Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: use feature probe for AEAD gate logic instead of AWS-LC/BoringSSL macros #4642

Merged
merged 3 commits into from
Jul 8, 2024
Merged

refactor: use feature probe for AEAD gate logic instead of AWS-LC/BoringSSL macros #4642

merged 3 commits into from
Jul 8, 2024

Conversation

jouho
Copy link
Contributor

@jouho jouho commented Jul 3, 2024
edited
Loading

Resolved issues:

Resolves #4575

Description of changes:

  • simplifies the gating logic for AEAD support by using S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS

Call-outs:

I also tried to update this macro:

s2n-tls/crypto/s2n_cipher.h

Lines 29 to 31 in 03f9301

#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
#define S2N_CIPHER_AEAD_API_AVAILABLE
#endif

But there is a case when S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC is on, and S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS is off (failed job: S2NGeneralBatch, s2nUnitCRT).

s2n-tls/crypto/s2n_aead_cipher_chacha20_poly1305.c

Lines 31 to 32 in 03f9301

#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
#define S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC

This causes compile error because when S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC is on, it uses key->evp_aead_ctx to set encryption key:

s2n-tls/crypto/s2n_aead_cipher_chacha20_poly1305.c

Line 201 in 03f9301

POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_chacha20_poly1305(), in->data, in->size, S2N_TLS_CHACHA20_POLY1305_TAG_LEN, NULL), S2N_ERR_KEY_INIT);

But key->evp_aead_ctx is not defined because S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS is off:

s2n-tls/crypto/s2n_cipher.h

Lines 33 to 38 in 03f9301

struct s2n_session_key {
EVP_CIPHER_CTX *evp_cipher_ctx;
#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
EVP_AEAD_CTX *evp_aead_ctx;
#endif
};

Not exactly sure if S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS would imply S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC I assume it doesn't since non-BSSL or non-AWSLC could enable AEAD? but I could be wrong and wanted to double check. If it does, we can also use S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS to define S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC macro, and S2N_CIPHER_AEAD_API_AVAILABLE could potentially also be defined with S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS for further cleanup

Testing:

Confirmed all unit tests pass. Will address any CI failures.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Jul 3, 2024
@jouho jouho requested review from maddeleine and jmayclin July 5, 2024 22:09
@jouho jouho marked this pull request as ready for review July 5, 2024 22:11
@jouho jouho merged commit cdb7ae4 into main Jul 8, 2024
37 checks passed
@jouho jouho deleted the cleanup-macros branch July 8, 2024 23:47
@BrewTestBot BrewTestBot mentioned this pull request Jul 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@jmayclin jmayclin jmayclin approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS-LC/BoringSSL macros and trycompiles can probably be cleaned up
3 participants
@jouho @jmayclin @maddeleine