Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove crypto/internal/boring/fipstls dependency from crypto/internal/backend #1441

Merged
merged 2 commits into from
Dec 16, 2024
Merged

Remove crypto/internal/boring/fipstls dependency from crypto/internal/backend #1441

merged 2 commits into from
Dec 16, 2024

Conversation

qmuntal
Copy link
Member

@qmuntal qmuntal commented Dec 12, 2024
edited
Loading

(Review ignoring whitespaces)

Upstream refactored the fipstls logic to support the new built-in FIPS module. This is causing many conflicts in the upstream sync PR.

This PR moved the logic that detects whether FIPS mode is required or not (e.g. setting the GOFIPS env var) to its own package that only depends on syscall. This way we can easily import it elsewhere, for example in crypto/internal/boring/fipstls and make crypto/internal/backend not depend on the former. Doing so will greatly simplify reconciling the conflicts in the upstream sync PR.

The refactor shouldn't change any behavior.

For #1416.
For #1383.

@qmuntal qmuntal changed the title Remove crypto/internal/boring/fipstls dependency from crypto/internal/backend Remove crypto/internal/boring/fipstls dependency from crypto/internal/backend Dec 12, 2024
dagood
dagood requested changes Dec 12, 2024
View reviewed changes
Copy link
Member

@dagood dagood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the factoring, seems like a few missing pieces though.

patches/0002-Add-crypto-backend-foundation.patch Outdated Show resolved Hide resolved
patches/0005-Add-CNG-crypto-backend.patch Show resolved Hide resolved
patches/0002-Add-crypto-backend-foundation.patch Show resolved Hide resolved
patches/0004-Add-OpenSSL-crypto-backend.patch Outdated Show resolved Hide resolved
@qmuntal qmuntal force-pushed the dev/qmuntal/fips140tls branch 2 times, most recently from 430fc00 to 8acf042 Compare December 13, 2024 10:00
@qmuntal qmuntal requested a review from dagood December 13, 2024 10:03
@qmuntal
Copy link
Member Author

qmuntal commented Dec 13, 2024

I like the factoring, seems like a few missing pieces though.

All missing pieces have been added.

dagood
dagood approved these changes Dec 13, 2024
View reviewed changes
Copy link
Member

@dagood dagood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Works for me.

patches/0005-Add-CNG-crypto-backend.patch Outdated Show resolved Hide resolved
@qmuntal qmuntal force-pushed the dev/qmuntal/fips140tls branch from 05453f5 to 59dc384 Compare December 16, 2024 08:51
@qmuntal qmuntal enabled auto-merge December 16, 2024 08:57
@qmuntal qmuntal merged commit d9491d6 into microsoft/main Dec 16, 2024
31 checks passed
@qmuntal qmuntal deleted the dev/qmuntal/fips140tls branch December 16, 2024 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gdams gdams gdams approved these changes

@dagood dagood dagood approved these changes

@karianna karianna Awaiting requested review from karianna

@mertakman mertakman Awaiting requested review from mertakman

@microsoft-golang-review-bot microsoft-golang-review-bot Awaiting requested review from microsoft-golang-review-bot microsoft-golang-review-bot is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qmuntal @dagood @gdams