Harden key handling and crypto backend edge cases#88
Open
bifurcation wants to merge 21 commits intomainfrom
Open
Harden key handling and crypto backend edge cases#88bifurcation wants to merge 21 commits intomainfrom
bifurcation wants to merge 21 commits intomainfrom
Conversation
bifurcation
commented
Apr 27, 2026
| static Result<void> | ||
| validate_ctr_size(size_t size) | ||
| { | ||
| static constexpr size_t max_ctr_size = size_t(uint64_t(1) << 32) * 16; |
Contributor
Author
There was a problem hiding this comment.
This expression overflows on platforms where size_t is 32 bits. Since you're only checking for > (1 << 32), it would be simpler and safer to test size >> 32 == 0, right? Unless size >> 32 would be UB or something on 32-bit platforms.
Contributor
Author
There was a problem hiding this comment.
This function should not be repeated across the various crypto implementation files. Likewise for any others that are repeated.
Comment on lines
+52
to
+75
| if ((CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "GNU") AND NOT WIN32) | ||
| set(SFRAME_RELEASE_COMPILE_FLAGS "-fstack-protector-strong -D_FORTIFY_SOURCE=2") | ||
| if (CMAKE_CXX_COMPILER_ID MATCHES "Clang") | ||
| set(SFRAME_RELEASE_COMPILE_FLAGS | ||
| "${SFRAME_RELEASE_COMPILE_FLAGS} -ftrivial-auto-var-init=zero") | ||
| endif() | ||
|
|
||
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | ||
| set(CMAKE_C_FLAGS_${config} "${CMAKE_C_FLAGS_${config}} ${SFRAME_RELEASE_COMPILE_FLAGS}") | ||
| set(CMAKE_CXX_FLAGS_${config} "${CMAKE_CXX_FLAGS_${config}} ${SFRAME_RELEASE_COMPILE_FLAGS}") | ||
| endforeach() | ||
|
|
||
| if(APPLE) | ||
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | ||
| set(CMAKE_EXE_LINKER_FLAGS_${config} "${CMAKE_EXE_LINKER_FLAGS_${config}} -pie") | ||
| endforeach() | ||
| elseif(UNIX) | ||
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | ||
| set(CMAKE_EXE_LINKER_FLAGS_${config} | ||
| "${CMAKE_EXE_LINKER_FLAGS_${config}} -pie -Wl,-z,relro,-z,now") | ||
| endforeach() | ||
| endif() | ||
| endif() | ||
|
|
Contributor
Author
There was a problem hiding this comment.
Suggested change
| if ((CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "GNU") AND NOT WIN32) | |
| set(SFRAME_RELEASE_COMPILE_FLAGS "-fstack-protector-strong -D_FORTIFY_SOURCE=2") | |
| if (CMAKE_CXX_COMPILER_ID MATCHES "Clang") | |
| set(SFRAME_RELEASE_COMPILE_FLAGS | |
| "${SFRAME_RELEASE_COMPILE_FLAGS} -ftrivial-auto-var-init=zero") | |
| endif() | |
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | |
| set(CMAKE_C_FLAGS_${config} "${CMAKE_C_FLAGS_${config}} ${SFRAME_RELEASE_COMPILE_FLAGS}") | |
| set(CMAKE_CXX_FLAGS_${config} "${CMAKE_CXX_FLAGS_${config}} ${SFRAME_RELEASE_COMPILE_FLAGS}") | |
| endforeach() | |
| if(APPLE) | |
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | |
| set(CMAKE_EXE_LINKER_FLAGS_${config} "${CMAKE_EXE_LINKER_FLAGS_${config}} -pie") | |
| endforeach() | |
| elseif(UNIX) | |
| foreach(config RELEASE RELWITHDEBINFO MINSIZEREL) | |
| set(CMAKE_EXE_LINKER_FLAGS_${config} | |
| "${CMAKE_EXE_LINKER_FLAGS_${config}} -pie -Wl,-z,relro,-z,now") | |
| endforeach() | |
| endif() | |
| endif() |
k-wasniowski
approved these changes
Apr 28, 2026
Comment on lines
+129
to
+132
| void | ||
| clear_openssl_errors() | ||
| { | ||
| ERR_clear_error(); |
Contributor
There was a problem hiding this comment.
Is it used actually outside of crypto files ? If not, wouldnt it be sufficient to call it directly?
Also ive noticed its also called in boringssl, and there it gets less clear. If method is used outside, maybe we could change the name ?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Testing