another attempt to fix quic loading when chacha is missing#3447
Merged
nibanks merged 2 commits intomicrosoft:mainfrom Feb 22, 2023
Merged
another attempt to fix quic loading when chacha is missing#3447nibanks merged 2 commits intomicrosoft:mainfrom
nibanks merged 2 commits intomicrosoft:mainfrom
Conversation
Collaborator
|
How do we validate these changes in automation? |
Member
Author
I was thinking about it quite a bit recently. I think the only good way is to add more platform coverage e.g. run BVT on more OSes (or containers). In ideal case you would support & test the oldest OS that .NET (or any other important scenario) need. I think the static linking eliminates dependencies so variations would not give you much. Basic run with From the recent issues that would be Centos7, Alpine Linux & Ubuntu 18.04. cc @ManickaP for any more insight. |
nibanks
approved these changes
Feb 22, 2023
Collaborator
|
Going to merge this as is, but we should look into adding at least some test coverage for this stuff. |
Member
Author
This was referenced Feb 23, 2023
Closed
nibanks
added a commit
that referenced
this pull request
Mar 16, 2023
* make chacha optional on Linux (#3423) * another attempt to fix quic loading when chacha is missing (#3447) * Update src/platform/crypt_openssl.c * CxPlatCryptInitialize * CxPlatCryptUninitialize --------- Co-authored-by: Nick Banks <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The problem is fact that
EVP_chacha20_poly1305is also referenced fromossl_init_ssl_base. That is linked statically but the dependency may be missing.The fix is to override that function and return CXPLAT_CHACHA20_POLY1305_ALG_HANDLE e.g. point at the original implementation. The
ossl_init_ssl_basemay run before theCxPlatCryptInitializeloads. I check and theEVP_add_cipherwould silently ignore ifNULLis passed in.contributes to #3422