[bindings] Apply async blinding #3356
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
camshaft
reviewed
Jun 9, 2022
maddeleine
reviewed
Jun 10, 2022
| /// then the -1 error result wraps around to the maximum value. | ||
| /// The maximum value must not be possible otherwise. | ||
| /// | ||
| /// For example, [`s2n_connection_get_delay`] can't return |
There was a problem hiding this comment.
So I guess what you're trying to say is that s2n_connection_get_delay isn't Fallible? I am not following this explanation.
There was a problem hiding this comment.
s2n_connection_get_delay is Fallible, just in a really unfortunate way. I updated the comment-- does that makes it clearer?
Probably important to note that this is "impl Fallible for u64", meaning it's for an unsigned int.
camshaft
approved these changes
Jun 10, 2022
maddeleine
approved these changes
Jun 13, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This one's a little long, but mostly tests.
Currently, TlsStream uses the default built-in blinding, which means that a blinded error causes the underlying s2n-tls library to block the thread until the blinding delay (10-30s) has passed. Instead, we need to use self-service blinding and wait asynchronously on the blinding.
I added the wait to
poll_shutdown(). s2n-tls actually enforces the wait immediately when the error occurs (so in s2n_negotiate or s2n_recv), but that complicated the implementation since I'd need to save the result of s2n_negotiate and s2n_recv to be returned after the blinding. Enforcing the blinding in shutdown should be sufficient, since shutdown is what responds to the peer and closes the connection.I also added logic to call shutdown if the handshake fails. Because the TlsStream isn't returned to the caller if the handshake fails, the caller can't be responsible for gracefully shutting down connections after failed handshakes. We need to do it for them.
Currently, calling s2n_shutdown usually doesn't work:
Testing:
Testing this proved a little tricky, since it required specific errors from send / receive. All the existing test utilities I found required knowing the exact sequence of reads and writes, which we don't because of the handshake. So I added a little test stream that allows read and write to be temporarily overridden, but usually just calls a real stream.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.