feat: Option to disable RAND engine override

aws · Feb 11, 2025 · f08612f · f08612f
1 parent 203cc5c
commit f08612f
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -41,6 +41,7 @@ option(S2N_USE_CRYPTO_SHARED_LIBS "For S2N to use shared libs in Findcrypto" OFF
 option(TSAN "Enable ThreadSanitizer to test thread safety" OFF)
 option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
 option(SECCOMP "Link with seccomp and run seccomp tests" OFF)
+option(S2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE "Override the libcrypto random implementation with the custom s2n-tls implementation." ON)
 
 file(GLOB API_HEADERS "api/*.h")
 file(GLOB API_UNSTABLE_HEADERS "api/unstable/*.h")
@@ -247,6 +248,11 @@ if (COVERAGE)
     target_link_options(${PROJECT_NAME} PUBLIC -fprofile-instr-generate -fcoverage-mapping)
 endif()
 
+if (NOT S2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE)
+    message(STATUS "Disabling libcrypto RAND engine override")
+    add_definitions(-DS2N_DISABLE_RAND_ENGINE_OVERRIDE)
+endif()
+
 # For interning, we need to find the static libcrypto library. Cmake configs
 # can branch on the variable BUILD_SHARED_LIBS to e.g. avoid having to define
 # multiple targets. An example is AWS-LC:

diff --git a/codebuild/spec/buildspec_disable_rand_override.yml b/codebuild/spec/buildspec_disable_rand_override.yml
@@ -0,0 +1,49 @@
+---
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
+# this file except in compliance with the License. A copy of the License is
+# located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing permissions and
+# limitations under the License.
+version: 0.2
+
+env:
+  shell: bash
+  variables:
+    # Select a libcrypto where s2n-tls will override the RAND engine by default.
+    S2N_LIBCRYPTO: "openssl-1.0.2"
+
+phases:
+  build:
+    on-failure: ABORT
+    commands:
+      - |
+        cmake . -Brand_override_enabled \
+          -DCMAKE_PREFIX_PATH=/usr/local/"${S2N_LIBCRYPTO}" \
+          -DCMAKE_BUILD_TYPE=RelWithDebInfo
+      - cmake --build ./rand_override_enabled -- -j $(nproc)
+      - |
+        cmake . -Brand_override_disabled \
+          -DCMAKE_PREFIX_PATH=/usr/local/"${S2N_LIBCRYPTO}" \
+          -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+          -DS2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE=0
+      - cmake --build ./rand_override_disabled -- -j $(nproc)
+  post_build:
+    on-failure: ABORT
+    commands:
+      - export CTEST_OUTPUT_ON_FAILURE=1
+      - export CTEST_PARALLEL_LEVEL=$(nproc)
+      # Run the s2n-tls tests with the assumption that the RAND engine override feature will be
+      # disabled. This will enable tests that ensure it's disabled.
+      - export S2N_DISABLE_RAND_ENGINE_OVERRIDE_EXPECTED=1
+      - make -C rand_override_disabled test
+      # If the RAND engine override is not actually disabled, tests that expect it to be should fail.
+      - echo "The following test is expected to fail."
+      - | 
+        ! make -C rand_override_enabled test -- ARGS="-R 's2n_random_test'"
diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
@@ -277,3 +277,9 @@ batch:
         privileged-mode: true
         compute-type: BUILD_GENERAL1_LARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
+    - identifier: DisableRandOverride
+      buildspec: codebuild/spec/buildspec_disable_rand_override.yml
+      env:
+        privileged-mode: true
+        compute-type: BUILD_GENERAL1_LARGE
+        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
diff --git a/tests/unit/s2n_random_test.c b/tests/unit/s2n_random_test.c
@@ -917,6 +917,14 @@ int main(int argc, char **argv)
             EXPECT_TRUE(s2n_libcrypto_is_openssl());
             EXPECT_FALSE(s2n_is_in_fips_mode());
         }
+
+        /* Ensure that disabling the S2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE CMake option disables the
+         * custom rand override feature. When the S2N_DISABLE_RAND_ENGINE_OVERRIDE_EXPECTED
+         * variable is set, this CMake option is expected to be disabled.
+         */
+        if (getenv("S2N_DISABLE_RAND_ENGINE_OVERRIDE_EXPECTED")) {
+            EXPECT_FALSE(s2n_supports_custom_rand());
+        }
     };
 
     /* For each test case, creates a child process that runs the test case.

diff --git a/utils/s2n_random.c b/utils/s2n_random.c
@@ -556,6 +556,8 @@ bool s2n_supports_custom_rand(void)
 {
 #if !defined(S2N_LIBCRYPTO_SUPPORTS_ENGINE)
     return false;
+#elif defined(S2N_DISABLE_RAND_ENGINE_OVERRIDE)
+    return false;
 #else
     return s2n_libcrypto_is_openssl() && !s2n_is_in_fips_mode();
 #endif