Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Partially update boringssl, add warnings for invalid parameters #2745

Merged
merged 2 commits into from
Sep 23, 2024
Merged

Partially update boringssl, add warnings for invalid parameters #2745

merged 2 commits into from
Sep 23, 2024

Conversation

fhanau
Copy link
Collaborator

@fhanau fhanau commented Sep 19, 2024
edited
Loading

Boringssl now has built-in bazel support, so we no longer have to use a commit from main-with-bazel instead of the primary branch. A few code changes are needed based on the RSA struct now being opaque, which is why we deferred updating this so far.

Roll boringssl, fix RSA struct usage and refactor DH code

Warn when creating DH handle with invalid parameters

  • https://boringssl-review.googlesource.com/c/boringssl/+/62226 added some additional DH checks for "egregiously large or invalid" parameters. Add a warning when creating a DH handle that would cause boringssl to throw. Some of the additional checks are already covered by our implementation, so we only need this for some checks on the p parameter.

============

This will allows us to see if we can safely update boringssl or if there is code depending on using DH with impractical parameters.

@fhanau fhanau requested review from a team as code owners September 19, 2024 00:31
fhanau
fhanau commented Sep 19, 2024
View reviewed changes
WORKSPACE Outdated Show resolved Hide resolved
@fhanau
Copy link
Collaborator Author

fhanau commented Sep 19, 2024
edited
Loading

This is failing //src/workerd/api/node:tests/crypto_dh-test because of https://boringssl-review.googlesource.com/c/boringssl/+/62226 or https://boringssl-review.googlesource.com/c/boringssl/+/62228, which reject some input parameters. We could still update to c08ccc9ed166a82b92edd70ab215ae1f2501e838, but that's a much smaller update. Moving this back to draft stage.

@fhanau fhanau marked this pull request as draft September 19, 2024 01:44
@fhanau
Roll boringssl, fix RSA struct usage and refactor DH code
d95173a 
This is only a partial update for now due to incompatible changes to DH
introduced in https://boringssl-review.googlesource.com/c/boringssl/+/62226.
Includes some code changes based on the RSA struct now being opaque as well as
slight code simplifications for DH.
@fhanau fhanau changed the title [build] Roll boringssl to latest commit Partially update boringssl, add warnings for invalid parameters Sep 22, 2024
@fhanau fhanau requested a review from kentonv September 23, 2024 14:26
@fhanau fhanau marked this pull request as ready for review September 23, 2024 14:26
jasnell
jasnell reviewed Sep 23, 2024
View reviewed changes
src/workerd/api/crypto/dh.c++
@@ -100,6 +103,10 @@ kj::Own<DH> initDh(kj::OneOf<kj::Array<kj::byte>, int>& sizeOrKey,
}
return 1;
};
// Operations on an "egregiously large" prime will throw with recent boringssl.
if (size > OPENSSL_DH_MAX_MODULUS_BITS) {
KJ_LOG(WARNING, "DiffieHellman init: requested prime size too large");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these be NOSENTRY or do we want them appearing there?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do prefer having warnings appear on Sentry as it makes them easier to find. These should be temporary so hopefully this is fine

@fhanau
Warn when creating DH handle with invalid parameters
55db359 
https://boringssl-review.googlesource.com/c/boringssl/+/62226 added some
additional DH checks for "egregiously large or invalid" parameters. Add a
warning when creating a DH handle that would cause boringssl to throw. Some of
the additional checks are already covered by our implementation, so we only
need this for some checks on the p parameter.
@fhanau fhanau merged commit 3705b53 into main Sep 23, 2024
13 of 14 checks passed
@fhanau fhanau deleted the felix/roll-boringssl branch September 23, 2024 18:59
fhanau added a commit that referenced this pull request Oct 19, 2024
@fhanau
Roll boringssl
7fc9efd 
Follow-up to #2745. After confirming that the few DH inputs that are now
rejected by boringssl are not being actively used, we can return a proper error
for them and update the boringssl version for workerd. Even if the version used
internally is out-of-sync for now, the added checks here ensure that the
behavior is the same.
Test cases are updated based on the new behavior.
@fhanau fhanau mentioned this pull request Oct 19, 2024
Merged
fhanau added a commit that referenced this pull request Oct 21, 2024
@fhanau
Roll boringssl
9cd99f1 
Follow-up to #2745. After confirming that the few DH inputs that are now
rejected by boringssl are not being actively used, we can return a proper error
for them and update the boringssl version for workerd. Even if the version used
internally is out-of-sync for now, the added checks here ensure that the
behavior is the same.
Test cases are updated based on the new behavior.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@garrettgu10 garrettgu10 Awaiting requested review from garrettgu10 garrettgu10 is a code owner automatically assigned from cloudflare/workers-runtime-1

@jp4a50 jp4a50 Awaiting requested review from jp4a50 jp4a50 is a code owner automatically assigned from cloudflare/workers-runtime-1

@kentonv kentonv Awaiting requested review from kentonv

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fhanau @jasnell