Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: mark chachapoly as unavailable with openssl-3.0-fips #5168

Merged
merged 1 commit into from
Mar 7, 2025
Merged

fix: mark chachapoly as unavailable with openssl-3.0-fips #5168

merged 1 commit into from
Mar 7, 2025

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Mar 6, 2025
edited
Loading

Release Summary:

Resolved issues:

related to #4993

Description of changes:

Unlike many of the non-fips options in s2n-tls, ciphers have an easily modified "is_available" method already implemented. Just mark chachapoly as unavailable rather than try to get the algorithm from a non-fips provider. If necessary, we can add the extra logic later to support chachapoly with fips.

Call-outs:

There's still one test failing, but it doesn't look related to chachapoly. Something to do with signing. I still need to investigate.

Testing:

Almost all the tests now work for openssl-3.0-fips! I switched from "-F" (run tests that match pattern) to "-E" (run tests that do NOT match pattern)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Mar 6, 2025
@lrstewart lrstewart force-pushed the openssl3fips_chachapoly branch from fee40c8 to ccfc980 Compare March 6, 2025 19:29
@lrstewart lrstewart marked this pull request as ready for review March 7, 2025 01:52
@lrstewart lrstewart requested a review from dougch as a code owner March 7, 2025 01:52
@lrstewart lrstewart enabled auto-merge March 7, 2025 21:42
@lrstewart lrstewart added this pull request to the merge queue Mar 7, 2025
Merged via the queue into aws:main with commit 148aac7 Mar 7, 2025
46 checks passed
@lrstewart lrstewart deleted the openssl3fips_chachapoly branch March 7, 2025 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@dougch dougch dougch approved these changes

@CarolYeh910 CarolYeh910 CarolYeh910 approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lrstewart @goatgoose @dougch @CarolYeh910