Merge branch 'main' into flaky

aws · Nov 12, 2024 · b737a6b · b737a6b
2 parents cc8af8d + 38b273f
commit b737a6b
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 31 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,19 +1,30 @@
+### Release Summary:
+<!-- If this is a feature or bug that impacts customers and is significant enough to include in the "Summary" section of the next version release, please include a brief (1-2 sentences) description of the change. The audience of this summary is future customers, not maintainers or reviewers. See https://github.com/aws/s2n-tls/releases/tag/v1.5.7 for an example. Otherwise, leave this section blank -->
+
 ### Resolved issues:
 
-Resolves #ISSUE-NUMBER1, resolves #ISSUE-NUMBER2, etc.
+resolves #ISSUE-NUMBER1, resolves #ISSUE-NUMBER2, etc.
 
 ### Description of changes: 
 
 Describe s2n’s current behavior and how your code changes that behavior. If there are no issues this PR is resolving, explain why this change is necessary.
 
 ### Call-outs:
 
-Address any potentially confusing code. Is there code added that needs to be cleaned up later? Is there code that is missing because it’s still in development? 
+Address any potentially confusing code. Is there code added that needs to be cleaned up later? Is there code that is missing because it’s still in development? If a callout is specific to a section of code, it might make more sense to leave a comment on your own PR file diff.
 
 ### Testing:
 
-How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
-
+How is this change tested (unit tests, fuzz tests, etc.)? What manual testing was performed? Are there any testing steps to be verified by the reviewer?
+How can you convince your reviewers that this PR is safe and effective?
 Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
 
+Remember:
+* Any change to the library source code should at least include unit tests.
+* Any change to the core stuffer or blob methods should include [CBMC proofs](https://github.com/aws/s2n-tls/tree/main/tests/cbmc).
+* Any change to the CI or tests should:
+   1. prove that the test succeeds for good input
+   2. prove that the test fails for bad input (eg, a test for memory leaks fails when a memory leak is committed)
+
+
 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+# This configuration file tells Dependabot which
+# package ecosystems to update and where the package manifests are located.
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  # https://github.com/dependabot/dependabot-core/pull/6189
+  - package-ecosystem: "github-actions"
+    directory: "/.github/workflows"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for cargo
+  - package-ecosystem: "cargo"
+    directories:
+      - "/bindings/rust"
+      - "/bindings/rust-examples"
+      - "/tests/pcap"
+      - "/tests/regression"
+    schedule:
+      interval: "daily"
diff --git a/tests/unit/s2n_self_talk_ktls_test.c b/tests/unit/s2n_self_talk_ktls_test.c
@@ -82,16 +82,10 @@ static S2N_RESULT s2n_new_inet_socket_pair(struct s2n_test_io_pair *io_pair)
     io_pair->client = socket(AF_INET, SOCK_STREAM, 0);
     RESULT_ENSURE_GT(io_pair->client, 0);
 
-    fflush(stdout);
-    pid_t pid = fork();
-    RESULT_ENSURE_GTE(pid, 0);
-    if (pid == 0) {
-        RESULT_ENSURE_EQ(connect(io_pair->client, (struct sockaddr *) &saddr, addrlen), 0);
-        ZERO_TO_DISABLE_DEFER_CLEANUP(io_pair);
-        exit(0);
-    }
+    RESULT_ENSURE_EQ(connect(io_pair->client, (struct sockaddr *) &saddr, addrlen), 0);
     io_pair->server = accept(listener, NULL, NULL);
     RESULT_ENSURE_GT(io_pair->server, 0);
+    RESULT_ENSURE_EQ(close(listener), 0);
     return S2N_RESULT_OK;
 }
 
@@ -134,12 +128,6 @@ int main(int argc, char **argv)
         sizeof(test_data),
     };
 
-    uint8_t file_test_data[100] = { 0 };
-    int file = open(argv[0], O_RDONLY);
-    EXPECT_TRUE(file > 0);
-    int file_read = pread(file, file_test_data, sizeof(file_test_data), 0);
-    EXPECT_EQUAL(file_read, sizeof(file_test_data));
-
     DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
@@ -171,6 +159,7 @@ int main(int argc, char **argv)
              * to be able to test ktls.
              */
             EXPECT_FALSE(ktls_expected);
+            EXPECT_SUCCESS(s2n_io_pair_close(&io_pair));
             END_TEST();
         }
         EXPECT_OK(s2n_setup_connections(server, client, &io_pair));
@@ -270,22 +259,32 @@ int main(int argc, char **argv)
         };
 
         /* Test: s2n_sendfile */
-        for (size_t offset_i = 0; offset_i < s2n_array_len(test_offsets); offset_i++) {
-            const size_t offset = test_offsets[offset_i];
-            const size_t expected_written = sizeof(test_data) - offset;
+        {
+            uint8_t file_test_data[100] = { 0 };
+            int file = open(argv[0], O_RDONLY);
+            EXPECT_TRUE(file > 0);
+            int file_read = pread(file, file_test_data, sizeof(file_test_data), 0);
+            EXPECT_EQUAL(file_read, sizeof(file_test_data));
+
+            for (size_t offset_i = 0; offset_i < s2n_array_len(test_offsets); offset_i++) {
+                const size_t offset = test_offsets[offset_i];
+                const size_t expected_written = sizeof(test_data) - offset;
+
+                size_t written = 0;
+                EXPECT_SUCCESS(s2n_sendfile(writer, file, offset, expected_written,
+                        &written, &blocked));
+                EXPECT_EQUAL(written, expected_written);
+                EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);
 
-            size_t written = 0;
-            EXPECT_SUCCESS(s2n_sendfile(writer, file, offset, expected_written,
-                    &written, &blocked));
-            EXPECT_EQUAL(written, expected_written);
-            EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);
+                uint8_t buffer[sizeof(file_test_data)] = { 0 };
+                int read = s2n_recv(reader, buffer, expected_written, &blocked);
+                EXPECT_EQUAL(read, expected_written);
+                EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);
 
-            uint8_t buffer[sizeof(file_test_data)] = { 0 };
-            int read = s2n_recv(reader, buffer, expected_written, &blocked);
-            EXPECT_EQUAL(read, expected_written);
-            EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);
+                EXPECT_BYTEARRAY_EQUAL(file_test_data + offset, buffer, read);
+            }
 
-            EXPECT_BYTEARRAY_EQUAL(file_test_data + offset, buffer, read);
+            EXPECT_SUCCESS(close(file));
         }
 
         /* Test: s2n_shutdown */