Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream merge 2023 12 11 #1356

Merged
merged 2 commits into from
Dec 18, 2023
Merged

Upstream merge 2023 12 11 #1356

merged 2 commits into from
Dec 18, 2023

Conversation

nebeid
Copy link
Contributor

@nebeid nebeid commented Dec 13, 2023
edited
Loading

Description of changes:

Merging from Upstream 2 commits on Jul 11 google/boringssl@8267582 and google/boringssl@417069f

Call-outs:

See internal document as well as "AWS-LC" notes inserted in some of the commit messages for additions/deviations from the upstream commit.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link

Codecov Report

Attention: 17 lines in your changes are missing coverage. Please review.

Comparison is base (c4e7f93) 76.71% compared to head (fc90390) 76.73%.
Report is 3 commits behind head on main.

Files Patch % Lines
crypto/ec_extra/ec_asn1.c 87.50% 8 Missing ⚠️
crypto/fipsmodule/ec/ec.c 95.38% 6 Missing ⚠️
crypto/fipsmodule/bn/rsaz_exp.c 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1356      +/-   ##
==========================================
+ Coverage   76.71%   76.73%   +0.02%     
==========================================
  Files         422      422              
  Lines       71186    71197      +11     
==========================================
+ Hits        54611    54636      +25     
+ Misses      16575    16561      -14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nebeid nebeid marked this pull request as ready for review December 14, 2023 17:55
@nebeid nebeid requested a review from a team as a code owner December 14, 2023 17:55
@davidben @nebeid
Update the documentation of RAND_cleanup
acc73da 
This function hasn't done anything since 2015, when
https://boringssl-review.googlesource.com/5792 made it a no-op.

Also move RAND_get_system_entropy_for_custom_prng under obscure
functions. It's usually not what you want.

Change-Id: Ica57552792acff3c5991e6db09c15112db09d133
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61505
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
(cherry picked from commit 8267582590020ca2877592084f3a56b2f6e3209b)
@nebeid nebeid force-pushed the upstream-merge-2023-12-11 branch from fc90390 to 7cda686 Compare December 14, 2023 17:58
@davidben @nebeid
Make built-in curves static.
e166375 
This replaces our dynamically creating singleton EC_GROUPs from curve
data with static EC_GROUP instances.

They're just shy of being fully static because delocate still forces us
go to through CRYPTO_once to initialize structures with pointers.
(Though, without delocate, the loader would need similar initialization
via a runtime relocation.)

This means we can now have functions like EC_group_p256(), analogous to
EVP_sha256(). These are infallible functions that return const EC_GROUP
pointers. Although there is an initial 2KiB hit to binary size (now we
precompute a few more Montgomery values), I'm hoping it'll eventually
help binaries that only use a few of the curves to drop the others. Also
it removes some locks used to initialize the static curve objects, as
well as removing an annoying error condition.

AWS-LC:
- migrated the support for secp256k1 to the new static initialisation:
 -- added it to make_tables.go, and hence, to builtin_curves.h
 -- added an EC_GROUP for it in ec.c and included it in ec_asn1.c and ec.h
- P521:
 -- added non-Montgomery values to builtin_curves.h in order to support
    EC_GFp_nistp521_method()
 -- preserved the handling of different bit sizes for the digits
    representation required by P-521 tables

Bug: 20
Change-Id: Id051c5439f2b2fe2b09bf10964d656503ee27d9e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60931
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit 417069f8b2fd6dd4f8c2f5f69de7c038a2397050)
@nebeid nebeid force-pushed the upstream-merge-2023-12-11 branch from 7cda686 to e166375 Compare December 14, 2023 17:58
@nebeid nebeid requested review from skmcgrail and dkostic December 14, 2023 18:47
@nebeid nebeid merged commit 256e04e into aws:main Dec 18, 2023
17 of 18 checks passed
@skmcgrail skmcgrail mentioned this pull request Dec 18, 2023
Merged
@nebeid nebeid deleted the upstream-merge-2023-12-11 branch July 24, 2024 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkostic dkostic dkostic approved these changes

@skmcgrail skmcgrail skmcgrail approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nebeid @codecov-commenter @skmcgrail @dkostic @davidben