Boringssl merge 5112b45ce2eae2ed253adeacb8887d42f429e27b #388
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change imports upstream's openssl/openssl@c045224 Change-Id: Ib50ff9eb8c48d9580aa2ffcae92d3990cc987e30 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50905 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]>
140-3 says > the zeroisation of protected and unprotected SSPs > shall be performed in the following scenarios: > ... > For temporary value(s) generated during the integrity test of the > module’s software or firmware upon completion of the integrity test. (IG 9.7.B) Change-Id: I911f294860bf33b13b2c997fc633c9bda777fc48 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50945 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]>
This matches our other free functions. Fixed: 473 Change-Id: Ie147995c2f5b429f78e95cfc9a08ed54181af94e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51005 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
Description: Creating just a Gerrit password isn't enough. Before you can push a change to Gerrit, you must also create/associate a Gerrit account with the google account used to create the password. This avoids "git push ..." rejections like this: remote: PERMISSION_DENIED: The caller does not have permission remote: [type.googleapis.com/google.rpc.LocalizedMessage] remote: locale: "en-US" remote: message: "\'git push\' requires a Gerrit user account." Change-Id: Id02c1a69ccb0c2b8bf4c63b77ed3064125966eb3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50985 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]>
This is designed to be the minimal infrastructure required to support using BoringSSL in the Rust ecosystem without fear of ABI drift. Bindgen is used to generate Rust bindings in lockstep with the rest of the build. `rust-openssl` can consume these generated bindings with minimal changes. Change-Id: I1dacd36a4131e22a930ebb01da00407e8465ad7e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49645 Reviewed-by: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
See https://fuchsia-review.googlesource.com/c/fuchsia/+/624684. Also pick up the new, more specific, name for ZX_ARM64_FEATURE_ISA_SHA2. Update-Note: This CL is written assuming we can just rely on the SDK changes. Per go/fuchsia-sdk-age, this seems fairly safe. If this file fails to build due to missing symbols, update your project's Fuchsia SDK. If this blocks something, let us know. Change-Id: I28b0c234b577cc0de90e7ef096c15bb75a4ba501 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50926 Reviewed-by: Adam Langley <[email protected]>
…ndings for the targeted Arch Change-Id: I8ccd53bce0d73bd9d79f65770e544a75753ce4f8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51025 Reviewed-by: David Benjamin <[email protected]>
We were fetching the mac-amd64 package even on mac-arm64. Change-Id: Iad842ebd46d467c0def9bdbd14c77698a03f58d3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51045 Reviewed-by: Adam Langley <[email protected]>
The check finds implicit conversions of integer literals to bools: bool b1 = 1; bool b2 = static_cast<bool>(1); and transforms them to: bool b1 = true; bool b2 = true; Bug: chromium:1290142 Change-Id: I15579e28f544d07b331a230b70a8278e0651150d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51085 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]>
This hash table, in applications that use pooling, can dedup received certificates in memory and thus should use a keyed hash. Change-Id: Idc40dc8f7463025183121642b30ea0de43ebac0e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51125 Reviewed-by: Adam Langley <[email protected]>
u8 strings in C++20 are char8_t instead of char; in order to compile on both C++17 and C++20 we need to remove the prefix. Change-Id: I85d1a9d72d24e8fa96ca22b1d99be9982fee8fb5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51065 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]>
POSIX feature macros are a mess. Reportedly, FreeBSD also breaks with _XOPEN_SOURCE, so try leaving it unset by default. Update-Note: It's possible this will break yet another obscure UNIX. Hopefully we can eventually find a combination that works? Bug: 471 Change-Id: I103f8093110d343789b9c5a22eb056ab78d9cd14 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51145 Reviewed-by: Adam Langley <[email protected]>
Upstream used the macro originally, but later added a bespoke implementation to transparently support X9.42 DH parameter serialization (DHXPARAMS in OpenSSL) in 2ca873e8d898e8a232ea707227400213980059a4. We don't support DHXPARAMS, so revert to the macro. Change-Id: Ib17902c6c640bb88ee55881945ce57a032f7061b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51105 Reviewed-by: Adam Langley <[email protected]>
This matches the source, which only builds support for these tests on Linux. Note Android sets CMAKE_SYSTEM_NAME to "Android", so this covers the previous ANDROID check. Bug: 476 Change-Id: I41ca408706d0d0c5bb22006f4c31d51fc1267f69 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51165 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]>
Description: Mark Wooden and Franck Rondepierre noted that the square-root-mod-p operations used in the EdDSA RFC (RFC 8032) can be simplified. For Ed25519, instead of computing u*v^3 * (u * v^7)^((p-5)/8), we can compute u * (u*v)^((p-5)/8). This saves 3 multiplications and 2 squarings. For more details (including a proof), see the following message from the CFRG mailing list: https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/ Testing: Build and run the Ed25519 tests: mkdir build cd build cmake -GNinja .. ninja && ./crypto/crypto_test --gtest_filter="Ed25519Test*" Numerical testing of the square-root computation can be done using the following sage script: def legendre(x,p): return kronecker(x,p) # Ed25519 p = 2**255-19 # -1 is a square if legendre(-1,p)==1: print("-1 is a square") # 2 is a non-square if legendre(2,p)==-1: print("2 is a non-square") # 2 is a generator # this can be checked by factoring p-1 # and then showing 2**((p-1)/q) != 1 (mod p) # for all primes q dividing p-1. # suppose u/v is a square. # to compute one of its square roots, find x such that # x**4 == (u/v)**2 . # this implies # x**2 == u/v, or # x**2 == -(u/v) , # which implies either x or i*x is a square-root of u/v (where i is a square root of -1). # we can take x equal to u * (u*v)**((p-5)/8). g = 2 s = p>>2 # s = (p-1)/4 i = power_mod(g, s, p) t = p>>3 # t = (p-5)/8 COUNT = 1<<18 while COUNT > 0: COUNT -= 1 r = randint(0,p-1) # r = u/v v = randint(1,p-1) u = mod(r*v,p) # compute x = u * (u*v)**((p-5)/8) w = mod(u*v,p) x = mod(u*power_mod(w, t, p), p) # check that x**2 == r, or (i*x)**2 == r, or r is not a square rr = power_mod(x, 2, p) if rr==r: continue rr = power_mod(mod(i*x,p), 2, p) if rr==r: continue if legendre(r,p) != 1: continue print("failure!") exit() print("passed!") Change-Id: Iaa284d3365dd8c9fa18a4584121013f05a3f4cc6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50965 Reviewed-by: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]>
The ECH extension is not covered in the AAD and so should not be referenced in ech_outer_extensions. We end up rejecting this anyway when checking for valid ClientHelloInners, but better to reject this explicitly, as the spec suggests. As part of this, use the more specific error in the various tests, so we can distinguish the two cases. (DECODE_ERROR is coming from an extra, probably unnecessary, error in ssl_decode_client_hello_inner's caller.) Bug: 275 Change-Id: Ibeff55e5e1b7646ce9c68c5847cd1b40a47e6480 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51185 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
Both call sites end up calling them in succession. This saves a little bit of code. Bug: 275 Change-Id: Ib87bd9be446c368f77beb3b329deaa84ef43ac95 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51186 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
In testing out the ECH bits on the Chromium side, it is much harder to tell what's going on without some indication that we sent a ClientHelloInner. This CL routes it into the callback. A corresponding CL in Chromium will add it to NetLog. Bug: 275 Change-Id: I945ab2679614583e875a0ba90d6cf1481ed315d9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51205 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
This is the recommended way for detecting platforms: https://docs.bazel.build/versions/main/platforms.html Fixes cross-compilation with bazel-zig-cc. Signed-off-by: Piotr Sikora <[email protected]> Change-Id: Ifc7d2b502e01feb9cbad51127ca3ec90a54c6e90 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51265 Reviewed-by: Adam Langley <[email protected]>
https://boringssl-review.googlesource.com/c/boringssl/+/51265 broke Linux and macOS platforms on architectures where we don't build assembly. OPENSSL_NO_ASM needs to match the assembly selector. While I'm here, remove the OPENSSL_C11_ATOMIC comment. We autodetect atomics these days, so the flag is only useful if you want to force it. Change-Id: I1f20f7577b5ca7e208dc90fb46a93b20da864ec5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51305 Reviewed-by: Piotr Sikora <[email protected]> Reviewed-by: Adam Langley <[email protected]>
Change-Id: I8bc146a951b77d2111b971e6472bfd7f010f8585 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51306 Reviewed-by: Adam Langley <[email protected]>
The current names are confusing because (ios, aarch64) is also used on macOS. The various Apple platforms all use the same ABI, and aarch64 is no longer limited to iOS. (For that matter, the iOS simulator on x86 Macs is x86 iOS.) Just call it 'apple'. Update-Note: References to 'mac' or 'ios' source lists in downstream builds should be renamed to 'apple'. Change-Id: Id1a0627f8ce3241f34ffa6bb245ee5783adc7c15 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51307 Reviewed-by: Adam Langley <[email protected]>
Now that the naming for Apple platforms is aligned, we can select the variable uniformly. Change-Id: Id547d1a4ba0585d5f9e4ea0b5d8b255b2ab2ec38 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51345 Reviewed-by: Adam Langley <[email protected]>
Bazel can shard tests, but runner runs a lot of tests inside a single “test”, as Go sees it. In order to shard within runner we implement support for Bazel's environment variables[1] directly. This does mean that the handful of other tests in runner are run in every shard. [1] https://docs.bazel.build/versions/1.1.0/test-encyclopedia.html#initial-conditions Change-Id: Idaa5c6ae5225cd86951cd40f47b5f86f31664e04 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51245 Reviewed-by: David Benjamin <[email protected]>
…l-merge-5112b45ce2eae2ed253adeacb8887d42f429e27b
torben-hansen
deleted the
boringssl-merge-5112b45ce2eae2ed253adeacb8887d42f429e27b
branch
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Jan 8, 2025
+ With PR 376, when ACCP is set as the first provider and immediately new SecureRandom is used, the SecureRandom will not be backed by ACCP. + A unit test is modified to check that new SecureRandom immediately after install is backed by ACCP.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Jan 8, 2025
Following reversal of PR aws#376 in PR aws#388, using the ACCP SecureRandom algorithm `DEFAULT` (which is an alias of `LibCryptoRng`) yields lower performance in multi-threaded settings. See aws#376 for details. This PR is meant to use the algorithm `LibCryptoRng` in the benchmark, instead of its alias `DEFAULT`. This solves the performance drop in multi-threaded settings. This also corresponds to the most common use of ACCP SecureRandom. Indeed, if ACCP is the first security provider and if ACCP SecureRandom is registered, then when instantiating SecureRandom as `new SecureRandom()`, the algorithm `LibCryptoRng` will be selected. Co-authored-by: Fabrice Benhamouda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use the MERGE strategy NOT the squash strategy
Description of changes:
This merges in the complete history up to Feb 10 2022
5112b45ce2eae2ed253adeacb8887d42f429e27b.Ran the following:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.