Skip to content

Harden key handling and crypto backend edge cases#88

Merged
bifurcation merged 21 commits into
mainfrom
rlb/security-review-fixes
May 7, 2026
Merged

Harden key handling and crypto backend edge cases#88
bifurcation merged 21 commits into
mainfrom
rlb/security-review-fixes

Conversation

@bifurcation

@bifurcation bifurcation commented Apr 27, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • tighten key lifecycle and header parsing behavior, including epoch purging, counter exhaustion, key-direction checks, and clearer replay semantics
  • harden crypto backend edge cases across OpenSSL and BoringSSL, including empty HKDF salt handling, checked size conversions, CTR input bounds, and cleaner error reporting
  • clean up supporting infrastructure with safer wrapper types, fixed-capacity initialization, release hardening flags, and targeted API comments

Testing

  • make test

@bifurcation
Use the epoch mask when purging cached keys
044a2c5
@bifurcation
Stop protecting frames after counter exhaustion
264a3ca
@bifurcation
Enforce key direction on protect and unprotect
b9310bd
@bifurcation
Validate full header length before parsing fields
1249207
@bifurcation
Reject oversized inputs in CTR mode
2bfd4ba
@bifurcation
Use an empty HKDF salt when deriving SFrame keys
370fad4
@bifurcation
Document the tradeoffs of the 32-bit tag suite
673c7ea
@bifurcation
Zero-fill integer buffers before encoding
ccf45cb
@bifurcation
Reject empty integer encodings when decoding headers
306ccda
@bifurcation
Initialize fixed-capacity vectors before copying data
041440e
@bifurcation
Document that replay handling stays with the caller
37e4586
@bifurcation
Hide STL base classes behind the wrapper types
0a9de4d
@bifurcation
Clear stale OpenSSL errors before backend operations
4a103f1
@bifurcation
Clarify the scope of the HKDF FIPS override
00cfa4f
@bifurcation
Document the lifetime requirement for error messages
cac4c28
@bifurcation
Explain why CTR finalization uses a null output buffer
cc75c7f
@bifurcation
Check OpenSSL size conversions before narrowing to int
22ebec7
@bifurcation
Harden release builds with compiler and linker flags
05f3e99
@bifurcation
Finish the STL wrapper cleanup
d8c1e51
@bifurcation
Check unprotect usage in the decrypt path
6dd3680
bifurcation
bifurcation commented Apr 27, 2026
View reviewed changes
Comment thread include/sframe/sframe.h Outdated
Comment thread include/sframe/sframe.h Outdated
Comment thread include/sframe/sframe.h Outdated
Comment thread src/crypto_boringssl.cpp Outdated
Comment thread CMakeLists.txt Outdated
k-wasniowski
k-wasniowski approved these changes Apr 28, 2026
View reviewed changes
Comment thread src/crypto.cpp
Comment on lines +129 to +132
void
clear_openssl_errors()
{
ERR_clear_error();

@k-wasniowski k-wasniowski Apr 28, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it used actually outside of crypto files ? If not, wouldnt it be sufficient to call it directly?

Also ive noticed its also called in boringssl, and there it gets less clear. If method is used outside, maybe we could change the name ?

@bifurcation bifurcation merged commit b140909 into main May 7, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@k-wasniowski k-wasniowski k-wasniowski approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bifurcation @k-wasniowski