Upstream merge 2023-11-10 #1302
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samuel40791765
force-pushed
the
upstream-merge-2023-11-10
branch
4 times, most recently
from
2768999
to
4c252ee
Compare
samuel40791765
force-pushed
the
upstream-merge-2023-11-10
branch
2 times, most recently
from
eab8e3e
to
ba0e888
Compare
justsmth
approved these changes
Nov 14, 2023
torben-hansen
approved these changes
Nov 14, 2023
OPENSSL_WINDOWS doesn't *quite* imply that crypto/rand_extra/windows.c is used, thanks to fuzzer mode. The sea of ifdefs here is becoming quite a mess, so I've added OPENSSL_RAND_* resolve the dispatch in one place. Perhaps later we should also we can also simplify this by just including CRYPTO_init_sysrand and CRYPTO_sysrand_if_available in all the C files. But that'll be easier to do when Trusty's RNG is moved in tree. While I'm here, fold some of the ifdefs in windows.c together. Change-Id: Ic9c21c5c943a409ebb1d77f27daea1eeb9422e9d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61085 Auto-Submit: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> Commit-Queue: Bob Beck <[email protected]> (cherry picked from commit a36924781733a73ecddf2f02ba74069fd5ba341c)
Change-Id: Id38833b329b0d661fb18e8a75b671379effe82a6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61166 Auto-Submit: David Benjamin <[email protected]> Commit-Queue: Bob Beck <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit 9ad0e9d7da6372ca61e137610999e5683d7a9749)
The standard macro-based pattern does not work in bindgen because of rust-lang/rust-bindgen#2544 Change-Id: Ic2b92e779ade2ed55a627bba9c76f7df5c0f6136 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61185 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: Bob Beck <[email protected]> Auto-Submit: David Benjamin <[email protected]> (cherry picked from commit 4e88a3557f6a022e30d1ff85fbd87e1173848be2)
BN_MONT_CTX already has the modulus, so just use it. This is one less value to initialize statically. Bug: 20 Change-Id: I78f73994ab595b795e99d67851bdff3b73fc3dd6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60926 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> (cherry picked from commit 6f13380d27835e70ec7caf807da7a1f239b10da6)
While I'm here, update x/crypto and x/net to their latest versions. byteReader is a straightforward port, except there doesn't seem to be a convenient way to read length-prefixed bytes without manually casting from cryptobyte.String to []byte, so I've done that. byteBuilder is a bit more involved because it's based on closures, but still a mechanical change. As part of this, I switched runner's ticket format to use u24 length prefixes instead of u32, because cryptobyte.String doesn't have u32 length prefixes. (Although, oddly, cryptobyte.Builder does.) Fixed: 374 Change-Id: If9bea0b41fe2b8bc48f040a667753b160da469bb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61186 Auto-Submit: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]> (cherry picked from commit 286ea215ec6669152feb71a28075ae69b957f4bf)
One less value to initialize statically. Instead, just check if r + order < p. It's one additional comparison, but those have negligible cost here. Bug: 20 Change-Id: Iabc9c1894b58aeba45282e3360e38fe843eb7139 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60927 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]> (cherry picked from commit 5eab868eaa5f7a975d50579182e26902441342be)
This removes a place where we make hard-coded assumes about test names. Also it shards pki_test, as that test suite is large enough to benefit from it. Change-Id: I392254b73a2df2f022ccf13508552372c103bff7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61285 Reviewed-by: Bob Beck <[email protected]> Commit-Queue: Bob Beck <[email protected]> (cherry picked from commit 63f4b806d6085c1a75e40da7d2de972e781ef588)
samuel40791765
force-pushed
the
upstream-merge-2023-11-10
branch
from
ba0e888
to
6a54d82
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Merging from Upstream from google/boringssl@a369247 (Jun 23) to google/boringssl@1e2f169 (Jul 5).
Call-outs:
See internal document as well as "AWS-LC" notes inserted in some of the commit messages for additions/deviations from the upstream commit.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.