From 4c41f2cb8074606c51de0f3fa3d1d8426c83a9f0 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 3 Jul 2024 21:10:35 +0000
Subject: [PATCH 1/3] use feature probe for AEAD

---
 crypto/s2n_aead_cipher_aes_gcm.c | 2 +-
 crypto/s2n_cipher.h              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/s2n_aead_cipher_aes_gcm.c b/crypto/s2n_aead_cipher_aes_gcm.c
index 6fea5a30080..bd7c4f78895 100644
--- a/crypto/s2n_aead_cipher_aes_gcm.c
+++ b/crypto/s2n_aead_cipher_aes_gcm.c
@@ -22,7 +22,7 @@
 #include "utils/s2n_blob.h"
 #include "utils/s2n_safety.h"
 
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     #define S2N_AEAD_AES_GCM_AVAILABLE
 #endif
 
diff --git a/crypto/s2n_cipher.h b/crypto/s2n_cipher.h
index 47c724ea637..722dca9c60a 100644
--- a/crypto/s2n_cipher.h
+++ b/crypto/s2n_cipher.h
@@ -26,7 +26,7 @@
 #include "crypto/s2n_ktls_crypto.h"
 #include "utils/s2n_blob.h"
 
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     #define S2N_CIPHER_AEAD_API_AVAILABLE
 #endif
 

From a37c6778b95978a69071c8841a4b59703bf4371a Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 3 Jul 2024 23:05:25 +0000
Subject: [PATCH 2/3] simplify macro definition

---
 crypto/s2n_aead_cipher_aes_gcm.c | 10 +++-------
 crypto/s2n_cipher.c              |  4 ++--
 crypto/s2n_cipher.h              |  2 +-
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/crypto/s2n_aead_cipher_aes_gcm.c b/crypto/s2n_aead_cipher_aes_gcm.c
index bd7c4f78895..2d28473a443 100644
--- a/crypto/s2n_aead_cipher_aes_gcm.c
+++ b/crypto/s2n_aead_cipher_aes_gcm.c
@@ -22,13 +22,9 @@
 #include "utils/s2n_blob.h"
 #include "utils/s2n_safety.h"
 
-#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
-    #define S2N_AEAD_AES_GCM_AVAILABLE
-#endif
-
 static uint8_t s2n_aead_cipher_aes128_gcm_available()
 {
-#if defined(S2N_AEAD_AES_GCM_AVAILABLE)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     return (EVP_aead_aes_128_gcm() ? 1 : 0);
 #else
     return (EVP_aes_128_gcm() ? 1 : 0);
@@ -37,14 +33,14 @@ static uint8_t s2n_aead_cipher_aes128_gcm_available()
 
 static uint8_t s2n_aead_cipher_aes256_gcm_available()
 {
-#if defined(S2N_AEAD_AES_GCM_AVAILABLE)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     return (EVP_aead_aes_256_gcm() ? 1 : 0);
 #else
     return (EVP_aes_256_gcm() ? 1 : 0);
 #endif
 }
 
-#if defined(S2N_AEAD_AES_GCM_AVAILABLE) /* BoringSSL and AWS-LC AEAD API implementation */
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS) /* BoringSSL and AWS-LC AEAD API implementation */
 
 static int s2n_aead_cipher_aes_gcm_encrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *aad, struct s2n_blob *in, struct s2n_blob *out)
 {
diff --git a/crypto/s2n_cipher.c b/crypto/s2n_cipher.c
index fdf0e648dc4..816eddda385 100644
--- a/crypto/s2n_cipher.c
+++ b/crypto/s2n_cipher.c
@@ -25,7 +25,7 @@ int s2n_session_key_alloc(struct s2n_session_key *key)
 {
     POSIX_ENSURE_EQ(key->evp_cipher_ctx, NULL);
     POSIX_ENSURE_REF(key->evp_cipher_ctx = EVP_CIPHER_CTX_new());
-#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     POSIX_ENSURE_EQ(key->evp_aead_ctx, NULL);
     key->evp_aead_ctx = OPENSSL_malloc(sizeof(EVP_AEAD_CTX));
     if (key->evp_aead_ctx == NULL) {
@@ -44,7 +44,7 @@ int s2n_session_key_free(struct s2n_session_key *key)
         EVP_CIPHER_CTX_free(key->evp_cipher_ctx);
         key->evp_cipher_ctx = NULL;
     }
-#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
     if (key->evp_aead_ctx != NULL) {
         EVP_AEAD_CTX_free(key->evp_aead_ctx);
         key->evp_aead_ctx = NULL;
diff --git a/crypto/s2n_cipher.h b/crypto/s2n_cipher.h
index 722dca9c60a..47c724ea637 100644
--- a/crypto/s2n_cipher.h
+++ b/crypto/s2n_cipher.h
@@ -26,7 +26,7 @@
 #include "crypto/s2n_ktls_crypto.h"
 #include "utils/s2n_blob.h"
 
-#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
     #define S2N_CIPHER_AEAD_API_AVAILABLE
 #endif
 

From 84132f4aa47d0d89120fc6ec5d96a7019c9ee845 Mon Sep 17 00:00:00 2001
From: Jou Ho <jouh@amazon.com>
Date: Wed, 3 Jul 2024 23:30:02 +0000
Subject: [PATCH 3/3] use original macro

---
 crypto/s2n_cipher.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/s2n_cipher.c b/crypto/s2n_cipher.c
index 816eddda385..fdf0e648dc4 100644
--- a/crypto/s2n_cipher.c
+++ b/crypto/s2n_cipher.c
@@ -25,7 +25,7 @@ int s2n_session_key_alloc(struct s2n_session_key *key)
 {
     POSIX_ENSURE_EQ(key->evp_cipher_ctx, NULL);
     POSIX_ENSURE_REF(key->evp_cipher_ctx = EVP_CIPHER_CTX_new());
-#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
+#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
     POSIX_ENSURE_EQ(key->evp_aead_ctx, NULL);
     key->evp_aead_ctx = OPENSSL_malloc(sizeof(EVP_AEAD_CTX));
     if (key->evp_aead_ctx == NULL) {
@@ -44,7 +44,7 @@ int s2n_session_key_free(struct s2n_session_key *key)
         EVP_CIPHER_CTX_free(key->evp_cipher_ctx);
         key->evp_cipher_ctx = NULL;
     }
-#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS)
+#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
     if (key->evp_aead_ctx != NULL) {
         EVP_AEAD_CTX_free(key->evp_aead_ctx);
         key->evp_aead_ctx = NULL;