search

aws / s2n-tls

An implementation of the TLS/SSL protocols
https://aws.github.io/s2n-tls/usage-guide/
Apache License 2.0
4.49k stars 704 forks source link

Add interoperability test for latest oqs-provider #4553

Open goatgoose opened 4 months ago

goatgoose commented 4 months ago

Problem:

https://github.com/aws/s2n-tls/pull/4544 resolved an issue where the oqs-provider client sent a list of signature schemes that exceeded the s2n-tls maximum, causing the connection to fail. This issue could have been caught in a simple handshake test between s2n-tls and oqs-provider.

The test_pq_handshake integration test contains a test for oqs-provider: https://github.com/aws/s2n-tls/blob/8aa419eb6f96b15098c142366f2a6c3f0e6b8047/tests/integrationv2/test_pq_handshake.py#L403

However, the oqs-provider version is fixed and outdated, so this issue wasn't caught.

Solution:

Update the oqs-provider version in the test_pq_handshake test, or otherwise add a more recent oqs-provider interoperability test to the CI, to ensure that s2n-tls and oqs-provider can continue to interoperate.

dougch commented 3 months ago

Do we still need oqs ? The liboqs README says: WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This library is meant to help with research and prototyping. Aren't we getting real world coverage with aws-lc ?