Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: fix self-talk pkey offload test for openssl-3.0-fips #5175

Merged
merged 2 commits into from
Mar 12, 2025
Merged

test: fix self-talk pkey offload test for openssl-3.0-fips #5175

merged 2 commits into from
Mar 12, 2025
+45 −14

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Mar 11, 2025
edited
Loading

Release Summary:

Resolved issues:

related to #4993

Description of changes:

Fix the last failing test.

The pkey offload test is using legacy methods to perform the offloaded signing operation. That doesn't work when built with openssl-3.0-fips.

The problem is a little trickier than just substituting the proper signing methods, because the proper signing methods require an un-digested hash state. Our offloaded signing operation only provides the digest bytes. We COULD theoretically refactor the signing logic to provide a method usable with digest bytes-- it looks like that's what the legacy signing methods did. But that led to messy, harder to follow code in the legacy signing methods, and I don't want to repeat that mistake in the new signing methods.

Instead, I'm solving the problem in a less direct way. The hash state does exist on the pkey operation, it's just not surfaced by the public APIs. So I rewrote the test signing operation to use that hash state (and verify it matches the actual input).

Call-outs:

I'll add openssl-3.0-fips to other builds and delete the special openssl-3.0-fips build in a separate PR. This PR just fixes the test.

Testing:

This is a test.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Mar 11, 2025
@lrstewart lrstewart marked this pull request as ready for review March 11, 2025 19:57
@lrstewart lrstewart requested a review from dougch as a code owner March 11, 2025 19:57
@lrstewart lrstewart mentioned this pull request Mar 12, 2025
Open
goatgoose
goatgoose approved these changes Mar 12, 2025
View reviewed changes
@lrstewart lrstewart enabled auto-merge March 12, 2025 18:38
@lrstewart lrstewart added this pull request to the merge queue Mar 12, 2025
Merged via the queue into aws:main with commit 785ed14 Mar 12, 2025
46 checks passed
@lrstewart lrstewart deleted the openssl3fips_last branch March 12, 2025 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@dougch dougch dougch approved these changes

@CarolYeh910 CarolYeh910 CarolYeh910 approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lrstewart @goatgoose @dougch @CarolYeh910