Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: disallow explict use of "default_fips" policy in tests #4781

Closed
wants to merge 3 commits into from
Closed

test: disallow explict use of "default_fips" policy in tests #4781

wants to merge 3 commits into from

Conversation

toidiu
Copy link
Contributor

@toidiu toidiu commented Sep 18, 2024
edited
Loading

Description of changes:

A follow up to #4750 but for the "default_fips" security policy.

As a modern TLS library, s2n-tls aims to provide sane default. To uphold this promise, we are planning to add TLS1.3 support to the "default" and "default_fips" policies. However, making this change can result in broken tests since connections will now negotiate TLS1.3 and we have to assume that old tests were written to assume that TLS1.2 would be negotiated.

To prevent this regression, this PR detects "explicit" usage of the "default_fips" policy (no offending usage were found). The few uses were deemed acceptable since they were interested in testing the "default_fips" policy. Both the C and Rust codebase were audited for "default_fips" security policy usage.

Call-outs:

The detection logic can be viewed by looking at the detection logic cleanup commit.

  • Detection logic was done in function s2n_find_security_policy_from_version in file s2n_security_policies.c
    • matches_default: bail if code attempted to use the "default" security policy
    • dbg_bail: allow exception for test that really do want to test the "default" policy
    • dbg_config_init: allow exceptions when creating a new s2n_config_new()
    • s2n_is_initialized: allow exception for s2n_init() to create the default static config

The PR also adds an additional check to grep_simple_mistakes.sh

  • simple grep: prevent future explicit use of "default_fips" in C code

Testing:

Tests should continue to pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Sep 18, 2024
@toidiu toidiu mentioned this pull request Sep 18, 2024
Open
12 tasks
@toidiu toidiu marked this pull request as ready for review September 23, 2024 16:22
@toidiu toidiu requested a review from dougch as a code owner September 23, 2024 16:22
goatgoose
goatgoose approved these changes Sep 24, 2024
View reviewed changes
codebuild/bin/grep_simple_mistakes.sh Outdated Show resolved Hide resolved
@lrstewart lrstewart added the do_not_merge PR might needs something before merging, even if approved and passing label Oct 1, 2024
@toidiu
Copy link
Contributor Author

toidiu commented Oct 1, 2024

While executing the #4765 to auto-pin config/connection to a numbered policy, we discovered that some tests in-fact do want to test the "default" policy. This means that pinning these policies would result in testing regression.

The same reasoning also applies to the explicit usage in our tests and we need to carefully audit those tests before pinning those policies. Closing this PR until we have a better plan.

@toidiu toidiu closed this Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@dougch dougch dougch approved these changes

@lrstewart lrstewart Awaiting requested review from lrstewart

Assignees
No one assigned
Labels
do_not_merge PR might needs something before merging, even if approved and passing s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@toidiu @goatgoose @dougch @lrstewart