Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Quick fixes from Trail of Bits audit Week 1 #1869

Merged
merged 6 commits into from
Jul 29, 2024
Merged

Quick fixes from Trail of Bits audit Week 1 #1869

merged 6 commits into from
Jul 29, 2024

Conversation

SWilson4
Copy link
Member

Fixes #1862
Fixes #1863
Fixes #1865

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)

@SWilson4 SWilson4 requested a review from bhess July 26, 2024 16:00
@SWilson4 SWilson4 requested a review from dstebila as a code owner July 26, 2024 16:00
@SWilson4
Copy link
Member Author

The most recent commit is tagged with [skip ci], but note that CI passed on the actual code changes on commit 15fcdbe.

Copy link
Member

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @SWilson4

} while (0)
#else
#define OQS_OPENSSL_GUARD(x) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the following #define triggered if "OQS_USE_OPENSSL" is NOT set? Wouldn't seem quite right.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I've refactored the directives so that the guard is defined if and only if OQS_USE_OPENSSL is defined.

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit (see separate comment); otherwise LGTM. Thanks for the improvements @SWilson4 .

I'm not seeing new CI catching these types of errors in the future: Am I looking in the wrong place?

@SWilson4
Copy link
Member Author

One nit (see separate comment); otherwise LGTM. Thanks for the improvements @SWilson4 .

I'm not seeing new CI catching these types of errors in the future: Am I looking in the wrong place?

Not included in this PR, but I opened #1866 and #1867 for future-proofing based on suggestions from ToB.

@SWilson4 SWilson4 merged commit 841e903 into main Jul 29, 2024
120 checks passed
@SWilson4 SWilson4 deleted the sw-tob-week1 branch July 29, 2024 15:01
@jplomas jplomas mentioned this pull request Aug 3, 2024
rtjk pushed a commit to rtjk/liboqs that referenced this pull request Aug 5, 2024
* Remove unused variables from CI workflows

* Add missing OpenSSL guards

* Fix broken link and misplaced comment in common.c

---------

Signed-off-by: Spencer Wilson <[email protected]>
Signed-off-by: rtjk <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants