Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: probe for all AES_GCM ktls variants #4295

Merged
merged 2 commits into from
Nov 17, 2023
Merged

Conversation

camshaft
Copy link
Contributor

@camshaft camshaft commented Nov 17, 2023

Description of changes:

On some linux platforms, only the AES_GCM_128 ktls definitions are available. Ideally, we would probe for each cipher independently from one another. However, as a short-term fix, this change adds the AES_GCM_256 variant to the ktls feature probe to avoid build failures.

Testing:

I tested this locally with a musl build (which doesn't export AES_GCM_256). Our ktls CI tests should prevent regressions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Nov 17, 2023
@camshaft camshaft changed the title fix: probe for all AES_GCM variants fix: probe for all AES_GCM ktls variants Nov 17, 2023
@camshaft camshaft marked this pull request as ready for review November 17, 2023 17:53
Copy link
Contributor

@lrstewart lrstewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wondering if we might be able to avoid adding future crypto_infos here by just including a whole /crypto header. But then we'd have to be REALLY careful about what else that header included, so that we wouldn't fail because of other feature probes' unavailable features.

@camshaft
Copy link
Contributor Author

Yeah that might have some false-negatives where ktls gets disabled just because, for example, the include path isn't setup correctly for the probe or it starts referring to other s2n-tls headers... But, yeah, currently it's also non-ideal trying to keep the actual code that uses the probed functionality and the probe itself in sync.

@camshaft camshaft enabled auto-merge (squash) November 17, 2023 22:53
@camshaft camshaft merged commit 377820a into aws:main Nov 17, 2023
23 checks passed
@camshaft camshaft deleted the ktls-256-probe branch November 17, 2023 23:08
@camshaft camshaft mentioned this pull request Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants