Chiebot-Mirror/boringssl - boringssl - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
Adam Langley	c7a3c46574	Don't loop forever in BN_mod_sqrt on invalid inputs. BN_mod_sqrt implements the Tonelli–Shanks algorithm, which requires a prime modulus. It was written such that, given a composite modulus, it would sometimes loop forever. This change fixes the algorithm to always terminate. However, callers must still pass a prime modulus for the function to have a defined output. In OpenSSL, this loop resulted in a DoS vulnerability, CVE-2022-0778. BoringSSL is mostly unaffected by this. In particular, this case is not reachable in BoringSSL from certificate and other ASN.1 elliptic curve parsing code. Any impact in BoringSSL is limited to: - Callers of EC_GROUP_new_curve_GFp that take untrusted curve parameters - Callers of BN_mod_sqrt that take untrusted moduli This CL updates documentation of those functions to clarify that callers should not pass attacker-controlled values. Even with the infinite loop fixed, doing so breaks preconditions and will give undefined output. Change-Id: I64dc1220aaaaafedba02d2ac0e4232a3a0648160 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51925 Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Adam Langley <agl@google.com>	3 years ago
Benjamin Brittain	8d8d8f3ea7	Generates "low-level" bindings for Rust using bindgen This is designed to be the minimal infrastructure required to support using BoringSSL in the Rust ecosystem without fear of ABI drift. Bindgen is used to generate Rust bindings in lockstep with the rest of the build. `rust-openssl` can consume these generated bindings with minimal changes. Change-Id: I1dacd36a4131e22a930ebb01da00407e8465ad7e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49645 Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>	3 years ago
David Benjamin	cd0b767492	Add BN_GENCB_new, BN_GENCB_free, and RSA_test_flags. OpenSSL 1.1.0 made this structure opaque. I don't think we particularly need to make it opaque, but external code uses it. Also add RSA_test_flags. Change-Id: I136d38e72ec4664c78f4d1720ec691f5760090c1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50605 Reviewed-by: Adam Langley <agl@google.com>	3 years ago
jakemas	019cc625bd	Fix BN_prime_checks_for_validation to align with false-positive rate. This doesn't affect RSA key generation, which uses BN_prime_checks_for_generation. Change-Id: Ibf32c0c4bc9fed369e8f8a1efea72c5bd39185a9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49426 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago