Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare for syncing with upstream #264

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Prepare for syncing with upstream #264

wants to merge 2 commits into from
+30 −8

Conversation

rushilmehra
Copy link
Collaborator

@rushilmehra rushilmehra commented Aug 16, 2024
edited
Loading

  • Support linking with a runtime cpp library

As of https://boringssl-review.googlesource.com/c/boringssl/+/66288,
libssl allows a C++ runtime dependency. As such, we need to link with a
cpp runtime library. Implementation is inspired heavily from
google/boringssl@54c956b. Before releasing this change, we'll need to figure out a way to support
this for windows.

  • Fix bug with accessing memzero'd X509StoreContext in tests

As of https://boringssl-review.googlesource.com/c/boringssl/+/64141,
X509_STORE_CTX_cleanup will zero the memory allocated to the
X509_STORE_CTX. Because X509StoreContextRef::init invokes
X509_STORE_CTX_cleanup once the with_context closure has finished,
calling X509StoreContextRef::verify_result (or any API really) is going
to be invalid because memory has been zerod out. This is a pretty big
footgun, so maybe we should consider screaming a bit louder for this
case.

This patch doesn't sync with upstream yet, because all of our patches break due to upstream directory structure changes, and the RPK patch needs to be completely reworked

@rushilmehra rushilmehra changed the title Sync upstream Prepare for syncing with upstream Aug 16, 2024
@rushilmehra
Support linking with a runtime cpp library
ad1f9bb 
As of https://boringssl-review.googlesource.com/c/boringssl/+/66288,
libssl allows a C++ runtime dependency. As such, we need to link with a
cpp runtime library. Implementation is inspired heavily from
google/boringssl@54c956b.

Before releasing this change, we'll need to figure out a way to support
this for windows.
@rushilmehra
Fix bug with accessing memzero'd X509StoreContext in tests
ae7a587 
As of https://boringssl-review.googlesource.com/c/boringssl/+/64141,
X509_STORE_CTX_cleanup will zero the memory allocated to the
X509_STORE_CTX. Because X509StoreContextRef::init invokes
X509_STORE_CTX_cleanup once the with_context closure has finished,
calling X509StoreContextRef::verify_result (or any API really) is going
to be invalid because memory has been zerod out. This is a pretty big
footgun, so maybe we should consider screaming a bit louder for this
case.
@rushilmehra rushilmehra requested a review from ghedo August 18, 2024 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwesterb bwesterb bwesterb approved these changes

@nox nox Awaiting requested review from nox

@inikulin inikulin Awaiting requested review from inikulin

@ghedo ghedo Awaiting requested review from ghedo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rushilmehra @bwesterb