Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix thread safety issue in Symmetric cipher #31

Merged
merged 2 commits into from
Feb 10, 2023
Merged

Fix thread safety issue in Symmetric cipher #31

merged 2 commits into from
Feb 10, 2023

Conversation

micahlee
Copy link
Contributor

Desired Outcome

The desired outcome of this PR is to allow thread-safe use of the Symmetric cipher class.

Implemented Changes

This PR adds a synchronization mutex to the Symmetric class to manage thread
access to the critical portions of OpenSSL encryption and decryption.

Previously, if this steps were allowed to interleave among threads, it would corrupt
the OpenSSL state, leading to intermittent CipherErrors from OpenSSL.

Connected Issue/Story

CyberArk internal issue ID: CNJR-479

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR
  • A follow-up issue to update official docs has been filed here: [insert issue ID]
  • This PR does not require updating any documentation

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

@micahlee
Add basic dev environment to this repo
027de63 
To make it easier to run tests in a container.
@micahlee micahlee requested a review from a team as a code owner February 10, 2023 18:22
@micahlee micahlee force-pushed the cnjr-479-thread-safe-symmetric-cipher branch from 578edc5 to 7fa6a23 Compare February 10, 2023 18:24
@micahlee
Improve thread safety of Symmetric cipher
c9408a0 
Previously using Symmetric encryption
from multiple threads could result in errors
from OpenSSL. This commit adds a mutex
to synchronize access to the OpenSSL
instance for encryption and decryption.
@micahlee micahlee force-pushed the cnjr-479-thread-safe-symmetric-cipher branch from 7fa6a23 to c9408a0 Compare February 10, 2023 18:27
jvanderhoof
jvanderhoof approved these changes Feb 10, 2023
View reviewed changes
Copy link

@jvanderhoof jvanderhoof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Any idea if there are other parts of Slosilo that call out to OpenSSL that may suffer similar problems?

@micahlee
Copy link
Contributor Author

Looks good. Any idea if there are other parts of Slosilo that call out to OpenSSL that may suffer similar problems?

@jvanderhoof Thanks! I didn't see any other issues like this in a quick survey through the code. All of the other uses of OpenSSL seem to be single function calls, or use this Symmetric class.

@micahlee micahlee merged commit 56f19ab into master Feb 10, 2023
@micahlee micahlee deleted the cnjr-479-thread-safe-symmetric-cipher branch February 10, 2023 19:26
micahlee added a commit to cyberark/conjur that referenced this pull request Feb 10, 2023
@micahlee
Update slosilo to resolve thread-safety bug
e9c760e 
For more detail, see:
cyberark/slosilo#31
@micahlee micahlee mentioned this pull request Feb 10, 2023
Merged
13 tasks
micahlee added a commit to cyberark/conjur that referenced this pull request Feb 10, 2023
@micahlee
Update slosilo to resolve thread-safety bug
35fd1b7 
For more detail, see:
cyberark/slosilo#31
micahlee added a commit to cyberark/conjur that referenced this pull request Feb 10, 2023
@micahlee
Update slosilo to resolve thread-safety bug
bad6f8e 
For more detail, see:
cyberark/slosilo#31
jeniaSakirko pushed a commit to cyberark/conjur that referenced this pull request Mar 13, 2023
@micahlee
Update slosilo to resolve thread-safety bug
6474d83 
For more detail, see:
cyberark/slosilo#31
jeniaSakirko pushed a commit to cyberark/conjur that referenced this pull request Mar 13, 2023
@micahlee
Update slosilo to resolve thread-safety bug
e57eddd 
For more detail, see:
cyberark/slosilo#31
@john-odonnell john-odonnell mentioned this pull request Apr 21, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvanderhoof jvanderhoof jvanderhoof approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@micahlee @jvanderhoof