Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

api visibility: some public functions are not visible in libs2n.so #4012

Closed
jmayclin opened this issue May 18, 2023 · 0 comments · Fixed by #4015
Closed

api visibility: some public functions are not visible in libs2n.so #4012

jmayclin opened this issue May 18, 2023 · 0 comments · Fixed by #4015
Labels

Comments

@jmayclin
Copy link
Contributor

Problem:

s2n is compiled with the -fvisbility=hidden flag to enforce public(api)/private boundaries when compiled as a shared object.

s2n-tls/CMakeLists.txt

Lines 284 to 288 in f9a6ffa

if(BUILD_TESTING AND BUILD_SHARED_LIBS)
target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=default)
else()
target_compile_options(${PROJECT_NAME} PRIVATE -fvisibility=hidden -DS2N_EXPORTS)
endif()

And then we use the visibility attributes to explicitly annotate which of our functions we want to remain visible

s2n-tls/api/s2n.h

Lines 25 to 30 in f9a6ffa

#if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS)
/**
* Marks a function as belonging to the public s2n API.
*/
#define S2N_API __attribute__((visibility("default")))
#else

The mechanism requires that the visibility attribute is on the declaration inside the compilation unit of the definition. We do not do this in all places, so some methods that should be visible, like s2n_client_hello_parse_message are actually hidden.

Solution:

We need to include "api/relevant_file" for compilation units which define S2N_API functions.

Requirements / Acceptance Criteria:

All functions marked S2N_API should be consumable from libs2n.so.

We should add a test to validate that we are doing this. One way to do this is to build on the unit tests in s2n-tls-sys bindings that make sure that bound function is defined. This issue was originally detected when we tried to add bindings for some of the unstable apis #4009 by this CI job

Another way to do this would be to parse the api/* header files for all of the functions that should be visible, and then use the nm utility to confirm that the symbol is visible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants