grpc 1.56.2 → 1.57.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (383) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +29 -22
  3. data/include/grpc/event_engine/event_engine.h +22 -32
  4. data/include/grpc/impl/grpc_types.h +3 -0
  5. data/include/grpc/support/port_platform.h +29 -23
  6. data/src/core/ext/filters/client_channel/client_channel.cc +44 -8
  7. data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
  8. data/src/core/ext/filters/client_channel/http_proxy.cc +5 -0
  9. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +21 -52
  10. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +19 -7
  11. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +25 -35
  12. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +78 -132
  13. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +2 -1
  14. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +4 -3
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +3 -1
  16. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +38 -15
  17. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +3 -5
  18. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +22 -6
  19. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +2 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +97 -71
  21. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -16
  22. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +56 -11
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.h +25 -0
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +6 -32
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +4 -6
  26. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +20 -79
  27. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +31 -19
  29. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +1 -1
  30. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +7 -41
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +3 -67
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +8 -0
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +31 -74
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +7 -51
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +16 -87
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +16 -50
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -74
  38. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -4
  39. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +69 -59
  40. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +7 -2
  41. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -0
  42. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +25 -13
  43. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +366 -311
  44. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +17 -1
  45. data/src/core/ext/filters/client_channel/retry_filter.cc +39 -2498
  46. data/src/core/ext/filters/client_channel/retry_filter.h +91 -1
  47. data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.cc +2052 -0
  48. data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.h +442 -0
  49. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +38 -58
  50. data/src/core/ext/filters/client_channel/subchannel.h +3 -3
  51. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +3 -0
  52. data/src/core/ext/filters/rbac/rbac_filter.cc +40 -111
  53. data/src/core/ext/filters/rbac/rbac_filter.h +12 -30
  54. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +162 -86
  55. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +0 -6
  56. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -4
  57. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +131 -186
  58. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +6569 -174
  59. data/src/core/ext/transport/chttp2/transport/decode_huff.h +2278 -441
  60. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -3
  61. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +4 -3
  62. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +9 -8
  63. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +4 -4
  64. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -2
  65. data/src/core/ext/transport/chttp2/transport/internal.h +8 -4
  66. data/src/core/ext/transport/chttp2/transport/parsing.cc +15 -3
  67. data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
  68. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -6
  69. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +143 -0
  70. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -9
  71. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +0 -39
  72. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +13 -8
  73. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +35 -6
  74. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +17 -13
  75. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +85 -20
  76. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +26 -7
  77. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +45 -3
  78. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +4 -3
  79. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +21 -0
  80. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +30 -6
  81. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +180 -0
  82. data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.c +558 -0
  83. data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.h +2710 -0
  84. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +30 -11
  85. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +53 -24
  86. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +30 -5
  87. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +110 -0
  88. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +41 -15
  89. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +150 -27
  90. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +1 -0
  91. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.c +47 -0
  92. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.h +93 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +88 -76
  94. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +5 -0
  95. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +11 -12
  96. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +0 -5
  97. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +162 -160
  98. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +129 -118
  99. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +141 -135
  100. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +19 -12
  101. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +38 -30
  102. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
  103. data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.c +402 -0
  104. data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.h +111 -0
  105. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +80 -74
  106. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +63 -47
  107. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +5 -0
  108. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +315 -293
  109. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +5 -0
  110. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +29 -29
  111. data/src/core/ext/xds/xds_bootstrap_grpc.cc +33 -30
  112. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -13
  113. data/src/core/ext/xds/xds_client_grpc.cc +11 -6
  114. data/src/core/ext/xds/xds_client_grpc.h +16 -2
  115. data/src/core/ext/xds/xds_client_stats.h +10 -0
  116. data/src/core/ext/xds/xds_cluster.cc +26 -16
  117. data/src/core/ext/xds/xds_endpoint.cc +4 -7
  118. data/src/core/ext/xds/xds_health_status.cc +0 -17
  119. data/src/core/ext/xds/xds_health_status.h +5 -25
  120. data/src/core/ext/xds/xds_lb_policy_registry.cc +39 -0
  121. data/src/core/ext/xds/xds_route_config.cc +4 -0
  122. data/src/core/ext/xds/xds_transport_grpc.cc +1 -3
  123. data/src/core/lib/address_utils/parse_address.cc +63 -1
  124. data/src/core/lib/address_utils/parse_address.h +8 -0
  125. data/src/core/lib/address_utils/sockaddr_utils.cc +46 -1
  126. data/src/core/lib/address_utils/sockaddr_utils.h +2 -2
  127. data/src/core/lib/channel/channel_args.cc +21 -10
  128. data/src/core/lib/channel/channel_args.h +3 -0
  129. data/src/core/lib/channel/connected_channel.cc +4 -1
  130. data/src/core/lib/channel/promise_based_filter.h +1 -0
  131. data/src/core/lib/debug/trace.cc +1 -4
  132. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +2 -1
  133. data/src/core/lib/event_engine/cf_engine/cf_engine.h +1 -1
  134. data/src/core/lib/event_engine/event_engine.cc +0 -12
  135. data/src/core/lib/event_engine/forkable.cc +47 -42
  136. data/src/core/lib/event_engine/handle_containers.h +0 -4
  137. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +4 -6
  138. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +4 -6
  139. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +25 -11
  140. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +3 -1
  141. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +2 -1
  142. data/src/core/lib/event_engine/posix_engine/posix_engine.h +8 -12
  143. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +37 -27
  144. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -0
  145. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +4 -2
  146. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +42 -2
  147. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +6 -0
  148. data/src/core/lib/event_engine/posix_engine/timer.h +10 -37
  149. data/src/core/lib/event_engine/tcp_socket_utils.cc +67 -7
  150. data/src/core/lib/event_engine/tcp_socket_utils.h +3 -0
  151. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +90 -37
  152. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +32 -12
  153. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +12 -21
  154. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +8 -12
  155. data/src/core/lib/event_engine/windows/windows_endpoint.cc +55 -54
  156. data/src/core/lib/event_engine/windows/windows_endpoint.h +15 -12
  157. data/src/core/lib/event_engine/windows/windows_engine.cc +2 -1
  158. data/src/core/lib/event_engine/windows/windows_engine.h +8 -12
  159. data/src/core/lib/experiments/config.cc +60 -22
  160. data/src/core/lib/experiments/config.h +20 -8
  161. data/src/core/lib/experiments/experiments.cc +278 -0
  162. data/src/core/lib/experiments/experiments.h +59 -1
  163. data/src/core/lib/gprpp/dual_ref_counted.h +9 -9
  164. data/src/core/lib/gprpp/fork.cc +8 -9
  165. data/src/core/lib/gprpp/fork.h +6 -5
  166. data/src/core/lib/gprpp/if_list.h +4530 -0
  167. data/src/core/lib/gprpp/orphanable.h +3 -3
  168. data/src/core/lib/gprpp/ref_counted.h +6 -6
  169. data/src/core/lib/gprpp/sorted_pack.h +3 -12
  170. data/src/core/lib/gprpp/status_helper.h +16 -15
  171. data/src/core/lib/gprpp/time.h +12 -0
  172. data/src/core/lib/gprpp/type_list.h +32 -0
  173. data/src/core/lib/http/httpcli.h +6 -9
  174. data/src/core/lib/iomgr/error.cc +32 -2
  175. data/src/core/lib/iomgr/error.h +9 -10
  176. data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -7
  177. data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
  178. data/src/core/lib/iomgr/exec_ctx.h +11 -0
  179. data/src/core/lib/iomgr/pollset.h +4 -5
  180. data/src/core/lib/iomgr/port.h +10 -0
  181. data/src/core/lib/iomgr/resolve_address.cc +13 -1
  182. data/src/core/lib/iomgr/resolve_address.h +17 -3
  183. data/src/core/lib/iomgr/sockaddr_posix.h +7 -0
  184. data/src/core/lib/iomgr/socket_utils_common_posix.cc +29 -0
  185. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -0
  186. data/src/core/lib/iomgr/socket_utils_posix.h +6 -0
  187. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -1
  188. data/src/core/lib/iomgr/tcp_posix.cc +21 -4
  189. data/src/core/lib/iomgr/tcp_server_posix.cc +3 -2
  190. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -2
  191. data/src/core/lib/iomgr/tcp_windows.cc +1 -3
  192. data/src/core/lib/iomgr/vsock.cc +59 -0
  193. data/src/core/lib/iomgr/vsock.h +38 -0
  194. data/src/core/lib/iomgr/wakeup_fd_posix.h +3 -6
  195. data/src/core/lib/load_balancing/delegating_helper.h +115 -0
  196. data/src/core/lib/load_balancing/lb_policy.h +20 -0
  197. data/src/core/lib/load_balancing/subchannel_interface.h +6 -0
  198. data/src/core/lib/promise/party.h +1 -1
  199. data/src/core/lib/resolver/resolver_factory.h +3 -2
  200. data/src/core/lib/resolver/server_address.cc +9 -94
  201. data/src/core/lib/resolver/server_address.h +10 -64
  202. data/src/core/lib/resource_quota/memory_quota.h +1 -1
  203. data/src/core/lib/security/credentials/channel_creds_registry.h +51 -27
  204. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +169 -9
  205. data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
  206. data/src/core/lib/security/credentials/composite/composite_credentials.h +3 -1
  207. data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -1
  208. data/src/core/lib/security/credentials/external/external_account_credentials.h +6 -0
  209. data/src/core/lib/security/credentials/fake/fake_credentials.cc +30 -38
  210. data/src/core/lib/security/credentials/fake/fake_credentials.h +28 -0
  211. data/src/core/lib/security/credentials/tls/tls_credentials.cc +1 -1
  212. data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -1
  213. data/src/core/lib/service_config/service_config_call_data.h +5 -0
  214. data/src/core/lib/slice/slice.h +16 -0
  215. data/src/core/lib/surface/call.cc +31 -29
  216. data/src/core/lib/surface/server.h +2 -2
  217. data/src/core/lib/surface/version.cc +2 -2
  218. data/src/core/lib/transport/metadata_batch.cc +7 -7
  219. data/src/core/lib/transport/metadata_batch.h +86 -48
  220. data/src/core/lib/transport/parsed_metadata.h +34 -20
  221. data/src/core/lib/transport/simple_slice_based_metadata.h +9 -2
  222. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +4 -6
  223. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +1 -2
  224. data/src/core/tsi/ssl_transport_security.cc +28 -7
  225. data/src/ruby/bin/math_pb.rb +24 -18
  226. data/src/ruby/ext/grpc/extconf.rb +19 -18
  227. data/src/ruby/ext/grpc/rb_call.c +62 -39
  228. data/src/ruby/ext/grpc/rb_call_credentials.c +0 -1
  229. data/src/ruby/ext/grpc/rb_channel.c +126 -49
  230. data/src/ruby/ext/grpc/rb_channel.h +1 -0
  231. data/src/ruby/ext/grpc/rb_channel_args.c +16 -2
  232. data/src/ruby/ext/grpc/rb_channel_args.h +4 -0
  233. data/src/ruby/ext/grpc/rb_channel_credentials.c +0 -1
  234. data/src/ruby/ext/grpc/rb_compression_options.c +0 -1
  235. data/src/ruby/ext/grpc/rb_event_thread.c +22 -6
  236. data/src/ruby/ext/grpc/rb_event_thread.h +1 -0
  237. data/src/ruby/ext/grpc/rb_grpc.c +192 -30
  238. data/src/ruby/ext/grpc/rb_grpc.h +8 -2
  239. data/src/ruby/ext/grpc/rb_server.c +62 -45
  240. data/src/ruby/ext/grpc/rb_server_credentials.c +0 -1
  241. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +0 -1
  242. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +0 -1
  243. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
  244. data/src/ruby/lib/grpc/version.rb +1 -1
  245. data/src/ruby/pb/grpc/health/v1/health_pb.rb +24 -13
  246. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +24 -3
  247. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +25 -111
  248. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +25 -2
  249. data/third_party/boringssl-with-bazel/err_data.c +552 -552
  250. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +5 -5
  251. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +34 -1
  252. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +4 -1
  253. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +3 -3
  254. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +7 -8
  255. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +2 -2
  256. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -2
  257. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +8 -8
  258. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +2 -2
  259. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -2
  260. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +19 -1
  261. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +8 -1
  262. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +28 -185
  263. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +3 -7
  264. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +8 -0
  265. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +3 -0
  266. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +49 -46
  267. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.c +18 -0
  268. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +2809 -7417
  269. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +27 -5
  270. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +20 -0
  271. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +110 -72
  272. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +4 -3
  273. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +15 -14
  274. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +13 -10
  275. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +35 -12
  276. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +2 -4
  277. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +3 -7
  278. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +3 -3
  279. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +7 -6
  280. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +34 -72
  281. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -1
  282. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +12 -5
  283. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +5 -6
  284. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +12 -6
  285. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +17 -18
  286. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
  287. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +7 -7
  288. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +5 -6
  289. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +2 -0
  290. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +277 -0
  291. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +180 -404
  292. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +3 -3
  293. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +24 -57
  294. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +17 -13
  295. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +33 -71
  296. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +18 -17
  297. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -7
  298. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +15 -18
  299. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +9 -11
  300. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +24 -24
  301. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +11 -27
  302. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +8 -8
  303. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +4 -4
  304. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
  305. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/hkdf.c +1 -1
  306. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +40 -26
  307. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +21 -7
  308. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +38 -19
  309. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +2 -29
  310. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +55 -0
  311. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +33 -52
  312. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +3 -8
  313. data/third_party/boringssl-with-bazel/src/crypto/internal.h +198 -79
  314. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +5 -4
  315. data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -8
  316. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -23
  317. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +3 -3
  318. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +3 -3
  319. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +7 -7
  320. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +8 -5
  321. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  322. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +7 -6
  323. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +6 -12
  324. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +48 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fuchsia.c → ios.c} +8 -8
  326. data/third_party/boringssl-with-bazel/src/crypto/{refcount_no_threads.c → rand_extra/trusty.c} +15 -19
  327. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +41 -19
  328. data/third_party/boringssl-with-bazel/src/crypto/{refcount_c11.c → refcount.c} +11 -17
  329. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +147 -72
  330. data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +0 -8
  331. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +6 -35
  332. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +5 -26
  333. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +14 -18
  334. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +54 -143
  335. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +7 -13
  336. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +1 -1
  337. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +1 -1
  338. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +2 -4
  339. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +2 -2
  340. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +1 -1
  341. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +8 -12
  342. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +19 -20
  343. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -15
  344. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -5
  345. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +1 -1
  346. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +7 -7
  347. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -3
  348. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +4 -6
  349. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +4 -119
  350. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +207 -0
  351. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +5 -0
  352. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -116
  353. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +0 -2
  354. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +6 -0
  355. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +5 -1
  356. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +0 -21
  357. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +21 -2
  358. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +19 -6
  359. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +11 -7
  360. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +13 -14
  361. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +0 -61
  362. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +127 -81
  363. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +224 -209
  364. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +154 -0
  365. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +1 -29
  366. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +4 -4
  367. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +3 -2
  368. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +9 -65
  369. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +20 -20
  370. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
  371. data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -11
  372. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +24 -18
  373. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +37 -30
  374. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +125 -26
  375. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -3
  376. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +691 -0
  377. data/third_party/upb/upb/collections/map.c +3 -3
  378. metadata +27 -12
  379. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +0 -42
  380. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.h +0 -64
  381. data/src/core/ext/transport/chttp2/transport/stream_map.cc +0 -177
  382. data/src/core/ext/transport/chttp2/transport/stream_map.h +0 -68
  383. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +0 -89
@@ -62,17 +62,13 @@ typedef struct {
62
62
 
63
63
  static const uint8_t kDefaultAdditionalData[32] = {0};
64
64
 
65
- static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
65
+ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, const EC_GROUP *group,
66
66
  const uint8_t *h_bytes, size_t h_len,
67
67
  hash_t_func_t hash_t, hash_s_func_t hash_s,
68
68
  hash_c_func_t hash_c,
69
69
  hash_to_scalar_func_t hash_to_scalar,
70
70
  int prefix_point) {
71
- method->group = EC_GROUP_new_by_curve_name(curve_nid);
72
- if (method->group == NULL) {
73
- return 0;
74
- }
75
-
71
+ method->group = group;
76
72
  method->hash_t = hash_t;
77
73
  method->hash_s = hash_s;
78
74
  method->hash_c = hash_c;
@@ -86,7 +82,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid,
86
82
  ec_affine_to_jacobian(method->group, &method->h, &h);
87
83
 
88
84
  if (!ec_init_precomp(method->group, &method->g_precomp,
89
- &method->group->generator->raw) ||
85
+ &method->group->generator.raw) ||
90
86
  !ec_init_precomp(method->group, &method->h_precomp, &method->h)) {
91
87
  return 0;
92
88
  }
@@ -160,7 +156,7 @@ static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group,
160
156
  return 0;
161
157
  }
162
158
  } else {
163
- size_t plen = 1 + 2 * BN_num_bytes(&group->field);
159
+ size_t plen = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
164
160
  if (!CBS_get_bytes(cbs, &child, plen)) {
165
161
  return 0;
166
162
  }
@@ -201,7 +197,7 @@ static int pmbtoken_compute_keys(const PMBTOKEN_METHOD *method,
201
197
  }
202
198
 
203
199
  const EC_SCALAR *scalars[] = {x0, y0, x1, y1, xs, ys};
204
- size_t scalar_len = BN_num_bytes(&group->order);
200
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
205
201
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
206
202
  uint8_t *buf;
207
203
  if (!CBB_add_space(out_private, &buf, scalar_len)) {
@@ -290,7 +286,7 @@ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method,
290
286
  const EC_GROUP *group = method->group;
291
287
  CBS cbs, tmp;
292
288
  CBS_init(&cbs, in, len);
293
- size_t scalar_len = BN_num_bytes(&group->order);
289
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
294
290
  EC_SCALAR *scalars[] = {&key->x0, &key->y0, &key->x1,
295
291
  &key->y1, &key->xs, &key->ys};
296
292
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(scalars); i++) {
@@ -390,7 +386,7 @@ err:
390
386
  static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
391
387
  const EC_SCALAR *scalar) {
392
388
  uint8_t *buf;
393
- size_t scalar_len = BN_num_bytes(&group->order);
389
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
394
390
  if (!CBB_add_space(out, &buf, scalar_len)) {
395
391
  return 0;
396
392
  }
@@ -399,7 +395,7 @@ static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
399
395
  }
400
396
 
401
397
  static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
402
- size_t scalar_len = BN_num_bytes(&group->order);
398
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
403
399
  CBS tmp;
404
400
  if (!CBS_get_bytes(cbs, &tmp, scalar_len)) {
405
401
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
@@ -679,7 +675,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs,
679
675
  const EC_JACOBIAN *S, const EC_JACOBIAN *W,
680
676
  const EC_JACOBIAN *Ws) {
681
677
  const EC_GROUP *group = method->group;
682
- const EC_JACOBIAN *g = &group->generator->raw;
678
+ const EC_JACOBIAN *g = &group->generator.raw;
683
679
 
684
680
  // We verify a DLEQ proof for the validity token and a DLEQOR2 proof for the
685
681
  // private metadata token. To allow amortizing Jacobian-to-affine conversions,
@@ -912,7 +908,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method,
912
908
  }
913
909
 
914
910
  // Skip over any unused requests.
915
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
911
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
916
912
  size_t token_len = point_len;
917
913
  if (method->prefix_point) {
918
914
  token_len += 2;
@@ -1015,7 +1011,7 @@ static STACK_OF(TRUST_TOKEN) *pmbtoken_unblind(
1015
1011
  // Serialize the token. Include |key_id| to avoid an extra copy in the layer
1016
1012
  // above.
1017
1013
  CBB token_cbb;
1018
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
1014
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
1019
1015
  if (!CBB_init(&token_cbb,
1020
1016
  4 + TRUST_TOKEN_NONCE_SIZE + 3 * (2 + point_len)) ||
1021
1017
  !CBB_add_u32(&token_cbb, key_id) ||
@@ -1230,7 +1226,7 @@ static void pmbtoken_exp1_init_method_impl(void) {
1230
1226
  };
1231
1227
 
1232
1228
  pmbtoken_exp1_ok = pmbtoken_init_method(
1233
- &pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH),
1229
+ &pmbtoken_exp1_method, EC_group_p384(), kH, sizeof(kH),
1234
1230
  pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s, pmbtoken_exp1_hash_c,
1235
1231
  pmbtoken_exp1_hash_to_scalar, 1);
1236
1232
  }
@@ -1403,7 +1399,7 @@ static void pmbtoken_exp2_init_method_impl(void) {
1403
1399
  };
1404
1400
 
1405
1401
  pmbtoken_exp2_ok = pmbtoken_init_method(
1406
- &pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH),
1402
+ &pmbtoken_exp2_method, EC_group_p384(), kH, sizeof(kH),
1407
1403
  pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s, pmbtoken_exp2_hash_c,
1408
1404
  pmbtoken_exp2_hash_to_scalar, 0);
1409
1405
  }
@@ -1577,7 +1573,7 @@ static void pmbtoken_pst1_init_method_impl(void) {
1577
1573
  };
1578
1574
 
1579
1575
  pmbtoken_pst1_ok = pmbtoken_init_method(
1580
- &pmbtoken_pst1_method, NID_secp384r1, kH, sizeof(kH),
1576
+ &pmbtoken_pst1_method, EC_group_p384(), kH, sizeof(kH),
1581
1577
  pmbtoken_pst1_hash_t, pmbtoken_pst1_hash_s, pmbtoken_pst1_hash_c,
1582
1578
  pmbtoken_pst1_hash_to_scalar, 0);
1583
1579
  }
@@ -35,7 +35,7 @@ typedef int (*hash_to_scalar_func_t)(const EC_GROUP *group, EC_SCALAR *out,
35
35
  uint8_t *buf, size_t len);
36
36
 
37
37
  typedef struct {
38
- const EC_GROUP *group;
38
+ const EC_GROUP *(*group_func)(void);
39
39
 
40
40
  // hash_to_group implements the HashToGroup operation for VOPRFs. It returns
41
41
  // one on success and zero on error.
@@ -47,20 +47,6 @@ typedef struct {
47
47
 
48
48
  static const uint8_t kDefaultAdditionalData[32] = {0};
49
49
 
50
- static int voprf_init_method(VOPRF_METHOD *method, int curve_nid,
51
- hash_to_group_func_t hash_to_group,
52
- hash_to_scalar_func_t hash_to_scalar) {
53
- method->group = EC_GROUP_new_by_curve_name(curve_nid);
54
- if (method->group == NULL) {
55
- return 0;
56
- }
57
-
58
- method->hash_to_group = hash_to_group;
59
- method->hash_to_scalar = hash_to_scalar;
60
-
61
- return 1;
62
- }
63
-
64
50
  static int cbb_add_point(CBB *out, const EC_GROUP *group,
65
51
  const EC_AFFINE *point) {
66
52
  uint8_t *p;
@@ -83,7 +69,7 @@ static int cbb_serialize_point(CBB *out, const EC_GROUP *group,
83
69
 
84
70
  static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) {
85
71
  CBS child;
86
- size_t plen = 1 + 2 * BN_num_bytes(&group->field);
72
+ size_t plen = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
87
73
  if (!CBS_get_bytes(cbs, &child, plen) ||
88
74
  !ec_point_from_uncompressed(group, out, CBS_data(&child),
89
75
  CBS_len(&child))) {
@@ -95,7 +81,7 @@ static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) {
95
81
  static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
96
82
  const EC_SCALAR *scalar) {
97
83
  uint8_t *buf;
98
- size_t scalar_len = BN_num_bytes(&group->order);
84
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
99
85
  if (!CBB_add_space(out, &buf, scalar_len)) {
100
86
  return 0;
101
87
  }
@@ -104,7 +90,7 @@ static int scalar_to_cbb(CBB *out, const EC_GROUP *group,
104
90
  }
105
91
 
106
92
  static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
107
- size_t scalar_len = BN_num_bytes(&group->order);
93
+ size_t scalar_len = BN_num_bytes(EC_GROUP_get0_order(group));
108
94
  CBS tmp;
109
95
  if (!CBS_get_bytes(cbs, &tmp, scalar_len)) {
110
96
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
@@ -117,7 +103,7 @@ static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) {
117
103
 
118
104
  static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private,
119
105
  CBB *out_public, const EC_SCALAR *priv) {
120
- const EC_GROUP *group = method->group;
106
+ const EC_GROUP *group = method->group_func();
121
107
  EC_JACOBIAN pub;
122
108
  EC_AFFINE pub_affine;
123
109
  if (!ec_point_mul_scalar_base(group, &pub, priv) ||
@@ -139,7 +125,8 @@ static int voprf_calculate_key(const VOPRF_METHOD *method, CBB *out_private,
139
125
  static int voprf_generate_key(const VOPRF_METHOD *method, CBB *out_private,
140
126
  CBB *out_public) {
141
127
  EC_SCALAR priv;
142
- if (!ec_random_nonzero_scalar(method->group, &priv, kDefaultAdditionalData)) {
128
+ if (!ec_random_nonzero_scalar(method->group_func(), &priv,
129
+ kDefaultAdditionalData)) {
143
130
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE);
144
131
  return 0;
145
132
  }
@@ -162,7 +149,7 @@ static int voprf_derive_key_from_secret(const VOPRF_METHOD *method,
162
149
  !CBB_add_bytes(&cbb, kKeygenLabel, sizeof(kKeygenLabel)) ||
163
150
  !CBB_add_bytes(&cbb, secret, secret_len) ||
164
151
  !CBB_finish(&cbb, &buf, &len) ||
165
- !method->hash_to_scalar(method->group, &priv, buf, len)) {
152
+ !method->hash_to_scalar(method->group_func(), &priv, buf, len)) {
166
153
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE);
167
154
  goto err;
168
155
  }
@@ -178,7 +165,7 @@ err:
178
165
  static int voprf_client_key_from_bytes(const VOPRF_METHOD *method,
179
166
  TRUST_TOKEN_CLIENT_KEY *key,
180
167
  const uint8_t *in, size_t len) {
181
- const EC_GROUP *group = method->group;
168
+ const EC_GROUP *group = method->group_func();
182
169
  if (!ec_point_from_uncompressed(group, &key->pubs, in, len)) {
183
170
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
184
171
  return 0;
@@ -190,7 +177,7 @@ static int voprf_client_key_from_bytes(const VOPRF_METHOD *method,
190
177
  static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method,
191
178
  TRUST_TOKEN_ISSUER_KEY *key,
192
179
  const uint8_t *in, size_t len) {
193
- const EC_GROUP *group = method->group;
180
+ const EC_GROUP *group = method->group_func();
194
181
  if (!ec_scalar_from_bytes(group, &key->xs, in, len)) {
195
182
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
196
183
  return 0;
@@ -213,7 +200,7 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method,
213
200
  size_t msg_len) {
214
201
  SHA512_CTX hash_ctx;
215
202
 
216
- const EC_GROUP *group = method->group;
203
+ const EC_GROUP *group = method->group_func();
217
204
  STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens =
218
205
  sk_TRUST_TOKEN_PRETOKEN_new_null();
219
206
  if (pretokens == NULL) {
@@ -280,6 +267,7 @@ static int hash_to_scalar_dleq(const VOPRF_METHOD *method, EC_SCALAR *out,
280
267
  const EC_AFFINE *K1) {
281
268
  static const uint8_t kDLEQLabel[] = "DLEQ";
282
269
 
270
+ const EC_GROUP *group = method->group_func();
283
271
  int ok = 0;
284
272
  CBB cbb;
285
273
  CBB_zero(&cbb);
@@ -287,13 +275,13 @@ static int hash_to_scalar_dleq(const VOPRF_METHOD *method, EC_SCALAR *out,
287
275
  size_t len;
288
276
  if (!CBB_init(&cbb, 0) ||
289
277
  !CBB_add_bytes(&cbb, kDLEQLabel, sizeof(kDLEQLabel)) ||
290
- !cbb_add_point(&cbb, method->group, X) ||
291
- !cbb_add_point(&cbb, method->group, T) ||
292
- !cbb_add_point(&cbb, method->group, W) ||
293
- !cbb_add_point(&cbb, method->group, K0) ||
294
- !cbb_add_point(&cbb, method->group, K1) ||
278
+ !cbb_add_point(&cbb, group, X) ||
279
+ !cbb_add_point(&cbb, group, T) ||
280
+ !cbb_add_point(&cbb, group, W) ||
281
+ !cbb_add_point(&cbb, group, K0) ||
282
+ !cbb_add_point(&cbb, group, K1) ||
295
283
  !CBB_finish(&cbb, &buf, &len) ||
296
- !method->hash_to_scalar(method->group, out, buf, len)) {
284
+ !method->hash_to_scalar(group, out, buf, len)) {
297
285
  goto err;
298
286
  }
299
287
 
@@ -311,18 +299,19 @@ static int hash_to_scalar_challenge(const VOPRF_METHOD *method, EC_SCALAR *out,
311
299
  const EC_AFFINE *a3) {
312
300
  static const uint8_t kChallengeLabel[] = "Challenge";
313
301
 
302
+ const EC_GROUP *group = method->group_func();
314
303
  CBB cbb;
315
304
  uint8_t transcript[5 * EC_MAX_COMPRESSED + 2 + sizeof(kChallengeLabel) - 1];
316
305
  size_t len;
317
306
  if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
318
- !cbb_serialize_point(&cbb, method->group, Bm) ||
319
- !cbb_serialize_point(&cbb, method->group, a0) ||
320
- !cbb_serialize_point(&cbb, method->group, a1) ||
321
- !cbb_serialize_point(&cbb, method->group, a2) ||
322
- !cbb_serialize_point(&cbb, method->group, a3) ||
307
+ !cbb_serialize_point(&cbb, group, Bm) ||
308
+ !cbb_serialize_point(&cbb, group, a0) ||
309
+ !cbb_serialize_point(&cbb, group, a1) ||
310
+ !cbb_serialize_point(&cbb, group, a2) ||
311
+ !cbb_serialize_point(&cbb, group, a3) ||
323
312
  !CBB_add_bytes(&cbb, kChallengeLabel, sizeof(kChallengeLabel) - 1) ||
324
313
  !CBB_finish(&cbb, NULL, &len) ||
325
- !method->hash_to_scalar(method->group, out, transcript, len)) {
314
+ !method->hash_to_scalar(group, out, transcript, len)) {
326
315
  return 0;
327
316
  }
328
317
 
@@ -348,7 +337,7 @@ static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out,
348
337
  !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) ||
349
338
  !CBB_add_u16(&cbb, (uint16_t)index) ||
350
339
  !CBB_finish(&cbb, &buf, &len) ||
351
- !method->hash_to_scalar(method->group, out, buf, len)) {
340
+ !method->hash_to_scalar(method->group_func(), out, buf, len)) {
352
341
  goto err;
353
342
  }
354
343
 
@@ -363,7 +352,7 @@ err:
363
352
  static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb,
364
353
  const TRUST_TOKEN_ISSUER_KEY *priv,
365
354
  const EC_JACOBIAN *T, const EC_JACOBIAN *W) {
366
- const EC_GROUP *group = method->group;
355
+ const EC_GROUP *group = method->group_func();
367
356
 
368
357
  enum {
369
358
  idx_T,
@@ -429,7 +418,7 @@ static int mul_public_2(const EC_GROUP *group, EC_JACOBIAN *out,
429
418
  static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
430
419
  const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *T,
431
420
  const EC_JACOBIAN *W) {
432
- const EC_GROUP *group = method->group;
421
+ const EC_GROUP *group = method->group_func();
433
422
 
434
423
 
435
424
  enum {
@@ -488,7 +477,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs,
488
477
  static int voprf_sign_tt(const VOPRF_METHOD *method,
489
478
  const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
490
479
  size_t num_requested, size_t num_to_issue) {
491
- const EC_GROUP *group = method->group;
480
+ const EC_GROUP *group = method->group_func();
492
481
  if (num_requested < num_to_issue) {
493
482
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
494
483
  return 0;
@@ -510,7 +499,7 @@ static int voprf_sign_tt(const VOPRF_METHOD *method,
510
499
  !Zs ||
511
500
  !es ||
512
501
  !CBB_init(&batch_cbb, 0) ||
513
- !cbb_add_point(&batch_cbb, method->group, &key->pubs)) {
502
+ !cbb_add_point(&batch_cbb, group, &key->pubs)) {
514
503
  goto err;
515
504
  }
516
505
 
@@ -567,7 +556,7 @@ static int voprf_sign_tt(const VOPRF_METHOD *method,
567
556
  }
568
557
 
569
558
  // Skip over any unused requests.
570
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
559
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
571
560
  if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
572
561
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
573
562
  goto err;
@@ -587,7 +576,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
587
576
  const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
588
577
  const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
589
578
  uint32_t key_id) {
590
- const EC_GROUP *group = method->group;
579
+ const EC_GROUP *group = method->group_func();
591
580
  if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
592
581
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
593
582
  return NULL;
@@ -611,7 +600,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
611
600
  Zs == NULL ||
612
601
  es == NULL ||
613
602
  !CBB_init(&batch_cbb, 0) ||
614
- !cbb_add_point(&batch_cbb, method->group, &key->pubs)) {
603
+ !cbb_add_point(&batch_cbb, group, &key->pubs)) {
615
604
  goto err;
616
605
  }
617
606
 
@@ -645,7 +634,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt(
645
634
  // Serialize the token. Include |key_id| to avoid an extra copy in the layer
646
635
  // above.
647
636
  CBB token_cbb;
648
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
637
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
649
638
  if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) ||
650
639
  !CBB_add_u32(&token_cbb, key_id) ||
651
640
  !CBB_add_bytes(&token_cbb, pretoken->salt, TRUST_TOKEN_NONCE_SIZE) ||
@@ -721,7 +710,7 @@ static void sha384_update_point_with_length(
721
710
  static int compute_composite_seed(const VOPRF_METHOD *method,
722
711
  uint8_t out[SHA384_DIGEST_LENGTH],
723
712
  const EC_AFFINE *pub) {
724
- const EC_GROUP *group = method->group;
713
+ const EC_GROUP *group = method->group_func();
725
714
  static const uint8_t kSeedDST[] = "Seed-OPRFV1-\x01-P384-SHA384";
726
715
 
727
716
  SHA512_CTX hash_ctx;
@@ -739,7 +728,7 @@ static int compute_composite_element(const VOPRF_METHOD *method,
739
728
  EC_SCALAR *di, size_t index,
740
729
  const EC_AFFINE *C, const EC_AFFINE *D) {
741
730
  static const uint8_t kCompositeLabel[] = "Composite";
742
- const EC_GROUP *group = method->group;
731
+ const EC_GROUP *group = method->group_func();
743
732
 
744
733
  if (index > UINT16_MAX) {
745
734
  return 0;
@@ -758,7 +747,7 @@ static int compute_composite_element(const VOPRF_METHOD *method,
758
747
  !CBB_add_bytes(&cbb, kCompositeLabel,
759
748
  sizeof(kCompositeLabel) - 1) ||
760
749
  !CBB_finish(&cbb, NULL, &len) ||
761
- !method->hash_to_scalar(method->group, di, transcript, len)) {
750
+ !method->hash_to_scalar(group, di, transcript, len)) {
762
751
  return 0;
763
752
  }
764
753
 
@@ -769,7 +758,7 @@ static int generate_proof(const VOPRF_METHOD *method, CBB *cbb,
769
758
  const TRUST_TOKEN_ISSUER_KEY *priv,
770
759
  const EC_SCALAR *r, const EC_JACOBIAN *M,
771
760
  const EC_JACOBIAN *Z) {
772
- const EC_GROUP *group = method->group;
761
+ const EC_GROUP *group = method->group_func();
773
762
 
774
763
  enum {
775
764
  idx_M,
@@ -820,7 +809,7 @@ static int generate_proof(const VOPRF_METHOD *method, CBB *cbb,
820
809
  static int verify_proof(const VOPRF_METHOD *method, CBS *cbs,
821
810
  const TRUST_TOKEN_CLIENT_KEY *pub,
822
811
  const EC_JACOBIAN *M, const EC_JACOBIAN *Z) {
823
- const EC_GROUP *group = method->group;
812
+ const EC_GROUP *group = method->group_func();
824
813
 
825
814
  enum {
826
815
  idx_M,
@@ -873,7 +862,7 @@ static int voprf_sign_impl(const VOPRF_METHOD *method,
873
862
  const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb,
874
863
  CBS *cbs, size_t num_requested, size_t num_to_issue,
875
864
  const EC_SCALAR *proof_scalar) {
876
- const EC_GROUP *group = method->group;
865
+ const EC_GROUP *group = method->group_func();
877
866
  if (num_requested < num_to_issue) {
878
867
  OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
879
868
  return 0;
@@ -944,7 +933,7 @@ static int voprf_sign_impl(const VOPRF_METHOD *method,
944
933
  }
945
934
 
946
935
  // Skip over any unused requests.
947
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
936
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
948
937
  if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
949
938
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
950
939
  goto err;
@@ -963,7 +952,7 @@ static int voprf_sign(const VOPRF_METHOD *method,
963
952
  const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
964
953
  size_t num_requested, size_t num_to_issue) {
965
954
  EC_SCALAR proof_scalar;
966
- if (!ec_random_nonzero_scalar(method->group, &proof_scalar,
955
+ if (!ec_random_nonzero_scalar(method->group_func(), &proof_scalar,
967
956
  kDefaultAdditionalData)) {
968
957
  return 0;
969
958
  }
@@ -977,8 +966,8 @@ static int voprf_sign_with_proof_scalar_for_testing(
977
966
  CBS *cbs, size_t num_requested, size_t num_to_issue,
978
967
  const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
979
968
  EC_SCALAR proof_scalar;
980
- if (!ec_scalar_from_bytes(method->group, &proof_scalar, proof_scalar_buf,
981
- proof_scalar_len)) {
969
+ if (!ec_scalar_from_bytes(method->group_func(), &proof_scalar,
970
+ proof_scalar_buf, proof_scalar_len)) {
982
971
  return 0;
983
972
  }
984
973
  return voprf_sign_impl(method, key, cbb, cbs, num_requested, num_to_issue,
@@ -989,7 +978,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
989
978
  const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key,
990
979
  const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
991
980
  uint32_t key_id) {
992
- const EC_GROUP *group = method->group;
981
+ const EC_GROUP *group = method->group_func();
993
982
  if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) {
994
983
  OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
995
984
  return NULL;
@@ -1044,7 +1033,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind(
1044
1033
  // Serialize the token. Include |key_id| to avoid an extra copy in the layer
1045
1034
  // above.
1046
1035
  CBB token_cbb;
1047
- size_t point_len = 1 + 2 * BN_num_bytes(&group->field);
1036
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
1048
1037
  if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) ||
1049
1038
  !CBB_add_u32(&token_cbb, key_id) ||
1050
1039
  !CBB_add_bytes(&token_cbb, pretoken->salt, TRUST_TOKEN_NONCE_SIZE) ||
@@ -1099,7 +1088,7 @@ static int voprf_read(const VOPRF_METHOD *method,
1099
1088
  uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
1100
1089
  const uint8_t *token, size_t token_len,
1101
1090
  int include_message, const uint8_t *msg, size_t msg_len) {
1102
- const EC_GROUP *group = method->group;
1091
+ const EC_GROUP *group = method->group_func();
1103
1092
  CBS cbs, salt;
1104
1093
  CBS_init(&cbs, token, token_len);
1105
1094
  EC_AFFINE Ws;
@@ -1154,57 +1143,27 @@ static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
1154
1143
  group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
1155
1144
  }
1156
1145
 
1157
- static int voprf_exp2_ok = 0;
1158
- static VOPRF_METHOD voprf_exp2_method;
1159
- static CRYPTO_once_t voprf_exp2_method_once = CRYPTO_ONCE_INIT;
1160
-
1161
- static void voprf_exp2_init_method_impl(void) {
1162
- voprf_exp2_ok =
1163
- voprf_init_method(&voprf_exp2_method, NID_secp384r1,
1164
- voprf_exp2_hash_to_group, voprf_exp2_hash_to_scalar);
1165
- }
1166
-
1167
- static int voprf_exp2_init_method(void) {
1168
- CRYPTO_once(&voprf_exp2_method_once, voprf_exp2_init_method_impl);
1169
- if (!voprf_exp2_ok) {
1170
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1171
- return 0;
1172
- }
1173
- return 1;
1174
- }
1146
+ static VOPRF_METHOD voprf_exp2_method = {
1147
+ EC_group_p384, voprf_exp2_hash_to_group, voprf_exp2_hash_to_scalar};
1175
1148
 
1176
1149
  int voprf_exp2_generate_key(CBB *out_private, CBB *out_public) {
1177
- if (!voprf_exp2_init_method()) {
1178
- return 0;
1179
- }
1180
-
1181
1150
  return voprf_generate_key(&voprf_exp2_method, out_private, out_public);
1182
1151
  }
1183
1152
 
1184
1153
  int voprf_exp2_derive_key_from_secret(CBB *out_private, CBB *out_public,
1185
1154
  const uint8_t *secret,
1186
1155
  size_t secret_len) {
1187
- if (!voprf_exp2_init_method()) {
1188
- return 0;
1189
- }
1190
-
1191
1156
  return voprf_derive_key_from_secret(&voprf_exp2_method, out_private,
1192
1157
  out_public, secret, secret_len);
1193
1158
  }
1194
1159
 
1195
1160
  int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
1196
1161
  const uint8_t *in, size_t len) {
1197
- if (!voprf_exp2_init_method()) {
1198
- return 0;
1199
- }
1200
1162
  return voprf_client_key_from_bytes(&voprf_exp2_method, key, in, len);
1201
1163
  }
1202
1164
 
1203
1165
  int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
1204
1166
  const uint8_t *in, size_t len) {
1205
- if (!voprf_exp2_init_method()) {
1206
- return 0;
1207
- }
1208
1167
  return voprf_issuer_key_from_bytes(&voprf_exp2_method, key, in, len);
1209
1168
  }
1210
1169
 
@@ -1212,9 +1171,6 @@ STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_exp2_blind(CBB *cbb, size_t count,
1212
1171
  int include_message,
1213
1172
  const uint8_t *msg,
1214
1173
  size_t msg_len) {
1215
- if (!voprf_exp2_init_method()) {
1216
- return NULL;
1217
- }
1218
1174
  return voprf_blind(&voprf_exp2_method, cbb, count, include_message, msg,
1219
1175
  msg_len);
1220
1176
  }
@@ -1222,7 +1178,7 @@ STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_exp2_blind(CBB *cbb, size_t count,
1222
1178
  int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1223
1179
  size_t num_requested, size_t num_to_issue,
1224
1180
  uint8_t private_metadata) {
1225
- if (!voprf_exp2_init_method() || private_metadata != 0) {
1181
+ if (private_metadata != 0) {
1226
1182
  return 0;
1227
1183
  }
1228
1184
  return voprf_sign_tt(&voprf_exp2_method, key, cbb, cbs, num_requested,
@@ -1233,9 +1189,6 @@ STACK_OF(TRUST_TOKEN) *voprf_exp2_unblind(
1233
1189
  const TRUST_TOKEN_CLIENT_KEY *key,
1234
1190
  const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
1235
1191
  uint32_t key_id) {
1236
- if (!voprf_exp2_init_method()) {
1237
- return NULL;
1238
- }
1239
1192
  return voprf_unblind_tt(&voprf_exp2_method, key, pretokens, cbs, count,
1240
1193
  key_id);
1241
1194
  }
@@ -1245,9 +1198,6 @@ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
1245
1198
  uint8_t *out_private_metadata, const uint8_t *token,
1246
1199
  size_t token_len, int include_message, const uint8_t *msg,
1247
1200
  size_t msg_len) {
1248
- if (!voprf_exp2_init_method()) {
1249
- return 0;
1250
- }
1251
1201
  return voprf_read(&voprf_exp2_method, key, out_nonce, token, token_len,
1252
1202
  include_message, msg, msg_len);
1253
1203
  }
@@ -1269,57 +1219,27 @@ static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
1269
1219
  sizeof(kHashCLabel) - 1, buf, len);
1270
1220
  }
1271
1221
 
1272
- static int voprf_pst1_ok = 0;
1273
- static VOPRF_METHOD voprf_pst1_method;
1274
- static CRYPTO_once_t voprf_pst1_method_once = CRYPTO_ONCE_INIT;
1275
-
1276
- static void voprf_pst1_init_method_impl(void) {
1277
- voprf_pst1_ok =
1278
- voprf_init_method(&voprf_pst1_method, NID_secp384r1,
1279
- voprf_pst1_hash_to_group, voprf_pst1_hash_to_scalar);
1280
- }
1281
-
1282
- static int voprf_pst1_init_method(void) {
1283
- CRYPTO_once(&voprf_pst1_method_once, voprf_pst1_init_method_impl);
1284
- if (!voprf_pst1_ok) {
1285
- OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR);
1286
- return 0;
1287
- }
1288
- return 1;
1289
- }
1222
+ static VOPRF_METHOD voprf_pst1_method = {
1223
+ EC_group_p384, voprf_pst1_hash_to_group, voprf_pst1_hash_to_scalar};
1290
1224
 
1291
1225
  int voprf_pst1_generate_key(CBB *out_private, CBB *out_public) {
1292
- if (!voprf_pst1_init_method()) {
1293
- return 0;
1294
- }
1295
-
1296
1226
  return voprf_generate_key(&voprf_pst1_method, out_private, out_public);
1297
1227
  }
1298
1228
 
1299
1229
  int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
1300
1230
  const uint8_t *secret,
1301
1231
  size_t secret_len) {
1302
- if (!voprf_pst1_init_method()) {
1303
- return 0;
1304
- }
1305
-
1306
1232
  return voprf_derive_key_from_secret(&voprf_pst1_method, out_private,
1307
1233
  out_public, secret, secret_len);
1308
1234
  }
1309
1235
 
1310
1236
  int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
1311
1237
  const uint8_t *in, size_t len) {
1312
- if (!voprf_pst1_init_method()) {
1313
- return 0;
1314
- }
1315
1238
  return voprf_client_key_from_bytes(&voprf_pst1_method, key, in, len);
1316
1239
  }
1317
1240
 
1318
1241
  int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
1319
1242
  const uint8_t *in, size_t len) {
1320
- if (!voprf_pst1_init_method()) {
1321
- return 0;
1322
- }
1323
1243
  return voprf_issuer_key_from_bytes(&voprf_pst1_method, key, in, len);
1324
1244
  }
1325
1245
 
@@ -1327,9 +1247,6 @@ STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
1327
1247
  int include_message,
1328
1248
  const uint8_t *msg,
1329
1249
  size_t msg_len) {
1330
- if (!voprf_pst1_init_method()) {
1331
- return NULL;
1332
- }
1333
1250
  return voprf_blind(&voprf_pst1_method, cbb, count, include_message, msg,
1334
1251
  msg_len);
1335
1252
  }
@@ -1337,7 +1254,7 @@ STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
1337
1254
  int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
1338
1255
  size_t num_requested, size_t num_to_issue,
1339
1256
  uint8_t private_metadata) {
1340
- if (!voprf_pst1_init_method() || private_metadata != 0) {
1257
+ if (private_metadata != 0) {
1341
1258
  return 0;
1342
1259
  }
1343
1260
  return voprf_sign(&voprf_pst1_method, key, cbb, cbs, num_requested,
@@ -1349,7 +1266,7 @@ int voprf_pst1_sign_with_proof_scalar_for_testing(
1349
1266
  const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested,
1350
1267
  size_t num_to_issue, uint8_t private_metadata,
1351
1268
  const uint8_t *proof_scalar_buf, size_t proof_scalar_len) {
1352
- if (!voprf_pst1_init_method() || private_metadata != 0) {
1269
+ if (private_metadata != 0) {
1353
1270
  return 0;
1354
1271
  }
1355
1272
  return voprf_sign_with_proof_scalar_for_testing(
@@ -1361,9 +1278,6 @@ STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind(
1361
1278
  const TRUST_TOKEN_CLIENT_KEY *key,
1362
1279
  const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
1363
1280
  uint32_t key_id) {
1364
- if (!voprf_pst1_init_method()) {
1365
- return NULL;
1366
- }
1367
1281
  return voprf_unblind(&voprf_pst1_method, key, pretokens, cbs, count, key_id);
1368
1282
  }
1369
1283
 
@@ -1372,9 +1286,6 @@ int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
1372
1286
  uint8_t *out_private_metadata, const uint8_t *token,
1373
1287
  size_t token_len, int include_message, const uint8_t *msg,
1374
1288
  size_t msg_len) {
1375
- if (!voprf_pst1_init_method()) {
1376
- return 0;
1377
- }
1378
1289
  return voprf_read(&voprf_pst1_method, key, out_nonce, token, token_len,
1379
1290
  include_message, msg, msg_len);
1380
1291
  }