-
Notifications
You must be signed in to change notification settings - Fork 5.5k
server: fix fips_mode stat #16140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server: fix fips_mode stat #16140
Changes from 12 commits
ad9176f
8406245
bd10cca
8ea6d96
839463c
bc0247f
3c9ad43
ff44858
7724905
8bd10d2
597455e
8a4fb1a
58410ee
ba2eb67
7228d96
09a4926
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -37,9 +37,10 @@ const envoy::config::core::v3::BuildVersion& VersionInfo::buildVersion() { | |
| } | ||
|
|
||
| bool VersionInfo::sslFipsCompliant() { | ||
| bool fipsCompliant = false; | ||
| #ifdef BORINGSSL_FIPS | ||
| fipsCompliant = true; | ||
| #ifdef ENVOY_SSL_FIPS | ||
| static bool fipsCompliant = true; | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why do we need the static? Why not just
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jmarantz Initially I thought this initialization must happen during compile time as "BORINGSSL_FIPS" is being pass during compilation. But it seems like it is not required. Should I change that?
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, you don't need a static at all for this use-case. Just return the value based on the ifdef.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks, I will change it. |
||
| #else | ||
| static bool fipsCompliant = false; | ||
| #endif | ||
| return fipsCompliant; | ||
| } | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,7 @@ load( | |
| "envoy_cc_fuzz_test", | ||
| "envoy_cc_test", | ||
| "envoy_package", | ||
| "envoy_select_boringssl", | ||
| ) | ||
|
|
||
| licenses(["notice"]) # Apache 2 | ||
|
|
@@ -389,6 +390,9 @@ envoy_cc_test( | |
| envoy_cc_test( | ||
| name = "version_test", | ||
| srcs = ["version_test.cc"], | ||
| copts = envoy_select_boringssl( | ||
| ["-DENVOY_SSL_FIPS"], | ||
| ), | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nit: This could have been written as |
||
| external_deps = [ | ||
| "abseil_strings", | ||
| ], | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.