Skip to content

Remove OpenSSL error queue checking in SslInitializer #65435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 17, 2022
Merged

Remove OpenSSL error queue checking in SslInitializer #65435

merged 1 commit into from
Feb 17, 2022

Conversation

rzikm
Copy link
Member

@rzikm rzikm commented Feb 16, 2022
edited by karelz
Loading

Fixes #64492

as noted by @bartonjs in #64492 (comment), nothing in the CryptoNative_EnsureLibSslInitialized puts any errors in the error queue, so it is not necessary to check it after finishing.

In 6.0, there is a possibility that if a previous crypto operation left an error in the OpenSSL error queue then SslInitializer would be prevented from completing correctly (See discussion of the original issue for more details.), this has probably been greatly reduced or even fixed by #65148 for 7.0, but backporting change made in this PR to 6.0 should be less risky and just as effective.

@ghost ghost assigned rzikm Feb 16, 2022
@ghost
Copy link

ghost commented Feb 16, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Fixes Issue #64492

There is a possibility that a previous crypto operation left an error in the OpenSSL error queue, which would prevent SslInitializer from completing correctly. See discussion of the original issue for more details.

Author: rzikm
Assignees: rzikm
Labels:

area-System.Net.Security
Milestone: -

@rzikm rzikm changed the title Remove OpenSSL error queue checking after initialization Remove OpenSSL error queue checking in SslInitializer Feb 16, 2022
@rzikm rzikm requested a review from bartonjs February 16, 2022 14:57
@vcsjones vcsjones mentioned this pull request Feb 16, 2022
Closed
@wfurt
Copy link
Member

wfurt commented Feb 16, 2022

test failure unrelated. probably outcome of #64747. Root cause may be similar to #43686.

System.Net.Security.Tests.SslStreamNetworkStreamTest.SslStream_NegotiateClientCertificateAsync_PendingDecryptedData_Throws [SKIP]
      Condition(s) not met: "SupportsRenegotiation"
Process terminated due to "Expected 7 <= 0
   at System.Diagnostics.DebugProvider.Fail(String message, String detailMessage) in /_/src/libraries/System.Private.CoreLib/src/System/Diagnostics/DebugProvider.cs:line 22
   at System.Diagnostics.Debug.Fail(String message, String detailMessage) in /_/src/libraries/System.Private.CoreLib/src/System/Diagnostics/Debug.cs:line 131
   at System.Diagnostics.Debug.Assert(Boolean condition, String message, String detailMessage) in /_/src/libraries/System.Private.CoreLib/src/System/Diagnostics/Debug.cs:line 95
   at System.Diagnostics.Debug.Assert(Boolean condition, String message) in /_/src/libraries/System.Private.CoreLib/src/System/Diagnostics/Debug.cs:line 84
   at System.Diagnostics.Debug.Assert(Boolean condition, AssertInterpolatedStringHandler& message) in /_/src/libraries/System.Private.CoreLib/src/System/Diagnostics/Debug.cs:line 88
   at System.Net.ArrayBuffer.Discard(Int32 byteCount) in /_/src/libraries/Common/src/System/Net/ArrayBuffer.cs:line 67
   at System.Net.Security.SslStream.SslBuffer.DiscardEncrypted(Int32 byteCount) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs:line 152
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 498

wfurt
wfurt reviewed Feb 16, 2022
View reviewed changes
src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.Initialization.cs
if (Interop.Crypto.ErrPeekLastError() != 0)
{
// It is going to be wrapped in a type load exception but will have the error information
throw Interop.Crypto.CreateOpenSslCryptographicException();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we clean up the queue and put the error to trace log for troubleshooting?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since none of the initialization code can produce errors, it's just a sign that the initializer ran on a thread where some OpenSSL-related activity had already happened (and happened to leave an error behind). I don't think it's interesting to log. (For the same reason I suggested just deleting this code)

@rzikm rzikm merged commit 8e2f930 into dotnet:main Feb 17, 2022
@rzikm
Copy link
Member Author

rzikm commented Feb 17, 2022

/backport to release/6.0

@github-actions
Copy link
Contributor

Started backporting to release/6.0: https://github.com/dotnet/runtime/actions/runs/1858570523

@github-actions github-actions bot mentioned this pull request Feb 17, 2022
Merged
@rzikm rzikm linked an issue Feb 17, 2022 that may be closed by this pull request
HttpClient fails to initialize SSL. #64492
Closed
@wfurt wfurt mentioned this pull request Feb 17, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Mar 19, 2022
@karelz karelz added this to the 7.0.0 milestone Apr 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

@wfurt wfurt wfurt left review comments

@stephentoub stephentoub stephentoub approved these changes

Assignees

@rzikm rzikm

Labels
area-System.Net.Security
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.

HttpClient fails to initialize SSL.
5 participants
@rzikm @wfurt @stephentoub @bartonjs @karelz