Globally clear thread-local states #1919
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## randomness_generation #1919 +/- ##
=========================================================
+ Coverage 78.57% 78.78% +0.21%
=========================================================
Files 585 595 +10
Lines 98007 101780 +3773
Branches 13922 14425 +503
=========================================================
+ Hits 77010 80192 +3182
- Misses 20378 20950 +572
- Partials 619 638 +19 ☔ View full report in Codecov by Sentry. |
Merged
torben-hansen
added a commit
that referenced
this pull request
Nov 1, 2024
To avoid synchronisation issues for codepoints that reads/mutates the ctr-drbg state in #1919, we must reorganise the reseed logic. This decouples the code that reads/mutates the ctr-drbg state and the code that gathers entropy. The latter is not an issue. The former will later be wrapped as critical code needing synchronisation as part of the global zeroisation.
torben-hansen
force-pushed
the
ragdoll_handle_threads_globally
branch
from
d47a903
to
2aae5c8
Compare
torben-hansen
added a commit
to torben-hansen/aws-lc
that referenced
this pull request
Nov 1, 2024
To avoid synchronisation issues for codepoints that reads/mutates the ctr-drbg state in aws#1919, we must reorganise the reseed logic. This decouples the code that reads/mutates the ctr-drbg state and the code that gathers entropy. The latter is not an issue. The former will later be wrapped as critical code needing synchronisation as part of the global zeroisation.
andrewhop
reviewed
Nov 4, 2024
skmcgrail
previously approved these changes
Nov 5, 2024
andrewhop
previously approved these changes
Nov 6, 2024
torben-hansen
dismissed stale reviews from andrewhop and skmcgrail
via
e826b71
skmcgrail
approved these changes
Nov 7, 2024
andrewhop
approved these changes
Nov 7, 2024
torben-hansen
merged commit 3b6651c
into
aws:randomness_generation
112 of 116 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
As per FIPS, something equivalent to sensitive memory must not be kept around in the clear. Often the sensitive stuff we produce is then handed off to a linked application. But we do have some memory we control, namely the thread-local CTR-DRBG states. It's not clear why CTR-DRBG states are actually sensitive for the purpose of zeroization; the primary security property of a DRBG is backtracking resistance, so someone would need to break the security of the scheme to take advantage of the state. Obviously, one can generate future outputs from a DRBG state, since it's deterministic. But that's not the purpose of zeroization. Regardless, zeroization is what we must do.
But when a process exists, all threads might not have been gracefully exited. To ensure this doesn't leave around sensitive memory, references to all thread-local states are kept in a doubly linked list. This creates a fair bit of issues that was mostly solved in the existing solution. I modified that a bit to take into account the new code-flow. The only major chance is that the CTR-DRBG generate call is now wrapped in a global lock under the while-loop iteration. I have tried to explain most in inline comments in the code. One can argue that when existing a process there is no need for this ands it is all just unreasonable to require, but that's the state of the world currently. And so, must be handled.
This feature was previously guarded by the FIPS build flag. But I removed that to remove one more source of non-FIPS/FIPS behaviour change...
Testing:
Extended the current basic tests to being threaded - if threading is supported by the build.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.