Enable additional capabilities for AWS-LC #2386
Conversation
skmcgrail
force-pushed
the
aws-lc-follow-up
branch
from
41c9e30 to
2f1164b
Compare
Co-authored-by: Theo Buehler <[email protected]>
|
It looks like everything passed except for one item: https://github.com/sfackler/rust-openssl/actions/runs/13935540844/job/39002532120?pr=2386 This failed with an transient error caused by rustup. Can someone poke the button to retry this failed action? Thanks! |
| assert_eq!(MessageDigest::shake_128().size(), 16); | ||
| #[cfg(awslc)] | ||
| assert_eq!(MessageDigest::shake_128().size(), 0); |
There was a problem hiding this comment.
The SHAKE algorithms are extendable output algorithms that don't have an explicit digest output size as it's determined based on the requested output size. So we opt to return 0 in this instance if EVP_MD_size() is called on such an XOF algorithm like SHAKE-128 and SHAKE-256.
openssl/src/hash.rs
Outdated
| #[cfg(awslc)] | ||
| assert_eq!(MessageDigest::shake_128().size(), 0); |
There was a problem hiding this comment.
This seems both wrong, and a copy-paste error 😂
There was a problem hiding this comment.
Ah this one is legitimate mistake, forgot to swap the algorithm.
This was the follow-up work to the recently merged support for AWS-LC in #1805.
This enables some additional API support in various parts of the openssl crate. This includes some specific AES cipher support likes CFB, CCM, and XTS. Also includes support for SHA3 digests and SHAKE128 and SHAKE256.