Add interoperability test for latest oqs-provider
goatgoose opened this issue · comments
Problem:
#4544 resolved an issue where the oqs-provider client sent a list of signature schemes that exceeded the s2n-tls maximum, causing the connection to fail. This issue could have been caught in a simple handshake test between s2n-tls and oqs-provider.
The test_pq_handshake integration test contains a test for oqs-provider:
However, the oqs-provider version is fixed and outdated, so this issue wasn't caught.
Solution:
Update the oqs-provider version in the test_pq_handshake test, or otherwise add a more recent oqs-provider interoperability test to the CI, to ensure that s2n-tls and oqs-provider can continue to interoperate.
Do we still need oqs ? The liboqs README says: WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This library is meant to help with research and prototyping.
Aren't we getting real world coverage with aws-lc ?