Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: probe for all AES_GCM ktls variants #4295

Merged
merged 2 commits into from
Nov 17, 2023
Merged

fix: probe for all AES_GCM ktls variants #4295

merged 2 commits into from
Nov 17, 2023

Conversation

camshaft
Copy link
Contributor

@camshaft camshaft commented Nov 17, 2023
edited
Loading

Description of changes:

On some linux platforms, only the AES_GCM_128 ktls definitions are available. Ideally, we would probe for each cipher independently from one another. However, as a short-term fix, this change adds the AES_GCM_256 variant to the ktls feature probe to avoid build failures.

Testing:

I tested this locally with a musl build (which doesn't export AES_GCM_256). Our ktls CI tests should prevent regressions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Nov 17, 2023
@camshaft camshaft changed the title fix: probe for all AES_GCM variants fix: probe for all AES_GCM ktls variants Nov 17, 2023
@camshaft camshaft marked this pull request as ready for review November 17, 2023 17:53
lrstewart
lrstewart approved these changes Nov 17, 2023
View reviewed changes
Copy link
Contributor

@lrstewart lrstewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wondering if we might be able to avoid adding future crypto_infos here by just including a whole /crypto header. But then we'd have to be REALLY careful about what else that header included, so that we wouldn't fail because of other feature probes' unavailable features.

@camshaft
Copy link
Contributor Author

Yeah that might have some false-negatives where ktls gets disabled just because, for example, the include path isn't setup correctly for the probe or it starts referring to other s2n-tls headers... But, yeah, currently it's also non-ideal trying to keep the actual code that uses the probed functionality and the probe itself in sync.

@camshaft camshaft mentioned this pull request Nov 17, 2023
Closed
@camshaft camshaft requested a review from maddeleine November 17, 2023 22:41
@camshaft camshaft enabled auto-merge (squash) November 17, 2023 22:53
@camshaft camshaft merged commit 377820a into aws:main Nov 17, 2023
27 checks passed
@camshaft camshaft deleted the ktls-256-probe branch November 17, 2023 23:08
@camshaft camshaft mentioned this pull request Nov 17, 2023
Merged
@BrewTestBot BrewTestBot mentioned this pull request Dec 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@lrstewart lrstewart lrstewart approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@camshaft @lrstewart @maddeleine