Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge BoringSSL through 817ab07ebb53da35afea409ab9328f578492832d #2398

Merged
merged 29 commits into from
Feb 18, 2025
Merged

Merge BoringSSL through 817ab07ebb53da35afea409ab9328f578492832d #2398

merged 29 commits into from
Feb 18, 2025

Conversation

briansmith
Copy link
Owner

No description provided.

davidben and others added 29 commits January 16, 2025 13:54
@davidben
clang-format bssl_shim.cc
06ec1ed 
Get this diff out of the way of other changes.

Change-Id: I0f92f99ae6f2cadd70a86a8bc18a5757ab0a7ba0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75287
Commit-Queue: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
@davidben
Remove some dead code in bssl_shim
16c79a2 
Change-Id: I752be9b328cd6a444029f6640a2d7feca0e00206
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75307
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@davidben
Test some obscure modes of EVP sign/verify with RSA keys
bca2d72 
When the digest is unset, padding may be either RSA_PADDING_NONE or
RSA_PADDING_PKCS1.

If RSA_PADDING_NONE, this becomes raw RSA public and private key
operations, with signature verify comparing the "digest" against the
output of the raw public key operation.

If RSA_PADDING_PKCS1, this treats the "digest" as the raw DigestInfo
structure.

Test both of these, so we don't break them as we move code around. In
doing so, this revealed that verify in these modes, when the "digest"
doesn't match, forgot to add to the error queue. Fix that up.

Bug: 42290606
Change-Id: I3412a633124a12bda6dfebc08896f616b2d268aa
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75228
Reviewed-by: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
Document and test PEM_X509_INFO_read_bio's odd decryption behavior
6612078 
PEM_X509_INFO_read_bio is weird. It decrypts certificates and CRLs, but
not private keys. We had some comments just saying we were trying to
preserve historical (untested) behavior, but I think I've figured out
why. It's so you can inspect a bundle of certs + encrypted keys without
knowing the password. Attempting but failing to decrypt is fatal.

On the flip side, this means that you cannot use this to decrypt the
private key even if you wanted to! This was probably a mistake in
SSLeay, but probably not worth fixing since this function's grouping
behavior doesn't handle certificate chains right anyway.

But we should at least document and test the intended behavior. This
tests that encrypted private keys are left as placeholders, though I
haven't filled in an encrypted certificate or CRL. (The main nuisance
there is assembling a test input because OpenSSL's APIs don't even let
you make them.)

Bug: 387737061
Change-Id: Iebcafdba4924bbcb6298bde24013a508aecc716a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74810
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
Fix unwrap comment for CBB_init_fixed
d4b6eb5 
Change-Id: I893930a8d23f49968883e4c9b8425ebcc5a2d23b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75007
Auto-Submit: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Add a function for Conscrypt to use
d3f26f8 
That will convert nonstandard times to posix times.

Change-Id: I7c09a8d4175ee372ab9f3453e02628c303686888
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75167
Commit-Queue: Bob Beck <[email protected]>
Auto-Submit: Bob Beck <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
@cpu
util/fipstools: support feedback KDF w/ empty IVs
23768dc 
The module wrapper I'm testing supports feedback mode KDF w/ HKDF using
an 8 bit counter and no IV. This commit updates the subprocess handling
for the KDF algorithm to support this use-case.

By offering feedback-mode support with empty IV only the diff is quite
minimal. Module wrappers are assumed to use a capability with
both "supportsEmptyIv":true and "requiresEmptyIv":true.

See the NIST KDF ACVP spec for more information:

  https://pages.nist.gov/ACVP/draft-celi-acvp-kbkdf.html

Change-Id: I30eb9d0e8bb88c793d05014e4d98e034675f13b6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74747
Reviewed-by: Adam Langley <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@cpu
util/fipstools: update RSA sigGen cmd args docs
36c0f05 
The ACVP.md documentation for the acvptool module wrapper commands
described the "RSA/sigGen/<hash>/pkcs1v1.5" and "RSA/sigGen/<hash>/pss"
commands as only being provided the RSA modulus bit-size, but in
practice the command gets both the bit-size and a message. This commit
updates the docs to match.

Change-Id: I63267bca9855acfb6ba770f3d999fbc6939d283e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75127
Reviewed-by: Bob Beck <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: Adam Langley <[email protected]>
@davidben
Remove ASN1_UTCTIME_cmp_time_t
6e8adf5 
This does not seem to be used anywhere, and for good reason: it only
works on UTCTime, so it will break with any dates past 2050, which need
GeneralizedTime. We don't have the ASN1_TIME and ASN1_GENERALIZEDTIME
versions. They seem to have been added a bit later.

(If we ever need to add these back, we should probably change the input
type to int64_t, but for now we don't seem to need them at all.)

Update-Note: Removed an unused function.
Change-Id: I23c9f0b41d210f3a44122165331389b30d6ecab0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75408
Commit-Queue: David Benjamin <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
@davidben
Include the extension in the error in ssl_parse_extensions
1c40397 
This mirrors the callback-based system. If we get an unsolicited
extension, it's nice to say which it was.

Also fix one of the existing ones to remove what seems to have been a
stray colon.

Change-Id: I2a796ea008823fc749eebc3d2d22b94562329b6b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75427
Auto-Submit: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: Adam Langley <[email protected]>
@davidben
Sync presubmit.yml with what landed in BCR
fb1e769 
Bazel 7 defaults to C++14, and BCR doesn't pick up .bazelrc, so we need
to specify this in yet another place.

See also
bazelbuild/bazel-central-registry#3579

Change-Id: I5e639b86ec52dd9ebd14c58aa9cca7997a5f5c87
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75407
Commit-Queue: Bob Beck <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
@sokcevicG
infra: Support both master and main branches
e056f59 
Prepare boringssl infra for master->main migration

Change-Id: I331ff76284091278edfc17946728ac3fbaf040bf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75327
Reviewed-by: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
Update references in the repo to use the main branch
46364fb 
While I'm here, since they were picked up by the grep, also update URLs
to other repos that have also renamed.

Bug: 377378320
Change-Id: I0f6eb7e97856341f3a5b36e1abbdb0fa840a50b8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75508
Commit-Queue: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
@davidben
Reword the SSL_export_keying_material docs slightly
485c725 
The reference to TLS 1.2's "master secret" (renamed to "main secret" in
rfc8446bis, but we haven't applied that yet) is wrong anyway because
it's derived from a different secret in TLS 1.3. Even in TLS 1.2, it's
misleading because TLS 1.2 resumptions share the master secret, but EKM
still exports different values by incorporating the client/server
randoms.

Change-Id: I21cb4f5ddde9d9fb520c770ca6a89c56daecef6b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75509
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
@cpu
util/fipstools: basic support for KTS-IFC
ba24bde 
Some notable limitations:

* Only the KTS-OAEP-basic scheme is supported.
* Only the rsakpg1-basic keygen mode is supported.
* Only the AFT test type is supported (no partialVal function support).

See the NIST KTS-IFC ACVP spec for more information:

  https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ifc.html

Change-Id: I0f3760dbb20f537e443b52e209db2a9578bbb4dd
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75510
Reviewed-by: Adam Langley <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@sokcevicG
infra: Use main branch exclusively
7d07002 
Bug: b/377378320
Change-Id: Iaff26371207af7159e460bf820c469be0ee07755
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75607
Commit-Queue: David Benjamin <[email protected]>
Auto-Submit: Josip Sokcevic <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
Bump API version to 34
15bab61 
Change-Id: I6fc3367377d8c4ec6e75e23c1b7e3056ff31b90f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75627
Reviewed-by: David Benjamin <[email protected]>
Auto-Submit: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
Document EVP_BytesToKey a bit better
03e6d7e 
This is a generalized PBKDF1. Also you shouldn't use it unless you want
PBKDF1.

Change-Id: I05313aa775123503391e66697810fda8538d74f7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75628
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@davidben
Use std::vector<uint8_t> to store base64-decode byte arrays
f7febd2 
I got tired of writing a bunch of casts, so let's just fix this across
the board.

Change-Id: I7598fc4cb79ec41deb6855e0bf32aa2c8ebd00e3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75629
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
runner: Make -expect-selected-credential's default more convenient
5823b5e 
Right now, if you don't pass -expect-selected-credential in a test, it
implicitly asserts that you selected the default credential. This means
that every credential-based test must pass this flag, which is a bit
tedious when the test is not about credential dispatch.

Instead, default it not expressing a opinion about this either way.

Change-Id: I42591cee71df1e4db8c8b902efba3b646b65d4e5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75630
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: Adam Langley <[email protected]>
@davidben
runner: implement SecondHelloRetryRequest more straightforwardly
f0a4948 
I am not sure why we ran through this increasingly large block of code,
with side effects, twice. All this really needed was to send a second
HRR and make sure the client rejected.

Change-Id: I1122ef2c5f8f85e2f356a6112ae2042653469417
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75631
Auto-Submit: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@davidben
Test that we reject Certificate or CertificateRequest in resumption
afa405f 
I was going to add a corresponding test for PAKEs and noticed we
neglected this for PSKs. This also fixes a bug in runner where client
auth + resumption handshakes as a server didn't work right. (I guess
none of our tests exercise this case.)

Change-Id: I9e82dcbca54aedba4059e45c3e40a39b390de34e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75667
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
@davidben
runner: Only require a curve match in TLS 1.3 when doing key shares
723b508 
The TLS-PAKE machinery will not use key shares. Moving this allows the
client to not send supported_groups when it doesn't need to.

Change-Id: I7291f6afc31d67bbfa6b810a945280bad1ac3ad6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75727
Commit-Queue: Adam Langley <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
@davidben
Add missing error with credential/issuer matching
f44677c 
When we iterate over the credential list, the last credential's failure
reason becomes the overall error, so we need to add failure reasons to
the error queue.

Change-Id: If0e09c52b2d9d3d07118b66d93a2e19bc877147c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75747
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
@davidben
Fix link to Mozilla wiki in comment
8523f0f 
They changed the URL from : to / without leaving a redirect.

Change-Id: I3b2c9fe8f2ffbbb3d6e29d99b5c769b02ba6fc0e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75767
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: Adam Langley <[email protected]>
@cpu
util/fipstools: cSHAKE ACVP algorithm support
343c55c 
Implements support for cSHAKE-128 and cSHAKE-256 ACVP testing (AFT and
MCT test types) based on the NIST specification:

  https://pages.nist.gov/ACVP/draft-celi-acvp-xof.html

The Go testmodulewrapper is updated to implement the new command
handlers.

Change-Id: I4bb459756273df10945cc814bd4a6a9d052641dd
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75687
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
Reviewed-by: Adam Langley <[email protected]>
Collapse the modes directory into aes
817ab07 
Before further surgery on aes for BCM purposes.

Bug: 392625968
Change-Id: If87ef7c391ef46b09d2b68ddd1065810a71f0bf9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75787
Auto-Submit: Bob Beck <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
@briansmith
Ignore BoringSSL 06ec1ed..343c55c.
9f6ec03
@briansmith
Merge BoringSSL 817ab07: Collapse the modes directory into aes
d52f52f 
Re-sort the affected entries in build.rs and Cargo.toml.
@briansmith briansmith self-assigned this Feb 18, 2025
@codecov Codecov
Copy link

codecov bot commented Feb 18, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.61%. Comparing base (c7eaca4) to head (d52f52f).
Report is 30 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2398      +/-   ##
==========================================
- Coverage   96.62%   96.61%   -0.01%     
==========================================
  Files         176      176              
  Lines       21640    21640              
  Branches      529      529              
==========================================
- Hits        20909    20908       -1     
  Misses        618      618              
- Partials      113      114       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@briansmith briansmith merged commit ade1606 into main Feb 18, 2025
174 checks passed
@briansmith briansmith deleted the b/bm-7-6 branch February 18, 2025 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@briansmith briansmith

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@briansmith @davidben @cpu @sokcevicG