Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s2n changing OpenSSL engine globally #3287

Open
1 task
eliasdaler opened this issue Feb 5, 2025 · 1 comment
Open
1 task

s2n changing OpenSSL engine globally #3287

eliasdaler opened this issue Feb 5, 2025 · 1 comment
Labels
dependencies This issue is a problem in a dependency. feature-request A feature should be added or improved.

Comments

@eliasdaler
Copy link

Describe the bug

Hello.
We're integrating the AWS SDK into our existing code base and noticed that RAND_poll started failing (returning 1) after Aws::InitAPI is called.
E.g.:

Aws::InitAPI(options);
printf("RAND_poll after InitAPI: %d\n", RAND_poll()); // 0, failure (returns 1 otherwise if InitAPI is not called)

After further investigation, I noticed that s2n was setting a custom random engine (here) which doesn't support "add" method which is why RAND_poll started failing: see the following line.

Is is possible to somehow stop s2n from doing replacing the global engine?

The only way options I see right now is to either use OpenSSL-FIPS (not an option for us, unfortunately) or disable the s2n usage completely. However, I've found that NO_ENCRYPTION/BYO_CRYPTO seems to be broken and I don't see any other way of disabling this behaviour.

Any further help will be appreciated.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

I expect aws-sdk-cpp to not change the OpenSSL engine globally.

Current Behavior

See the description above.

Reproduction Steps

#include <cstdio>
#include <aws/core/Aws.h>
#include <openssl/rand.h>

int main(int argc, char **argv) {
    Aws::SDKOptions options;
    options.loggingOptions.logLevel = Aws::Utils::Logging::LogLevel::Trace;

    printf("RAND_poll before InitAPI: %d\n", RAND_poll()); // 1 (success)
    Aws::InitAPI(options);
    printf("RAND_poll after InitAPI: %d\n", RAND_poll()); // 0 (failure)
}

Possible Solution

No response

Additional Information/Context

No response

AWS CPP SDK version used

1.11.490

Compiler and Version used

gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0

Operating System and version

Ubuntu 22.04
@eliasdaler eliasdaler added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 5, 2025
@SergeyRyabinin SergeyRyabinin added dependencies This issue is a problem in a dependency. potential-regression Marking this issue as a potential regression to be checked by team member and removed needs-triage This issue or PR still needs to be triaged. labels Feb 5, 2025
@sbiscigl
Copy link
Contributor

sbiscigl commented Feb 6, 2025

Hey @eliasdaler ,

First and foremost thank you so much for the detailed investigation it really makes things a lot easier for us to action on.

Spoke with s2n about this and it looks like we are going to work to provide an option to disable replacing the rand engine. I cant say exactly when we will have it available but we are working at implementing it, will give you a update as we close to merging it.

@sbiscigl sbiscigl added feature-request A feature should be added or improved. and removed bug This issue is a bug. potential-regression Marking this issue as a potential regression to be checked by team member labels Feb 6, 2025
This was referenced Feb 10, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies This issue is a problem in a dependency. feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eliasdaler @sbiscigl @SergeyRyabinin