Skip to content

feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag#2003

Merged
djc merged 2 commits into
quinn-rs:mainfrom
M0dEx:crypto/aws-lc-rs-fips
Oct 12, 2024
Merged

feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag#2003
djc merged 2 commits into
quinn-rs:mainfrom
M0dEx:crypto/aws-lc-rs-fips

Conversation

@M0dEx

@M0dEx M0dEx commented Oct 7, 2024

Copy link
Copy Markdown
Contributor

Adds support for aws-lc-rs FIPS mode using a feature flag in quinn and quinn-proto.

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from 44c6349 to f222020 Compare October 7, 2024 18:00
@M0dEx

M0dEx commented Oct 7, 2024

Copy link
Copy Markdown
Contributor Author

Seems the tests finished, but the features workflow has an issue due to a missing golang dependency of the FIPS mode.

@djc

djc commented Oct 7, 2024

Copy link
Copy Markdown
Member

Maybe have a look at how rustls exercises that stuff in CI?

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from cd389dd to e33ecce Compare October 8, 2024 20:42
@M0dEx

M0dEx commented Oct 8, 2024
edited
Loading

Copy link
Copy Markdown
Contributor Author

Maybe have a look at how rustls exercises that stuff in CI?

It seems the FIPS module has some untrivial dependencies as far as GitHub Actions are concerned (you need to manually install Go on the macos-latest runner, Ninja on the windows-latest runner, etc.)

The rustls project uses only the ubuntu-latest for feature combination checks, but I assume this project had a reason to have those run in a matrix over different OS's.

@M0dEx M0dEx mentioned this pull request Oct 8, 2024
Merged
@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from c4f04f9 to b3fa65a Compare October 9, 2024 07:44
@djc

djc commented Oct 9, 2024

Copy link
Copy Markdown
Member

The rustls project uses only the ubuntu-latest for feature combination checks, but I assume this project had a reason to have those run in a matrix over different OS's.

Yes, but it's fine to exempt the fips feature from the OS matrix and only support it on Linux given that's where it mainly makes sense per upstream guidance.

@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from b3fa65a to 5a26bea Compare October 11, 2024 12:27
Jakub Kubík and others added 2 commits October 11, 2024 14:31
@M0dEx
feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag
eb0e84c 
Adds support for aws-lc-rs FIPS mode using a feature flag in quinn and quinn-proto.
@M0dEx
ci(workflows/features): only test FIPS features on Ubuntu
d473044
@M0dEx M0dEx force-pushed the crypto/aws-lc-rs-fips branch from 5a26bea to d473044 Compare October 11, 2024 12:31
@M0dEx

M0dEx commented Oct 11, 2024

Copy link
Copy Markdown
Contributor Author

The features job should now skip FIPS on WIndows and macOS.

djc
djc approved these changes Oct 12, 2024
View reviewed changes

@djc djc left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks great!

@djc djc added this pull request to the merge queue Oct 12, 2024
Merged via the queue into quinn-rs:main with commit 459322b Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ralith Ralith Ralith approved these changes

@djc djc djc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@M0dEx @djc @Ralith