Skip to content

crypto_wrap: replace aes wrap with openssl aes wrap algorithm#1718

Merged
BareosBot merged 8 commits intobareos:masterfrom
sebsura:dev/ssura/master/replace-aes-wrap
Mar 8, 2024
Merged

crypto_wrap: replace aes wrap with openssl aes wrap algorithm#1718
BareosBot merged 8 commits intobareos:masterfrom
sebsura:dev/ssura/master/replace-aes-wrap

Conversation

@sebsura
Copy link
Contributor

@sebsura sebsura commented Feb 23, 2024
edited
Loading

Thank you for contributing to the Bareos Project!

This PR switches AesWrap/AesUnwrap from our implementation of that algorithm to the openssl implementation.
A unit test was added that checks that the two implementations behave the same.

Please check

  • Short description and the purpose of this PR is present above this paragraph
  • Your name is present in the AUTHORS file (optional)

If you have any questions or problems, please give a comment in the PR.

Helpful documentation and best practices

Checklist for the reviewer of the PR (will be processed by the Bareos team)

Make sure you check/merge the PR using devtools/pr-tool to have some simple automated checks run and a proper changelog record added.

General
  • Is the PR title usable as CHANGELOG entry?
  • Purpose of the PR is understood
  • Commit descriptions are understandable and well formatted
    Check backport line
    Required backport PRs have been created
Source code quality
  • Source code changes are understandable
  • Variable and function names are meaningful
  • Code comments are correct (logically and spelling)
  • Required documentation changes are present and part of the PR
Tests
  • Decision taken that a test is required (if not, then remove this paragraph)
  • The choice of the type of test (unit test or systemtest) is reasonable
  • Testname matches exactly what is being tested
  • On a fail, output of the test leads quickly to the origin of the fault

@sebsura sebsura force-pushed the dev/ssura/master/replace-aes-wrap branch from 875f7e7 to db6eb6b Compare February 23, 2024 11:37
@sebsura sebsura force-pushed the dev/ssura/master/replace-aes-wrap branch from 25cbe90 to 619e0bd Compare February 27, 2024 14:44
pstorz
pstorz approved these changes Feb 27, 2024
View reviewed changes
Copy link
Member

@pstorz pstorz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@sebsura sebsura force-pushed the dev/ssura/master/replace-aes-wrap branch from f136a97 to 505134a Compare March 6, 2024 13:45
@sebsura sebsura requested a review from pstorz March 6, 2024 13:46
sebsura added 7 commits March 8, 2024 09:52
@sebsura
crypto-wrap: add const to const parameters
fbb4472
@sebsura
unit-tests: add test comparing openssl wrap with ours
0260a1c
@sebsura
wrap-test: add randomization
f9d2f92 
Now the plaintext that is getting wrapped/unwrapped is not static but
instead is randomised.
@sebsura
crypto_wrap: switch to opessl wrap
214702f 
The test now has the old implementation instead.
@sebsura
askdir: fix leaking poll mode to caller
4c07e92 
dev->poll disables AutoLabeling, as such we should not leak it into
the caller context.
@sebsura
wrap-test: add additional assertions
fb00363
@sebsura
wrap: add official test data
efed11b 
See: https://datatracker.ietf.org/doc/html/rfc3394.html#section-4.1
@sebsura sebsura force-pushed the dev/ssura/master/replace-aes-wrap branch from 505134a to efed11b Compare March 8, 2024 08:52
@BareosBot BareosBot merged commit df3bc2b into bareos:master Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pstorz pstorz Awaiting requested review from pstorz

Assignees

@pstorz pstorz

Labels

requires backport to 23

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sebsura @pstorz @BareosBot