Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag #2003

Merged
merged 2 commits into from
Oct 12, 2024
Merged

feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag #2003

merged 2 commits into from
Oct 12, 2024

Conversation

M0dEx
Copy link
Contributor

@M0dEx M0dEx commented Oct 7, 2024

Adds support for aws-lc-rs FIPS mode using a feature flag in quinn and quinn-proto.

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from 44c6349 to f222020 Compare October 7, 2024 18:00
@M0dEx
Copy link
Contributor Author

M0dEx commented Oct 7, 2024

Seems the tests finished, but the features workflow has an issue due to a missing golang dependency of the FIPS mode.

@djc
Copy link
Member

djc commented Oct 7, 2024

Maybe have a look at how rustls exercises that stuff in CI?

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from cd389dd to e33ecce Compare October 8, 2024 20:42
@M0dEx
Copy link
Contributor Author

M0dEx commented Oct 8, 2024
edited
Loading

Maybe have a look at how rustls exercises that stuff in CI?

It seems the FIPS module has some untrivial dependencies as far as GitHub Actions are concerned (you need to manually install Go on the macos-latest runner, Ninja on the windows-latest runner, etc.)

The rustls project uses only the ubuntu-latest for feature combination checks, but I assume this project had a reason to have those run in a matrix over different OS's.

@M0dEx M0dEx mentioned this pull request Oct 8, 2024
Merged
@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from c4f04f9 to b3fa65a Compare October 9, 2024 07:44
@djc
Copy link
Member

djc commented Oct 9, 2024

The rustls project uses only the ubuntu-latest for feature combination checks, but I assume this project had a reason to have those run in a matrix over different OS's.

Yes, but it's fine to exempt the fips feature from the OS matrix and only support it on Linux given that's where it mainly makes sense per upstream guidance.

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from b3fa65a to 5a26bea Compare October 11, 2024 12:27
Jakub Kubík and others added 2 commits October 11, 2024 14:31
@M0dEx
feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag
eb0e84c 
Adds support for aws-lc-rs FIPS mode using a feature flag in quinn and quinn-proto.
@M0dEx
ci(workflows/features): only test FIPS features on Ubuntu
d473044
@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from 5a26bea to d473044 Compare October 11, 2024 12:31
@M0dEx
Copy link
Contributor Author

M0dEx commented Oct 11, 2024

The features job should now skip FIPS on WIndows and macOS.

djc
djc approved these changes Oct 12, 2024
View reviewed changes
Copy link
Member

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks great!

@djc djc added this pull request to the merge queue Oct 12, 2024
Merged via the queue into quinn-rs:main with commit 459322b Oct 12, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@Ralith Ralith Ralith approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@M0dEx @djc @Ralith