RubyGems - grpc - Versions diffs - 1.55.3 → 1.56.0.pre3 - Mend

grpc 1.55.3 → 1.56.0.pre3

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (385) hide show

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c CHANGED Viewed

@@ -152,36 +152,36 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
   return 1;
 }
-void ec_GFp_simple_point_init(EC_RAW_POINT *point) {
+void ec_GFp_simple_point_init(EC_JACOBIAN *point) {
   OPENSSL_memset(&point->X, 0, sizeof(EC_FELEM));
   OPENSSL_memset(&point->Y, 0, sizeof(EC_FELEM));
   OPENSSL_memset(&point->Z, 0, sizeof(EC_FELEM));
 }
-void ec_GFp_simple_point_copy(EC_RAW_POINT *dest, const EC_RAW_POINT *src) {
+void ec_GFp_simple_point_copy(EC_JACOBIAN *dest, const EC_JACOBIAN *src) {
   OPENSSL_memcpy(&dest->X, &src->X, sizeof(EC_FELEM));
   OPENSSL_memcpy(&dest->Y, &src->Y, sizeof(EC_FELEM));
   OPENSSL_memcpy(&dest->Z, &src->Z, sizeof(EC_FELEM));
 }
 void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
-                                         EC_RAW_POINT *point) {
+                                         EC_JACOBIAN *point) {
   // Although it is strictly only necessary to zero Z, we zero the entire point
   // in case |point| was stack-allocated and yet to be initialized.
   ec_GFp_simple_point_init(point);
 }
-void ec_GFp_simple_invert(const EC_GROUP *group, EC_RAW_POINT *point) {
+void ec_GFp_simple_invert(const EC_GROUP *group, EC_JACOBIAN *point) {
   ec_felem_neg(group, &point->Y, &point->Y);
 }
 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group,
-                                 const EC_RAW_POINT *point) {
+                                 const EC_JACOBIAN *point) {
   return ec_felem_non_zero_mask(group, &point->Z) == 0;
 }
 int ec_GFp_simple_is_on_curve(const EC_GROUP *group,
-                              const EC_RAW_POINT *point) {
+                              const EC_JACOBIAN *point) {
   // We have a curve defined by a Weierstrass equation
   //      y^2 = x^3 + a*x + b.
   // The point to consider is given in Jacobian projective coordinates
@@ -237,8 +237,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group,
   return 1 & ~(not_infinity & not_equal);
 }
-int ec_GFp_simple_points_equal(const EC_GROUP *group, const EC_RAW_POINT *a,
-                               const EC_RAW_POINT *b) {
+int ec_GFp_simple_points_equal(const EC_GROUP *group, const EC_JACOBIAN *a,
+                               const EC_JACOBIAN *b) {
   // This function is implemented in constant-time for two reasons. First,
   // although EC points are usually public, their Jacobian Z coordinates may be
   // secret, or at least are not obviously public. Second, more complex
@@ -285,7 +285,7 @@ int ec_GFp_simple_points_equal(const EC_GROUP *group, const EC_RAW_POINT *a,
 }
 int ec_affine_jacobian_equal(const EC_GROUP *group, const EC_AFFINE *a,
-                             const EC_RAW_POINT *b) {
+                             const EC_JACOBIAN *b) {
   // If |b| is not infinity, we have to decide whether
   //     (X_a, Y_a) = (X_b/Z_b^2, Y_b/Z_b^3),
   // or equivalently, whether
@@ -314,7 +314,7 @@ int ec_affine_jacobian_equal(const EC_GROUP *group, const EC_AFFINE *a,
   return equal & 1;
 }
-int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
                                    const EC_SCALAR *r) {
   if (ec_GFp_simple_is_at_infinity(group, p)) {
     // |ec_get_x_coordinate_as_scalar| will check this internally, but this way

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c CHANGED Viewed

@@ -21,14 +21,14 @@
 #include "../../internal.h"
-void ec_GFp_mont_mul(const EC_GROUP *group, EC_RAW_POINT *r,
-                     const EC_RAW_POINT *p, const EC_SCALAR *scalar) {
+void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
+                     const EC_JACOBIAN *p, const EC_SCALAR *scalar) {
   // This is a generic implementation for uncommon curves that not do not
   // warrant a tuned one. It uses unsigned digits so that the doubling case in
   // |ec_GFp_mont_add| is always unreachable, erring on safety and simplicity.
   // Compute a table of the first 32 multiples of |p| (including infinity).
-  EC_RAW_POINT precomp[32];
+  EC_JACOBIAN precomp[32];
   ec_GFp_simple_point_set_to_infinity(group, &precomp[0]);
   ec_GFp_simple_point_copy(&precomp[1], p);
   for (size_t j = 2; j < OPENSSL_ARRAY_SIZE(precomp); j++) {
@@ -56,8 +56,8 @@ void ec_GFp_mont_mul(const EC_GROUP *group, EC_RAW_POINT *r,
       window |= bn_is_bit_set_words(scalar->words, width, i);
       // Select the entry in constant-time.
-      EC_RAW_POINT tmp;
-      OPENSSL_memset(&tmp, 0, sizeof(EC_RAW_POINT));
+      EC_JACOBIAN tmp;
+      OPENSSL_memset(&tmp, 0, sizeof(EC_JACOBIAN));
       for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(precomp); j++) {
         BN_ULONG mask = constant_time_eq_w(j, window);
         ec_point_select(group, &tmp, mask, &precomp[j], &tmp);
@@ -76,13 +76,13 @@ void ec_GFp_mont_mul(const EC_GROUP *group, EC_RAW_POINT *r,
   }
 }
-void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
+void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
                           const EC_SCALAR *scalar) {
   ec_GFp_mont_mul(group, r, &group->generator->raw, scalar);
 }
-static void ec_GFp_mont_batch_precomp(const EC_GROUP *group, EC_RAW_POINT *out,
-                                      size_t num, const EC_RAW_POINT *p) {
+static void ec_GFp_mont_batch_precomp(const EC_GROUP *group, EC_JACOBIAN *out,
+                                      size_t num, const EC_JACOBIAN *p) {
   assert(num > 1);
   ec_GFp_simple_point_set_to_infinity(group, &out[0]);
   ec_GFp_simple_point_copy(&out[1], p);
@@ -96,8 +96,8 @@ static void ec_GFp_mont_batch_precomp(const EC_GROUP *group, EC_RAW_POINT *out,
 }
 static void ec_GFp_mont_batch_get_window(const EC_GROUP *group,
-                                         EC_RAW_POINT *out,
-                                         const EC_RAW_POINT precomp[17],
+                                         EC_JACOBIAN *out,
+                                         const EC_JACOBIAN precomp[17],
                                          const EC_SCALAR *scalar, unsigned i) {
   const size_t width = group->order.width;
   uint8_t window = bn_is_bit_set_words(scalar->words, width, i + 4) << 5;
@@ -112,7 +112,7 @@ static void ec_GFp_mont_batch_get_window(const EC_GROUP *group,
   ec_GFp_nistp_recode_scalar_bits(&sign, &digit, window);
   // Select the entry in constant-time.
-  OPENSSL_memset(out, 0, sizeof(EC_RAW_POINT));
+  OPENSSL_memset(out, 0, sizeof(EC_JACOBIAN));
   for (size_t j = 0; j < 17; j++) {
     BN_ULONG mask = constant_time_eq_w(j, digit);
     ec_point_select(group, out, mask, &precomp[j], out);
@@ -126,11 +126,11 @@ static void ec_GFp_mont_batch_get_window(const EC_GROUP *group,
   ec_felem_select(group, &out->Y, sign_mask, &neg_Y, &out->Y);
 }
-void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_RAW_POINT *r,
-                           const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
-                           const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
-                           const EC_RAW_POINT *p2, const EC_SCALAR *scalar2) {
-  EC_RAW_POINT precomp[3][17];
+void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_JACOBIAN *r,
+                           const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
+                           const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
+                           const EC_JACOBIAN *p2, const EC_SCALAR *scalar2) {
+  EC_JACOBIAN precomp[3][17];
   ec_GFp_mont_batch_precomp(group, precomp[0], 17, p0);
   ec_GFp_mont_batch_precomp(group, precomp[1], 17, p1);
   if (p2 != NULL) {
@@ -145,7 +145,7 @@ void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_RAW_POINT *r,
       ec_GFp_mont_dbl(group, r, r);
     }
     if (i % 5 == 0) {
-      EC_RAW_POINT tmp;
+      EC_JACOBIAN tmp;
       ec_GFp_mont_batch_get_window(group, &tmp, precomp[0], scalar0, i);
       if (r_is_at_infinity) {
         ec_GFp_simple_point_copy(r, &tmp);
@@ -174,13 +174,13 @@ static unsigned ec_GFp_mont_comb_stride(const EC_GROUP *group) {
 }
 int ec_GFp_mont_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
-                             const EC_RAW_POINT *p) {
+                             const EC_JACOBIAN *p) {
   // comb[i - 1] stores the ith element of the comb. That is, if i is
   // b4 * 2^4 + b3 * 2^3 + ... + b0 * 2^0, it stores k * |p|, where k is
   // b4 * 2^(4*stride) + b3 * 2^(3*stride) + ... + b0 * 2^(0*stride). stride
   // here is |ec_GFp_mont_comb_stride|. We store at index i - 1 because the 0th
   // comb entry is always infinity.
-  EC_RAW_POINT comb[(1 << EC_MONT_PRECOMP_COMB_SIZE) - 1];
+  EC_JACOBIAN comb[(1 << EC_MONT_PRECOMP_COMB_SIZE) - 1];
   unsigned stride = ec_GFp_mont_comb_stride(group);
   // We compute the comb sequentially by the highest set bit. Initially, all
@@ -209,7 +209,7 @@ int ec_GFp_mont_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
 }
 static void ec_GFp_mont_get_comb_window(const EC_GROUP *group,
-                                        EC_RAW_POINT *out,
+                                        EC_JACOBIAN *out,
                                         const EC_PRECOMP *precomp,
                                         const EC_SCALAR *scalar, unsigned i) {
   const size_t width = group->order.width;
@@ -223,7 +223,7 @@ static void ec_GFp_mont_get_comb_window(const EC_GROUP *group,
   // Select precomp->comb[window - 1]. If |window| is zero, |match| will always
   // be zero, which will leave |out| at infinity.
-  OPENSSL_memset(out, 0, sizeof(EC_RAW_POINT));
+  OPENSSL_memset(out, 0, sizeof(EC_JACOBIAN));
   for (unsigned j = 0; j < OPENSSL_ARRAY_SIZE(precomp->comb); j++) {
     BN_ULONG match = constant_time_eq_w(window, j + 1);
     ec_felem_select(group, &out->X, match, &precomp->comb[j].X, &out->X);
@@ -233,7 +233,7 @@ static void ec_GFp_mont_get_comb_window(const EC_GROUP *group,
   ec_felem_select(group, &out->Z, is_infinity, &out->Z, &group->one);
 }
-void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
+void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
                              const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
                              const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
                              const EC_PRECOMP *p2, const EC_SCALAR *scalar2) {
@@ -244,7 +244,7 @@ void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
       ec_GFp_mont_dbl(group, r, r);
     }
-    EC_RAW_POINT tmp;
+    EC_JACOBIAN tmp;
     ec_GFp_mont_get_comb_window(group, &tmp, p0, scalar0, i);
     if (r_is_at_infinity) {
       ec_GFp_simple_point_copy(r, &tmp);

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c CHANGED Viewed

@@ -148,18 +148,18 @@ void ec_compute_wNAF(const EC_GROUP *group, int8_t *out,
 }
 // compute_precomp sets |out[i]| to (2*i+1)*p, for i from 0 to |len|.
-static void compute_precomp(const EC_GROUP *group, EC_RAW_POINT *out,
-                            const EC_RAW_POINT *p, size_t len) {
+static void compute_precomp(const EC_GROUP *group, EC_JACOBIAN *out,
+                            const EC_JACOBIAN *p, size_t len) {
   ec_GFp_simple_point_copy(&out[0], p);
-  EC_RAW_POINT two_p;
+  EC_JACOBIAN two_p;
   ec_GFp_mont_dbl(group, &two_p, p);
   for (size_t i = 1; i < len; i++) {
     ec_GFp_mont_add(group, &out[i], &out[i - 1], &two_p);
   }
 }
-static void lookup_precomp(const EC_GROUP *group, EC_RAW_POINT *out,
-                           const EC_RAW_POINT *precomp, int digit) {
+static void lookup_precomp(const EC_GROUP *group, EC_JACOBIAN *out,
+                           const EC_JACOBIAN *precomp, int digit) {
   if (digit < 0) {
     digit = -digit;
     ec_GFp_simple_point_copy(out, &precomp[digit >> 1]);
@@ -179,9 +179,9 @@ static void lookup_precomp(const EC_GROUP *group, EC_RAW_POINT *out,
 // avoid a malloc.
 #define EC_WNAF_STACK 3
-int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
                                  const EC_SCALAR *g_scalar,
-                                 const EC_RAW_POINT *points,
+                                 const EC_JACOBIAN *points,
                                  const EC_SCALAR *scalars, size_t num) {
   size_t bits = BN_num_bits(&group->order);
   size_t wNAF_len = bits + 1;
@@ -190,9 +190,9 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
   int8_t wNAF_stack[EC_WNAF_STACK][EC_MAX_BYTES * 8 + 1];
   int8_t (*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL;
   int8_t (*wNAF)[EC_MAX_BYTES * 8 + 1];
-  EC_RAW_POINT precomp_stack[EC_WNAF_STACK][EC_WNAF_TABLE_SIZE];
-  EC_RAW_POINT (*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL;
-  EC_RAW_POINT (*precomp)[EC_WNAF_TABLE_SIZE];
+  EC_JACOBIAN precomp_stack[EC_WNAF_STACK][EC_WNAF_TABLE_SIZE];
+  EC_JACOBIAN (*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL;
+  EC_JACOBIAN (*precomp)[EC_WNAF_TABLE_SIZE];
   if (num <= EC_WNAF_STACK) {
     wNAF = wNAF_stack;
     precomp = precomp_stack;
@@ -212,9 +212,9 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
   }
   int8_t g_wNAF[EC_MAX_BYTES * 8 + 1];
-  EC_RAW_POINT g_precomp[EC_WNAF_TABLE_SIZE];
+  EC_JACOBIAN g_precomp[EC_WNAF_TABLE_SIZE];
   assert(wNAF_len <= OPENSSL_ARRAY_SIZE(g_wNAF));
-  const EC_RAW_POINT *g = &group->generator->raw;
+  const EC_JACOBIAN *g = &group->generator->raw;
   if (g_scalar != NULL) {
     ec_compute_wNAF(group, g_wNAF, g_scalar, bits, EC_WNAF_WINDOW_BITS);
     compute_precomp(group, g_precomp, g, EC_WNAF_TABLE_SIZE);
@@ -226,7 +226,7 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
     compute_precomp(group, precomp[i], &points[i], EC_WNAF_TABLE_SIZE);
   }
-  EC_RAW_POINT tmp;
+  EC_JACOBIAN tmp;
   int r_is_at_infinity = 1;
   for (size_t k = wNAF_len - 1; k < wNAF_len; k--) {
     if (!r_is_at_infinity) {

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c CHANGED Viewed

@@ -94,7 +94,7 @@ int ECDH_compute_key_fips(uint8_t *out, size_t out_len, const EC_POINT *pub_key,
     return 0;
   }
-  EC_RAW_POINT shared_point;
+  EC_JACOBIAN shared_point;
   uint8_t buf[EC_MAX_BYTES];
   size_t buflen;
   if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) ||

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c CHANGED Viewed

@@ -181,7 +181,7 @@ int ecdsa_do_verify_no_self_test(const uint8_t *digest, size_t digest_len,
   ec_scalar_mul_montgomery(group, &u1, &m, &s_inv_mont);
   ec_scalar_mul_montgomery(group, &u2, &r, &s_inv_mont);
-  EC_RAW_POINT point;
+  EC_JACOBIAN point;
   if (!ec_point_mul_scalar_public(group, &point, &u1, &pub_key->raw, &u2)) {
     OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
     return 0;
@@ -216,7 +216,7 @@ static ECDSA_SIG *ecdsa_sign_impl(const EC_GROUP *group, int *out_retry,
   }
   // Compute r, the x-coordinate of k * generator.
-  EC_RAW_POINT tmp_point;
+  EC_JACOBIAN tmp_point;
   EC_SCALAR r;
   if (!ec_point_mul_scalar_base(group, &tmp_point, k) ||
       !ec_get_x_coordinate_as_scalar(group, &r, &tmp_point)) {

data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c RENAMED Viewed

@@ -20,7 +20,7 @@
 #include <openssl/err.h>
 #include <openssl/hmac.h>
-#include "../internal.h"
+#include "../../internal.h"
 int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c CHANGED Viewed

@@ -66,10 +66,7 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
   size_t n;
   const uint8_t *iv = ivec;
   while (len >= 16) {
-    for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-      CRYPTO_store_word_le(
-          out + n, CRYPTO_load_word_le(in + n) ^ CRYPTO_load_word_le(iv + n));
-    }
+    CRYPTO_xor16(out, in, iv);
     (*block)(out, out, key);
     iv = out;
     len -= 16;
@@ -118,15 +115,10 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
     // If |out| is at least two blocks behind |in| or completely disjoint, there
     // is no need to decrypt to a temporary block.
-    static_assert(16 % sizeof(crypto_word_t) == 0,
-                  "block cannot be evenly divided into words");
     const uint8_t *iv = ivec;
     while (len >= 16) {
       (*block)(in, out, key);
-      for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-        CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(out + n) ^
-                                          CRYPTO_load_word_le(iv + n));
-      }
+      CRYPTO_xor16(out, out, iv);
       iv = in;
       len -= 16;
       in += 16;

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c CHANGED Viewed

@@ -101,10 +101,7 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
   while (len >= 16) {
     (*block)(ivec, ecount_buf, key);
     ctr128_inc(ivec);
-    for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-      CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(in + n) ^
-                                        CRYPTO_load_word_le(ecount_buf + n));
-    }
+    CRYPTO_xor16(out, in, ecount_buf);
     len -= 16;
     out += 16;
     in += 16;