Merge branch 'main' into hyper-tests

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,19 +1,30 @@
+### Release Summary:
+<!-- If this is a feature or bug that impacts customers and is significant enough to include in the "Summary" section of the next version release, please include a brief (1-2 sentences) description of the change. The audience of this summary is future customers, not maintainers or reviewers. See https://github.com/aws/s2n-tls/releases/tag/v1.5.7 for an example. Otherwise, leave this section blank -->
+
 ### Resolved issues:
 
-Resolves #ISSUE-NUMBER1, resolves #ISSUE-NUMBER2, etc.
+resolves #ISSUE-NUMBER1, resolves #ISSUE-NUMBER2, etc.
 
 ### Description of changes: 
 
 Describe s2n’s current behavior and how your code changes that behavior. If there are no issues this PR is resolving, explain why this change is necessary.
 
 ### Call-outs:
 
-Address any potentially confusing code. Is there code added that needs to be cleaned up later? Is there code that is missing because it’s still in development? 
+Address any potentially confusing code. Is there code added that needs to be cleaned up later? Is there code that is missing because it’s still in development? If a callout is specific to a section of code, it might make more sense to leave a comment on your own PR file diff.
 
 ### Testing:
 
-How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
-
+How is this change tested (unit tests, fuzz tests, etc.)? What manual testing was performed? Are there any testing steps to be verified by the reviewer?
+How can you convince your reviewers that this PR is safe and effective?
 Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
 
+Remember:
+* Any change to the library source code should at least include unit tests.
+* Any change to the core stuffer or blob methods should include [CBMC proofs](https://github.com/aws/s2n-tls/tree/main/tests/cbmc).
+* Any change to the CI or tests should:
+   1. prove that the test succeeds for good input
+   2. prove that the test fails for bad input (eg, a test for memory leaks fails when a memory leak is committed)
+
+
 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# This configuration file tells Dependabot which
+# package ecosystems to update and where the package manifests are located.
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  # https://github.com/dependabot/dependabot-core/pull/6189
+  - package-ecosystem: "github-actions"
+    directory: "/.github/workflows"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for cargo
+  - package-ecosystem: "cargo"
+    directories:
+      - "/bindings/rust"
+      - "/bindings/rust-examples"
+      - "/tests/pcap"
+      - "/tests/regression"
+    schedule:
+      interval: "daily"

.github/workflows/dependencies.yml

@@ -0,0 +1,29 @@
+name: dependencies
+
+on:
+  # Because of permissions issues with forked PRs,
+  # Only run on a schedule or pushes to main.
+  push:
+    branches:
+      - main
+    # Only run if these files were touched.
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/dependencies.yml"
+
+  schedule:
+    # Run every day at 1800 UTC.
+    - cron: "0 18 * * *"
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write   # Open/update issues.
+      checks: write   # Create/update a check run.
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

CMakeLists.txt

@@ -511,6 +511,7 @@ if (BUILD_TESTING)
         --error-limit=no \
         --num-callers=40 \
         --undef-value-errors=no \
+        --track-fds=yes \
         --log-fd=2 \
         --suppressions=valgrind.suppressions")
 
@@ -639,7 +640,7 @@ if (BUILD_TESTING)
                         pytest
                         -x -n=${N} --reruns=2 --durations=10 --cache-clear -rpfsq
                         -o log_cli=true --log-cli-level=DEBUG --provider-version=$ENV{S2N_LIBCRYPTO}
-                        --provider-criterion=off --fips-mode=0 ${test_file_path}
+                        --fips-mode=0 ${test_file_path}
                         WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/integrationv2
                 )
             else()

api/s2n.h

@@ -229,8 +229,8 @@ S2N_API extern unsigned long s2n_get_openssl_version(void);
 S2N_API extern int s2n_init(void);
 
 /**
- * Cleans up any internal resources used by s2n-tls. This function should be called from each thread or process
- * that is created subsequent to calling `s2n_init` when that thread or process is done calling other s2n-tls functions.
+ * Cleans up thread-local resources used by s2n-tls. Does not perform a full library cleanup. To fully
+ * clean up the library use s2n_cleanup_final().
  *
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
  */
@@ -239,12 +239,6 @@ S2N_API extern int s2n_cleanup(void);
 /*
  * Performs a complete deinitialization and cleanup of the s2n-tls library.
  *
- * s2n_cleanup_final will always perform a complete cleanup. In contrast,
- * s2n_cleanup will only perform a complete cleanup if the atexit handler
- * is disabled and s2n_cleanup is called by the thread that called s2n_init.
- * Therefore s2n_cleanup_final should be used instead of s2n_cleanup in cases
- * where the user needs full control over when the complete cleanup executes.
- *
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
  */
 S2N_API extern int s2n_cleanup_final(void);

bindings/rust/integration/Cargo.toml

@@ -8,17 +8,4 @@ publish = false
 [dependencies]
 s2n-tls = { path = "../s2n-tls"}
 s2n-tls-sys = { path = "../s2n-tls-sys" }
-criterion = { version = "0.3", features = ["html_reports"] }
-anyhow = "1"
-unicode-width = "=0.1.13" # newer versions require newer rust, see https://github.com/aws/s2n-tls/issues/4786
 
-[[bench]]
-name = "s2nc"
-harness = false
-
-[[bench]]
-name = "s2nd"
-harness = false
-
-[dev-dependencies]
-regex = "=1.9.6" # newer versions require rust 1.65, see https://github.com/aws/s2n-tls/issues/4242

codebuild/bin/build_aws_crt_cpp.sh

@@ -30,6 +30,8 @@ source codebuild/bin/s2n_setup_env.sh
 BUILD_DIR=$1
 INSTALL_DIR=$2
 
+# Make sure there isn't another source tree hanging around.
+rm -rf /opt/s2n-tls || true
 mkdir -p "$BUILD_DIR/s2n"
 # In case $BUILD_DIR is a subdirectory of current directory
 for file in *;do test "$file" != "$BUILD_DIR" && cp -r "$file" "$BUILD_DIR/s2n";done

codebuild/bin/s2n_dynamic_load_test.c

@@ -37,10 +37,10 @@ static void *s2n_load_dynamic_lib(void *ctx)
         exit(1);
     }
 
-    int (*s2n_cleanup_dl)(void) = NULL;
-    *(void **) (&s2n_cleanup_dl) = dlsym(s2n_so, "s2n_cleanup");
+    int (*s2n_cleanup_final_dl)(void) = NULL;
+    *(void **) (&s2n_cleanup_final_dl) = dlsym(s2n_so, "s2n_cleanup_final");
     if (dlerror()) {
-        printf("Error dynamically loading s2n_cleanup\n");
+        printf("Error dynamically loading s2n_cleanup_final\n");
         exit(1);
     }
 
@@ -63,17 +63,22 @@ static void *s2n_load_dynamic_lib(void *ctx)
         fprintf(stderr, "Error calling s2n_init: '%s'\n", (*s2n_strerror_debug_dl)(s2n_errno, "EN"));
         exit(1);
     }
-    if ((*s2n_cleanup_dl)()) {
+    if ((*s2n_cleanup_final_dl)()) {
         int s2n_errno = (*s2n_errno_location_dl)();
-        fprintf(stderr, "Error calling s2n_cleanup: '%s'\n", (*s2n_strerror_debug_dl)(s2n_errno, "EN"));
+        fprintf(stderr, "Error calling s2n_cleanup_final: '%s'\n", (*s2n_strerror_debug_dl)(s2n_errno, "EN"));
         exit(1);
     }
 
+    /* TODO: https://github.com/aws/s2n-tls/issues/4827
+     * This dlclose call invokes the pthread key destructor that
+     * asserts that the s2n-tls library is initialized, which at this point
+     * is not, due to the s2n_cleanup_final call. This is a bug.
     if (dlclose(s2n_so)) {
         printf("Error closing libs2n\n");
         printf("%s\n", dlerror());
         exit(1);
     }
+    */
 
     return NULL;
 }