grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -61,19 +61,38 @@
|
|
61
61
|
|
62
62
|
#include "internal.h"
|
63
63
|
|
64
|
+
void bn_big_endian_to_words(BN_ULONG *out, size_t out_len, const uint8_t *in,
|
65
|
+
size_t in_len) {
|
66
|
+
for (size_t i = 0; i < out_len; i++) {
|
67
|
+
if (in_len < sizeof(BN_ULONG)) {
|
68
|
+
// Load the last partial word.
|
69
|
+
BN_ULONG word = 0;
|
70
|
+
for (size_t j = 0; j < in_len; j++) {
|
71
|
+
word = (word << 8) | in[j];
|
72
|
+
}
|
73
|
+
in_len = 0;
|
74
|
+
out[i] = word;
|
75
|
+
// Fill the remainder with zeros.
|
76
|
+
OPENSSL_memset(out + i + 1, 0, (out_len - i - 1) * sizeof(BN_ULONG));
|
77
|
+
break;
|
78
|
+
}
|
64
79
|
|
65
|
-
|
66
|
-
|
67
|
-
unsigned m;
|
68
|
-
BN_ULONG word = 0;
|
69
|
-
BIGNUM *bn = NULL;
|
70
|
-
|
71
|
-
if (ret == NULL) {
|
72
|
-
ret = bn = BN_new();
|
80
|
+
in_len -= sizeof(BN_ULONG);
|
81
|
+
out[i] = CRYPTO_load_word_be(in + in_len);
|
73
82
|
}
|
74
83
|
|
84
|
+
// The caller should have sized the output to avoid truncation.
|
85
|
+
assert(in_len == 0);
|
86
|
+
}
|
87
|
+
|
88
|
+
BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
89
|
+
BIGNUM *bn = NULL;
|
75
90
|
if (ret == NULL) {
|
76
|
-
|
91
|
+
bn = BN_new();
|
92
|
+
if (bn == NULL) {
|
93
|
+
return NULL;
|
94
|
+
}
|
95
|
+
ret = bn;
|
77
96
|
}
|
78
97
|
|
79
98
|
if (len == 0) {
|
@@ -81,12 +100,9 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
|
81
100
|
return ret;
|
82
101
|
}
|
83
102
|
|
84
|
-
num_words = ((len - 1) / BN_BYTES) + 1;
|
85
|
-
m = (len - 1) % BN_BYTES;
|
103
|
+
size_t num_words = ((len - 1) / BN_BYTES) + 1;
|
86
104
|
if (!bn_wexpand(ret, num_words)) {
|
87
|
-
|
88
|
-
BN_free(bn);
|
89
|
-
}
|
105
|
+
BN_free(bn);
|
90
106
|
return NULL;
|
91
107
|
}
|
92
108
|
|
@@ -96,15 +112,7 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
|
96
112
|
ret->width = (int)num_words;
|
97
113
|
ret->neg = 0;
|
98
114
|
|
99
|
-
|
100
|
-
word = (word << 8) | *(in++);
|
101
|
-
if (m-- == 0) {
|
102
|
-
ret->d[--num_words] = word;
|
103
|
-
word = 0;
|
104
|
-
m = BN_BYTES - 1;
|
105
|
-
}
|
106
|
-
}
|
107
|
-
|
115
|
+
bn_big_endian_to_words(ret->d, ret->width, in, len);
|
108
116
|
return ret;
|
109
117
|
}
|
110
118
|
|
@@ -112,13 +120,12 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
|
112
120
|
BIGNUM *bn = NULL;
|
113
121
|
if (ret == NULL) {
|
114
122
|
bn = BN_new();
|
123
|
+
if (bn == NULL) {
|
124
|
+
return NULL;
|
125
|
+
}
|
115
126
|
ret = bn;
|
116
127
|
}
|
117
128
|
|
118
|
-
if (ret == NULL) {
|
119
|
-
return NULL;
|
120
|
-
}
|
121
|
-
|
122
129
|
if (len == 0) {
|
123
130
|
ret->width = 0;
|
124
131
|
ret->neg = 0;
|
@@ -131,7 +138,7 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
|
131
138
|
BN_free(bn);
|
132
139
|
return NULL;
|
133
140
|
}
|
134
|
-
ret->width = num_words;
|
141
|
+
ret->width = (int)num_words;
|
135
142
|
|
136
143
|
// Make sure the top bytes will be zeroed.
|
137
144
|
ret->d[num_words - 1] = 0;
|
@@ -142,38 +149,70 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
|
|
142
149
|
return ret;
|
143
150
|
}
|
144
151
|
|
145
|
-
|
146
|
-
|
147
|
-
|
152
|
+
// fits_in_bytes returns one if the |num_words| words in |words| can be
|
153
|
+
// represented in |num_bytes| bytes.
|
154
|
+
static int fits_in_bytes(const BN_ULONG *words, size_t num_words,
|
155
|
+
size_t num_bytes) {
|
156
|
+
const uint8_t *bytes = (const uint8_t *)words;
|
157
|
+
size_t tot_bytes = num_words * sizeof(BN_ULONG);
|
158
|
+
uint8_t mask = 0;
|
159
|
+
for (size_t i = num_bytes; i < tot_bytes; i++) {
|
160
|
+
mask |= bytes[i];
|
161
|
+
}
|
162
|
+
return mask == 0;
|
163
|
+
}
|
148
164
|
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
165
|
+
void bn_assert_fits_in_bytes(const BIGNUM *bn, size_t num) {
|
166
|
+
const uint8_t *bytes = (const uint8_t *)bn->d;
|
167
|
+
size_t tot_bytes = bn->width * sizeof(BN_ULONG);
|
168
|
+
if (tot_bytes > num) {
|
169
|
+
CONSTTIME_DECLASSIFY(bytes + num, tot_bytes - num);
|
170
|
+
for (size_t i = num; i < tot_bytes; i++) {
|
171
|
+
assert(bytes[i] == 0);
|
172
|
+
}
|
173
|
+
(void)bytes;
|
153
174
|
}
|
154
|
-
return n;
|
155
175
|
}
|
156
176
|
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
177
|
+
void bn_words_to_big_endian(uint8_t *out, size_t out_len, const BN_ULONG *in,
|
178
|
+
size_t in_len) {
|
179
|
+
// The caller should have selected an output length without truncation.
|
180
|
+
assert(fits_in_bytes(in, in_len, out_len));
|
181
|
+
|
182
|
+
// We only support little-endian platforms, so the internal representation is
|
183
|
+
// also little-endian as bytes. We can simply copy it in reverse.
|
184
|
+
const uint8_t *bytes = (const uint8_t *)in;
|
185
|
+
size_t num_bytes = in_len * sizeof(BN_ULONG);
|
186
|
+
if (out_len < num_bytes) {
|
187
|
+
num_bytes = out_len;
|
161
188
|
}
|
162
|
-
|
189
|
+
|
190
|
+
for (size_t i = 0; i < num_bytes; i++) {
|
191
|
+
out[out_len - i - 1] = bytes[i];
|
192
|
+
}
|
193
|
+
// Pad out the rest of the buffer with zeroes.
|
194
|
+
OPENSSL_memset(out, 0, out_len - num_bytes);
|
195
|
+
}
|
196
|
+
|
197
|
+
size_t BN_bn2bin(const BIGNUM *in, uint8_t *out) {
|
198
|
+
size_t n = BN_num_bytes(in);
|
199
|
+
bn_words_to_big_endian(out, n, in->d, in->width);
|
200
|
+
return n;
|
163
201
|
}
|
164
202
|
|
165
203
|
int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in) {
|
204
|
+
if (!fits_in_bytes(in->d, in->width, len)) {
|
205
|
+
return 0;
|
206
|
+
}
|
207
|
+
|
208
|
+
// We only support little-endian platforms, so we can simply memcpy into the
|
209
|
+
// internal representation.
|
166
210
|
const uint8_t *bytes = (const uint8_t *)in->d;
|
167
211
|
size_t num_bytes = in->width * BN_BYTES;
|
168
212
|
if (len < num_bytes) {
|
169
|
-
if (!fits_in_bytes(bytes, num_bytes, len)) {
|
170
|
-
return 0;
|
171
|
-
}
|
172
213
|
num_bytes = len;
|
173
214
|
}
|
174
215
|
|
175
|
-
// We only support little-endian platforms, so we can simply memcpy into the
|
176
|
-
// internal representation.
|
177
216
|
OPENSSL_memcpy(out, bytes, num_bytes);
|
178
217
|
// Pad out the rest of the buffer with zeroes.
|
179
218
|
OPENSSL_memset(out + num_bytes, 0, len - num_bytes);
|
@@ -181,22 +220,11 @@ int BN_bn2le_padded(uint8_t *out, size_t len, const BIGNUM *in) {
|
|
181
220
|
}
|
182
221
|
|
183
222
|
int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) {
|
184
|
-
|
185
|
-
|
186
|
-
if (len < num_bytes) {
|
187
|
-
if (!fits_in_bytes(bytes, num_bytes, len)) {
|
188
|
-
return 0;
|
189
|
-
}
|
190
|
-
num_bytes = len;
|
223
|
+
if (!fits_in_bytes(in->d, in->width, len)) {
|
224
|
+
return 0;
|
191
225
|
}
|
192
226
|
|
193
|
-
|
194
|
-
// in reverse.
|
195
|
-
for (size_t i = 0; i < num_bytes; i++) {
|
196
|
-
out[len - i - 1] = bytes[i];
|
197
|
-
}
|
198
|
-
// Pad out the rest of the buffer with zeroes.
|
199
|
-
OPENSSL_memset(out, 0, len - num_bytes);
|
227
|
+
bn_words_to_big_endian(out, len, in->d, in->width);
|
200
228
|
return 1;
|
201
229
|
}
|
202
230
|
|
@@ -56,8 +56,9 @@
|
|
56
56
|
|
57
57
|
#include <openssl/bn.h>
|
58
58
|
|
59
|
+
#include <assert.h>
|
60
|
+
|
59
61
|
#include <openssl/mem.h>
|
60
|
-
#include <openssl/type_check.h>
|
61
62
|
|
62
63
|
#include "internal.h"
|
63
64
|
#include "../../internal.h"
|
@@ -65,8 +66,8 @@
|
|
65
66
|
|
66
67
|
static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len,
|
67
68
|
const BN_ULONG *b, size_t b_len) {
|
68
|
-
|
69
|
-
|
69
|
+
static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
|
70
|
+
"crypto_word_t is too small");
|
70
71
|
int ret = 0;
|
71
72
|
// Process the common words in little-endian order.
|
72
73
|
size_t min = a_len < b_len ? a_len : b_len;
|
@@ -108,7 +108,6 @@ struct bignum_ctx {
|
|
108
108
|
BN_CTX *BN_CTX_new(void) {
|
109
109
|
BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
|
110
110
|
if (!ret) {
|
111
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
112
111
|
return NULL;
|
113
112
|
}
|
114
113
|
|
@@ -162,7 +161,6 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) {
|
|
162
161
|
if (ctx->bignums == NULL) {
|
163
162
|
ctx->bignums = sk_BIGNUM_new_null();
|
164
163
|
if (ctx->bignums == NULL) {
|
165
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
166
164
|
ctx->error = 1;
|
167
165
|
return NULL;
|
168
166
|
}
|
@@ -70,7 +70,7 @@ uint16_t bn_mod_u16_consttime(const BIGNUM *bn, uint16_t d) {
|
|
70
70
|
// This operation is not constant-time, but |p| and |d| are public values.
|
71
71
|
// Note that |p| is at most 16, so the computation fits in |uint64_t|.
|
72
72
|
assert(p <= 16);
|
73
|
-
uint32_t m = ((UINT64_C(1) << (32 + p)) + d - 1) / d;
|
73
|
+
uint32_t m = (uint32_t)(((UINT64_C(1) << (32 + p)) + d - 1) / d);
|
74
74
|
|
75
75
|
uint16_t ret = 0;
|
76
76
|
for (int i = bn->width - 1; i >= 0; i--) {
|
@@ -109,10 +109,10 @@
|
|
109
109
|
#include <openssl/bn.h>
|
110
110
|
|
111
111
|
#include <assert.h>
|
112
|
+
#include <limits.h>
|
112
113
|
#include <stdlib.h>
|
113
114
|
#include <string.h>
|
114
115
|
|
115
|
-
#include <openssl/cpu.h>
|
116
116
|
#include <openssl/err.h>
|
117
117
|
#include <openssl/mem.h>
|
118
118
|
|
@@ -397,7 +397,7 @@ err:
|
|
397
397
|
//
|
398
398
|
// (with draws in between). Very small exponents are often selected
|
399
399
|
// with low Hamming weight, so we use w = 1 for b <= 23.
|
400
|
-
static int BN_window_bits_for_exponent_size(
|
400
|
+
static int BN_window_bits_for_exponent_size(size_t b) {
|
401
401
|
if (b > 671) {
|
402
402
|
return 6;
|
403
403
|
}
|
@@ -444,6 +444,7 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
444
444
|
return BN_one(r);
|
445
445
|
}
|
446
446
|
|
447
|
+
BN_RECP_CTX_init(&recp);
|
447
448
|
BN_CTX_start(ctx);
|
448
449
|
aa = BN_CTX_get(ctx);
|
449
450
|
val[0] = BN_CTX_get(ctx);
|
@@ -451,7 +452,6 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
451
452
|
goto err;
|
452
453
|
}
|
453
454
|
|
454
|
-
BN_RECP_CTX_init(&recp);
|
455
455
|
if (m->neg) {
|
456
456
|
// ignore sign of 'm'
|
457
457
|
if (!BN_copy(aa, m)) {
|
@@ -594,7 +594,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
594
594
|
OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
|
595
595
|
return 0;
|
596
596
|
}
|
597
|
-
|
597
|
+
// |a| is secret, but |a < m| is not.
|
598
|
+
if (a->neg || constant_time_declassify_int(BN_ucmp(a, m)) >= 0) {
|
598
599
|
OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED);
|
599
600
|
return 0;
|
600
601
|
}
|
@@ -722,12 +723,14 @@ err:
|
|
722
723
|
void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
723
724
|
const BN_ULONG *p, size_t num_p,
|
724
725
|
const BN_MONT_CTX *mont) {
|
725
|
-
if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS
|
726
|
+
if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS ||
|
727
|
+
num_p > ((size_t)-1) / BN_BITS2) {
|
726
728
|
abort();
|
727
729
|
}
|
728
730
|
assert(BN_is_odd(&mont->N));
|
729
731
|
|
730
|
-
// Count the number of bits in |p
|
732
|
+
// Count the number of bits in |p|, skipping leading zeros. Note this function
|
733
|
+
// treats |p| as public.
|
731
734
|
while (num_p != 0 && p[num_p - 1] == 0) {
|
732
735
|
num_p--;
|
733
736
|
}
|
@@ -735,7 +738,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
|
735
738
|
bn_from_montgomery_small(r, num, mont->RR.d, num, mont);
|
736
739
|
return;
|
737
740
|
}
|
738
|
-
|
741
|
+
size_t bits = BN_num_bits_word(p[num_p - 1]) + (num_p - 1) * BN_BITS2;
|
739
742
|
assert(bits != 0);
|
740
743
|
|
741
744
|
// We exponentiate by looking at sliding windows of the exponent and
|
@@ -759,7 +762,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
|
|
759
762
|
// |p| is non-zero, so at least one window is non-zero. To save some
|
760
763
|
// multiplications, defer initializing |r| until then.
|
761
764
|
int r_is_one = 1;
|
762
|
-
|
765
|
+
size_t wstart = bits - 1; // The top bit of the window.
|
763
766
|
for (;;) {
|
764
767
|
if (!bn_is_bit_set_words(p, num_p, wstart)) {
|
765
768
|
if (!r_is_one) {
|
@@ -849,7 +852,11 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
|
|
849
852
|
OPENSSL_memset(b->d, 0, sizeof(BN_ULONG) * top);
|
850
853
|
const int width = 1 << window;
|
851
854
|
for (int i = 0; i < width; i++, table += top) {
|
852
|
-
|
855
|
+
// Use a value barrier to prevent Clang from adding a branch when |i != idx|
|
856
|
+
// and making this copy not constant time. Clang is still allowed to learn
|
857
|
+
// that |mask| is constant across the inner loop, so this won't inhibit any
|
858
|
+
// vectorization it might do.
|
859
|
+
BN_ULONG mask = value_barrier_w(constant_time_eq_int(i, idx));
|
853
860
|
for (int j = 0; j < top; j++) {
|
854
861
|
b->d[j] |= table[j] & mask;
|
855
862
|
}
|
@@ -859,40 +866,15 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
|
|
859
866
|
return 1;
|
860
867
|
}
|
861
868
|
|
862
|
-
#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK \
|
863
|
-
(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
|
864
|
-
|
865
869
|
// Window sizes optimized for fixed window size modular exponentiation
|
866
870
|
// algorithm (BN_mod_exp_mont_consttime).
|
867
871
|
//
|
868
|
-
//
|
869
|
-
//
|
870
|
-
//
|
871
|
-
//
|
872
|
-
// Window size thresholds are defined for cache line sizes of 32 and 64, cache
|
873
|
-
// line sizes where log_2(32)=5 and log_2(64)=6 respectively. A window size of
|
874
|
-
// 7 should only be used on processors that have a 128 byte or greater cache
|
875
|
-
// line size.
|
876
|
-
#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
|
877
|
-
|
872
|
+
// TODO(davidben): These window sizes were originally set for 64-byte cache
|
873
|
+
// lines with a cache-line-dependent constant-time mitigation. They can probably
|
874
|
+
// be revised now that our implementation is no longer cache-time-dependent.
|
878
875
|
#define BN_window_bits_for_ctime_exponent_size(b) \
|
879
876
|
((b) > 937 ? 6 : (b) > 306 ? 5 : (b) > 89 ? 4 : (b) > 22 ? 3 : 1)
|
880
|
-
#define
|
881
|
-
|
882
|
-
#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
|
883
|
-
|
884
|
-
#define BN_window_bits_for_ctime_exponent_size(b) \
|
885
|
-
((b) > 306 ? 5 : (b) > 89 ? 4 : (b) > 22 ? 3 : 1)
|
886
|
-
#define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
|
887
|
-
|
888
|
-
#endif
|
889
|
-
|
890
|
-
// Given a pointer value, compute the next address that is a cache line
|
891
|
-
// multiple.
|
892
|
-
#define MOD_EXP_CTIME_ALIGN(x_) \
|
893
|
-
((unsigned char *)(x_) + \
|
894
|
-
(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - \
|
895
|
-
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
|
877
|
+
#define BN_MAX_MOD_EXP_CTIME_WINDOW (6)
|
896
878
|
|
897
879
|
// This variant of |BN_mod_exp_mont| uses fixed windows and fixed memory access
|
898
880
|
// patterns to protect secret exponents (cf. the hyper-threading timing attacks
|
@@ -901,14 +883,12 @@ static int copy_from_prebuf(BIGNUM *b, int top, const BN_ULONG *table, int idx,
|
|
901
883
|
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
902
884
|
const BIGNUM *m, BN_CTX *ctx,
|
903
885
|
const BN_MONT_CTX *mont) {
|
904
|
-
int i, ret = 0,
|
886
|
+
int i, ret = 0, wvalue;
|
905
887
|
BN_MONT_CTX *new_mont = NULL;
|
906
888
|
|
907
|
-
|
908
|
-
|
909
|
-
int powerbufLen = 0;
|
889
|
+
unsigned char *powerbuf_free = NULL;
|
890
|
+
size_t powerbuf_len = 0;
|
910
891
|
BN_ULONG *powerbuf = NULL;
|
911
|
-
BIGNUM tmp, am;
|
912
892
|
|
913
893
|
if (!BN_is_odd(m)) {
|
914
894
|
OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS);
|
@@ -954,8 +934,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
954
934
|
// paths. If we were to use separate static buffers for each then there is
|
955
935
|
// some chance that both large buffers would be allocated on the stack,
|
956
936
|
// causing the stack space requirement to be truly huge (~10KB).
|
957
|
-
alignas(
|
958
|
-
storage[MOD_EXP_CTIME_STORAGE_LEN];
|
937
|
+
alignas(MOD_EXP_CTIME_ALIGN) BN_ULONG storage[MOD_EXP_CTIME_STORAGE_LEN];
|
959
938
|
#endif
|
960
939
|
#if defined(RSAZ_ENABLED)
|
961
940
|
// If the size of the operands allow it, perform the optimized RSAZ
|
@@ -976,112 +955,115 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
976
955
|
#endif
|
977
956
|
|
978
957
|
// Get the window size to use with size of p.
|
979
|
-
window = BN_window_bits_for_ctime_exponent_size(bits);
|
958
|
+
int window = BN_window_bits_for_ctime_exponent_size(bits);
|
959
|
+
assert(window <= BN_MAX_MOD_EXP_CTIME_WINDOW);
|
960
|
+
|
961
|
+
// Calculating |powerbuf_len| below cannot overflow because of the bound on
|
962
|
+
// Montgomery reduction.
|
963
|
+
assert((size_t)top <= BN_MONTGOMERY_MAX_WORDS);
|
964
|
+
static_assert(
|
965
|
+
BN_MONTGOMERY_MAX_WORDS <=
|
966
|
+
INT_MAX / sizeof(BN_ULONG) / ((1 << BN_MAX_MOD_EXP_CTIME_WINDOW) + 3),
|
967
|
+
"powerbuf_len may overflow");
|
968
|
+
|
980
969
|
#if defined(OPENSSL_BN_ASM_MONT5)
|
981
970
|
if (window >= 5) {
|
982
971
|
window = 5; // ~5% improvement for RSA2048 sign, and even for RSA4096
|
983
|
-
//
|
984
|
-
|
972
|
+
// Reserve space for the |mont->N| copy.
|
973
|
+
powerbuf_len += top * sizeof(mont->N.d[0]);
|
985
974
|
}
|
986
975
|
#endif
|
987
976
|
|
988
977
|
// Allocate a buffer large enough to hold all of the pre-computed
|
989
|
-
// powers of am
|
990
|
-
|
991
|
-
|
992
|
-
sizeof(m->d[0]) *
|
993
|
-
(top * numPowers + ((2 * top) > numPowers ? (2 * top) : numPowers));
|
978
|
+
// powers of |am|, |am| itself, and |tmp|.
|
979
|
+
int num_powers = 1 << window;
|
980
|
+
powerbuf_len += sizeof(m->d[0]) * top * (num_powers + 2);
|
994
981
|
|
995
982
|
#if defined(OPENSSL_BN_ASM_MONT5)
|
996
|
-
if (
|
983
|
+
if (powerbuf_len <= sizeof(storage)) {
|
997
984
|
powerbuf = storage;
|
998
985
|
}
|
999
986
|
// |storage| is more than large enough to handle 1024-bit inputs.
|
1000
987
|
assert(powerbuf != NULL || top * BN_BITS2 > 1024);
|
1001
988
|
#endif
|
1002
989
|
if (powerbuf == NULL) {
|
1003
|
-
|
1004
|
-
|
1005
|
-
if (powerbufFree == NULL) {
|
990
|
+
powerbuf_free = OPENSSL_malloc(powerbuf_len + MOD_EXP_CTIME_ALIGN);
|
991
|
+
if (powerbuf_free == NULL) {
|
1006
992
|
goto err;
|
1007
993
|
}
|
1008
|
-
powerbuf = (
|
994
|
+
powerbuf = align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN);
|
1009
995
|
}
|
1010
|
-
OPENSSL_memset(powerbuf, 0,
|
996
|
+
OPENSSL_memset(powerbuf, 0, powerbuf_len);
|
1011
997
|
|
1012
|
-
//
|
1013
|
-
tmp
|
998
|
+
// Place |tmp| and |am| right after powers table.
|
999
|
+
BIGNUM tmp, am;
|
1000
|
+
tmp.d = powerbuf + top * num_powers;
|
1014
1001
|
am.d = tmp.d + top;
|
1015
1002
|
tmp.width = am.width = 0;
|
1016
1003
|
tmp.dmax = am.dmax = top;
|
1017
1004
|
tmp.neg = am.neg = 0;
|
1018
1005
|
tmp.flags = am.flags = BN_FLG_STATIC_DATA;
|
1019
1006
|
|
1020
|
-
if (!bn_one_to_montgomery(&tmp, mont, ctx)
|
1007
|
+
if (!bn_one_to_montgomery(&tmp, mont, ctx) ||
|
1008
|
+
!bn_resize_words(&tmp, top)) {
|
1021
1009
|
goto err;
|
1022
1010
|
}
|
1023
1011
|
|
1024
|
-
//
|
1012
|
+
// Prepare a^1 in the Montgomery domain.
|
1025
1013
|
assert(!a->neg);
|
1026
1014
|
assert(BN_ucmp(a, m) < 0);
|
1027
|
-
if (!BN_to_montgomery(&am, a, mont, ctx)
|
1015
|
+
if (!BN_to_montgomery(&am, a, mont, ctx) ||
|
1016
|
+
!bn_resize_words(&am, top)) {
|
1028
1017
|
goto err;
|
1029
1018
|
}
|
1030
1019
|
|
1031
1020
|
#if defined(OPENSSL_BN_ASM_MONT5)
|
1032
|
-
// This optimization uses ideas from
|
1033
|
-
// specifically optimization of cache-timing attack countermeasures
|
1034
|
-
//
|
1035
|
-
|
1036
|
-
//
|
1037
|
-
//
|
1021
|
+
// This optimization uses ideas from https://eprint.iacr.org/2011/239,
|
1022
|
+
// specifically optimization of cache-timing attack countermeasures,
|
1023
|
+
// pre-computation optimization, and Almost Montgomery Multiplication.
|
1024
|
+
//
|
1025
|
+
// The paper discusses a 4-bit window to optimize 512-bit modular
|
1026
|
+
// exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
|
1027
|
+
// important.
|
1028
|
+
//
|
1029
|
+
// |bn_mul_mont_gather5| and |bn_power5| implement the "almost" reduction
|
1030
|
+
// variant, so the values here may not be fully reduced. They are bounded by R
|
1031
|
+
// (i.e. they fit in |top| words), not |m|. Additionally, we pass these
|
1032
|
+
// "almost" reduced inputs into |bn_mul_mont|, which implements the normal
|
1033
|
+
// reduction variant. Given those inputs, |bn_mul_mont| may not give reduced
|
1034
|
+
// output, but it will still produce "almost" reduced output.
|
1035
|
+
//
|
1036
|
+
// TODO(davidben): Using "almost" reduction complicates analysis of this code,
|
1037
|
+
// and its interaction with other parts of the project. Determine whether this
|
1038
|
+
// is actually necessary for performance.
|
1038
1039
|
if (window == 5 && top > 1) {
|
1039
|
-
|
1040
|
-
BN_ULONG *np;
|
1041
|
-
|
1042
|
-
// BN_to_montgomery can contaminate words above .top
|
1043
|
-
// [in BN_DEBUG[_DEBUG] build]...
|
1044
|
-
for (i = am.width; i < top; i++) {
|
1045
|
-
am.d[i] = 0;
|
1046
|
-
}
|
1047
|
-
for (i = tmp.width; i < top; i++) {
|
1048
|
-
tmp.d[i] = 0;
|
1049
|
-
}
|
1050
|
-
|
1051
|
-
// copy mont->N.d[] to improve cache locality
|
1052
|
-
for (np = am.d + top, i = 0; i < top; i++) {
|
1040
|
+
// Copy |mont->N| to improve cache locality.
|
1041
|
+
BN_ULONG *np = am.d + top;
|
1042
|
+
for (i = 0; i < top; i++) {
|
1053
1043
|
np[i] = mont->N.d[i];
|
1054
1044
|
}
|
1055
1045
|
|
1046
|
+
// Fill |powerbuf| with the first 32 powers of |am|.
|
1047
|
+
const BN_ULONG *n0 = mont->n0;
|
1056
1048
|
bn_scatter5(tmp.d, top, powerbuf, 0);
|
1057
1049
|
bn_scatter5(am.d, am.width, powerbuf, 1);
|
1058
1050
|
bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
|
1059
1051
|
bn_scatter5(tmp.d, top, powerbuf, 2);
|
1060
1052
|
|
1061
|
-
//
|
1053
|
+
// Square to compute powers of two.
|
1062
1054
|
for (i = 4; i < 32; i *= 2) {
|
1063
1055
|
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
|
1064
1056
|
bn_scatter5(tmp.d, top, powerbuf, i);
|
1065
1057
|
}
|
1066
|
-
|
1067
|
-
|
1058
|
+
// Compute odd powers |i| based on |i - 1|, then all powers |i * 2^j|.
|
1059
|
+
for (i = 3; i < 32; i += 2) {
|
1068
1060
|
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
|
1069
1061
|
bn_scatter5(tmp.d, top, powerbuf, i);
|
1070
|
-
for (j = 2 * i; j < 32; j *= 2) {
|
1062
|
+
for (int j = 2 * i; j < 32; j *= 2) {
|
1071
1063
|
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
|
1072
1064
|
bn_scatter5(tmp.d, top, powerbuf, j);
|
1073
1065
|
}
|
1074
1066
|
}
|
1075
|
-
for (; i < 16; i += 2) {
|
1076
|
-
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
|
1077
|
-
bn_scatter5(tmp.d, top, powerbuf, i);
|
1078
|
-
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
|
1079
|
-
bn_scatter5(tmp.d, top, powerbuf, 2 * i);
|
1080
|
-
}
|
1081
|
-
for (; i < 32; i += 2) {
|
1082
|
-
bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
|
1083
|
-
bn_scatter5(tmp.d, top, powerbuf, i);
|
1084
|
-
}
|
1085
1067
|
|
1086
1068
|
bits--;
|
1087
1069
|
for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) {
|
@@ -1138,15 +1120,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
1138
1120
|
bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, val);
|
1139
1121
|
}
|
1140
1122
|
}
|
1141
|
-
|
1142
|
-
|
1143
|
-
|
1144
|
-
|
1145
|
-
|
1146
|
-
|
1147
|
-
|
1148
|
-
|
1149
|
-
|
1123
|
+
// The result is now in |tmp| in Montgomery form, but it may not be fully
|
1124
|
+
// reduced. This is within bounds for |BN_from_montgomery| (tmp < R <= m*R)
|
1125
|
+
// so it will, when converting from Montgomery form, produce a fully reduced
|
1126
|
+
// result.
|
1127
|
+
//
|
1128
|
+
// This differs from Figure 2 of the paper, which uses AMM(h, 1) to convert
|
1129
|
+
// from Montgomery form with unreduced output, followed by an extra
|
1130
|
+
// reduction step. In the paper's terminology, we replace steps 9 and 10
|
1131
|
+
// with MM(h, 1).
|
1150
1132
|
} else
|
1151
1133
|
#endif
|
1152
1134
|
{
|
@@ -1164,7 +1146,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
1164
1146
|
|
1165
1147
|
copy_to_prebuf(&tmp, top, powerbuf, 2, window);
|
1166
1148
|
|
1167
|
-
for (i = 3; i <
|
1149
|
+
for (i = 3; i < num_powers; i++) {
|
1168
1150
|
// Calculate a^i = a^(i-1) * a
|
1169
1151
|
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) {
|
1170
1152
|
goto err;
|
@@ -1207,7 +1189,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
1207
1189
|
}
|
1208
1190
|
}
|
1209
1191
|
|
1210
|
-
// Convert the final result from
|
1192
|
+
// Convert the final result from Montgomery to standard format. If we used the
|
1193
|
+
// |OPENSSL_BN_ASM_MONT5| codepath, |tmp| may not be fully reduced. It is only
|
1194
|
+
// bounded by R rather than |m|. However, that is still within bounds for
|
1195
|
+
// |BN_from_montgomery|, which implements full Montgomery reduction, not
|
1196
|
+
// "almost" Montgomery reduction.
|
1211
1197
|
if (!BN_from_montgomery(rr, &tmp, mont, ctx)) {
|
1212
1198
|
goto err;
|
1213
1199
|
}
|
@@ -1215,11 +1201,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|
1215
1201
|
|
1216
1202
|
err:
|
1217
1203
|
BN_MONT_CTX_free(new_mont);
|
1218
|
-
if (powerbuf != NULL &&
|
1219
|
-
OPENSSL_cleanse(powerbuf,
|
1204
|
+
if (powerbuf != NULL && powerbuf_free == NULL) {
|
1205
|
+
OPENSSL_cleanse(powerbuf, powerbuf_len);
|
1220
1206
|
}
|
1221
|
-
OPENSSL_free(
|
1222
|
-
return
|
1207
|
+
OPENSSL_free(powerbuf_free);
|
1208
|
+
return ret;
|
1223
1209
|
}
|
1224
1210
|
|
1225
1211
|
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|