
975
1119
  return 1;
976
1120
  }
977
1121
 
1122
+ void ec_point_select(const EC_GROUP *group, EC_RAW_POINT *out, BN_ULONG mask,
1123
+ const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
1124
+ ec_felem_select(group, &out->X, mask, &a->X, &b->X);
1125
+ ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y);
1126
+ ec_felem_select(group, &out->Z, mask, &a->Z, &b->Z);
1127
+ }
1128
+
1129
+ void ec_affine_select(const EC_GROUP *group, EC_AFFINE *out, BN_ULONG mask,
1130
+ const EC_AFFINE *a, const EC_AFFINE *b) {
1131
+ ec_felem_select(group, &out->X, mask, &a->X, &b->X);
1132
+ ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y);
1133
+ }
1134
+
1135
+ void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
1136
+ const EC_PRECOMP *a, const EC_PRECOMP *b) {
1137
+ OPENSSL_STATIC_ASSERT(sizeof(out->comb) == sizeof(*out),
1138
+ "out->comb does not span the entire structure");
1139
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(out->comb); i++) {
1140
+ ec_affine_select(group, &out->comb[i], mask, &a->comb[i], &b->comb[i]);
1141
+ }
1142
+ }
1143
+
978
1144
  int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
979
1145
  const EC_SCALAR *r) {
980
1146
  return group->meth->cmp_x_coordinate(group, p, r);
@@ -982,14 +1148,19 @@ int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
982
1148
 
983
1149
  int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
984
1150
  const EC_RAW_POINT *p) {
985
- EC_FELEM x;
986
- // For simplicity, in case of width mismatches between |group->field| and
987
- // |group->order|, zero any untouched words in |x|.
988
- OPENSSL_memset(&x, 0, sizeof(x));
989
- if (!group->meth->point_get_affine_coordinates(group, p, &x, NULL)) {
1151
+ uint8_t bytes[EC_MAX_BYTES];
1152
+ size_t len;
1153
+ if (!ec_get_x_coordinate_as_bytes(group, bytes, &len, sizeof(bytes), p)) {
990
1154
  return 0;
991
1155
  }
992
1156
 
1157
+ // For simplicity, in case of width mismatches between |group->field| and
1158
+ // |group->order|, zero any untouched words in |out|.
1159
+ OPENSSL_memset(out, 0, sizeof(EC_SCALAR));
1160
+ for (size_t i = 0; i < len; i++) {
1161
+ out->bytes[len - i - 1] = bytes[i];
1162
+ }
1163
+
993
1164
  // We must have p < 2×order, assuming p is not tiny (p >= 17). Thus rather we
994
1165
  // can reduce by performing at most one subtraction.
995
1166
  //
@@ -1008,17 +1179,17 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
1008
1179
 
1009
1180
  // The above does not guarantee |group->field| is not one word larger than
1010
1181
  // |group->order|, so read one extra carry word.
1182
+ BN_ULONG tmp[EC_MAX_WORDS];
1011
1183
  BN_ULONG carry =
1012
- group->order.width < EC_MAX_WORDS ? x.words[group->order.width] : 0;
1013
- bn_reduce_once(out->words, x.words, carry, group->order.d,
1014
- group->order.width);
1184
+ group->order.width < EC_MAX_WORDS ? out->words[group->order.width] : 0;
1185
+ bn_reduce_once_in_place(out->words, carry, group->order.d, tmp,
1186
+ group->order.width);
1015
1187
  return 1;
1016
1188
  }
1017
1189
 
1018
- int ec_point_get_affine_coordinate_bytes(const EC_GROUP *group, uint8_t *out_x,
1019
- uint8_t *out_y, size_t *out_len,
1020
- size_t max_out,
1021
- const EC_RAW_POINT *p) {
1190
+ int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
1191
+ size_t *out_len, size_t max_out,
1192
+ const EC_RAW_POINT *p) {
1022
1193
  size_t len = BN_num_bytes(&group->field);
1023
1194
  assert(len <= EC_MAX_BYTES);
1024
1195
  if (max_out < len) {
@@ -1026,26 +1197,27 @@ int ec_point_get_affine_coordinate_bytes(const EC_GROUP *group, uint8_t *out_x,
1026
1197
  return 0;
1027
1198
  }
1028
1199
 
1029
- EC_FELEM x, y;
1030
- if (!group->meth->point_get_affine_coordinates(
1031
- group, p, out_x == NULL ? NULL : &x, out_y == NULL ? NULL : &y)) {
1200
+ EC_FELEM x;
1201
+ if (!group->meth->point_get_affine_coordinates(group, p, &x, NULL)) {
1032
1202
  return 0;
1033
1203
  }
1034
1204
 
1035
- if (out_x != NULL) {
1036
- for (size_t i = 0; i < len; i++) {
1037
- out_x[i] = x.bytes[len - i - 1];
1038
- }
1039
- }
1040
- if (out_y != NULL) {
1041
- for (size_t i = 0; i < len; i++) {
1042
- out_y[i] = y.bytes[len - i - 1];
1043
- }
1044
- }
1205
+ ec_felem_to_bytes(group, out, out_len, &x);
1045
1206
  *out_len = len;
1046
1207
  return 1;
1047
1208
  }
1048
1209
 
1210
+ void ec_set_to_safe_point(const EC_GROUP *group, EC_RAW_POINT *out) {
1211
+ if (group->generator != NULL) {
1212
+ ec_GFp_simple_point_copy(out, &group->generator->raw);
1213
+ } else {
1214
+ // The generator can be missing if the caller is in the process of
1215
+ // constructing an arbitrary group. In this case, we give up and use the
1216
+ // point at infinity.
1217
+ ec_GFp_simple_point_set_to_infinity(group, out);
1218
+ }
1219
+ }
1220
+
1049
1221
  void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {}
1050
1222
 
1051
1223
  const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) {