s2n-tls
s2n-tls copied to clipboard
aws
Find solution for receiving post handshake messages with blocking IO
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
s2n-tls handles post handshake messages in s2n_recv. After parsing the record, s2n_post_handshake_recv is called to process the message. If any application data is received as well as the post handshake message, it is returned from the s2n_recv call. If no application data is received, s2n_recv returns and sets the blocked status to S2N_BLOCKED_ON_READ.
However, in blocking IO mode, s2n_recv does not return if there is no application data. In this case, select/epoll will signal that data is available, the application will call s2n_recv, the post handshake message will be processed, and s2n_recv will hang, because there's no application data to return.
Solution:
A solution needs to be determined. A possible option would be to set a new blocked status in blocking mode to tell the application there's no application data to receive.
