-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE #4878
base: main
Are you sure you want to change the base?
Conversation
Questions:
|
b329d11
to
f051bbf
Compare
tests/unit/s2n_random_test.c
Outdated
* We expect ENGINE APIs to be available if `OPENSSL_NO_ENGINE` is not | ||
* defined. | ||
*/ | ||
#if !defined(OPENSSL_NO_ENGINE) && !defined(S2N_LIBCRYPTO_SUPPORTS_ENGINE) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be positive.. "if is_openssl_1_0_2 we want the feature probe to be true".
utils/s2n_random.c
Outdated
bool s2n_libcrypto_is_likely_openssl() | ||
{ | ||
return !s2n_libcrypto_is_boringssl() && !s2n_libcrypto_is_libressl() && !s2n_libcrypto_is_awslc(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this method belong in this module?
And I recognize that I suggested this name, but I still don't like it. Maybe we need to just commit to "s2n_libcrypto_is_openssl", since that's how we'll treat this method, even if it's not 100% guaranteed accurate. Maybe a comment is sufficient to clarify that point?
Also, consider how you could make this more readable:
bool s2n_libcrypto_is_likely_openssl() | |
{ | |
return !s2n_libcrypto_is_boringssl() && !s2n_libcrypto_is_libressl() && !s2n_libcrypto_is_awslc(); | |
} | |
bool s2n_libcrypto_is_likely_openssl() | |
{ | |
bool is_other_libcrypto = s2n_libcrypto_is_boringssl() || s2n_libcrypto_is_libressl() || s2n_libcrypto_is_awslc(); | |
return !is_other_libcrypto; | |
} |
I wonder if we can also fix the awkward "is_likely" thing by inverting this method completely. We can write a completely definitive "s2n_libcrypto_is_not_openssl" method. But negative names can be tricky in their own way 🤔 Actually I guess it's not definitive either, since we could not cover one option. Maybe "s2n_libcrypto_is_known_variant"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this method belong in this module?
Maybe we need to just commit to "s2n_libcrypto_is_openssl"
s2n_libcrypto_is_openssl
is risky because we cant actually be 100% sure it is OpenSSL. Because of the assumptions, I decided to place the method is in this file because I didnt want it to be generally available across the codebase.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AI: search of other uses and move to a single global location so that we can find and update it in the future.
tests/unit/s2n_random_test.c
Outdated
#if !defined(S2N_LIBCRYPTO_SUPPORTS_ENGINE) | ||
EXPECT_FALSE(s2n_supports_custom_rand()); | ||
#endif | ||
|
||
#if defined(OPENSSL_NO_ENGINE) | ||
EXPECT_FALSE(s2n_supports_custom_rand()); | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How/where is OPENSSL_NO_ENGINE defined? Have you tested with a libcrypto with engine support disabled to confirm it's defined where you expect it to be defined?
Nit: I still don't think these are particularly useful tests and they might not be worth the conditional compilation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tested with a libcrypto with engine support disabled to confirm it's defined where you expect it to be defined?
Yep, I actually included build instructions on how to do this. It the expandable section Local build instructions.
How/where is OPENSSL_NO_ENGINE defined?
OPENSSL_NO_ENGINE
is lightly documented (search for OPENSSL_NO_ENGINE
in https://wiki.openssl.org/index.php/Compilation_and_Installation) and the expected behavior when openssl is build with no-engine
which makes me partial to including it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on this comment, the OPENSSL_NO_ENGINE define comes from openssl/configuration.h
. Its not clear if that header if being included and hence if this test is executing correctly.
Lesson: we should only rely on s2n defines (s2n-feature probe define or an explicit s2n-cmake define). Relying on an external define, i.e. OPENSSL_NO_ENGINE, requires that we be certain that the correct header is included. Since removing the header can very subtly break code, we should avoid it in general.
tests/unit/s2n_random_test.c
Outdated
EXPECT_NOT_NULL(rand_method); | ||
EXPECT_NOT_EQUAL((s2n_rand_meth_fn_type) rand_method->bytes, (s2n_rand_meth_fn_type) s2n_openssl_compat_rand); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Defining a type for this is probably overkill. I'd forgotten that you can't use void*
for functions and there's no function version of uintptr_t
-_- Still, you should be able to just do:
EXPECT_NOT_NULL(rand_method); | |
EXPECT_NOT_EQUAL((s2n_rand_meth_fn_type) rand_method->bytes, (s2n_rand_meth_fn_type) s2n_openssl_compat_rand); | |
EXPECT_NOT_NULL(rand_method); | |
EXPECT_NOT_EQUAL((void (*)(void)) rand_method->bytes, (void (*)(void)) s2n_openssl_compat_rand); |
It just looks sillier than void*
or uintptr_t
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally I used void*
but that resulted in valgrind warnings about casting to void*. We could wrap the cast with diagnostic ignore, but that would be uglier imo. Not sure if there is a better option.
/* LibreSSL requires the rand.h file. | ||
* | ||
* https://github.com/aws/s2n-tls/issues/153#issuecomment-129651643 | ||
*/ | ||
#include <openssl/rand.h> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, why does our feature probe include this? We don't include <openssl/rand.h> in utils/s2n_random.c, so wouldn't this produce a false positive where it looks like LibreSSL supports custom rand, but we fail to compile because we didn't include this file?
Did you test with LibreSSL?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do include <openssl/rand.h>.
The positive probe test was failing for LibreSSL, which is how I discovered this.
This reverts commit ab66d00.
Review this PR first. This PR was getting too large so I split some changes into its own PR.
Description of changes:
Some platform are removing the
openssl/engine.h
header, which causes s2n-tls builds to fail (#4705, #4873).This PR splits the static
S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
check into a:Additional benefits:
The split limits the scope of the conditional compilation to ENGINE related features. The feature probe is also more comprehensive and flexible than the static check (eg. check for the openssl/engine.h header).
Existing checks (
S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
):New checks:
ENGINE
related APIs are defined: (feature probe)RAND_METHOD
signature: (feature probe. due to awslc signature differences)Testing:
I added a negative test for the feature probe. The positive test is missing due to unrelated feature probe failure on AL2.
Manual testing
I build s2n-tls linked to an openssl configured and build with the
no-engine
option.Local build instructions **(Click to Expand)**
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.