diff --git a/CMakeLists.txt b/CMakeLists.txt index 4e4ad337f04..bc8e6554842 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -222,7 +222,7 @@ if(S2N_UNSAFE_FUZZING_MODE) endif() if(TSAN) - target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize=thread) + target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize=thread -DS2N_THREAD_SANITIZER=1) target_link_options(${PROJECT_NAME} PUBLIC -fsanitize=thread) endif() @@ -510,7 +510,11 @@ if (BUILD_TESTING) message(FATAL_ERROR "TSAN suppression file ${TSAN_SUPPRESSIONS_FILE} missing") endif() set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} S2N_ADDRESS_SANITIZER=1) - set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} TSAN_OPTIONS=suppressions=${TSAN_SUPPRESSIONS_FILE}) + set(TSAN_OPTIONS suppressions=${TSAN_SUPPRESSIONS_FILE}) + if(DEFINED ENV{TSAN_OPTIONS}) + set(TSAN_OPTIONS "${TSAN_OPTIONS} $ENV{TSAN_OPTIONS}") + endif() + set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} TSAN_OPTIONS=${TSAN_OPTIONS}) endif() message(STATUS "Running tests with environment: ${UNIT_TEST_ENVS}") diff --git a/error/s2n_errno.c b/error/s2n_errno.c index ecb9dc86f7f..c958e9f3065 100644 --- a/error/s2n_errno.c +++ b/error/s2n_errno.c @@ -290,6 +290,7 @@ static const char *no_such_error = "Internal s2n error"; ERR_ENTRY(S2N_ERR_INTERNAL_LIBCRYPTO_ERROR, "An internal error has occurred in the libcrypto API") \ ERR_ENTRY(S2N_ERR_NO_RENEGOTIATION, "Only secure, server-initiated renegotiation is supported") \ ERR_ENTRY(S2N_ERR_APP_DATA_BLOCKED, "Blocked on application data during handshake") \ + ERR_ENTRY(S2N_ERR_ATOMIC, "Atomic operations in this environment would require locking") \ /* clang-format on */ #define ERR_STR_CASE(ERR, str) \ diff --git a/error/s2n_errno.h b/error/s2n_errno.h index 151159f59f0..dd5b841b1c0 100644 --- a/error/s2n_errno.h +++ b/error/s2n_errno.h @@ -306,6 +306,7 @@ typedef enum { S2N_ERR_SECRET_SCHEDULE_STATE, S2N_ERR_CERT_OWNERSHIP, S2N_ERR_INTERNAL_LIBCRYPTO_ERROR, + S2N_ERR_ATOMIC, S2N_ERR_T_USAGE_END, } s2n_error; diff --git a/tests/features/S2N_ATOMIC_SUPPORTED.c b/tests/features/S2N_ATOMIC_SUPPORTED.c new file mode 100644 index 00000000000..3e2b29407d6 --- /dev/null +++ b/tests/features/S2N_ATOMIC_SUPPORTED.c @@ -0,0 +1,30 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include +#include + +int main() { + /* Atomic builtins are supported by gcc 4.7.3 and later. */ + sig_atomic_t atomic = 0, value = 1; + __atomic_store(&atomic, &value, __ATOMIC_RELAXED); + __atomic_load(&atomic, &value, __ATOMIC_RELAXED); + + /* _Static_assert is supported for C99 by gcc 4.6 and later, + * so using it here shouldn't limit use of the atomic builtins. */ + _Static_assert(__atomic_always_lock_free(sizeof(sig_atomic_t), NULL), + "Atomic operations in this environment would require locking"); + return 0; +} diff --git a/tests/features/S2N_ATOMIC_SUPPORTED.flags b/tests/features/S2N_ATOMIC_SUPPORTED.flags new file mode 100644 index 00000000000..2f41be663b2 --- /dev/null +++ b/tests/features/S2N_ATOMIC_SUPPORTED.flags @@ -0,0 +1 @@ +-Werror diff --git a/tests/unit/s2n_alerts_test.c b/tests/unit/s2n_alerts_test.c index 2d4d87b583d..9131ee57a1c 100644 --- a/tests/unit/s2n_alerts_test.c +++ b/tests/unit/s2n_alerts_test.c @@ -106,7 +106,7 @@ int main(int argc, char **argv) EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); /* Verify state prior to alert */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); /* Write and process the alert */ EXPECT_SUCCESS(s2n_stuffer_write_bytes(&conn->in, not_close_notify_alert, sizeof(not_close_notify_alert))); @@ -115,7 +115,7 @@ int main(int argc, char **argv) EXPECT_FAILURE_WITH_ERRNO(s2n_process_alert_fragment(conn), S2N_ERR_ALERT); /* Verify state after alert */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_SUCCESS(s2n_connection_free(conn)); } @@ -126,14 +126,14 @@ int main(int argc, char **argv) EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); /* Verify state prior to alert */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); /* Write and process the alert */ EXPECT_SUCCESS(s2n_stuffer_write_bytes(&conn->in, close_notify_alert, sizeof(close_notify_alert))); EXPECT_SUCCESS(s2n_process_alert_fragment(conn)); /* Verify state after alert */ - EXPECT_TRUE(conn->close_notify_received); + EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_SUCCESS(s2n_connection_free(conn)); } diff --git a/tests/unit/s2n_connection_test.c b/tests/unit/s2n_connection_test.c index 73dc90c1318..e12cc656e20 100644 --- a/tests/unit/s2n_connection_test.c +++ b/tests/unit/s2n_connection_test.c @@ -795,14 +795,6 @@ int main(int argc, char **argv) EXPECT_FALSE(s2n_connection_check_io_status(NULL, S2N_IO_CLOSED)); EXPECT_FALSE(s2n_connection_check_io_status(NULL, 10)); EXPECT_FALSE(s2n_connection_check_io_status(conn, 10)); - - EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); - conn->write_closed = 10; - EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); - - EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); - conn->read_closed = 10; - EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); } /* TLS1.2 */ @@ -819,24 +811,24 @@ int main(int argc, char **argv) EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); /* Close write */ - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->write_closed); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - conn->write_closed = 0; + s2n_atomic_flag_clear(&conn->write_closed); /* Close read */ - conn->read_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - conn->read_closed = 0; + s2n_atomic_flag_clear(&conn->read_closed); /* Close both */ - conn->read_closed = 1; - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); + s2n_atomic_flag_set(&conn->write_closed); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -857,24 +849,24 @@ int main(int argc, char **argv) EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); /* Close write */ - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->write_closed); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - conn->write_closed = 0; + s2n_atomic_flag_clear(&conn->write_closed); /* Close read */ - conn->read_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - conn->read_closed = 0; + s2n_atomic_flag_clear(&conn->read_closed); /* Close both */ - conn->read_closed = 1; - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); + s2n_atomic_flag_set(&conn->write_closed); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); diff --git a/tests/unit/s2n_early_data_io_api_test.c b/tests/unit/s2n_early_data_io_api_test.c index c04f777c96b..966da872a56 100644 --- a/tests/unit/s2n_early_data_io_api_test.c +++ b/tests/unit/s2n_early_data_io_api_test.c @@ -373,8 +373,8 @@ int main(int argc, char **argv) /* Pretend we didn't test the above error condition. * The S2N_ERR_BAD_MESSAGE error triggered S2N to close the connection. */ - server_conn->write_closed = false; - client_conn->write_closed = false; + s2n_atomic_flag_clear(&server_conn->write_closed); + s2n_atomic_flag_clear(&client_conn->write_closed); /* Read the remaining early data properly */ EXPECT_SUCCESS(s2n_recv_early_data(server_conn, actual_payload, sizeof(actual_payload), diff --git a/tests/unit/s2n_shutdown_test.c b/tests/unit/s2n_shutdown_test.c index 7a01af33b72..e0f1e09c2a3 100644 --- a/tests/unit/s2n_shutdown_test.c +++ b/tests/unit/s2n_shutdown_test.c @@ -66,7 +66,7 @@ int main(int argc, char **argv) /* Verify state prior to alert */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -78,7 +78,7 @@ int main(int argc, char **argv) /* Verify state after shutdown attempt */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); @@ -109,7 +109,7 @@ int main(int argc, char **argv) /* Verify state prior to alert */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -123,7 +123,7 @@ int main(int argc, char **argv) /* Verify state after shutdown attempt */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); @@ -146,7 +146,7 @@ int main(int argc, char **argv) /* Verify state prior to alert */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -173,7 +173,7 @@ int main(int argc, char **argv) /* Verify state after shutdown attempt */ EXPECT_TRUE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); @@ -195,7 +195,7 @@ int main(int argc, char **argv) /* Verify state prior to alert */ EXPECT_FALSE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -204,7 +204,7 @@ int main(int argc, char **argv) /* Verify state after shutdown */ EXPECT_FALSE(s2n_handshake_is_complete(conn)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); /* Fully closed: we don't worry about truncating data */ @@ -225,7 +225,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_set_io_stuffers(&input, &output, conn)); /* Verify state prior to alert */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -234,7 +234,7 @@ int main(int argc, char **argv) EXPECT_EQUAL(blocked, S2N_BLOCKED_ON_READ); /* Verify state after shutdown attempt */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); /* Half-close: only write closed */ @@ -257,7 +257,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_set_io_stuffers(&input, &output, conn)); /* Verify state prior to alert */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX)); @@ -266,7 +266,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_process_alert_fragment(conn)); /* Verify state after alert */ - EXPECT_TRUE(conn->close_notify_received); + EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE)); EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE)); @@ -276,7 +276,7 @@ int main(int argc, char **argv) EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED); /* Verify state after shutdown attempt */ - EXPECT_TRUE(conn->close_notify_received); + EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); }; @@ -309,7 +309,7 @@ int main(int argc, char **argv) EXPECT_FAILURE_WITH_ERRNO(s2n_shutdown(conn, &blocked), S2N_ERR_ALERT); /* Verify state after shutdown attempt */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); EXPECT_EQUAL(s2n_stuffer_data_available(&output), alert_record_size); @@ -317,7 +317,7 @@ int main(int argc, char **argv) /* Future calls are no-ops */ for (size_t i = 0; i < 5; i++) { EXPECT_SUCCESS(s2n_shutdown(conn, &blocked)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_TRUE(conn->alert_sent); } }; @@ -410,7 +410,7 @@ int main(int argc, char **argv) EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED); /* Verify state after shutdown attempt */ - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); EXPECT_FALSE(conn->alert_sent); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); }; @@ -586,7 +586,7 @@ int main(int argc, char **argv) /* Full close is no-op */ EXPECT_SUCCESS(s2n_shutdown(conn, &blocked)); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); }; /* Test: Half close, peer alert, then full close */ @@ -621,7 +621,7 @@ int main(int argc, char **argv) /* Full close is no-op */ EXPECT_SUCCESS(s2n_shutdown(conn, &blocked)); EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED)); - EXPECT_FALSE(conn->close_notify_received); + EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received)); }; } diff --git a/tls/s2n_alerts.c b/tls/s2n_alerts.c index db53ac148be..4cc54e6c230 100644 --- a/tls/s2n_alerts.c +++ b/tls/s2n_alerts.c @@ -23,6 +23,7 @@ #include "tls/s2n_record.h" #include "tls/s2n_resume.h" #include "tls/s2n_tls_parameters.h" +#include "utils/s2n_atomic.h" #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" @@ -203,8 +204,8 @@ int s2n_process_alert_fragment(struct s2n_connection *conn) if (s2n_stuffer_data_available(&conn->alert_in) == 2) { /* Close notifications are handled as shutdowns */ if (conn->alert_in_data[1] == S2N_TLS_ALERT_CLOSE_NOTIFY) { - conn->read_closed = 1; - conn->close_notify_received = true; + s2n_atomic_flag_set(&conn->read_closed); + s2n_atomic_flag_set(&conn->close_notify_received); return 0; } @@ -221,6 +222,7 @@ int s2n_process_alert_fragment(struct s2n_connection *conn) /* All other alerts are treated as fatal errors */ POSIX_GUARD_RESULT(s2n_connection_set_closed(conn)); + s2n_atomic_flag_set(&conn->error_alert_received); POSIX_BAIL(S2N_ERR_ALERT); } } diff --git a/tls/s2n_connection.c b/tls/s2n_connection.c index 285ecd948ce..04316e7ad2d 100644 --- a/tls/s2n_connection.c +++ b/tls/s2n_connection.c @@ -43,6 +43,7 @@ #include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" +#include "utils/s2n_atomic.h" #include "utils/s2n_blob.h" #include "utils/s2n_compiler.h" #include "utils/s2n_mem.h" @@ -1168,8 +1169,8 @@ S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **c S2N_RESULT s2n_connection_set_closed(struct s2n_connection *conn) { RESULT_ENSURE_REF(conn); - conn->read_closed = 1; - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); + s2n_atomic_flag_set(&conn->write_closed); return S2N_RESULT_OK; } @@ -1547,7 +1548,9 @@ bool s2n_connection_check_io_status(struct s2n_connection *conn, s2n_io_status s return false; } - const bool is_full_duplex = !conn->read_closed && !conn->write_closed; + bool read_closed = s2n_atomic_flag_test(&conn->read_closed); + bool write_closed = s2n_atomic_flag_test(&conn->write_closed); + bool full_duplex = !read_closed && !write_closed; /* *= https://tools.ietf.org/rfc/rfc8446#section-6.1 @@ -1561,21 +1564,21 @@ bool s2n_connection_check_io_status(struct s2n_connection *conn, s2n_io_status s case S2N_IO_WRITABLE: case S2N_IO_READABLE: case S2N_IO_FULL_DUPLEX: - return is_full_duplex; + return full_duplex; case S2N_IO_CLOSED: - return !is_full_duplex; + return !full_duplex; } } switch (status) { case S2N_IO_WRITABLE: - return !conn->write_closed; + return !write_closed; case S2N_IO_READABLE: - return !conn->read_closed; + return !read_closed; case S2N_IO_FULL_DUPLEX: - return is_full_duplex; + return full_duplex; case S2N_IO_CLOSED: - return conn->read_closed && conn->write_closed; + return read_closed && write_closed; } return false; diff --git a/tls/s2n_connection.h b/tls/s2n_connection.h index 01563e1c750..b256bb11740 100644 --- a/tls/s2n_connection.h +++ b/tls/s2n_connection.h @@ -39,6 +39,7 @@ #include "tls/s2n_security_policies.h" #include "tls/s2n_tls_parameters.h" #include "tls/s2n_x509_validator.h" +#include "utils/s2n_atomic.h" #include "utils/s2n_mem.h" #include "utils/s2n_timer.h" @@ -110,9 +111,6 @@ struct s2n_connection { * even when setting a new config. */ unsigned psk_mode_overridden : 1; - /* Have we received a close notify alert from the peer. */ - unsigned close_notify_received : 1; - /* Connection negotiated an EMS */ unsigned ems_negotiated : 1; @@ -272,6 +270,10 @@ struct s2n_connection { uint8_t reader_warning_out; bool alert_sent; + /* Receiving error or close_notify alerts changes the behavior of s2n_shutdown_send */ + s2n_atomic_flag error_alert_received; + s2n_atomic_flag close_notify_received; + /* Our handshake state machine */ struct s2n_handshake handshake; @@ -308,13 +310,11 @@ struct s2n_connection { uint64_t wire_bytes_out; uint64_t early_data_bytes; - /* Is the connection open or closed? - * - * We use C's only atomic type as an error requires shutting down both read - * and write, so both the reader and writer threads may access both fields. + /* Either the reader or the writer can trigger both sides of the connection + * to close in response to a fatal error. */ - sig_atomic_t read_closed; - sig_atomic_t write_closed; + s2n_atomic_flag read_closed; + s2n_atomic_flag write_closed; /* TLS extension data */ char server_name[S2N_MAX_SERVER_NAME + 1]; diff --git a/tls/s2n_recv.c b/tls/s2n_recv.c index 0f6256844f1..5350ba4c5bd 100644 --- a/tls/s2n_recv.c +++ b/tls/s2n_recv.c @@ -42,7 +42,7 @@ S2N_RESULT s2n_read_in_bytes(struct s2n_connection *conn, struct s2n_stuffer *ou errno = 0; int r = s2n_connection_recv_stuffer(output, conn, remaining); if (r == 0) { - conn->read_closed = 1; + s2n_atomic_flag_set(&conn->read_closed); RESULT_BAIL(S2N_ERR_CLOSED); } else if (r < 0) { if (errno == EWOULDBLOCK || errno == EAGAIN) { @@ -127,7 +127,7 @@ ssize_t s2n_recv_impl(struct s2n_connection *conn, void *buf, ssize_t size, s2n_ *# closed, the TLS implementation MUST receive a "close_notify" alert *# before indicating end-of-data to the application layer. */ - POSIX_ENSURE(conn->close_notify_received, S2N_ERR_CLOSED); + POSIX_ENSURE(s2n_atomic_flag_test(&conn->close_notify_received), S2N_ERR_CLOSED); *blocked = S2N_NOT_BLOCKED; return 0; } diff --git a/tls/s2n_shutdown.c b/tls/s2n_shutdown.c index 9072f6a1eb2..6086322a15e 100644 --- a/tls/s2n_shutdown.c +++ b/tls/s2n_shutdown.c @@ -17,29 +17,13 @@ #include "tls/s2n_alerts.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" +#include "utils/s2n_atomic.h" #include "utils/s2n_safety.h" -static bool s2n_error_alert_received(struct s2n_connection *conn) -{ - /* We don't check s2n_connection_get_alert() or s2n_stuffer_data_available() - * because of https://github.com/aws/s2n-tls/issues/3933. - * We need to check if the stuffer contains an alert, regardless of its - * read state. - */ - if (conn->alert_in.write_cursor == 0) { - return false; - } - /* Verify that the stuffer doesn't just contain a close_notify alert */ - if (conn->close_notify_received) { - return false; - } - return true; -} - static bool s2n_shutdown_expect_close_notify(struct s2n_connection *conn) { /* No close_notify expected if we already received an error instead */ - if (s2n_error_alert_received(conn)) { + if (s2n_atomic_flag_test(&conn->error_alert_received)) { return false; } @@ -83,11 +67,11 @@ int s2n_shutdown_send(struct s2n_connection *conn, s2n_blocked_status *blocked) } /* Flush any outstanding data */ - conn->write_closed = 1; + s2n_atomic_flag_set(&conn->write_closed); POSIX_GUARD(s2n_flush(conn, blocked)); /* For a connection closed due to receiving an alert, we don't send anything. */ - if (s2n_error_alert_received(conn)) { + if (s2n_atomic_flag_test(&conn->error_alert_received)) { return S2N_SUCCESS; } @@ -136,7 +120,7 @@ int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked) uint8_t record_type = 0; int isSSLv2 = false; *blocked = S2N_BLOCKED_ON_READ; - while (!conn->close_notify_received) { + while (!s2n_atomic_flag_test(&conn->close_notify_received)) { POSIX_GUARD(s2n_read_full_record(conn, &record_type, &isSSLv2)); POSIX_ENSURE(!isSSLv2, S2N_ERR_BAD_MESSAGE); if (record_type == TLS_ALERT) { diff --git a/utils/s2n_atomic.c b/utils/s2n_atomic.c new file mode 100644 index 00000000000..cd2597cd0f0 --- /dev/null +++ b/utils/s2n_atomic.c @@ -0,0 +1,60 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include "utils/s2n_atomic.h" + +#include + +#include "utils/s2n_safety.h" + +static sig_atomic_t set_val = true; +static sig_atomic_t clear_val = false; + +S2N_RESULT s2n_atomic_init() +{ +#if S2N_ATOMIC_SUPPORTED && S2N_THREAD_SANITIZER + RESULT_ENSURE(__atomic_always_lock_free(sizeof(s2n_atomic_flag), NULL), S2N_ERR_ATOMIC); +#endif + return S2N_RESULT_OK; +} + +void s2n_atomic_flag_set(s2n_atomic_flag *var) +{ +#if S2N_ATOMIC_SUPPORTED && S2N_THREAD_SANITIZER + __atomic_store(&var->val, &set_val, __ATOMIC_RELAXED); +#else + var->val = set_val; +#endif +} + +void s2n_atomic_flag_clear(s2n_atomic_flag *var) +{ +#if S2N_ATOMIC_SUPPORTED && S2N_THREAD_SANITIZER + __atomic_store(&var->val, &clear_val, __ATOMIC_RELAXED); +#else + var->val = clear_val; +#endif +} + +bool s2n_atomic_flag_test(s2n_atomic_flag *var) +{ +#if S2N_ATOMIC_SUPPORTED && S2N_THREAD_SANITIZER + sig_atomic_t result = 0; + __atomic_load(&var->val, &result, __ATOMIC_RELAXED); + return result; +#else + return var->val; +#endif +} diff --git a/utils/s2n_atomic.h b/utils/s2n_atomic.h new file mode 100644 index 00000000000..014dc43dd32 --- /dev/null +++ b/utils/s2n_atomic.h @@ -0,0 +1,42 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ +#pragma once + +#include + +#include "utils/s2n_result.h" + +/* s2n-tls allows s2n_send and s2n_recv to be called concurrently. + * There are a handful of values that both methods need to access. + * However, C99 has no concept of concurrency, so provides no atomic data types. + */ + +/* Wrap the underlying value in a struct to encourage developers to only use + * the provided atomic methods. + */ +typedef struct { + /* Traditionally, s2n-tls uses sig_atomic_t for its weak guarantee of + * atomicity for interrupts. + */ + sig_atomic_t val; +} s2n_atomic_flag; + +/* These methods use compiler atomic built-ins if available and lock-free, but otherwise + * rely on setting / clearing a small value generally being atomic in practice. + */ +S2N_RESULT s2n_atomic_init(); +void s2n_atomic_flag_set(s2n_atomic_flag *var); +void s2n_atomic_flag_clear(s2n_atomic_flag *var); +bool s2n_atomic_flag_test(s2n_atomic_flag *var); diff --git a/utils/s2n_init.c b/utils/s2n_init.c index 6f7efe19450..cffc8d00c4e 100644 --- a/utils/s2n_init.c +++ b/utils/s2n_init.c @@ -79,6 +79,7 @@ int s2n_init(void) POSIX_GUARD(s2n_extension_type_init()); POSIX_GUARD_RESULT(s2n_pq_init()); POSIX_GUARD_RESULT(s2n_tls13_empty_transcripts_init()); + POSIX_GUARD_RESULT(s2n_atomic_init()); if (atexit_cleanup) { POSIX_ENSURE_OK(atexit(s2n_cleanup_atexit), S2N_ERR_ATEXIT);