New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make randomness acquisition fallible (fixes #441) #443
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for trying this out! What do you think about doing acquisition of session randoms higher in the stack, e.g. in ServerSession::new()
, and then passing them down the stack as constructor parameters? This would still result in changes to a lot of method signatures, but it would allow a lot of constructors that currently can't return Error to stay that way. It would also nicely express the semantic of "making this thing is infallible, so long as you can feed it some random bytes."
That would still leave fallibility in the ticket generation case, though, which I don't think we can do much about (unless we are willing to generate extra randomness just in case we later have to make a ticket).
This looks pretty good to me. I'm not sure why you don't like it @djc. I was expecting it to end up looking worse, and also there's room for improvement. I'll comment more in the issue. |
Yup, will definitely do that on the next pass, I think it would help a lot.
Will also include this. |
Ideally the application is able to do something like this for TCP-based TLS:
In particular, we don't want our first segment of the TCP handshake to be blocked on sending the random bytes. FWIW, I'm planning to extend the ring API with a way to coalesce the random generation of the ECDHE private key with the generation of the hello randoms in one (system) call to the PRNG. Note that Rustls also has this line:
That So, as far as rearranging code goes, I would try to rearrange things so the hello random and the ECDHE private key are generated close to each other. |
d092a43
to
25e6d03
Compare
One use of unwrap() in the codebase here is to avoid untestable error handling code -- which runs for the very first time in the field in hard-to-reproduce conditions. To put it another way -- how can we arrange to test that the error handling for any one of these fallible calls works properly? |
AFAICT, there is no new code path introduced with this PR. The only difference is that instead of callers catching the error as a panic using On Linux, we could write tests that intercept syscalls and force the failure conditions using ptrace. BoringSSL's test suite has that. I can look into exposing that via ring for ring and other ring-based tests, including Rustls, to use. However, IMO that doesn't need to block this improvement. |
b505eb9
to
18c671f
Compare
Codecov Report
@@ Coverage Diff @@
## main #443 +/- ##
==========================================
- Coverage 96.83% 96.73% -0.10%
==========================================
Files 50 50
Lines 8979 9133 +154
==========================================
+ Hits 8695 8835 +140
- Misses 284 298 +14
Continue to review full report at Codecov.
|
@ctz FWIW, Brian's point here seems true to me:
The only thing happening here is propagating failures explicitly in the type system. For careful API users, all this does is make potential failures more explicit. (I'd like some sort of pronouncement: should I continue maintaining this so you can at some point review/merge it, or is this something you definitely don't want to do?) |
Sorry for dropping this. Thanks for this work -- I would indeed like to get this merged (and, really in preference to other PRs that will make it harder to merge this). Could you rebase? |
Rebased. |
Hm, this seems to have regressed some bogo tests, for example TLS13-HelloRetryRequest-Client-TLS-Sync-ImplicitHandshake: see https://github.com/ctz/rustls/runs/2089338754?check_suite_focus=true#step:8:1675 I think this is due to |
Ah, that's bad. Will take a look at fixing it. |
PR #533 was intended to help ensure that wouldn't happen. |
No description provided.