Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce init and cleanup calling rules (#3446) #3512

Merged
merged 1 commit into from
Oct 3, 2022
Merged

Enforce init and cleanup calling rules (#3446) #3512

merged 1 commit into from
Oct 3, 2022

Conversation

jeking3
Copy link
Contributor

@jeking3 jeking3 commented Sep 26, 2022
edited
Loading

Resolved issues:

This fixes #3446

Description of changes:

The USAGE-GUIDE states that "... s2n_init() MUST NOT be called more than once ...".

The public documentation in s2n.h for s2n_init states that s2n_init "should only be called once".

Issue #3446 is a result of not enforcing the documented restrictions.

This pull request enforces the init-once rule, and also properly sets the internal flag initialized to allow the library to be re-initialized, for projects that fully control the initialization scope and re-initialize the library, for example within unit tests and fixtures.

Call-outs:

Any code that has been misbehaving will start getting errors instead of undefined behavior. Previously the code did not protect against calling s2n_init midway through a program, which could have unexpected consequences.

Testing:

The s2n_init unit test was modified to ensure the calling rules are enforced and that appropriate errors are present when violated.

Licensing:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jeking3 jeking3 requested a review from a team as a code owner September 26, 2022 12:28
lrstewart
lrstewart reviewed Sep 27, 2022
View reviewed changes
@waahm7 waahm7 mentioned this pull request Sep 28, 2022
Merged
@jeking3 jeking3 force-pushed the issue-3446/init-idempotency branch 2 times, most recently from 805b8f9 to c02e0d7 Compare September 28, 2022 13:20
lrstewart
lrstewart reviewed Sep 28, 2022
View reviewed changes
utils/s2n_init.c Outdated
Comment on lines 98 to 106
bool cleaned_up = \
s2n_result_is_ok(s2n_cipher_suites_cleanup()) &&
s2n_result_is_ok(s2n_rand_cleanup_thread()) &&
s2n_result_is_ok(s2n_rand_cleanup()) &&
s2n_result_is_ok(s2n_libcrypto_cleanup()) &&
s2n_result_is_ok(s2n_locking_cleanup()) &&
(s2n_mem_cleanup() == S2N_SUCCESS);

initialized = !cleaned_up;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why leave initialized==true if cleanup fails?

If it's so that we can retry cleanup, isn't that a problem if some of the cleanup methods aren't idempotent? Or is the idea that the next call to s2n_init should fail?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct; we did not fully clean up, so we are still initialized. Calling s2n_init in this state may leak memory or have other side-effects.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. And being able to call s2n_cleanup again isn't as big of a problem, because worst case the call fails.

@jeking3 jeking3 force-pushed the issue-3446/init-idempotency branch from c02e0d7 to 9814470 Compare September 28, 2022 22:00
@lrstewart lrstewart requested a review from camshaft September 28, 2022 22:23
@jeking3 jeking3 force-pushed the issue-3446/init-idempotency branch from 9814470 to d9ac456 Compare September 30, 2022 21:30
@jeking3
Copy link
Contributor Author

jeking3 commented Sep 30, 2022

Rebased on main, no changes made.

@jeking3 jeking3 force-pushed the issue-3446/init-idempotency branch from d9ac456 to 788aae2 Compare October 1, 2022 18:07
@jeking3
Copy link
Contributor Author

jeking3 commented Oct 1, 2022

Rebased on main, no changes made.

@jeking3 jeking3 force-pushed the issue-3446/init-idempotency branch from 788aae2 to e1fb7b7 Compare October 3, 2022 12:41
@jeking3
Copy link
Contributor Author

jeking3 commented Oct 3, 2022
edited
Loading

Rebased on main to pick up fix (#3529) for npn test error found in last run. No code changes in PR.

@camshaft camshaft merged commit 3a6d282 into aws:main Oct 3, 2022
@jeking3 jeking3 deleted the issue-3446/init-idempotency branch October 3, 2022 21:30
@jeking3 jeking3 mentioned this pull request Oct 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camshaft camshaft camshaft approved these changes

@lrstewart lrstewart lrstewart approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Make s2n_init idempotent or return error for multi-s2n_init invocations
3 participants
@jeking3 @camshaft @lrstewart