Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: remove s2n_hmac_is_available #5104

Merged
merged 2 commits into from
Feb 11, 2025
Merged

refactor: remove s2n_hmac_is_available #5104

merged 2 commits into from
Feb 11, 2025

Conversation

lrstewart
Copy link
Contributor

Release Summary:

Description of changes:

While working on openssl3-fips support, I noticed that s2n_hmac_is_available is deceptive.

s2n_hmac_is_available is only ever false when 1) in fips mode 2) with a libcrypto other than awslc-fips. No currently supported libcrypto fits those requirements. The logic was likely written for openssl-1.0.2-fips, but even then it was probably unnecessary give the hash md5 logic I recently removed: 8d521fc.

The method also wasn't used properly throughout the codebase. For example, s2n_cipher_suites_init assumes all hmacs are valid.

Rather than update the method, I'm just going to remove it. If we someday have a usecase for it separate from s2n_hash_is_available, we can add it back and integrate it into the library properly.

Testing:

Existing tests pass

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Feb 10, 2025
@lrstewart lrstewart marked this pull request as ready for review February 11, 2025 00:42
@lrstewart lrstewart requested review from jouho and goatgoose February 11, 2025 00:51
@lrstewart lrstewart added this pull request to the merge queue Feb 11, 2025
Merged via the queue into aws:main with commit e4a5a74 Feb 11, 2025
46 checks passed
@lrstewart lrstewart deleted the openssl3fips_hmac branch February 11, 2025 21:03
johubertj pushed a commit to johubertj/s2n-tls that referenced this pull request Feb 13, 2025
@lrstewart @johubertj
refactor: remove s2n_hmac_is_available (aws#5104)
3e48f83
johubertj pushed a commit to johubertj/s2n-tls that referenced this pull request Feb 13, 2025
@lrstewart @johubertj
refactor: remove s2n_hmac_is_available (aws#5104)
b036141
@BrewTestBot BrewTestBot mentioned this pull request Feb 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@jouho jouho jouho approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrstewart @goatgoose @jouho