Skip to content

Commit

Permalink
Updated S2N to add support for sharing openssl/libcrypto (#35)
Browse files Browse the repository at this point in the history
* Updated to latest s2n revision, using s2n_crypto_disable_init()

* Added aws_crt_crypto_share API

* Updated to aws-c-common v0.6.9

* Separated out crypto init/shutdown

* Employ s2n_disable_atexit()

* updated s2n to get rand shutdown fix

* Updated to s2n v1.0.17
  • Loading branch information
Justin Boswell authored Aug 30, 2021
1 parent 94e82ef commit aecdb91
Show file tree
Hide file tree
Showing 8 changed files with 97 additions and 21 deletions.
18 changes: 0 additions & 18 deletions .github/workflows/clang-format.yml

This file was deleted.

33 changes: 33 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Lint

on:
push:
branches:
- '*'
- '!main'

jobs:
clang-format:

runs-on: ubuntu-latest

steps:
- name: Checkout Sources
uses: actions/checkout@v1

- name: clang-format lint
uses: DoozyX/clang-format-lint-action@v0.3.1
with:
# List of extensions to check
extensions: c,h

check-submodules:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
with:
submodules: true
fetch-depth: 0
- name: Check Submodules
uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main
10 changes: 9 additions & 1 deletion aws-crt-sys/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
/* automatically generated by rust-bindgen 0.59.0 */
/* automatically generated by rust-bindgen 0.59.1 */

#![allow(dead_code)]
#![allow(non_upper_case_globals)]
#![allow(non_camel_case_types)]
#![allow(non_snake_case)]
#![allow(deref_nullptr)]

pub type __uint8_t = ::std::os::raw::c_uchar;
pub type __uint16_t = ::std::os::raw::c_ushort;
pub type __uint32_t = ::std::os::raw::c_uint;
pub type __int64_t = ::std::os::raw::c_long;
pub type __uint64_t = ::std::os::raw::c_ulong;
extern "C" {
pub fn aws_crt_init();
}
Expand All @@ -15,6 +20,9 @@ extern "C" {
extern "C" {
pub fn aws_crt_test_error(arg1: ::std::os::raw::c_int) -> ::std::os::raw::c_int;
}
extern "C" {
pub fn aws_crt_crypto_share();
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct aws_allocator {
Expand Down
2 changes: 1 addition & 1 deletion crt/aws-c-common
Submodule aws-c-common updated 392 files
2 changes: 1 addition & 1 deletion crt/s2n
Submodule s2n updated from 663457 to b5b313
6 changes: 6 additions & 0 deletions src/api.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ AWS_CRT_API void aws_crt_init(void);
AWS_CRT_API void aws_crt_clean_up(void);
AWS_CRT_API int aws_crt_test_error(int);

/*
* Tells CRT and S2N that libcrypto will be shared with other code in this application.
* Must be called before `aws_crt_init` to have any effect
*/
AWS_CRT_API void aws_crt_crypto_share(void);

typedef struct aws_allocator aws_crt_allocator;

AWS_CRT_API aws_crt_allocator *aws_crt_default_allocator(void);
Expand Down
9 changes: 9 additions & 0 deletions src/crt.c
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ struct aws_allocator *init_allocator(void) {
void shutdown_allocator(void) {
/* destroy/unwrap traced allocator, then destroy it */
s_crt_allocator = aws_mem_tracer_destroy(s_crt_allocator);
/* If there are leaks (e.g. OPENSSL), shutting down the allocator will crash */
if (aws_small_block_allocator_bytes_active(s_crt_allocator)) {
return;
}
aws_small_block_allocator_destroy(s_crt_allocator);
s_crt_allocator = NULL;
}
Expand All @@ -48,8 +52,12 @@ aws_crt_allocator *aws_crt_default_allocator(void) {
return s_crt_allocator;
}

extern void init_crypto(void);
extern void shutdown_crypto(void);

void aws_crt_init(void) {
init_allocator();
init_crypto();
aws_common_library_init(aws_default_allocator());
aws_cal_library_init(aws_default_allocator());
aws_io_library_init(aws_default_allocator());
Expand All @@ -67,6 +75,7 @@ void aws_crt_clean_up(void) {
aws_io_library_clean_up();
aws_cal_library_clean_up();
aws_common_library_clean_up();
shutdown_crypto();
shutdown_allocator();
}

Expand Down
38 changes: 38 additions & 0 deletions src/crypto.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@

#include "crt.h"

#if defined(AWS_OS_LINUX)
# include <openssl/crypto.h>
# include <openssl/evp.h>
# include <s2n.h>

void aws_crt_crypto_share(void) {
/* Prevent s2n from initializing or de-initializing crypto */
s2n_crypto_disable_init();
s2n_disable_atexit();
}

# define AWS_OPENSSL_VERSION_AT_LEAST(major, minor, fix) \
(OPENSSL_VERSION_NUMBER >= ((major << 28) + (minor << 20) + (fix << 12)))

void init_crypto(void) {
/*
* OpenSSL prior to 1.1.x has idempotency issues with initialization and shutdown.
* We initialize it minimally ourselves here, since s2n has been told not to.
* Cleanup is handled by OpenSSL's atexit handler
*/
# if AWS_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
OPENSSL_init_crypto(
OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
# else
OpenSSL_add_all_algorithms();
# endif
}

void shutdown_crypto(void) {}

#else
void aws_crt_crypto_share(void) {}
void init_crypto(void) {}
void shutdown_crypto(void) {}
#endif

0 comments on commit aecdb91

Please sign in to comment.