-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Partially update boringssl, add warnings for invalid parameters #2745
Conversation
|
This is only a partial update for now due to incompatible changes to DH introduced in https://boringssl-review.googlesource.com/c/boringssl/+/62226. Includes some code changes based on the RSA struct now being opaque as well as slight code simplifications for DH.
26afed9
to
f1abaf2
Compare
f1abaf2
to
6db46c2
Compare
@@ -100,6 +103,10 @@ kj::Own<DH> initDh(kj::OneOf<kj::Array<kj::byte>, int>& sizeOrKey, | |||
} | |||
return 1; | |||
}; | |||
// Operations on an "egregiously large" prime will throw with recent boringssl. | |||
if (size > OPENSSL_DH_MAX_MODULUS_BITS) { | |||
KJ_LOG(WARNING, "DiffieHellman init: requested prime size too large"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these be NOSENTRY
or do we want them appearing there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do prefer having warnings appear on Sentry as it makes them easier to find. These should be temporary so hopefully this is fine
https://boringssl-review.googlesource.com/c/boringssl/+/62226 added some additional DH checks for "egregiously large or invalid" parameters. Add a warning when creating a DH handle that would cause boringssl to throw. Some of the additional checks are already covered by our implementation, so we only need this for some checks on the p parameter.
6db46c2
to
55db359
Compare
Follow-up to #2745. After confirming that the few DH inputs that are now rejected by boringssl are not being actively used, we can return a proper error for them and update the boringssl version for workerd. Even if the version used internally is out-of-sync for now, the added checks here ensure that the behavior is the same. Test cases are updated based on the new behavior.
Follow-up to #2745. After confirming that the few DH inputs that are now rejected by boringssl are not being actively used, we can return a proper error for them and update the boringssl version for workerd. Even if the version used internally is out-of-sync for now, the added checks here ensure that the behavior is the same. Test cases are updated based on the new behavior.
Boringssl now has built-in bazel support, so we no longer have to use a commit from main-with-bazel instead of the primary branch. A few code changes are needed based on the RSA struct now being opaque, which is why we deferred updating this so far.Roll boringssl, fix RSA struct usage and refactor DH code
Warn when creating DH handle with invalid parameters
============
This will allows us to see if we can safely update boringssl or if there is code depending on using DH with impractical parameters.