Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aes-gcm: bump aes crate to v0.8 #409

Merged
merged 1 commit into from
Mar 21, 2022
Merged

aes-gcm: bump aes crate to v0.8 #409

merged 1 commit into from
Mar 21, 2022

Conversation

tarcieri
Copy link
Member

@tarcieri tarcieri commented Mar 19, 2022
edited
Loading

No description provided.

tarcieri
tarcieri commented Mar 19, 2022
View reviewed changes
aes-gcm/Cargo.toml
Comment on lines -35 to +36
armv8 = ["aes/armv8", "ghash/armv8"] # nightly-only
force-soft = ["aes/force-soft", "ghash/force-soft"]
armv8 = ["ghash/armv8"] # nightly-only
force-soft = ["ghash/force-soft"]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems unfortunate there's no longer a way to transitively toggle on support for these across crates.

The cfg-based approach seems okay, but IMO there should be a single cfg which can force soft implementations across all crates, or force nightly armv8 support, rather than having to instruct people to pass two different cfgs for both aes and ghash

@codecov-commenter
Copy link

codecov-commenter commented Mar 19, 2022
edited
Loading

Codecov Report

Merging #409 (81827f5) into master (e1e35e0) will decrease coverage by 0.04%.
The diff coverage is 94.11%.

@@            Coverage Diff             @@
##           master     #409      +/-   ##
==========================================
- Coverage   87.95%   87.90%   -0.05%     
==========================================
  Files          40       40              
  Lines        1959     1960       +1     
==========================================
  Hits         1723     1723              
- Misses        236      237       +1
Impacted Files Coverage Δ
aes-gcm/tests/aes128gcm.rs 100.00% <ø> (ø)
aes-gcm/tests/aes256gcm.rs 100.00% <ø> (ø)
aes-gcm/tests/other_ivlen.rs 100.00% <ø> (ø)
aes-gcm/src/lib.rs 92.45% <94.11%> (-1.78%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e1e35e0...81827f5. Read the comment docs.

@tarcieri tarcieri force-pushed the aes-gcm/bump-aes-to-v0.8 branch from 5d05d05 to f9c7196 Compare March 19, 2022 20:26
@tarcieri tarcieri force-pushed the aes-gcm/bump-aes-to-v0.8 branch from f9c7196 to 81827f5 Compare March 19, 2022 20:34
@tarcieri tarcieri changed the title [WIP] aes-gcm: bump aes crate to v0.8 aes-gcm: bump aes crate to v0.8 Mar 19, 2022
@tarcieri tarcieri requested a review from newpavlov March 19, 2022 20:35
@tarcieri tarcieri merged commit e96343d into master Mar 21, 2022
@tarcieri tarcieri deleted the aes-gcm/bump-aes-to-v0.8 branch March 21, 2022 15:29
@tomtau tomtau mentioned this pull request Apr 6, 2022
Closed
@tarcieri tarcieri mentioned this pull request Jul 31, 2022
Merged
tarcieri added a commit that referenced this pull request Sep 21, 2023
@tarcieri
aes-gcm: avoid exposing plaintext on tag verification failure
b5ca819 
In #409, for whatever reason I moved the application of the keystream
from after the tag check to before. This means the keystream is applied
unilaterally, instead of only when tag verification is successful.

Sadly, there was a TODO to test for this. A test has been added to
ensure the buffer is unmodified on tag verification failure. It was
red/green tested to ensure it caught the previous bug, and that the fix
corrects it.

This is being tracked as GHSA-423w-p2w9-r7vq (currently embargoed).
@tarcieri tarcieri mentioned this pull request Sep 21, 2023
Merged
tarcieri added a commit that referenced this pull request Sep 21, 2023
@tarcieri
aes-gcm: avoid exposing plaintext on tag verification failure (#551)
b587b27 
In #409, for whatever reason I moved the application of the keystream
from after the tag check to before. This means the keystream is applied
unilaterally, instead of only when tag verification is successful.

Sadly, there was a TODO to test for this. A test has been added to
ensure the buffer is unmodified on tag verification failure. It was
red/green tested to ensure it caught the previous bug, and that the fix
corrects it.

This is being tracked as GHSA-423w-p2w9-r7vq (currently embargoed).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@newpavlov newpavlov Awaiting requested review from newpavlov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tarcieri @codecov-commenter