Skip to content
Merged
Show file tree
Hide file tree
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion source/common/version/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ envoy_cc_library(
name = "version_lib",
srcs = ["version.cc"],
copts = envoy_select_boringssl(
["-DENVOY_SSL_VERSION=\\\"BoringSSL-FIPS\\\""],
["-DENVOY_SSL_FIPS -DENVOY_SSL_VERSION=\\\"BoringSSL-FIPS\\\""],
Comment thread
PiotrSikora marked this conversation as resolved.
Outdated
["-DENVOY_SSL_VERSION=\\\"BoringSSL\\\""],
),
deps = [
Expand Down
7 changes: 4 additions & 3 deletions source/common/version/version.cc
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,10 @@ const envoy::config::core::v3::BuildVersion& VersionInfo::buildVersion() {
}

bool VersionInfo::sslFipsCompliant() {
bool fipsCompliant = false;
#ifdef BORINGSSL_FIPS
fipsCompliant = true;
#ifdef ENVOY_SSL_FIPS
static bool fipsCompliant = true;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need the static? Why not just

#ifdef ENVOY_SSL_FIPS
return true;
#else 
return false;
#endif 

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jmarantz Initially I thought this initialization must happen during compile time as "BORINGSSL_FIPS" is being pass during compilation. But it seems like it is not required. Should I change that?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you don't need a static at all for this use-case. Just return the value based on the ifdef.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I will change it.

#else
static bool fipsCompliant = false;
#endif
return fipsCompliant;
}
Expand Down
4 changes: 4 additions & 0 deletions test/common/common/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ load(
"envoy_cc_fuzz_test",
"envoy_cc_test",
"envoy_package",
"envoy_select_boringssl",
)

licenses(["notice"]) # Apache 2
Expand Down Expand Up @@ -389,6 +390,9 @@ envoy_cc_test(
envoy_cc_test(
name = "version_test",
srcs = ["version_test.cc"],
copts = envoy_select_boringssl(
["-DENVOY_SSL_FIPS"],
),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: This could have been written as copts = envoy_select_boringssl(["-DENVOY_SSL_FIPS"]),

external_deps = [
"abseil_strings",
],
Expand Down
11 changes: 11 additions & 0 deletions test/common/common/version_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ class VersionInfoTestPeer {
public:
static const std::string& buildType() { return VersionInfo::buildType(); }
static const std::string& sslVersion() { return VersionInfo::sslVersion(); }
static bool sslFipsCompliant() { return VersionInfo::sslFipsCompliant(); }
static envoy::config::core::v3::BuildVersion makeBuildVersion(const char* version) {
return VersionInfo::makeBuildVersion(version);
}
Expand All @@ -34,6 +35,11 @@ TEST(VersionTest, BuildVersion) {
fields.at(BuildVersionMetadataKeys::get().RevisionStatus).string_value());
EXPECT_EQ(VersionInfoTestPeer::buildType(),
fields.at(BuildVersionMetadataKeys::get().BuildType).string_value());
#ifdef ENVOY_SSL_FIPS
EXPECT_TRUE(VersionInfoTestPeer::sslFipsCompliant());
#else
EXPECT_FALSE(VersionInfoTestPeer::sslFipsCompliant());
Comment thread
PiotrSikora marked this conversation as resolved.
#endif
EXPECT_EQ(VersionInfoTestPeer::sslVersion(),
fields.at(BuildVersionMetadataKeys::get().SslVersion).string_value());
}
Expand All @@ -45,6 +51,11 @@ TEST(VersionTest, MakeBuildVersionWithLabel) {
EXPECT_EQ(3, build_version.version().patch());
const auto& fields = build_version.metadata().fields();
EXPECT_GE(fields.size(), 1);
#ifdef ENVOY_SSL_FIPS
EXPECT_TRUE(VersionInfoTestPeer::sslFipsCompliant());
#else
EXPECT_FALSE(VersionInfoTestPeer::sslFipsCompliant());
#endif
EXPECT_EQ("foo-bar", fields.at(BuildVersionMetadataKeys::get().BuildLabel).string_value());
}

Expand Down