Upstream merge 2024 01 17 #1414
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ChromeOS EC and ChromeOS Zephyr EC are the open source software for embedded controllers (EC) used in recent ARM and x86 based Chromebooks. https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/README.md https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/docs/zephyr/README.md Bug: 629 Change-Id: If07bd77135fc28f5321643c568784c05bbe390f4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61865 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Bob Beck <bbe@google.com> (cherry picked from commit 58adb8e1d62d6da9c1ab9f73e986273992a2b742)
Change-Id: I78df8697814361993adafc342387a7d1804be371 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62125 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit dbd143c24784e0eeb7082f840dba937f958e517f)
skmcgrail
force-pushed
the
upstream-merge-2024-01-17
branch
from
4fa9dec to
2aac0d9
Compare
andrewhop
reviewed
Jan 22, 2024
Change-Id: I05a3b0cb7ffaee90ed85d2cf795feded8fbad1df Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62305 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> Auto-Submit: Bob Beck <bbe@google.com> (cherry picked from commit 18b1b8b1c4567190fe4a37262fdfba57aa446dc7)
Section 5.6.1.1.4 of SP 800-56A Rev 3 and Appendix B.1.2 of FIPS 186-4 select the private key out of the range [1, q-1]. We used [2, q-1]. This distinction is unimportant. 0, 1, 2, 3, 4, etc. all make equally bad private keys. The defense against each of these is their negligible probability, not rejection sampling. Nonetheless, we may as well align with *some* specification, and NIST's formulation works fine. Change-Id: I33352061f3fbdbec5b14b576d15be98464a57536 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62227 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> (cherry picked from commit 87c00d522b6c7be2f11eb967705d73a7271a0a64)
There don't appear to be any changes since draft-16 beyond some copy-editing, so we can just update the comments. https://author-tools.ietf.org/iddiff?url1=draft-irtf-cfrg-hash-to-curve-16&url2=rfc9380&difftype=--html Change-Id: Ida48b647c146f1fb1eeb6033b8878cba880c4b9b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62326 Reviewed-by: Adam Langley <agl@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> (cherry picked from commit 39a75071535f3389751ca22e73b5ccfef1b1bc59)
Someone requested that bssl::ScopedEVP_HPKE_KEY be movable. Change-Id: I48058567c776b5fe9a746072ccb7ddd723ef2b68 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62265 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> (cherry picked from commit ac45226f8d8223d70ed37cf81df5f03aea1d533c)
Change-Id: Ie1867ed8a9763331bcc83482cfb22f1e39a281d4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62366 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> (cherry picked from commit b8e012e1ff736cc794273af4a7db521e6b18bcd5)
Bug: b:296302767 Change-Id: I247c02b6b8fbab38f254c9d74576d0b103d93b4a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62425 Reviewed-by: Adam Langley <agl@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit 9f4cad2208b703350fe11d9469125dad55c34d30)
While I'm here, align on the version that compares the lengths explicitly, rather than subtract. The subtraction trick does actually work, because the lengths can't be negative and we're two's complement (so 0 - INT_MAX fits in int). But just comparing avoids needing to think about it. Change-Id: Ide6e3539a27e187bb1a405600c367bb8dd82197e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62545 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Auto-Submit: David Benjamin <davidben@google.com> (cherry picked from commit 5d2a41d8696b72660dec39b93221fa76201590a8)
Newer glibc have an attribute((nonnull(1))) on fclose. Attributes aren't part of the language, so decltype(fclose) lose the attribute. It seems this causes std::unique_ptr<FILE, decltype(fclose)> to trip -Wignored-attributes in GCC. This is a bit aggressive of a warning, but work around this with a custom deleter, which makes the unique_ptr object smaller anyway. (Though the compiler can, I hope, dissolve all of this anyway.) Fixed: 642 Change-Id: I9a0206a8c5675f856e80c5266c90be42d66a5606 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62465 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit e4f60679caa293c047be69f57fc48b46c7452327)
skmcgrail
force-pushed
the
upstream-merge-2024-01-17
branch
from
2aac0d9 to
83baf05
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1414 +/- ##
==========================================
- Coverage 76.88% 76.83% -0.06%
==========================================
Files 425 425
Lines 71532 71527 -5
==========================================
- Hits 55000 54956 -44
- Misses 16532 16571 +39 ☔ View full report in Codecov by Sentry. |
andrewhop
approved these changes
Jan 22, 2024
torben-hansen
approved these changes
Jan 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.