RubyGems - grpc - Versions diffs - 1.55.0 → 1.56.2 - Mend

grpc 1.55.0 → 1.56.2

Files changed (395) hide show

data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h CHANGED Viewed

@@ -32,11 +32,7 @@ void x25519_NEON(uint8_t out[32], const uint8_t scalar[32],
                  const uint8_t point[32]);
 #endif
-#if defined(BORINGSSL_HAS_UINT128)
-#define BORINGSSL_CURVE25519_64BIT
-#endif
-#if defined(BORINGSSL_CURVE25519_64BIT)
+#if defined(OPENSSL_64_BIT)
 // fe means field element. Here the field is \Z/(2^255-19). An element t,
 // entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153
 // t[3]+2^204 t[4].

data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c CHANGED Viewed

@@ -202,6 +202,10 @@ int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
     dsa->g = g;
   }
+  BN_MONT_CTX_free(dsa->method_mont_p);
+  dsa->method_mont_p = NULL;
+  BN_MONT_CTX_free(dsa->method_mont_q);
+  dsa->method_mont_q = NULL;
   return 1;
 }

data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c CHANGED Viewed

@@ -273,7 +273,7 @@ static BN_ULONG sqrt_ratio_3mod4(const EC_GROUP *group, const EC_FELEM *Z,
 // in appendix F.2.
 static void map_to_curve_simple_swu(const EC_GROUP *group, const EC_FELEM *Z,
                                     const BN_ULONG *c1, size_t num_c1,
-                                    const EC_FELEM *c2, EC_RAW_POINT *out,
+                                    const EC_FELEM *c2, EC_JACOBIAN *out,
                                     const EC_FELEM *u) {
   // This function requires the prime be 3 mod 4, and that A = -3.
   assert(is_3mod4(group));
@@ -344,7 +344,7 @@ static void map_to_curve_simple_swu(const EC_GROUP *group, const EC_FELEM *Z,
 static int hash_to_curve(const EC_GROUP *group, const EVP_MD *md,
                          const EC_FELEM *Z, const EC_FELEM *c2, unsigned k,
-                         EC_RAW_POINT *out, const uint8_t *dst, size_t dst_len,
+                         EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
                          const uint8_t *msg, size_t msg_len) {
   EC_FELEM u0, u1;
   if (!hash_to_field2(group, md, &u0, &u1, dst, dst_len, k, msg, msg_len)) {
@@ -359,7 +359,7 @@ static int hash_to_curve(const EC_GROUP *group, const EVP_MD *md,
   }
   bn_rshift_words(c1, c1, /*shift=*/2, /*num=*/num_c1);
-  EC_RAW_POINT Q0, Q1;
+  EC_JACOBIAN Q0, Q1;
   map_to_curve_simple_swu(group, Z, c1, num_c1, c2, &Q0, &u0);
   map_to_curve_simple_swu(group, Z, c1, num_c1, c2, &Q1, &u1);
@@ -401,7 +401,7 @@ static const uint8_t kP384Sqrt12[] = {
     0xa8, 0x0f, 0x7e, 0x19, 0x14, 0xe2, 0xec, 0x69, 0xf5, 0xa6, 0x26, 0xb3};
 int ec_hash_to_curve_p256_xmd_sha256_sswu(const EC_GROUP *group,
-                                          EC_RAW_POINT *out, const uint8_t *dst,
+                                          EC_JACOBIAN *out, const uint8_t *dst,
                                           size_t dst_len, const uint8_t *msg,
                                           size_t msg_len) {
   // See section 8.3 of draft-irtf-cfrg-hash-to-curve-16.
@@ -434,7 +434,7 @@ int EC_hash_to_curve_p256_xmd_sha256_sswu(const EC_GROUP *group, EC_POINT *out,
 }
 int ec_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group,
-                                          EC_RAW_POINT *out, const uint8_t *dst,
+                                          EC_JACOBIAN *out, const uint8_t *dst,
                                           size_t dst_len, const uint8_t *msg,
                                           size_t msg_len) {
   // See section 8.3 of draft-irtf-cfrg-hash-to-curve-16.
@@ -466,8 +466,20 @@ int EC_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group, EC_POINT *out,
                                                msg, msg_len);
 }
+int ec_hash_to_scalar_p384_xmd_sha384(
+    const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len,
+    const uint8_t *msg, size_t msg_len) {
+  if (EC_GROUP_get_curve_name(group) != NID_secp384r1) {
+    OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
+    return 0;
+  }
+  return hash_to_scalar(group, EVP_sha384(), out, dst, dst_len, /*k=*/192, msg,
+                        msg_len);
+}
 int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
-    const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst,
+    const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst,
     size_t dst_len, const uint8_t *msg, size_t msg_len) {
   // See section 8.3 of draft-irtf-cfrg-hash-to-curve-07.
   if (EC_GROUP_get_curve_name(group) != NID_secp384r1) {

data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h CHANGED Viewed

@@ -26,23 +26,31 @@ extern "C" {
 // Hash-to-curve.
 //
-// Internal |EC_RAW_POINT| versions of the corresponding public APIs.
+// Internal |EC_JACOBIAN| versions of the corresponding public APIs.
 // ec_hash_to_curve_p256_xmd_sha256_sswu hashes |msg| to a point on |group| and
 // writes the result to |out|, implementing the P256_XMD:SHA-256_SSWU_RO_ suite
 // from draft-irtf-cfrg-hash-to-curve-16. It returns one on success and zero on
 // error.
 OPENSSL_EXPORT int ec_hash_to_curve_p256_xmd_sha256_sswu(
-    const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst,
-    size_t dst_len, const uint8_t *msg, size_t msg_len);
+    const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
+    const uint8_t *msg, size_t msg_len);
 // ec_hash_to_curve_p384_xmd_sha384_sswu hashes |msg| to a point on |group| and
 // writes the result to |out|, implementing the P384_XMD:SHA-384_SSWU_RO_ suite
 // from draft-irtf-cfrg-hash-to-curve-16. It returns one on success and zero on
 // error.
 OPENSSL_EXPORT int ec_hash_to_curve_p384_xmd_sha384_sswu(
-    const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst,
-    size_t dst_len, const uint8_t *msg, size_t msg_len);
+    const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
+    const uint8_t *msg, size_t msg_len);
+// ec_hash_to_scalar_p384_xmd_sha384 hashes |msg| to a scalar on |group|
+// and writes the result to |out|, using the hash_to_field operation from the
+// P384_XMD:SHA-384_SSWU_RO_ suite from draft-irtf-cfrg-hash-to-curve-16, but
+// generating a value modulo the group order rather than a field element.
+OPENSSL_EXPORT int ec_hash_to_scalar_p384_xmd_sha384(
+    const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len,
+    const uint8_t *msg, size_t msg_len);
 // ec_hash_to_curve_p384_xmd_sha512_sswu_draft07 hashes |msg| to a point on
 // |group| and writes the result to |out|, implementing the
@@ -51,8 +59,8 @@ OPENSSL_EXPORT int ec_hash_to_curve_p384_xmd_sha384_sswu(
 //
 // TODO(https://crbug.com/1414562): Migrate this to the final version.
 OPENSSL_EXPORT int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
-    const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst,
-    size_t dst_len, const uint8_t *msg, size_t msg_len);
+    const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
+    const uint8_t *msg, size_t msg_len);
 // ec_hash_to_scalar_p384_xmd_sha512_draft07 hashes |msg| to a scalar on |group|
 // and writes the result to |out|, using the hash_to_field operation from the

data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c CHANGED Viewed

@@ -92,7 +92,7 @@ int ECDH_compute_key(void *out, size_t out_len, const EC_POINT *pub_key,
     return -1;
   }
-  EC_RAW_POINT shared_point;
+  EC_JACOBIAN shared_point;
   uint8_t buf[EC_MAX_BYTES];
   size_t buf_len;
   if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) ||

data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c CHANGED Viewed

@@ -67,7 +67,7 @@
 #include <openssl/rsa.h>
 #include "../internal.h"
-#include "../fipsmodule/rsa/internal.h"
+#include "../rsa_extra/internal.h"
 #include "internal.h"

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c CHANGED Viewed

@@ -80,6 +80,7 @@
 #include "ec/simple_mul.c"
 #include "ec/util.c"
 #include "ec/wnaf.c"
+#include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
 #include "md4/md4.c"
 #include "md5/md5.c"

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c CHANGED Viewed

@@ -177,6 +177,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
     dh->g = g;
   }
+  // Invalidate the cached Montgomery parameters.
+  BN_MONT_CTX_free(dh->method_mont_p);
+  dh->method_mont_p = NULL;
   return 1;
 }

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c CHANGED Viewed

@@ -801,7 +801,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
   return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
 }
-void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
+void ec_affine_to_jacobian(const EC_GROUP *group, EC_JACOBIAN *out,
                            const EC_AFFINE *p) {
   out->X = p->X;
   out->Y = p->Y;
@@ -809,12 +809,12 @@ void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
 }
 int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
-                          const EC_RAW_POINT *p) {
+                          const EC_JACOBIAN *p) {
   return group->meth->point_get_affine_coordinates(group, p, &out->X, &out->Y);
 }
 int ec_jacobian_to_affine_batch(const EC_GROUP *group, EC_AFFINE *out,
-                                const EC_RAW_POINT *in, size_t num) {
+                                const EC_JACOBIAN *in, size_t num) {
   if (group->meth->jacobian_to_affine_batch == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
     return 0;
@@ -990,13 +990,13 @@ int ec_point_mul_no_self_test(const EC_GROUP *group, EC_POINT *r,
   if (p_scalar != NULL) {
     EC_SCALAR scalar;
-    EC_RAW_POINT tmp;
+    EC_JACOBIAN tmp;
     if (!arbitrary_bignum_to_scalar(group, &scalar, p_scalar, ctx) ||
         !ec_point_mul_scalar(group, &tmp, &p->raw, &scalar)) {
       goto err;
     }
     if (g_scalar == NULL) {
-      OPENSSL_memcpy(&r->raw, &tmp, sizeof(EC_RAW_POINT));
+      OPENSSL_memcpy(&r->raw, &tmp, sizeof(EC_JACOBIAN));
     } else {
       group->meth->add(group, &r->raw, &r->raw, &tmp);
     }
@@ -1016,8 +1016,8 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
   return ec_point_mul_no_self_test(group, r, g_scalar, p, p_scalar, ctx);
 }
-int ec_point_mul_scalar_public(const EC_GROUP *group, EC_RAW_POINT *r,
-                               const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
+int ec_point_mul_scalar_public(const EC_GROUP *group, EC_JACOBIAN *r,
+                               const EC_SCALAR *g_scalar, const EC_JACOBIAN *p,
                                const EC_SCALAR *p_scalar) {
   if (g_scalar == NULL || p_scalar == NULL || p == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
@@ -1032,9 +1032,9 @@ int ec_point_mul_scalar_public(const EC_GROUP *group, EC_RAW_POINT *r,
   return 1;
 }
-int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
                                      const EC_SCALAR *g_scalar,
-                                     const EC_RAW_POINT *points,
+                                     const EC_JACOBIAN *points,
                                      const EC_SCALAR *scalars, size_t num) {
   if (group->meth->mul_public_batch == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -1045,8 +1045,8 @@ int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
                                        num);
 }
-int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
-                        const EC_RAW_POINT *p, const EC_SCALAR *scalar) {
+int ec_point_mul_scalar(const EC_GROUP *group, EC_JACOBIAN *r,
+                        const EC_JACOBIAN *p, const EC_SCALAR *scalar) {
   if (p == NULL || scalar == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
     return 0;
@@ -1064,7 +1064,7 @@ int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
   return 1;
 }
-int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_base(const EC_GROUP *group, EC_JACOBIAN *r,
                              const EC_SCALAR *scalar) {
   if (scalar == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
@@ -1083,10 +1083,10 @@ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
   return 1;
 }
-int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_RAW_POINT *r,
-                              const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
-                              const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
-                              const EC_RAW_POINT *p2,
+int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r,
+                              const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
+                              const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
+                              const EC_JACOBIAN *p2,
                               const EC_SCALAR *scalar2) {
   if (group->meth->mul_batch == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -1106,7 +1106,7 @@ int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
-                    const EC_RAW_POINT *p) {
+                    const EC_JACOBIAN *p) {
   if (group->meth->init_precomp == NULL) {
     OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
     return 0;
@@ -1115,7 +1115,7 @@ int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
   return group->meth->init_precomp(group, out, p);
 }
-int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
                                 const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
                                 const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
                                 const EC_PRECOMP *p2,
@@ -1137,8 +1137,8 @@ int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
   return 1;
 }
-void ec_point_select(const EC_GROUP *group, EC_RAW_POINT *out, BN_ULONG mask,
-                      const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
+void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask,
+                      const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
   ec_felem_select(group, &out->X, mask, &a->X, &b->X);
   ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y);
   ec_felem_select(group, &out->Z, mask, &a->Z, &b->Z);
@@ -1159,13 +1159,13 @@ void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
   }
 }
-int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
                         const EC_SCALAR *r) {
   return group->meth->cmp_x_coordinate(group, p, r);
 }
 int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
-                                  const EC_RAW_POINT *p) {
+                                  const EC_JACOBIAN *p) {
   uint8_t bytes[EC_MAX_BYTES];
   size_t len;
   if (!ec_get_x_coordinate_as_bytes(group, bytes, &len, sizeof(bytes), p)) {
@@ -1201,7 +1201,7 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
 int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
                                  size_t *out_len, size_t max_out,
-                                 const EC_RAW_POINT *p) {
+                                 const EC_JACOBIAN *p) {
   size_t len = BN_num_bytes(&group->field);
   assert(len <= EC_MAX_BYTES);
   if (max_out < len) {
@@ -1219,7 +1219,7 @@ int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
   return 1;
 }
-void ec_set_to_safe_point(const EC_GROUP *group, EC_RAW_POINT *out) {
+void ec_set_to_safe_point(const EC_GROUP *group, EC_JACOBIAN *out) {
   if (group->generator != NULL) {
     ec_GFp_simple_point_copy(out, &group->generator->raw);
   } else {

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c CHANGED Viewed

@@ -311,7 +311,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
   // NOTE: this is a FIPS pair-wise consistency check for the ECDH case. See SP
   // 800-56Ar3, page 36.
   if (eckey->priv_key != NULL) {
-    EC_RAW_POINT point;
+    EC_JACOBIAN point;
     if (!ec_point_mul_scalar_base(eckey->group, &point,
                                   &eckey->priv_key->scalar)) {
       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c CHANGED Viewed

@@ -175,7 +175,7 @@ void ec_GFp_mont_felem_exp(const EC_GROUP *group, EC_FELEM *out,
 }
 static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group,
-                                                    const EC_RAW_POINT *point,
+                                                    const EC_JACOBIAN *point,
                                                     EC_FELEM *x, EC_FELEM *y) {
   if (ec_GFp_simple_is_at_infinity(group, point)) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
@@ -202,7 +202,7 @@ static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group,
 static int ec_GFp_mont_jacobian_to_affine_batch(const EC_GROUP *group,
                                                 EC_AFFINE *out,
-                                                const EC_RAW_POINT *in,
+                                                const EC_JACOBIAN *in,
                                                 size_t num) {
   if (num == 0) {
     return 1;
@@ -246,8 +246,8 @@ static int ec_GFp_mont_jacobian_to_affine_batch(const EC_GROUP *group,
   return 1;
 }
-void ec_GFp_mont_add(const EC_GROUP *group, EC_RAW_POINT *out,
-                     const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
+void ec_GFp_mont_add(const EC_GROUP *group, EC_JACOBIAN *out,
+                     const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
   if (a == b) {
     ec_GFp_mont_dbl(group, out, a);
     return;
@@ -357,8 +357,8 @@ void ec_GFp_mont_add(const EC_GROUP *group, EC_RAW_POINT *out,
   ec_felem_select(group, &out->Z, z2nz, &z_out, &a->Z);
 }
-void ec_GFp_mont_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
-                     const EC_RAW_POINT *a) {
+void ec_GFp_mont_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
+                     const EC_JACOBIAN *a) {
   if (group->a_is_minus3) {
     // The method is taken from:
     //   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
@@ -453,7 +453,7 @@ void ec_GFp_mont_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
-                                        const EC_RAW_POINT *p,
+                                        const EC_JACOBIAN *p,
                                         const EC_SCALAR *r) {
   if (!group->field_greater_than_order ||
       group->field.width != group->order.width) {