grpc 1.53.1 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (689) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +78 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/support/port_platform.h +4 -4
  6. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  7. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  9. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  10. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  11. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  12. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  14. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  16. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  17. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  18. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  19. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  20. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  21. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  25. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  26. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  27. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  28. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  29. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  30. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  31. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  32. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  33. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  34. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  35. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  36. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  37. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  38. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  39. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  40. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  41. data/src/core/ext/gcp/metadata_query.cc +142 -0
  42. data/src/core/ext/gcp/metadata_query.h +82 -0
  43. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  44. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
  45. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
  58. data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
  59. data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
  60. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  61. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  62. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  63. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  64. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  68. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  69. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  72. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  73. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  74. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  75. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  76. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  77. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  78. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  79. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  80. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  84. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  85. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  86. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  87. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  88. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  89. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  92. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  94. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  95. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  96. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  97. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  98. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  100. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  101. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  102. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  104. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  105. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  106. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  107. data/src/core/ext/xds/xds_client_stats.h +24 -20
  108. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  109. data/src/core/ext/xds/xds_endpoint.h +9 -1
  110. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  111. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  112. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  113. data/src/core/lib/channel/call_finalization.h +1 -1
  114. data/src/core/lib/channel/call_tracer.cc +51 -0
  115. data/src/core/lib/channel/call_tracer.h +101 -38
  116. data/src/core/lib/channel/connected_channel.cc +483 -1050
  117. data/src/core/lib/channel/context.h +8 -1
  118. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  119. data/src/core/lib/channel/promise_based_filter.h +27 -13
  120. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  121. data/src/core/lib/config/config_vars.cc +151 -0
  122. data/src/core/lib/config/config_vars.h +127 -0
  123. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  124. data/src/core/lib/config/load_config.cc +66 -0
  125. data/src/core/lib/config/load_config.h +49 -0
  126. data/src/core/lib/debug/trace.cc +5 -6
  127. data/src/core/lib/debug/trace.h +0 -5
  128. data/src/core/lib/event_engine/event_engine.cc +37 -2
  129. data/src/core/lib/event_engine/handle_containers.h +7 -22
  130. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  131. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  132. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  133. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  134. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  135. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  136. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  137. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  138. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  139. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  140. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  141. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  142. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  143. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  144. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  145. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  146. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  147. data/src/core/lib/experiments/config.cc +3 -10
  148. data/src/core/lib/experiments/experiments.cc +7 -0
  149. data/src/core/lib/experiments/experiments.h +9 -1
  150. data/src/core/lib/gpr/log.cc +15 -28
  151. data/src/core/lib/gprpp/fork.cc +8 -14
  152. data/src/core/lib/gprpp/orphanable.h +4 -3
  153. data/src/core/lib/gprpp/per_cpu.h +9 -3
  154. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  155. data/src/core/lib/gprpp/ref_counted.h +33 -34
  156. data/src/core/lib/gprpp/thd.h +16 -0
  157. data/src/core/lib/gprpp/time.cc +1 -0
  158. data/src/core/lib/gprpp/time.h +4 -4
  159. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  160. data/src/core/lib/iomgr/call_combiner.h +2 -2
  161. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  162. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  163. data/src/core/lib/iomgr/ev_posix.h +0 -3
  164. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  165. data/src/core/lib/iomgr/iomgr.cc +4 -8
  166. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  167. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  168. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  169. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  170. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  171. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  173. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  174. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  175. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  176. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  177. data/src/core/lib/promise/activity.cc +22 -6
  178. data/src/core/lib/promise/activity.h +61 -24
  179. data/src/core/lib/promise/cancel_callback.h +77 -0
  180. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  181. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  182. data/src/core/lib/promise/for_each.h +176 -0
  183. data/src/core/lib/promise/if.h +9 -0
  184. data/src/core/lib/promise/interceptor_list.h +23 -2
  185. data/src/core/lib/promise/latch.h +89 -3
  186. data/src/core/lib/promise/loop.h +13 -9
  187. data/src/core/lib/promise/map.h +7 -0
  188. data/src/core/lib/promise/party.cc +286 -0
  189. data/src/core/lib/promise/party.h +499 -0
  190. data/src/core/lib/promise/pipe.h +197 -57
  191. data/src/core/lib/promise/poll.h +48 -0
  192. data/src/core/lib/promise/promise.h +2 -2
  193. data/src/core/lib/resource_quota/arena.cc +19 -3
  194. data/src/core/lib/resource_quota/arena.h +119 -5
  195. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  196. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  197. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  198. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  199. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  200. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  202. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  203. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  204. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  205. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  206. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  207. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  208. data/src/core/lib/slice/slice.cc +1 -1
  209. data/src/core/lib/surface/builtins.cc +2 -0
  210. data/src/core/lib/surface/call.cc +926 -1024
  211. data/src/core/lib/surface/call.h +10 -0
  212. data/src/core/lib/surface/lame_client.cc +1 -0
  213. data/src/core/lib/surface/validate_metadata.cc +42 -43
  214. data/src/core/lib/surface/validate_metadata.h +0 -9
  215. data/src/core/lib/surface/version.cc +2 -2
  216. data/src/core/lib/transport/batch_builder.cc +179 -0
  217. data/src/core/lib/transport/batch_builder.h +468 -0
  218. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  219. data/src/core/lib/transport/bdp_estimator.h +10 -6
  220. data/src/core/lib/transport/custom_metadata.h +30 -0
  221. data/src/core/lib/transport/metadata_batch.cc +5 -2
  222. data/src/core/lib/transport/metadata_batch.h +17 -113
  223. data/src/core/lib/transport/parsed_metadata.h +6 -16
  224. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  225. data/src/core/lib/transport/transport.cc +30 -2
  226. data/src/core/lib/transport/transport.h +70 -14
  227. data/src/core/lib/transport/transport_impl.h +7 -0
  228. data/src/core/lib/transport/transport_op_string.cc +52 -42
  229. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  230. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  231. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  232. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  233. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  234. data/src/core/tsi/ssl_transport_security.cc +4 -2
  235. data/src/ruby/lib/grpc/version.rb +1 -1
  236. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  237. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  238. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  239. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  240. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  241. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  242. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  243. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  244. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  245. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  246. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  247. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  248. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  255. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  256. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  257. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  258. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  259. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  260. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  261. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  262. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  263. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  264. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  265. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  266. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  291. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  292. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  293. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  294. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  295. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  298. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  301. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  302. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  303. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  304. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  305. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  306. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  307. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  308. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  309. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  310. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  311. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  312. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  313. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  314. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  320. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  326. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  327. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  328. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  331. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  334. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  335. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  336. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  337. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  338. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  339. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  340. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  341. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  342. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  343. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  345. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  346. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  347. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  348. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  349. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  352. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  366. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  396. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  403. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  449. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  450. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  451. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  452. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  455. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  456. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  457. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  458. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  459. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  460. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  461. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  463. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  464. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  466. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  467. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  468. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  469. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  470. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  472. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  473. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  475. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  476. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  477. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  478. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  479. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  480. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  481. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  482. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  483. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  484. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  485. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  486. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  560. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  561. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  562. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  563. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  564. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  565. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  566. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  567. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  568. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  569. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  570. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  571. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  572. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  573. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  574. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  577. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  578. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  580. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  582. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  584. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  585. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  588. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  589. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  591. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  592. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  593. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  594. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  595. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  596. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  597. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  598. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  599. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  600. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  601. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  604. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  606. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  607. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  608. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  609. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  610. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  611. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  612. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  613. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  614. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  615. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  616. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  617. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  618. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  630. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  631. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  632. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  633. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  634. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  635. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  636. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  637. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  638. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  639. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  641. metadata +103 -70
  642. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  643. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  644. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
  645. data/src/core/lib/gprpp/global_config.h +0 -93
  646. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  647. data/src/core/lib/gprpp/global_config_env.h +0 -133
  648. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  649. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  650. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  651. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  652. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  653. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  654. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  655. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  656. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  657. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  658. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  659. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  660. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  661. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  662. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  663. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  664. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  667. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  668. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  669. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  670. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  671. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  672. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  673. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  675. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  676. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  682. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  683. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  684. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  685. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  686. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  687. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  688. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  689. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -61,19 +61,38 @@
61
61
 
62
62
  #include "internal.h"
63
63
 
64
+ void bn_big_endian_to_words(BN_ULONG *out, size_t out_len, const uint8_t *in,
65
+ size_t in_len) {
66
+ for (size_t i = 0; i < out_len; i++) {
67
+ if (in_len < sizeof(BN_ULONG)) {
68
+ // Load the last partial word.
69
+ BN_ULONG word = 0;
70
+ for (size_t j = 0; j < in_len; j++) {
71
+ word = (word << 8) | in[j];
72
+ }
73
+ in_len = 0;
74
+ out[i] = word;
75
+ // Fill the remainder with zeros.
76
+ OPENSSL_memset(out + i + 1, 0, (out_len - i - 1) * sizeof(BN_ULONG));
77
+ break;
78
+ }
64
79
 
65
- BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
66
- size_t num_words;
67
- unsigned m;
68
- BN_ULONG word = 0;
69
- BIGNUM *bn = NULL;
70
-
71
- if (ret == NULL) {
72
- ret = bn = BN_new();
80
+ in_len -= sizeof(BN_ULONG);
81
+ out[i] = CRYPTO_load_word_be(in + in_len);
73
82
  }
74
83
 
84
+ // The caller should have sized the output to avoid truncation.
85
+ assert(in_len == 0);
86
+ }
87
+
88
+ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
89
+ BIGNUM *bn = NULL;
75
90
  if (ret == NULL) {
76
- return NULL;
91
+ bn = BN_new();
92
+ if (bn == NULL) {
93
+ return NULL;
94
+ }
95
+ ret = bn;
77
96
  }
78
97
 
79
98
  if (len == 0) {
@@ -81,12 +100,9 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
81
100
  return ret;
82
101
  }
83
102
 
84
- num_words = ((len - 1) / BN_BYTES) + 1;
85
- m = (len - 1) % BN_BYTES;
103
+ size_t num_words = ((len - 1) / BN_BYTES) + 1;
86
104
  if (!bn_wexpand(ret, num_words)) {
87
- if (bn) {
88
- BN_free(bn);
89
- }
105
+ BN_free(bn);
90
106
  return NULL;
91
107
  }
92
108
 
@@ -96,15 +112,7 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
96
112
  ret->width = (int)num_words;
97
113
  ret->neg = 0;
98
114
 
99
- while (len--) {
100
- word = (word << 8) | *(in++);
101
- if (m-- == 0) {
102
- ret->d[--num_words] = word;
103
- word = 0;
104
- m = BN_BYTES - 1;
105
- }
106
- }
107
-
115
+ bn_big_endian_to_words(ret->d, ret->width, in, len);
108
116
  return ret;
109
117
  }
110
118
 
@@ -112,13 +120,12 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
112
120
  BIGNUM *bn = NULL;
113
121
  if (ret == NULL) {
114
122
  bn = BN_new();
123
+ if (bn == NULL) {
124
+ return NULL;
125
+ }
115
126
  ret = bn;
116
127
  }
117
128
 
118
- if (ret == NULL) {
119
- return NULL;
120
- }
121
-
122
129
  if (len == 0) {
123
130
  ret->width = 0;
124
131
  ret->neg = 0;
@@ -131,7 +138,7 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
131
138
  BN_free(bn);
132
139
  return NULL;
133
140
  }
134
- ret->width = num_words;
141
+ ret->width = (int)num_words;
135
142
 
136
143
  // Make sure the top bytes will be zeroed.
137
144
  ret->d[num_words - 1] = 0;
@@ -142,38 +149,70 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
142
149
  return ret;
143
150
  }
144
151
 
145
- size_t BN_bn2bin(const BIGNUM *in, uint8_t *out) {
146
- size_t n, i;
147
- BN_ULONG l;
152
+ // fits_in_bytes returns one if the |num_words| words in |words| can be
153
+ // represented in |num_bytes| bytes.
154
+ static int fits_in_bytes(const BN_ULONG *words, size_t num_words,
155
+ size_t num_bytes) {
156
+ const uint8_t *bytes = (const uint8_t *)words;
157
+ size_t tot_bytes = num_words * sizeof(BN_ULONG);
158
+ uint8_t mask = 0;
159
+ for (size_t i = num_bytes; i < tot_bytes; i++) {
160
+ mask |= bytes[i];
161
+ }
162
+ return mask == 0;
163
+ }
148
164
 
149
- n = i = BN_num_bytes(in);
150
- while (i--) {
151
- l = in->d[i / BN_BYTES];
152
- *(out++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
165
+ void bn_assert_fits_in_bytes(const BIGNUM *bn, size_t num) {
166
+ const uint8_t *bytes = (const uint8_t *)bn->d;
167
+ size_t tot_bytes = bn->width * sizeof(BN_ULONG);
168
+ if (tot_bytes > num) {
169
+ CONSTTIME_DECLASSIFY(bytes + num, tot_bytes - num);
170
+ for (size_t i = num; i < tot_bytes; i++) {
171
+ assert(bytes[i] == 0);
172
+ }
173
+ (void)bytes;
153
174
  }
154
- return n;
155
175
  }
156
176
 
157
- static int fits_in_bytes(const uint8_t *bytes, size_t num_bytes, size_t len) {
158
- uint8_t mask = 0;
159
- for (size_t i = len; i < num_bytes; i++) {
160
- mask |= bytes[i];
177
+ void bn_words_to_big_endian(uint8_t *out, size_t out_len, const BN_ULONG *in,
178
+ size_t in_len) {
179
+ // The caller should have selected an output length without truncation.
180
+ assert(fits_in_bytes(in, in_len, out_len));
181
+
182
+ // We only support little-endian platforms, so the internal representation is
183
+ // also little-endian as bytes. We can simply copy it in reverse.
184
+ const uint8_t *bytes = (const uint8_t *)in;
185
+ size_t num_bytes = in_len * sizeof(BN_ULONG);
186
+ if (out_len < num_bytes) {
187
+ num_bytes = out_len;
161
188
  }
162
- return mask == 0;
189
+
190
+ for (size_t i = 0; i < num_bytes; i++) {
191
+ out[out_len - i - 1] = bytes[i];
192
+ }
193
+ // Pad out the rest of the buffer with zeroes.
194
+ OPENSSL_memset(out, 0, out_len - num_bytes);
195
+ }
196
+
197
+ size_t BN_bn2bin(const BIGNUM *in, uint8_t *out) {
198
+ size_t n = BN_num_bytes(in);
199
+ bn_words_to_big_endian(out, n, in->d, in->width);
200
+ return n;
163
201
  }
164
202
 
165
203
  int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in) {
204
+ if (!fits_in_bytes(in->d, in->width, len)) {
205
+ return 0;
206
+ }
207
+
208
+ // We only support little-endian platforms, so we can simply memcpy into the
209
+ // internal representation.
166
210
  const uint8_t *bytes = (const uint8_t *)in->d;
167
211
  size_t num_bytes = in->width * BN_BYTES;
168
212
  if (len < num_bytes) {
169
- if (!fits_in_bytes(bytes, num_bytes, len)) {
170
- return 0;
171
- }
172
213
  num_bytes = len;
173
214
  }
174
215
 
175
- // We only support little-endian platforms, so we can simply memcpy into the
176
- // internal representation.
177
216
  OPENSSL_memcpy(out, bytes, num_bytes);
178
217
  // Pad out the rest of the buffer with zeroes.
179
218
  OPENSSL_memset(out + num_bytes, 0, len - num_bytes);
@@ -181,22 +220,11 @@ int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in) {
181
220
  }
182
221
 
183
222
  int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) {
184
- const uint8_t *bytes = (const uint8_t *)in->d;
185
- size_t num_bytes = in->width * BN_BYTES;
186
- if (len < num_bytes) {
187
- if (!fits_in_bytes(bytes, num_bytes, len)) {
188
- return 0;
189
- }
190
- num_bytes = len;
223
+ if (!fits_in_bytes(in->d, in->width, len)) {
224
+ return 0;
191
225
  }
192
226
 
193
- // We only support little-endian platforms, so we can simply write the buffer
194
- // in reverse.
195
- for (size_t i = 0; i < num_bytes; i++) {
196
- out[len - i - 1] = bytes[i];
197
- }
198
- // Pad out the rest of the buffer with zeroes.
199
- OPENSSL_memset(out, 0, len - num_bytes);
227
+ bn_words_to_big_endian(out, len, in->d, in->width);
200
228
  return 1;
201
229
  }
202
230
 
@@ -56,8 +56,9 @@
56
56
 
57
57
  #include <openssl/bn.h>
58
58
 
59
+ #include <assert.h>
60
+
59
61
  #include <openssl/mem.h>
60
- #include <openssl/type_check.h>
61
62
 
62
63
  #include "internal.h"
63
64
  #include "../../internal.h"
@@ -65,8 +66,8 @@
65
66
 
66
67
  static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len,
67
68
  const BN_ULONG *b, size_t b_len) {
68
- OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
69
- "crypto_word_t is too small");
69
+ static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
70
+ "crypto_word_t is too small");
70
71
  int ret = 0;
71
72
  // Process the common words in little-endian order.
72
73
  size_t min = a_len < b_len ? a_len : b_len;
@@ -108,7 +108,6 @@ struct bignum_ctx {
108
108
  BN_CTX *BN_CTX_new(void) {
109
109
  BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
110
110
  if (!ret) {
111
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
112
111
  return NULL;
113
112
  }
114
113
 
@@ -162,7 +161,6 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) {
162
161
  if (ctx->bignums == NULL) {
163
162
  ctx->bignums = sk_BIGNUM_new_null();
164
163
  if (ctx->bignums == NULL) {
165
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
166
164
  ctx->error = 1;
167
165
  return NULL;
168
166
  }
@@ -552,7 +552,7 @@ static BIGNUM *bn_scratch_space_from_ctx(size_t width, BN_CTX *ctx) {
552
552
  return NULL;
553
553
  }
554
554
  ret->neg = 0;
555
- ret->width = width;
555
+ ret->width = (int)width;
556
556
  return ret;
557
557
  }
558
558
 
@@ -70,7 +70,7 @@ uint16_t bn_mod_u16_consttime(const BIGNUM *bn, uint16_t d) {
70
70
  // This operation is not constant-time, but |p| and |d| are public values.
71
71
  // Note that |p| is at most 16, so the computation fits in |uint64_t|.
72
72
  assert(p <= 16);
73
- uint32_t m = ((UINT64_C(1) << (32 + p)) + d - 1) / d;
73
+ uint32_t m = (uint32_t)(((UINT64_C(1) << (32 + p)) + d - 1) / d);
74
74
 
75
75
  uint16_t ret = 0;
76
76
  for (int i = bn->width - 1; i >= 0; i--) {
@@ -109,10 +109,10 @@
109
109
  #include <openssl/bn.h>
110
110
 
111
111
  #include <assert.h>
112
+ #include <limits.h>
112
113
  #include <stdlib.h>
113
114
  #include <string.h>
114
115
 
115
- #include <openssl/cpu.h>
116
116
  #include <openssl/err.h>
117
117
  #include <openssl/mem.h>
118
118
 
@@ -397,7 +397,7 @@ err:
397
397
  //
398
398
  // (with draws in between). Very small exponents are often selected
399
399
  // with low Hamming weight, so we use w = 1 for b <= 23.
400
- static int BN_window_bits_for_exponent_size(int b) {
400
+ static int BN_window_bits_for_exponent_size(size_t b) {
401
401
  if (b > 671) {
402
402
  return 6;
403
403
  }
@@ -444,6 +444,7 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
444
444
  return BN_one(r);
445
445
  }
446
446
 
447
+ BN_RECP_CTX_init(&recp);
447
448
  BN_CTX_start(ctx);
448
449
  aa = BN_CTX_get(ctx);
449
450
  val[0] = BN_CTX_get(ctx);
@@ -451,7 +452,6 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
451
452
  goto err;
452
453
  }
453
454
 
454
- BN_RECP_CTX_init(&recp);
455
455
  if (m->neg) {
456
456
  // ignore sign of 'm'
457
457
  if (!BN_copy(aa, m)) {
@@ -594,7 +594,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
594
594
  OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
595
595
  return 0;
596
596
  }
597
- if (a->neg || BN_ucmp(a, m) >= 0) {
597
+ // |a| is secret, but |a < m| is not.
598
+ if (a->neg || constant_time_declassify_int(BN_ucmp(a, m)) >= 0) {
598
599
  OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED);
599
600
  return 0;
600
601
  }
@@ -722,12 +723,14 @@ err:
722
723
  void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
723
724
  const BN_ULONG *p, size_t num_p,
724
725
  const BN_MONT_CTX *mont) {
725
- if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS) {
726
+ if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS ||
727
+ num_p > ((size_t)-1) / BN_BITS2) {
726
728
  abort();
727
729
  }
728
730
  assert(BN_is_odd(&mont->N));
729
731
 
730
- // Count the number of bits in |p|. Note this function treats |p| as public.
732
+ // Count the number of bits in |p|, skipping leading zeros. Note this function
733
+ // treats |p| as public.
731
734
  while (num_p != 0 && p[num_p - 1] == 0) {
732
735
  num_p--;
733
736
  }
@@ -735,7 +738,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
735
738
  bn_from_montgomery_small(r, num, mont->RR.d, num, mont);
736
739
  return;
737
740
  }
738
- unsigned bits = BN_num_bits_word(p[num_p - 1]) + (num_p - 1) * BN_BITS2;
741
+ size_t bits = BN_num_bits_word(p[num_p - 1]) + (num_p - 1) * BN_BITS2;
739
742
  assert(bits != 0);
740
743
 
741
744
  // We exponentiate by looking at sliding windows of the exponent and
@@ -759,7 +762,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
759
762
  // |p| is non-zero, so at least one window is non-zero. To save some
760
763
  // multiplications, defer initializing |r| until then.
761
764
  int r_is_one = 1;
762
- unsigned wstart = bits - 1; // The top bit of the window.
765
+ size_t wstart = bits - 1; // The top bit of the window.
763
766
  for (;;) {
764
767
  if (!bn_is_bit_set_words(p, num_p, wstart)) {
765
768
  if (!r_is_one) {
@@ -849,7 +852,11 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
849
852
  OPENSSL_memset(b->d, 0, sizeof(BN_ULONG) * top);
850
853
  const int width = 1 << window;
851
854
  for (int i = 0; i < width; i++, table += top) {
852
- BN_ULONG mask = constant_time_eq_int(i, idx);
855
+ // Use a value barrier to prevent Clang from adding a branch when |i != idx|
856
+ // and making this copy not constant time. Clang is still allowed to learn
857
+ // that |mask| is constant across the inner loop, so this won't inhibit any
858
+ // vectorization it might do.
859
+ BN_ULONG mask = value_barrier_w(constant_time_eq_int(i, idx));
853
860
  for (int j = 0; j < top; j++) {
854
861
  b->d[j] |= table[j] & mask;
855
862
  }
@@ -859,40 +866,15 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
859
866
  return 1;
860
867
  }
861
868
 
862
- #define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK \
863
- (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
864
-
865
869
  // Window sizes optimized for fixed window size modular exponentiation
866
870
  // algorithm (BN_mod_exp_mont_consttime).
867
871
  //
868
- // To achieve the security goals of BN_mode_exp_mont_consttime, the maximum
869
- // size of the window must not exceed
870
- // log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
871
- //
872
- // Window size thresholds are defined for cache line sizes of 32 and 64, cache
873
- // line sizes where log_2(32)=5 and log_2(64)=6 respectively. A window size of
874
- // 7 should only be used on processors that have a 128 byte or greater cache
875
- // line size.
876
- #if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
877
-
872
+ // TODO(davidben): These window sizes were originally set for 64-byte cache
873
+ // lines with a cache-line-dependent constant-time mitigation. They can probably
874
+ // be revised now that our implementation is no longer cache-time-dependent.
878
875
  #define BN_window_bits_for_ctime_exponent_size(b) \
879
876
  ((b) > 937 ? 6 : (b) > 306 ? 5 : (b) > 89 ? 4 : (b) > 22 ? 3 : 1)
880
- #define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
881
-
882
- #elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
883
-
884
- #define BN_window_bits_for_ctime_exponent_size(b) \
885
- ((b) > 306 ? 5 : (b) > 89 ? 4 : (b) > 22 ? 3 : 1)
886
- #define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
887
-
888
- #endif
889
-
890
- // Given a pointer value, compute the next address that is a cache line
891
- // multiple.
892
- #define MOD_EXP_CTIME_ALIGN(x_) \
893
- ((unsigned char *)(x_) + \
894
- (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - \
895
- (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
877
+ #define BN_MAX_MOD_EXP_CTIME_WINDOW (6)
896
878
 
897
879
  // This variant of |BN_mod_exp_mont| uses fixed windows and fixed memory access
898
880
  // patterns to protect secret exponents (cf. the hyper-threading timing attacks
@@ -901,14 +883,12 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
901
883
  int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
902
884
  const BIGNUM *m, BN_CTX *ctx,
903
885
  const BN_MONT_CTX *mont) {
904
- int i, ret = 0, window, wvalue;
886
+ int i, ret = 0, wvalue;
905
887
  BN_MONT_CTX *new_mont = NULL;
906
888
 
907
- int numPowers;
908
- unsigned char *powerbufFree = NULL;
909
- int powerbufLen = 0;
889
+ unsigned char *powerbuf_free = NULL;
890
+ size_t powerbuf_len = 0;
910
891
  BN_ULONG *powerbuf = NULL;
911
- BIGNUM tmp, am;
912
892
 
913
893
  if (!BN_is_odd(m)) {
914
894
  OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -954,8 +934,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
954
934
  // paths. If we were to use separate static buffers for each then there is
955
935
  // some chance that both large buffers would be allocated on the stack,
956
936
  // causing the stack space requirement to be truly huge (~10KB).
957
- alignas(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH) BN_ULONG
958
- storage[MOD_EXP_CTIME_STORAGE_LEN];
937
+ alignas(MOD_EXP_CTIME_ALIGN) BN_ULONG storage[MOD_EXP_CTIME_STORAGE_LEN];
959
938
  #endif
960
939
  #if defined(RSAZ_ENABLED)
961
940
  // If the size of the operands allow it, perform the optimized RSAZ
@@ -976,112 +955,115 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
976
955
  #endif
977
956
 
978
957
  // Get the window size to use with size of p.
979
- window = BN_window_bits_for_ctime_exponent_size(bits);
958
+ int window = BN_window_bits_for_ctime_exponent_size(bits);
959
+ assert(window <= BN_MAX_MOD_EXP_CTIME_WINDOW);
960
+
961
+ // Calculating |powerbuf_len| below cannot overflow because of the bound on
962
+ // Montgomery reduction.
963
+ assert((size_t)top <= BN_MONTGOMERY_MAX_WORDS);
964
+ static_assert(
965
+ BN_MONTGOMERY_MAX_WORDS <=
966
+ INT_MAX / sizeof(BN_ULONG) / ((1 << BN_MAX_MOD_EXP_CTIME_WINDOW) + 3),
967
+ "powerbuf_len may overflow");
968
+
980
969
  #if defined(OPENSSL_BN_ASM_MONT5)
981
970
  if (window >= 5) {
982
971
  window = 5; // ~5% improvement for RSA2048 sign, and even for RSA4096
983
- // reserve space for mont->N.d[] copy
984
- powerbufLen += top * sizeof(mont->N.d[0]);
972
+ // Reserve space for the |mont->N| copy.
973
+ powerbuf_len += top * sizeof(mont->N.d[0]);
985
974
  }
986
975
  #endif
987
976
 
988
977
  // Allocate a buffer large enough to hold all of the pre-computed
989
- // powers of am, am itself and tmp.
990
- numPowers = 1 << window;
991
- powerbufLen +=
992
- sizeof(m->d[0]) *
993
- (top * numPowers + ((2 * top) > numPowers ? (2 * top) : numPowers));
978
+ // powers of |am|, |am| itself, and |tmp|.
979
+ int num_powers = 1 << window;
980
+ powerbuf_len += sizeof(m->d[0]) * top * (num_powers + 2);
994
981
 
995
982
  #if defined(OPENSSL_BN_ASM_MONT5)
996
- if ((size_t)powerbufLen <= sizeof(storage)) {
983
+ if (powerbuf_len <= sizeof(storage)) {
997
984
  powerbuf = storage;
998
985
  }
999
986
  // |storage| is more than large enough to handle 1024-bit inputs.
1000
987
  assert(powerbuf != NULL || top * BN_BITS2 > 1024);
1001
988
  #endif
1002
989
  if (powerbuf == NULL) {
1003
- powerbufFree =
1004
- OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
1005
- if (powerbufFree == NULL) {
990
+ powerbuf_free = OPENSSL_malloc(powerbuf_len + MOD_EXP_CTIME_ALIGN);
991
+ if (powerbuf_free == NULL) {
1006
992
  goto err;
1007
993
  }
1008
- powerbuf = (BN_ULONG *)MOD_EXP_CTIME_ALIGN(powerbufFree);
994
+ powerbuf = align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN);
1009
995
  }
1010
- OPENSSL_memset(powerbuf, 0, powerbufLen);
996
+ OPENSSL_memset(powerbuf, 0, powerbuf_len);
1011
997
 
1012
- // lay down tmp and am right after powers table
1013
- tmp.d = powerbuf + top * numPowers;
998
+ // Place |tmp| and |am| right after powers table.
999
+ BIGNUM tmp, am;
1000
+ tmp.d = powerbuf + top * num_powers;
1014
1001
  am.d = tmp.d + top;
1015
1002
  tmp.width = am.width = 0;
1016
1003
  tmp.dmax = am.dmax = top;
1017
1004
  tmp.neg = am.neg = 0;
1018
1005
  tmp.flags = am.flags = BN_FLG_STATIC_DATA;
1019
1006
 
1020
- if (!bn_one_to_montgomery(&tmp, mont, ctx)) {
1007
+ if (!bn_one_to_montgomery(&tmp, mont, ctx) ||
1008
+ !bn_resize_words(&tmp, top)) {
1021
1009
  goto err;
1022
1010
  }
1023
1011
 
1024
- // prepare a^1 in Montgomery domain
1012
+ // Prepare a^1 in the Montgomery domain.
1025
1013
  assert(!a->neg);
1026
1014
  assert(BN_ucmp(a, m) < 0);
1027
- if (!BN_to_montgomery(&am, a, mont, ctx)) {
1015
+ if (!BN_to_montgomery(&am, a, mont, ctx) ||
1016
+ !bn_resize_words(&am, top)) {
1028
1017
  goto err;
1029
1018
  }
1030
1019
 
1031
1020
  #if defined(OPENSSL_BN_ASM_MONT5)
1032
- // This optimization uses ideas from http://eprint.iacr.org/2011/239,
1033
- // specifically optimization of cache-timing attack countermeasures
1034
- // and pre-computation optimization.
1035
-
1036
- // Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
1037
- // 512-bit RSA is hardly relevant, we omit it to spare size...
1021
+ // This optimization uses ideas from https://eprint.iacr.org/2011/239,
1022
+ // specifically optimization of cache-timing attack countermeasures,
1023
+ // pre-computation optimization, and Almost Montgomery Multiplication.
1024
+ //
1025
+ // The paper discusses a 4-bit window to optimize 512-bit modular
1026
+ // exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
1027
+ // important.
1028
+ //
1029
+ // |bn_mul_mont_gather5| and |bn_power5| implement the "almost" reduction
1030
+ // variant, so the values here may not be fully reduced. They are bounded by R
1031
+ // (i.e. they fit in |top| words), not |m|. Additionally, we pass these
1032
+ // "almost" reduced inputs into |bn_mul_mont|, which implements the normal
1033
+ // reduction variant. Given those inputs, |bn_mul_mont| may not give reduced
1034
+ // output, but it will still produce "almost" reduced output.
1035
+ //
1036
+ // TODO(davidben): Using "almost" reduction complicates analysis of this code,
1037
+ // and its interaction with other parts of the project. Determine whether this
1038
+ // is actually necessary for performance.
1038
1039
  if (window == 5 && top > 1) {
1039
- const BN_ULONG *n0 = mont->n0;
1040
- BN_ULONG *np;
1041
-
1042
- // BN_to_montgomery can contaminate words above .top
1043
- // [in BN_DEBUG[_DEBUG] build]...
1044
- for (i = am.width; i < top; i++) {
1045
- am.d[i] = 0;
1046
- }
1047
- for (i = tmp.width; i < top; i++) {
1048
- tmp.d[i] = 0;
1049
- }
1050
-
1051
- // copy mont->N.d[] to improve cache locality
1052
- for (np = am.d + top, i = 0; i < top; i++) {
1040
+ // Copy |mont->N| to improve cache locality.
1041
+ BN_ULONG *np = am.d + top;
1042
+ for (i = 0; i < top; i++) {
1053
1043
  np[i] = mont->N.d[i];
1054
1044
  }
1055
1045
 
1046
+ // Fill |powerbuf| with the first 32 powers of |am|.
1047
+ const BN_ULONG *n0 = mont->n0;
1056
1048
  bn_scatter5(tmp.d, top, powerbuf, 0);
1057
1049
  bn_scatter5(am.d, am.width, powerbuf, 1);
1058
1050
  bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
1059
1051
  bn_scatter5(tmp.d, top, powerbuf, 2);
1060
1052
 
1061
- // same as above, but uses squaring for 1/2 of operations
1053
+ // Square to compute powers of two.
1062
1054
  for (i = 4; i < 32; i *= 2) {
1063
1055
  bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
1064
1056
  bn_scatter5(tmp.d, top, powerbuf, i);
1065
1057
  }
1066
- for (i = 3; i < 8; i += 2) {
1067
- int j;
1058
+ // Compute odd powers |i| based on |i - 1|, then all powers |i * 2^j|.
1059
+ for (i = 3; i < 32; i += 2) {
1068
1060
  bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
1069
1061
  bn_scatter5(tmp.d, top, powerbuf, i);
1070
- for (j = 2 * i; j < 32; j *= 2) {
1062
+ for (int j = 2 * i; j < 32; j *= 2) {
1071
1063
  bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
1072
1064
  bn_scatter5(tmp.d, top, powerbuf, j);
1073
1065
  }
1074
1066
  }
1075
- for (; i < 16; i += 2) {
1076
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
1077
- bn_scatter5(tmp.d, top, powerbuf, i);
1078
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
1079
- bn_scatter5(tmp.d, top, powerbuf, 2 * i);
1080
- }
1081
- for (; i < 32; i += 2) {
1082
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
1083
- bn_scatter5(tmp.d, top, powerbuf, i);
1084
- }
1085
1067
 
1086
1068
  bits--;
1087
1069
  for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) {
@@ -1138,15 +1120,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
1138
1120
  bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, val);
1139
1121
  }
1140
1122
  }
1141
-
1142
- ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
1143
- tmp.width = top;
1144
- if (ret) {
1145
- if (!BN_copy(rr, &tmp)) {
1146
- ret = 0;
1147
- }
1148
- goto err; // non-zero ret means it's not error
1149
- }
1123
+ // The result is now in |tmp| in Montgomery form, but it may not be fully
1124
+ // reduced. This is within bounds for |BN_from_montgomery| (tmp < R <= m*R)
1125
+ // so it will, when converting from Montgomery form, produce a fully reduced
1126
+ // result.
1127
+ //
1128
+ // This differs from Figure 2 of the paper, which uses AMM(h, 1) to convert
1129
+ // from Montgomery form with unreduced output, followed by an extra
1130
+ // reduction step. In the paper's terminology, we replace steps 9 and 10
1131
+ // with MM(h, 1).
1150
1132
  } else
1151
1133
  #endif
1152
1134
  {
@@ -1164,7 +1146,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
1164
1146
 
1165
1147
  copy_to_prebuf(&tmp, top, powerbuf, 2, window);
1166
1148
 
1167
- for (i = 3; i < numPowers; i++) {
1149
+ for (i = 3; i < num_powers; i++) {
1168
1150
  // Calculate a^i = a^(i-1) * a
1169
1151
  if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) {
1170
1152
  goto err;
@@ -1207,7 +1189,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
1207
1189
  }
1208
1190
  }
1209
1191
 
1210
- // Convert the final result from montgomery to standard format
1192
+ // Convert the final result from Montgomery to standard format. If we used the
1193
+ // |OPENSSL_BN_ASM_MONT5| codepath, |tmp| may not be fully reduced. It is only
1194
+ // bounded by R rather than |m|. However, that is still within bounds for
1195
+ // |BN_from_montgomery|, which implements full Montgomery reduction, not
1196
+ // "almost" Montgomery reduction.
1211
1197
  if (!BN_from_montgomery(rr, &tmp, mont, ctx)) {
1212
1198
  goto err;
1213
1199
  }
@@ -1215,11 +1201,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
1215
1201
 
1216
1202
  err:
1217
1203
  BN_MONT_CTX_free(new_mont);
1218
- if (powerbuf != NULL && powerbufFree == NULL) {
1219
- OPENSSL_cleanse(powerbuf, powerbufLen);
1204
+ if (powerbuf != NULL && powerbuf_free == NULL) {
1205
+ OPENSSL_cleanse(powerbuf, powerbuf_len);
1220
1206
  }
1221
- OPENSSL_free(powerbufFree);
1222
- return (ret);
1207
+ OPENSSL_free(powerbuf_free);
1208
+ return ret;
1223
1209
  }
1224
1210
 
1225
1211
  int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,