Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Send zero-length NST when session key is expired #4532
fix: Send zero-length NST when session key is expired #4532
Changes from 27 commits
2e48de1
becb306
e023d46
edff88a
f22a5b9
8352bce
c4a5474
9beba2c
8ead510
8838bdf
ab18c07
c1948e8
e86b5b3
ae343b8
9302a3a
112574c
82709ee
8118b83
aad3a35
13ec6d3
1c8b71d
0a4c8ee
9ff9261
474f40f
4fc4de4
3554753
ca92f58
14d56a3
6b3ace8
9b09e91
8aeedd3
907da2b
ab7c57d
1bf7d88
8ee8b0f
b2e650d
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this the right place for this compliance comment? This code doesn't ensure that the message is sent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is writing to stuffer not considered "sending a message", or are you suggesting to put this comment on top of code where I send zero-length nst message upon failing to retrieve a key like what I did in my latest change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Writing to a stuffer isn't automatically sending a message. This code also doesn't somehow enforce that you always write to that stuffer, just that you do in this one case.
With the way the code is currently structured, I'm not sure there's a good place for this comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also not convinced this is the right place for this compliance comment. The struct format applies to the whole message, not just to an empty message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make more sense to put this comment on top of this s2n_server_nst_send() function? Or is there more suitable place for this comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like above: it's not clear to me that there is a suitable place to put this comment given the current structure of the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this completely solve the problem? Couldn't the key still expire between here and s2n_encrypt_session_ticket? Or couldn't s2n_config_is_encrypt_key_available still otherwise disagree with s2n_get_ticket_encrypt_decrypt_key?
To completely solve the problem, you need to write an empty message in response to actually failing to retrieve the key, not in response to a new "is there a key" check. We already made an "is there a key" check during the last message, which was probably like nanoseconds ago.