Merge BoringSSL through 48dce6d6867dc36cdaf9178e63fed8bf0cbe7ece #2246
+0
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BoringSSL is not affected by CVE-2024-0727, but these are good cases to have in our unit tests. PKCS#12 is built on top of PKCS#7, a misdesigned, overgeneralized combinator format. One of the features of PKCS#7 is that the content of every ContentInfo may be omitted, to indicate that the value is "supplied by other means". This is commonly used for "detached signatures", where the signature is supplied separately. This does not make sense in the context of PKCS#12. But because PKCS#7 combined many unrelated use cases into the same format, so PKCS#12 (and any other use of PKCS#7) must account for and reject inputs. Change-Id: I22f19b6c14894003f7515206cd34f968e5503d4a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65747 Auto-Submit: David Benjamin <[email protected]> Commit-Queue: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]>
Per the header, these symbols were private and only exported for decrepit. But decrepit can include internal headers. Change-Id: I1155f4b98252004b80a53efb0a6009400a6c59ac Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65687 Auto-Submit: David Benjamin <[email protected]> Commit-Queue: Bob Beck <[email protected]> Reviewed-by: Bob Beck <[email protected]>
These macros are unnamespaced and only used in one file. Keep their definitions more local. Also remove the #undefs at the end of des.c. They date to when des.c was part of bcm.c, but it isn't anymore. Change-Id: I6306929929f2304b93c3fdb2e787965c40729d6a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65688 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]>
Upstream does not actually have any tests for DES-EDE3-CFB, with the exception of a single DES-EDE3-CFB1 test vector, only the single-DES version. But we can gain some coverage by turning 3DES back into single DES with a repeated key. That's good enough for DES. The DES-EDE3-CFB1 test vector is unusable because that tests EVP_des_ede3_cfb1, the real DES-EDE3-CFB1. OpenSSL's low-level APIs do not actually implement CFB correctly for a non-whole-number of bytes! See discussion in the test. I've added coverage for that case by just fabricating a test vector. Change-Id: I9f69cab4d8d1d3accecbeb09f8c1661ce2ecb4ee Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65689 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2246 +/- ##
=======================================
Coverage 96.89% 96.89%
=======================================
Files 167 167
Lines 20687 20687
Branches 475 475
=======================================
+ Hits 20044 20045 +1
Misses 546 546
+ Partials 97 96 -1 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.