Skip to content

tls: update BoringSSL-FIPS to 20190808.#12114

Merged
htuch merged 3 commits intoenvoyproxy:masterfrom
PiotrSikora:fips-20190808
Jul 20, 2020
Merged

tls: update BoringSSL-FIPS to 20190808.#12114
htuch merged 3 commits intoenvoyproxy:masterfrom
PiotrSikora:fips-20190808

Conversation

@PiotrSikora
Copy link
Contributor

@PiotrSikora PiotrSikora commented Jul 15, 2020

Signed-off-by: Piotr Sikora piotrsikora@google.com

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Jul 15, 2020

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy[\w/]*/(v1alpha\d?|v1|v2alpha\d?|v2))|(api/envoy/type/(matcher/)?\w+.proto).
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #12114 was opened by PiotrSikora.

see: more, trace.

@PiotrSikora
tls: update BoringSSL-FIPS to 20190808.
91ae3c9 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
@PiotrSikora PiotrSikora requested review from agl and htuch July 15, 2020 21:15
@PiotrSikora PiotrSikora marked this pull request as ready for review July 15, 2020 21:15
@PiotrSikora PiotrSikora requested a review from lizan as a code owner July 15, 2020 21:15
PiotrSikora
PiotrSikora commented Jul 15, 2020
View reviewed changes
htuch
htuch previously approved these changes Jul 17, 2020
View reviewed changes
lizan
lizan suggested changes Jul 17, 2020
View reviewed changes
@PiotrSikora
Copy link
Contributor Author

PiotrSikora commented Jul 18, 2020

Since the version of BoringSSL that we use in FIPS prior to this PR is from mid-2018, I think it makes sense to backport it to the stable releases in order to enable TLS 1.3 there. Any objections @lambdai @mattklein123 @htuch @lizan?

/backport

@repokitteh-read-only repokitteh-read-only bot added the backport/review Request to backport to stable releases label Jul 18, 2020
lizan
lizan approved these changes Jul 18, 2020
View reviewed changes
Copy link
Member

@lizan lizan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM
/backport approve

@PiotrSikora PiotrSikora requested a review from htuch July 18, 2020 04:18
@PiotrSikora PiotrSikora added backport/approved Approved backports to stable releases and removed backport/review Request to backport to stable releases labels Jul 18, 2020
htuch
htuch approved these changes Jul 20, 2020
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think backport is OK if you have a motivation from the Istio perspective and want to do the work. I don't think it's strictly needed, i.e. this isn't some security fix or concern with previously shipped functionality.

@htuch
Copy link
Member

htuch commented Jul 20, 2020

/lgtm v2-freeze

@htuch htuch merged commit b4b8210 into envoyproxy:master Jul 20, 2020
KBaichoo pushed a commit to KBaichoo/envoy that referenced this pull request Jul 30, 2020
@PiotrSikora @KBaichoo
tls: update BoringSSL-FIPS to 20190808. (envoyproxy#12114)
a89b9a1 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
scheler pushed a commit to scheler/envoy that referenced this pull request Aug 4, 2020
@PiotrSikora
tls: update BoringSSL-FIPS to 20190808. (envoyproxy#12114)
23931ec 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: scheler <santosh.cheler@appdynamics.com>
@PiotrSikora PiotrSikora mentioned this pull request Jan 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agl agl Awaiting requested review from agl

2 more reviewers

@lizan lizan lizan approved these changes

@htuch htuch htuch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@lizan lizan

Labels

backport/approved Approved backports to stable releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PiotrSikora @htuch @agl @lizan