Skip to content

Commit

Permalink
remove feature probe
Browse files Browse the repository at this point in the history
  • Loading branch information
goatgoose committed Jun 2, 2023
1 parent f4e8092 commit a136896
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 59 deletions.
10 changes: 0 additions & 10 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -476,16 +476,6 @@ if(PLATFORM_SUPPORTS_KTLS)
target_compile_options(${PROJECT_NAME} PUBLIC -DS2N_PLATFORM_SUPPORTS_KTLS)
endif()

try_compile(
LIBCRYPTO_SUPPORTS_TLS_PRF
${CMAKE_BINARY_DIR}
SOURCES "${CMAKE_CURRENT_LIST_DIR}/tests/features/tls_prf.c"
LINK_LIBRARIES ${LINK_LIB} ${OS_LIBS}
)
if(LIBCRYPTO_SUPPORTS_TLS_PRF)
target_compile_options(${PROJECT_NAME} PUBLIC -DS2N_LIBCRYPTO_SUPPORTS_TLS_PRF)
endif()

if (NOT DEFINED CMAKE_AR)
message(STATUS "CMAKE_AR undefined, setting to `ar` by default")
SET(CMAKE_AR ar)
Expand Down
6 changes: 0 additions & 6 deletions s2n.mk
Original file line number Diff line number Diff line change
Expand Up @@ -261,12 +261,6 @@ ifeq ($(TRY_COMPILE_KTLS), 0)
DEFAULT_CFLAGS += -DS2N_PLATFORM_SUPPORTS_KTLS
endif

# Determine if libcrypto PRF implementation is available
TRY_COMPILE_TLS_PRF := $(call try_compile,$(S2N_ROOT)/tests/features/tls_prf.c)
ifeq ($(TRY_COMPILE_TLS_PRF), 0)
DEFAULT_CFLAGS += -DS2N_LIBCRYPTO_SUPPORTS_TLS_PRF
endif

CFLAGS_LLVM = ${DEFAULT_CFLAGS} -emit-llvm -c -g -O1

$(BITCODE_DIR)%.bc: %.c
Expand Down
30 changes: 0 additions & 30 deletions tests/features/tls_prf.c

This file was deleted.

16 changes: 5 additions & 11 deletions tests/unit/s2n_tls_prf_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -313,17 +313,11 @@ int main(int argc, char **argv)
};
};

/* Ensure that the feature probe properly indicates support for the libcrypto TLS PRF API */
{
/* The libcrypto TLS PRF feature probe should succeed for all AWSLC versions */
if (s2n_libcrypto_is_awslc()) {
EXPECT_TRUE(s2n_libcrypto_supports_tls_prf());
}

/* The libcrypto TLS PRF feature probe should fail for non-AWSLC/BoringSSL libcryptos */
if (!s2n_libcrypto_is_awslc() && !s2n_libcrypto_is_boringssl()) {
EXPECT_FALSE(s2n_libcrypto_supports_tls_prf());
}
/* Ensure that the libcrypto TLS PRF API is only enabled for AWSLC */
if (s2n_libcrypto_is_awslc()) {
EXPECT_TRUE(s2n_libcrypto_supports_tls_prf());
} else {
EXPECT_FALSE(s2n_libcrypto_supports_tls_prf());
}

/* s2n_prf tests */
Expand Down
4 changes: 2 additions & 2 deletions tls/s2n_prf.c
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,7 @@ S2N_RESULT s2n_prf_free(struct s2n_connection *conn)

bool s2n_libcrypto_supports_tls_prf()
{
#ifdef S2N_LIBCRYPTO_SUPPORTS_TLS_PRF
#if S2N_LIBCRYPTO_SUPPORTS_TLS_PRF
return true;
#else
return false;
Expand Down Expand Up @@ -497,7 +497,7 @@ S2N_RESULT s2n_custom_prf(struct s2n_connection *conn, struct s2n_blob *secret,
return S2N_RESULT_OK;
}

#ifdef S2N_LIBCRYPTO_SUPPORTS_TLS_PRF
#if S2N_LIBCRYPTO_SUPPORTS_TLS_PRF

/* The AWSLC TLS PRF API is exported in all AWSLC versions. However, in the AWSLC FIPS branch, this
* API is defined in a private header:
Expand Down
6 changes: 6 additions & 0 deletions tls/s2n_prf.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@
/* Enough to support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 2*SHA384_DIGEST_LEN + 2*AES256_KEY_SIZE */
#define S2N_MAX_KEY_BLOCK_LEN 160

#if defined(OPENSSL_IS_AWSLC)
#define S2N_LIBCRYPTO_SUPPORTS_TLS_PRF 1
#else
#define S2N_LIBCRYPTO_SUPPORTS_TLS_PRF 0
#endif

union p_hash_state {
struct s2n_hmac_state s2n_hmac;
struct s2n_evp_hmac_state evp_hmac;
Expand Down

0 comments on commit a136896

Please sign in to comment.