macOS dispatch queue and secitem

.github/workflows/ci.yml

@@ -245,7 +245,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        eventloop: ["kqueue", "dispatch_queue"]
         sanitizers: [",thread", ",address,undefined"]
     steps:
     - uses: aws-actions/configure-aws-credentials@v4
@@ -256,7 +255,7 @@ jobs:
       run: |
         python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
         chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=${{ matrix.eventloop == 'dispatch_queue' && 'ON' || 'OFF' }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
+        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
 
   macos-x64:
     runs-on: macos-14-large # latest
@@ -276,7 +275,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        eventloop: ["kqueue", "dispatch_queue"]
         sanitizers: [",thread", ",address,undefined"]
     steps:
     - uses: aws-actions/configure-aws-credentials@v4
@@ -287,24 +285,7 @@ jobs:
       run: |
         python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
         chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=${{ matrix.eventloop == 'dispatch_queue' && 'ON' || 'OFF' }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}" --config Debug
-
-  macos-secitem:
-    runs-on: macos-14 # latest
-    strategy:
-      fail-fast: false
-      matrix:
-        sanitizers: [",thread", ",address,undefined"]
-    steps:
-    - uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ env.CRT_CI_ROLE }}
-        aws-region: ${{ env.AWS_DEFAULT_REGION }}
-    - name: Build ${{ env.PACKAGE_NAME }} + consumers
-      run: |
-        python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
-        chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_SECITEM=ON --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=ON --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
+        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}" --config Debug
 
   freebsd:
     runs-on: ubuntu-24.04  # latest

CMakeLists.txt

@@ -101,23 +101,14 @@ elseif (APPLE)
             "source/darwin/*.c"
             )
 
-    find_library(SECURITY_LIB Security)
-    find_library(NETWORK_LIB Network)
+    find_library(SECURITY_LIB Security REQUIRED)
+    find_library(NETWORK_LIB Network REQUIRED)
 
-    # Enable dispatch queue if the libraries are avaliable
-    if (NETWORK_LIB AND SECURITY_LIB)
-        list(APPEND PLATFORM_LIBS "-framework Security -framework Network")
-        list(APPEND EVENT_LOOP_DEFINES "DISPATCH_QUEUE")
-    endif ()
-
-    # Enable KQUEUE on MacOS only if AWS_USE_SECITEM is not declared. SecItem requires Dispatch Queue.
-    if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin" AND NOT DEFINED AWS_USE_SECITEM)
-        list(APPEND EVENT_LOOP_DEFINES "KQUEUE")
-    endif()
+    list(APPEND PLATFORM_LIBS "-framework Security -framework Network")
+    list(APPEND EVENT_LOOP_DEFINES "DISPATCH_QUEUE")
 
 elseif (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-    file(GLOB AWS_IO_OS_HEADERS
-            )
+    file(GLOB AWS_IO_OS_HEADERS)
 
     file(GLOB AWS_IO_OS_SRC
             "source/bsd/*.c"
@@ -184,10 +175,6 @@ foreach(EVENT_LOOP_DEFINE IN LISTS EVENT_LOOP_DEFINES)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_ENABLE_${EVENT_LOOP_DEFINE}")
 endforeach()
 
-if (AWS_USE_SECITEM)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_SECITEM")
-endif()
-
 if (BYO_CRYPTO)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DBYO_CRYPTO")
 endif()
@@ -204,12 +191,8 @@ if (USE_VSOCK)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DUSE_VSOCK")
 endif()
 
-if (AWS_USE_APPLE_NETWORK_FRAMEWORK)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_APPLE_NETWORK_FRAMEWORK")
-endif()
-
-if (AWS_USE_APPLE_DISPATCH_QUEUE)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_APPLE_DISPATCH_QUEUE")
+if (APPLE)
+    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_SECITEM")
 endif()
 
 target_include_directories(${PROJECT_NAME} PUBLIC

include/aws/io/event_loop.h

@@ -52,14 +52,14 @@ struct aws_event_loop_vtable {
 
 /**
  * Event Loop Type.  If set to `AWS_EVENT_LOOP_PLATFORM_DEFAULT`, the event loop will automatically use the platform’s
- * default.
+ * default. The default is determined via the `aws_event_loop_get_default_type()` function based on which event loop
+ * types have been defined.
  *
  * Default Event Loop Type
  * Linux       | AWS_EVENT_LOOP_EPOLL
  * Windows     | AWS_EVENT_LOOP_IOCP
  * BSD Variants| AWS_EVENT_LOOP_KQUEUE
- * macOS       | AWS_EVENT_LOOP_KQUEUE
- * iOS         | AWS_EVENT_LOOP_DISPATCH_QUEUE
+ * Apple       | AWS_EVENT_LOOP_DISPATCH_QUEUE
  */
 enum aws_event_loop_type {
     AWS_EVENT_LOOP_PLATFORM_DEFAULT = 0,

source/darwin/darwin_pki_utils.c

@@ -799,7 +799,6 @@ int aws_secitem_import_cert_and_key(
     }
 
     // Add the certificate and private key to keychain then retrieve identity
-
     if (s_aws_secitem_add_certificate_to_keychain(cf_alloc, cert_ref, cert_serial_data, cert_label_ref)) {
         goto done;
     }

source/event_loop.c

@@ -15,13 +15,7 @@
 #include <aws/common/system_info.h>
 #include <aws/common/thread.h>
 
-#if defined(AWS_USE_APPLE_NETWORK_FRAMEWORK)
-static enum aws_event_loop_type s_default_event_loop_type_override = AWS_EVENT_LOOP_DISPATCH_QUEUE;
-#elif defined(AWS_USE_APPLE_DISPATCH_QUEUE)
-static enum aws_event_loop_type s_default_event_loop_type_override = AWS_EVENT_LOOP_DISPATCH_QUEUE;
-#else
 static enum aws_event_loop_type s_default_event_loop_type_override = AWS_EVENT_LOOP_PLATFORM_DEFAULT;
-#endif
 
 struct aws_event_loop *aws_event_loop_new_default(struct aws_allocator *alloc, aws_io_clock_fn *clock) {
     struct aws_event_loop_options options = {

source/socket.c

@@ -120,25 +120,21 @@ bool aws_socket_is_open(struct aws_socket *socket) {
  * function failed to retrieve the default type value.
  */
 enum aws_socket_impl_type aws_socket_get_default_impl_type(void) {
-// override default socket
-#ifdef AWS_USE_APPLE_NETWORK_FRAMEWORK
-    return AWS_SOCKET_IMPL_APPLE_NETWORK_FRAMEWORK;
-#else // ! AWS_USE_APPLE_NETWORK_FRAMEWORK
+
 /**
  * Ideally we should use the platform definition (e.x.: AWS_OS_APPLE) here, however the platform
  * definition was declared in aws-c-common. We probably do not want to introduce extra dependency here.
  */
-#    if defined(AWS_ENABLE_KQUEUE) || defined(AWS_ENABLE_EPOLL)
-    return AWS_SOCKET_IMPL_POSIX;
-#    elif defined(AWS_ENABLE_DISPATCH_QUEUE)
+#if defined(AWS_ENABLE_DISPATCH_QUEUE)
     return AWS_SOCKET_IMPL_APPLE_NETWORK_FRAMEWORK;
-#    elif defined(AWS_ENABLE_IO_COMPLETION_PORTS)
+#elif defined(AWS_ENABLE_KQUEUE) || defined(AWS_ENABLE_EPOLL)
+    return AWS_SOCKET_IMPL_POSIX;
+#elif defined(AWS_ENABLE_IO_COMPLETION_PORTS)
     return AWS_SOCKET_IMPL_WINSOCK;
-#    else
+#else
     AWS_FATAL_ASSERT(
         true && "Invalid default socket impl type. Please check make sure the library is compiled the correct ");
     return AWS_SOCKET_IMPL_PLATFORM_DEFAULT;
-#    endif
 #endif
 }
 

tests/CMakeLists.txt

@@ -19,19 +19,19 @@ add_test_case(io_library_init_cleanup_init_cleanup)
 add_test_case(io_library_error_order)
 
 # Dispatch Queue does not support pipe
-if(NOT AWS_USE_APPLE_NETWORK_FRAMEWORK)
-add_pipe_test_case(pipe_open_close)
-add_pipe_test_case(pipe_read_write)
-add_pipe_test_case(pipe_read_write_large_buffer)
-add_pipe_test_case(pipe_readable_event_sent_after_write)
-add_pipe_test_case(pipe_readable_event_sent_once)
-add_pipe_test_case(pipe_readable_event_sent_on_subscribe_if_data_present)
-add_pipe_test_case(pipe_readable_event_sent_on_resubscribe_if_data_present)
-add_pipe_test_case(pipe_readable_event_sent_again_after_all_data_read)
-add_pipe_test_case(pipe_error_event_sent_after_write_end_closed)
-add_pipe_test_case(pipe_error_event_sent_on_subscribe_if_write_end_already_closed)
-add_pipe_test_case(pipe_writes_are_fifo)
-add_pipe_test_case(pipe_clean_up_cancels_pending_writes)
+if(NOT APPLE)
+    add_pipe_test_case(pipe_open_close)
+    add_pipe_test_case(pipe_read_write)
+    add_pipe_test_case(pipe_read_write_large_buffer)
+    add_pipe_test_case(pipe_readable_event_sent_after_write)
+    add_pipe_test_case(pipe_readable_event_sent_once)
+    add_pipe_test_case(pipe_readable_event_sent_on_subscribe_if_data_present)
+    add_pipe_test_case(pipe_readable_event_sent_on_resubscribe_if_data_present)
+    add_pipe_test_case(pipe_readable_event_sent_again_after_all_data_read)
+    add_pipe_test_case(pipe_error_event_sent_after_write_end_closed)
+    add_pipe_test_case(pipe_error_event_sent_on_subscribe_if_write_end_already_closed)
+    add_pipe_test_case(pipe_writes_are_fifo)
+    add_pipe_test_case(pipe_clean_up_cancels_pending_writes)
 endif()
 
 
@@ -40,7 +40,7 @@ add_test_case(event_loop_canceled_tasks_run_in_el_thread)
 
 if(USE_IO_COMPLETION_PORTS)
     add_test_case(event_loop_completion_events)
-elseif(NOT AWS_USE_APPLE_NETWORK_FRAMEWORK) # Dispatch Queue does not support pipe
+elseif(NOT APPLE) # Dispatch Queue does not support pipe
     add_test_case(event_loop_subscribe_unsubscribe)
     add_test_case(event_loop_writable_event_on_subscribe)
     add_test_case(event_loop_no_readable_event_before_write)
@@ -69,7 +69,9 @@ add_test_case(local_socket_communication)
 add_net_test_case(tcp_socket_communication)
 add_net_test_case(udp_socket_communication)
 add_net_test_case(test_socket_with_bind_to_interface)
-add_net_test_case(test_socket_with_bind_to_invalid_interface)
+if(NOT APPLE)
+    add_net_test_case(test_socket_with_bind_to_invalid_interface)
+endif ()
 add_net_test_case(test_is_network_interface_name_valid)
 add_net_test_case(connect_timeout)
 
@@ -95,18 +97,18 @@ add_test_case(parse_ipv4_invalid_addresses)
 add_test_case(parse_ipv6_valid_addresses)
 add_test_case(parse_ipv6_invalid_addresses)
 
-if(NOT AWS_USE_APPLE_NETWORK_FRAMEWORK)
-# Apple Network Framework does not support bind+connect
-add_test_case(udp_bind_connect_communication)
-# The read/write will always run a different thread for Apple Network Framework
-add_test_case(wrong_thread_read_write_fails)
-# Apple Network Framework would not validate the binding endpoint until we start the
-# listen. The test does not apply here.
-add_test_case(incoming_duplicate_tcp_bind_errors)
-# nw_socket does not allow clean up event loop before socket shutdown, thus the following tests triggered
-# by event loop shutdown would not apply to Apple Network Framework
-add_net_test_case(connect_timeout_cancelation)
-add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode)
+if(NOT APPLE)
+    # Apple Network Framework does not support bind+connect
+    add_test_case(udp_bind_connect_communication)
+    # The read/write will always run a different thread for Apple Network Framework
+    add_test_case(wrong_thread_read_write_fails)
+    # Apple Network Framework would not validate the binding endpoint until we start the
+    # listen. The test does not apply here.
+    add_test_case(incoming_duplicate_tcp_bind_errors)
+    # nw_socket does not allow clean up event loop before socket shutdown, thus the following tests triggered
+    # by event loop shutdown would not apply to Apple Network Framework
+    add_net_test_case(connect_timeout_cancelation)
+    add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode)
 endif()
 
 if(WIN32)
@@ -242,11 +244,11 @@ if(NOT BYO_CRYPTO)
     # to be a way to disable it
     if(NOT(WIN32 AND NOT CMAKE_SYSTEM_VERSION MATCHES "10\.0\.1.*"))
         # Skip TLS 1.0 and TLS 1.1 test for windows later than windows server 2022, as they droped old TLS
-        if(NOT AWS_USE_SECITEM)
-        add_net_test_case(tls_client_channel_negotiation_error_legacy_crypto_tls10)
-        # SecItem does not allow use of depricated TLS versions
-        add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10)
-        add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11)
+        if(NOT APPLE)
+            add_net_test_case(tls_client_channel_negotiation_error_legacy_crypto_tls10)
+            # SecItem does not allow use of deprecated TLS versions
+            add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10)
+            add_net_test_case(tls_client_channel_negotiation_success_legacy_crypto_tls11)
         endif()
         add_net_test_case(tls_client_channel_negotiation_error_override_legacy_crypto_tls11)
     endif()
@@ -284,35 +286,36 @@ if(NOT BYO_CRYPTO)
     add_net_test_case(tls_channel_shutdown_with_cache_window_update_after_shutdown_test)
     add_net_test_case(tls_client_channel_negotiation_success)
     add_net_test_case(tls_server_multiple_connections)
-    add_net_test_case(tls_server_hangup_during_negotiation)
+    if(NOT APPLE)
+        # This test checks that server can handle hangup in the middle of TLS negotiation. Since Apple Network framework
+        # hides TLS handshake, this test is not applicable to Apple platforms.
+        add_net_test_case(tls_server_hangup_during_negotiation)
+    endif()
     add_net_test_case(tls_client_channel_no_verify)
     add_net_test_case(test_tls_negotiation_timeout)
     add_net_test_case(alpn_successfully_negotiates)
     add_net_test_case(alpn_no_protocol_message)
     add_net_test_case(test_ecc_cert_import)
 
     add_test_case(test_tls_cipher_preference)
-if(NOT AWS_USE_SECITEM)
-    # These tests require the test binary to be codesigned with an Apple Developer account with entitlements.
-    # The entitlements also require a provisioning profile and require the binary to be run from within XCode or a
-    # valid app bundle.
+
     add_net_test_case(test_concurrent_cert_import)
 
-    # PKCS8 is not supported on iOS. We will not support PKCS8 on macOS using SecItem.
-    # PKCS8 support for SecItem can be added in the future but it will require macOS
-    # specific branching of logic and import of the key into the keychain.
-    add_net_test_case(test_pkcs8_import)
+    if(NOT APPLE)
+        # PKCS8 is not supported on Apple platforms. PKCS8 support for SecItem can be added in the future but it will
+        # require macOS specific branching of logic and import of the key into the keychain.
+        add_net_test_case(test_pkcs8_import)
 
-    # This test shuts down the channel after a socket is established but while the TLS handshake is taking place
-    # further up the channel. Apple Network Framework's connection handles both the socket connection as well
-    # as the TLS handshake within the same create connection call without external notification that the socket
-    # has succeeded prior to the TLS negotiation. As such, this test will not work for Secitem.
-    add_net_test_case(tls_client_channel_negotiation_error_socket_closed)
+        # This test shuts down the channel after a socket is established but while the TLS handshake is taking place
+        # further up the channel. Apple Network Framework's connection handles both the socket connection as well
+        # as the TLS handshake within the same create connection call without external notification that the socket
+        # has succeeded prior to the TLS negotiation. As such, this test will not work for Secitem.
+        add_net_test_case(tls_client_channel_negotiation_error_socket_closed)
 
-    # TLS statistics tracks and handles the timeout of TLS. Using SecItem, the TLS handshake takes place within
-    # the socket establishment and does not need a separate timeout task for TLS.
-    add_net_test_case(tls_channel_statistics_test)
-endif()
+        # TLS statistics tracks and handles the timeout of TLS. Using SecItem, the TLS handshake takes place within
+        # the socket establishment and does not need a separate timeout task for TLS.
+        add_net_test_case(tls_channel_statistics_test)
+    endif()
 
     add_test_case(alpn_error_creating_handler)
     add_test_case(tls_destroy_null_context)

tests/event_loop_test.c

@@ -58,7 +58,7 @@ static void s_dispatch_queue_sleep(void) {
      * to run to clean up memory allocated to the paired scheduled iteration entry. We wait for two seconds to allow the
      * Apple dispatch queue to run its delayed blocks and clean up for memory release purposes.
      */
-#if defined(AWS_USE_APPLE_DISPATCH_QUEUE) || defined(AWS_USE_APPLE_NETWORK_FRAMEWORK)
+#if defined(AWS_ENABLE_DISPATCH_QUEUE)
     aws_thread_current_sleep(2000000000);
 #endif
 }

tests/tls_handler_test.c

@@ -2599,8 +2599,6 @@ static int s_test_duplicate_cert_import(struct aws_allocator *allocator, void *c
     struct aws_byte_buf cert_buf = {0};
     struct aws_byte_buf key_buf = {0};
 
-#    if !defined(AWS_USE_SECITEM)
-
     ASSERT_SUCCESS(aws_byte_buf_init_from_file(&cert_buf, allocator, "testcert0.pem"));
     ASSERT_SUCCESS(aws_byte_buf_init_from_file(&key_buf, allocator, "testkey.pem"));
     struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&cert_buf);
@@ -2619,7 +2617,6 @@ static int s_test_duplicate_cert_import(struct aws_allocator *allocator, void *c
     aws_tls_ctx_release(tls);
 
     aws_tls_ctx_options_clean_up(&tls_options);
-#    endif /* !AWS_USE_SECITEM */
 
     /* clean up */
     aws_byte_buf_clean_up(&cert_buf);