Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream merge 2025 01 02 #2090

Merged
merged 4 commits into from
Jan 17, 2025
Merged

Upstream merge 2025 01 02 #2090

merged 4 commits into from
Jan 17, 2025
+129 −87

Conversation

nebeid
Copy link
Contributor

@nebeid nebeid commented Jan 2, 2025
edited
Loading

Description of changes:

Merging from Upstream considering commits between
google/boringssl@9b8b483 (Mar 20, 2024) and google/boringssl@821fe33 (Mar 22, 2024).

Call-outs:

See internal document as well as "AWS-LC" notes inserted in some of the commit messages for additions/deviations from the upstream commit.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link

codecov-commenter commented Jan 2, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.92%. Comparing base (94daeb2) to head (89a4869).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2090      +/-   ##
==========================================
- Coverage   78.92%   78.92%   -0.01%     
==========================================
  Files         610      610              
  Lines      105137   105147      +10     
  Branches    14911    14899      -12     
==========================================
+ Hits        82983    82989       +6     
- Misses      21503    21506       +3     
- Partials      651      652       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nebeid nebeid force-pushed the upstream-merge-2025-01-02 branch 3 times, most recently from 514687e to a013cd6 Compare January 8, 2025 16:13
@nebeid nebeid marked this pull request as ready for review January 8, 2025 16:14
@nebeid nebeid requested a review from a team as a code owner January 8, 2025 16:14
@nebeid nebeid force-pushed the upstream-merge-2025-01-02 branch from a013cd6 to 5063e3f Compare January 8, 2025 17:49
@nebeid nebeid requested a review from andrewhop January 8, 2025 17:49
@nebeid nebeid force-pushed the upstream-merge-2025-01-02 branch 2 times, most recently from ea87a30 to 27f0837 Compare January 9, 2025 14:49
@nebeid nebeid requested a review from smittals2 January 9, 2025 15:10
davidben and others added 4 commits January 15, 2025 11:51
@davidben @nebeid
Start making asserts constant-time too
28be530 
We've historically settled on treating asserts as not in scope for our
constant-time goals. Production binaries are expected to be optimized
builds, with debug assertions turned off. (We have a handful of
assertions in perf-sensitive code that you definitely do not want to run
with.) Secret data has invariants too, so it is useful to be able to
write debug assertions on them.

However, combined with our default CMake build being a debug build, this
seems to cause some confusion with researchers sometimes. Also, if we
ever get language-level constant-time support, we would need to resolve
this mismatch anyway. (I assume any language support would put enough
into the type system to force us to declassify any intentional branches
on secret-by-data-flow bools, notably those we assert on.) So I'm
inclined to just make our asserts constant-time.

There are two issues around asserts, at least with our valgrind-based
validation:

The first is that a couple of asserts over secret data compute their
condition leakily. We can just fix these. The only such ones I found
were in bn_reduce_once and bn_gcd_consttime.

The second is that almost every assert over secret data will be flagged
as an invalid branch by valgrind. However, presuming the condition
itself was computed in constant time, this branch is actually safe. If
we were willing to abort the process when false, the assert is clearly
publicly true. We just need to declassify the boolean to assert on it.

assert(constant_time_declassify_int(expr)) is really long, so I made an
internal wrapper macro declassify_assert(expr). Not sure if that's the
best name. constant_time_declassify_assert(expr) is kinda long.
constant_time_assert(expr) fits with the rest of that namespace, but
reads as if we're somehow running an assert without branching, when the
whole point is that we *are* branching and need to explicitly say it's
okay to.

Fixed: 339
Change-Id: Ie33b99bf9a269b11d2c48d246cc4934be7e239ff
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65467
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
(cherry picked from commit 9b8b483276da2b3d36ea21e97743e310314a8de0)
@davidben @nebeid
Fix EVP_PKEY_CTX_dup with EC generation
ca17ac7 
gen_group wasn't copied over.

Change-Id: If5341dce69fe0297b6bd9a5fb7ed34d546201604
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67167
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
(cherry picked from commit 8248baaf3e14895cc85255c009aace5fb92d0c95)
@botovq @nebeid
Remove unused flags argument from trust handlers
e9f12ec 
AWS-LC:
- X509_TRUST is in include/openssl/x509.h;
  the check_trust function pointer was changed there.
Change-Id: Ie16e9ab0897305089672720efa4530d43074f692
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67387
Auto-Submit: Theo Buehler <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
(cherry picked from commit 4ac76f07a401b9b11d6ff305049721cfe3f6a777)
@davidben @nebeid
Document that null STACK_OF(T) can be used with several functions
89a4869 
Lots of code relies on this, so we ought to document it. A null
STACK_OF(T) is treated as an immutable empty list.

AWS-LC:
- sk_TEST_INT_find takes 2 arguments only due to
  aws@9860446
- Based on changes to stack.h L-513-515 in the same commit, in compatibility
  with OpenSSL, -1 is returned in the last check in NullIsEmpty test.

Change-Id: I10d0ba8f7b33c7f3febaf92c2cd3da25a0eb0f80
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67407
Reviewed-by: Theo Buehler <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: Bob Beck <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
(cherry picked from commit 821fe3380cce646fa3557b882d91fba318981b9b)
@nebeid nebeid force-pushed the upstream-merge-2025-01-02 branch from 27f0837 to 89a4869 Compare January 15, 2025 16:52
smittals2
smittals2 approved these changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@smittals2 smittals2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we know the flags var is unused? (In the X509 changes)

@andrewhop
Copy link
Contributor

How do we know the flags var is unused? (In the X509 changes)

They are only used in internal functions, so there is no public API that an external customer could be using them from.

@nebeid nebeid merged commit 68e861e into aws:main Jan 17, 2025
123 of 126 checks passed
@nebeid nebeid deleted the upstream-merge-2025-01-02 branch January 17, 2025 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smittals2 smittals2 smittals2 approved these changes

@andrewhop andrewhop andrewhop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@nebeid @codecov-commenter @andrewhop @smittals2 @davidben @botovq