Lindsay Stewart
Lindsay Stewart
I'm not sure about turning debug info off by default for RELEASE. We don't just use it for debugging during development, it also helps customers log problems in production where...
This actually only affects s2n_send, because s2n_recv doesn't appear to be able to hit its "partial success" paths: https://github.com/aws/s2n-tls/issues/3438
What's the benefit of this change? Using MaybeUninit adds complexity when calling the method, and I'm not sure how much of a benefit not initializing the buffer is.
This is odd because we test with the latest FreeBSD in our CI. We use https://github.com/vmactions/freebsd-vm, and run [this script.](https://github.com/aws/s2n-tls/blob/main/.github/s2n_freebsd.sh) How are you running your tests? If you have direct...
Gotta love a bug that only happens when not in debug mode :) You should be able to use gdb to pinpoint the bug even with the -O option. You...
Interesting. `s2n_cipher_suite_from_iana` apparently got all the way to s2n_cipher_suites.c:1072, but shouldn't have gotten past this null check on `iana`: https://github.com/aws/s2n-tls/blob/main/tls/s2n_cipher_suites.c#L1063 The compiler must somehow be optimizing out that check...? I...
We have an API that can report the line of code that generated the error: https://github.com/aws/s2n-tls/blob/main/api/s2n.h#L384-L394 Are you able to call that? And are you calling s2n_init() directly in your...
Interesting. That could suggest an issue with cleanup. Just looking at our code, we close urandom in [s2n_rand_cleanup](https://github.com/aws/s2n-tls/blob/9b7761b01a1de72bcfcb5a59dafbcd05f3a8e0e0/utils/s2n_random.c#L400-L433), which should get triggered by [s2n_cleanup](https://github.com/aws/s2n-tls/blob/main/utils/s2n_init.c#L87-L100) unless [s2n_disable_atexit](https://github.com/aws/s2n-tls/blob/aafd731ff8b0632533fe2bb8aa9d0c3cb2d29a04/api/s2n.h#L220) is called. We should...
If the error is coming from openssl, can you use the openssl error methods to examine it? Something like `printf("%s", ERR_error_string(ERR_get_error(), NULL))` right after the failure.
Are you calling InitAPI in multiple threads? s2n_init can only be called once across all threads, so that would be an issue if the SDK doesn't have extra protection. It...