Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allocate s2n_crypto_parameters separately #3470

Merged
merged 1 commit into from
Aug 29, 2022
Merged

Allocate s2n_crypto_parameters separately #3470

merged 1 commit into from
Aug 29, 2022

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Aug 26, 2022
edited
Loading

Description of changes:

Move both s2n_crypto_parameters off of s2n_connection so that conn->initial can be freed after the handshake. conn->initial represents a plaintext context, and all data after the handshake should be encrypted and use conn->secure.

This has the nice side effect of cleaning up some of the worst s2n_connection setup code.

Memory information after this change:

After setup: 3kb active, 7kb allocated
After connections created: 63kb active, 66kb allocated
After handshake: 78kb active, 117kb allocated
After freeing handshake: 67kb active (11kb freed)
After io: 67kb active, 117kb allocated

Total active for each connection: ~31kb
conn structure: 4kb client, 4kb server
crypto_params: 2kb client, 2kb server
conn->in: 16kb client, 16kb server
conn->out: 9kb client, 8kb server
unaccounted for / potential cleanup: 3kb

Callouts

  • Why not always free conn->initial after the handshake? I free conn->initial in s2n_connection_free_handshake because it's a fairly expensive structure to setup, so we only want applications that already deliberately free reusable handshake memory to free it. Otherwise, for applications calling s2n_connection_wipe, it'll just be reused for the next connection.

Testing:

I added a new test to verify we can send, recv, and wipe/reuse connections after both s2n_connection_free_handshake and s2n_connection_release_buffers. I couldn't find any existing test of that case. I can't imagine it's a common use case, but it should work.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Aug 26, 2022
@lrstewart lrstewart marked this pull request as ready for review August 26, 2022 22:43
@lrstewart lrstewart requested a review from a team as a code owner August 26, 2022 22:43
maddeleine
maddeleine reviewed Aug 29, 2022
View reviewed changes
tls/s2n_connection.c
} else {
POSIX_GUARD_RESULT(s2n_crypto_parameters_wipe(conn->secure));
}
struct s2n_crypto_parameters *secure = conn->secure;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's happening here exactly? Why save a pointer to conn->secure/conn->initial?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first half of s2n_connection_wipe is saving anything from the connection we want to keep, then we zero the connection structure, then we restore the things we saved. The stack pointers here are to save the conn->secure/conn->initial memory. Without them, the conn->secure and conn->initial pointers will be reset to zero/NULL and the memory they pointed to will be leaked.

tls/s2n_connection.c
@@ -554,10 +467,21 @@ int s2n_connection_wipe(struct s2n_connection *conn)
}
POSIX_GUARD_RESULT(s2n_prf_wipe(conn));
struct s2n_prf_working_space *prf_workspace = conn->prf_space;
if (!conn->initial) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moving the initialization of the crypto params to s2n_connection_wipe means that there would be more frequent calls to allocate memory right? Do we need documentation for this kind of thing?

Copy link
Contributor Author

@lrstewart lrstewart Aug 29, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only if s2n_connection_free_handshake is called, which is the point of that API. Otherwise, we just reuse the memory allocated by s2n_connection_new.

@lrstewart lrstewart requested a review from maddeleine August 29, 2022 18:55
@lrstewart lrstewart merged commit 1d9538b into aws:main Aug 29, 2022
@lrstewart lrstewart deleted the mem_2 branch August 29, 2022 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camshaft camshaft camshaft approved these changes

@maddeleine maddeleine maddeleine approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrstewart @camshaft @maddeleine