Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upstream merge 2024 12 02 #2030

Merged
merged 4 commits into from
Dec 10, 2024
Merged

Upstream merge 2024 12 02 #2030

merged 4 commits into from
Dec 10, 2024

Conversation

nebeid
Copy link
Contributor

@nebeid nebeid commented Dec 4, 2024

Description of changes:

Merging from Upstream considering commits between
google/boringssl@91a3f26 (Mar 7, 2024) and google/boringssl@fae0964 (Mar 13, 2024).

Call-outs:

See internal document as well as "AWS-LC" notes inserted in some of the commit messages for additions/deviations from the upstream commit.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link

codecov-commenter commented Dec 4, 2024

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.

Project coverage is 78.76%. Comparing base (dd5948b) to head (594581e).

Files with missing lines Patch % Lines
crypto/x509/by_dir.c 0.00% 2 Missing ⚠️
crypto/fipsmodule/sha/sha1.c 0.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2030      +/-   ##
==========================================
- Coverage   78.76%   78.76%   -0.01%     
==========================================
  Files         598      598              
  Lines      103676   103676              
  Branches    14744    14741       -3     
==========================================
- Hits        81665    81662       -3     
- Misses      21357    21363       +6     
+ Partials      654      651       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nebeid nebeid force-pushed the upstream-merge-2024-12-02 branch 2 times, most recently from 1f8f5f0 to 00380fe Compare December 5, 2024 16:18
@nebeid nebeid marked this pull request as ready for review December 5, 2024 21:51
@nebeid nebeid requested a review from a team as a code owner December 5, 2024 21:51
@nebeid nebeid force-pushed the upstream-merge-2024-12-02 branch from 00380fe to da9dead Compare December 5, 2024 21:52
@nebeid nebeid force-pushed the upstream-merge-2024-12-02 branch from da9dead to 1aa2c64 Compare December 7, 2024 01:01
davidben and others added 4 commits December 10, 2024 12:01
Change-Id: Id0efd039ba71489f88b9b669a327b29075f3f7de
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66787
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(cherry picked from commit 5a3faaa2d50b2540c6973531841723f633f388cd)
1) We are calling sha1_block_data_order_avx when avx2 is enabled
We should be calling  sha1_block_data_order_avx2
2) Looks like clang doesn't define __BMI1__ and calls it simply
__BMI__, see https://godbolt.org/z/s8anxn9rc
This is less of an issue since we will fallback to dynamic dispatch
anyway.

AWS-LC:
Did not take change 2 since compile time checks for CPU capabilities
were removed in 378b394

Change-Id: I9821405444c2e39167f1423c5f08bfcbca1efa51
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66827
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
(cherry picked from commit cf4f615d706d54fca9323fb1595d88f7ee2d7517)
Make google3 common typos stop complaining in the future.

Change-Id: Ib5156335afa691427dbe618c8b29797665cef35f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66947
Auto-Submit: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
(cherry picked from commit 3ac09394a0c027ca077b8cfda4c0dbc8837ce87a)
After examining consumer test code and discussion with davidben,
the stat here serves only to get out of this code without having
an error on the error stack when the file does not exist, which is
then interpreted as the CA or CRL does not exist. Instead, we
simply attempt to open the files, and if it does not work for
any reason, clear the error that was set.

This changes us to treat any failure in finding a CA or CRL using
the by directory lookup as if the file was just not present. This
ensures a consistent behaviour with the error returned from the
verification code. We don't differentiate between the file not existing
or other errors such as garbage in the file.

Fixed: 708
Change-Id: I1eee01282cde803fb7c9b52003da3dfbd5ba9e33
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66967
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(cherry picked from commit fae0964b3d44e94ca2a2d21f86e61dabe683d130)
@nebeid nebeid force-pushed the upstream-merge-2024-12-02 branch from 1aa2c64 to 594581e Compare December 10, 2024 17:01
@nebeid nebeid merged commit e032d42 into aws:main Dec 10, 2024
121 of 124 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants