diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-28 10:12:33 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-28 10:12:33 +0300 |
| commit | 7a815bed611966b3e27f438f43bc9dc7f69aef70 (patch) | |
| tree | 0335bcf2d80c7d79a76496ffaa7bda87b6bbfdff | |
| parent | 14a9357e8d2d937e22b789d5aea09219a3e92c31 (diff) | |
| download | ydb-7a815bed611966b3e27f438f43bc9dc7f69aef70.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.39
26 files changed, 185 insertions, 76 deletions
diff --git a/contrib/restricted/aws/s2n/README.md b/contrib/restricted/aws/s2n/README.md index a2574fdc315..0b7035a04bc 100644 --- a/contrib/restricted/aws/s2n/README.md +++ b/contrib/restricted/aws/s2n/README.md @@ -5,7 +5,6 @@ s2n-tls is a C99 implementation of the TLS/SSL protocols that is designed to be [](https://github.com/aws/s2n-tls/) [](http://aws.amazon.com/apache-2-0/) [](http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf) -[](https://codecov.io/gh/aws/s2n-tls) [](https://github.com/aws/s2n-tls/network) [](https://github.com/aws/s2n-tls/stargazers) [](https://gitter.im/awslabs/s2n?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) diff --git a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c index 1f0f5109f84..896b8e77bf3 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c @@ -297,15 +297,23 @@ int s2n_cert_chain_and_key_load_cns(struct s2n_cert_chain_and_key *chain_and_key /* We need to try and decode the CN since it may be encoded as unicode with a * direct ASCII equivalent. Any non ASCII bytes in the string will fail later when we * actually compare hostnames. + * + * `ASN1_STRING_to_UTF8` allocates in both the success case and in the zero return case, but + * not in the failure case (negative return value). Therefore, we use `ZERO_TO_DISABLE_DEFER_CLEANUP` + * in the failure case to prevent double-freeing `utf8_str`. For the zero and success cases, `utf8_str` + * will be freed by the `DEFER_CLEANUP`. */ DEFER_CLEANUP(unsigned char *utf8_str, OPENSSL_free_pointer); const int utf8_out_len = ASN1_STRING_to_UTF8(&utf8_str, asn1_str); if (utf8_out_len < 0) { /* On failure, ASN1_STRING_to_UTF8 does not allocate any memory */ + ZERO_TO_DISABLE_DEFER_CLEANUP(utf8_str); continue; } else if (utf8_out_len == 0) { - /* We still need to free memory here see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521 */ - OPENSSL_free(utf8_str); + /* We still need to free memory for this case, so let the DEFER_CLEANUP free it + * see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521 and + * https://security.archlinux.org/CVE-2017-7521 + */ } else { struct s2n_blob *cn_name = NULL; POSIX_GUARD_RESULT(s2n_array_pushback(chain_and_key->cn_names, (void **) &cn_name)); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c index 82f1a57a58c..cddc617a13c 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c @@ -239,17 +239,17 @@ int s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey) int s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } int s2n_evp_pkey_to_rsa_pss_private_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } int s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } #endif diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c index d4d3e51f19d..25096a3e1ac 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c @@ -213,17 +213,17 @@ int s2n_rsa_pss_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest int s2n_rsa_pss_sign_digest(const struct s2n_pkey *priv, s2n_hash_algorithm hash_alg, struct s2n_blob *digest_in, struct s2n_blob *signature_out) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } int s2n_rsa_pss_sign(const struct s2n_pkey *priv, struct s2n_hash_state *digest, struct s2n_blob *signature_out) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } int s2n_rsa_pss_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest, struct s2n_blob *signature_in) { - POSIX_BAIL(S2N_RSA_PSS_NOT_SUPPORTED); + POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED); } #endif diff --git a/contrib/restricted/aws/s2n/error/s2n_errno.c b/contrib/restricted/aws/s2n/error/s2n_errno.c index f1059bd1825..8730c390112 100644 --- a/contrib/restricted/aws/s2n/error/s2n_errno.c +++ b/contrib/restricted/aws/s2n/error/s2n_errno.c @@ -237,7 +237,7 @@ static const char *no_such_error = "Internal s2n error"; ERR_ENTRY(S2N_ERR_SESSION_TICKET_NOT_SUPPORTED, "Session ticket not supported for this connection") \ ERR_ENTRY(S2N_ERR_OCSP_NOT_SUPPORTED, "OCSP stapling was requested, but is not supported") \ ERR_ENTRY(S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES, "Invalid signature algorithms preferences version") \ - ERR_ENTRY(S2N_RSA_PSS_NOT_SUPPORTED, "RSA-PSS signing not supported by underlying libcrypto implementation") \ + ERR_ENTRY(S2N_ERR_RSA_PSS_NOT_SUPPORTED, "RSA-PSS signing not supported by underlying libcrypto implementation") \ ERR_ENTRY(S2N_ERR_MAX_INNER_PLAINTEXT_SIZE, "Inner plaintext size exceeds limit") \ ERR_ENTRY(S2N_ERR_INVALID_ECC_PREFERENCES, "Invalid ecc curves preferences version") \ ERR_ENTRY(S2N_ERR_RECORD_STUFFER_SIZE, "Record stuffer out of space") \ diff --git a/contrib/restricted/aws/s2n/error/s2n_errno.h b/contrib/restricted/aws/s2n/error/s2n_errno.h index 160f6262489..69552669457 100644 --- a/contrib/restricted/aws/s2n/error/s2n_errno.h +++ b/contrib/restricted/aws/s2n/error/s2n_errno.h @@ -278,7 +278,7 @@ typedef enum { S2N_ERR_SESSION_TICKET_NOT_SUPPORTED, S2N_ERR_OCSP_NOT_SUPPORTED, S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES, - S2N_RSA_PSS_NOT_SUPPORTED, + S2N_ERR_RSA_PSS_NOT_SUPPORTED, S2N_ERR_INVALID_ECC_PREFERENCES, S2N_ERR_INVALID_SECURITY_POLICY, S2N_ERR_INVALID_KEM_PREFERENCES, diff --git a/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c b/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c index 36e6d3d85e4..3d8411d6de8 100644 --- a/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c +++ b/contrib/restricted/aws/s2n/pq-crypto/s2n_kyber_512_evp.c @@ -26,15 +26,15 @@ int s2n_kyber_512_evp_generate_keypair(uint8_t *public_key, uint8_t *private_key) { EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KYBER512, NULL); POSIX_GUARD_PTR(kyber_pkey_ctx); - POSIX_ENSURE(EVP_PKEY_keygen_init(kyber_pkey_ctx), S2N_FAILURE); + POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(kyber_pkey_ctx), S2N_ERR_PQ_CRYPTO); EVP_PKEY *kyber_pkey = NULL; - POSIX_ENSURE(EVP_PKEY_keygen(kyber_pkey_ctx, &kyber_pkey), S2N_FAILURE); + POSIX_GUARD_OSSL(EVP_PKEY_keygen(kyber_pkey_ctx, &kyber_pkey), S2N_ERR_PQ_CRYPTO); size_t public_key_size = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES; size_t private_key_size = S2N_KYBER_512_R3_SECRET_KEY_BYTES; - POSIX_ENSURE(EVP_PKEY_get_raw_public_key(kyber_pkey, public_key, &public_key_size), S2N_FAILURE); - POSIX_ENSURE(EVP_PKEY_get_raw_private_key(kyber_pkey, private_key, &private_key_size), S2N_FAILURE); + POSIX_GUARD_OSSL(EVP_PKEY_get_raw_public_key(kyber_pkey, public_key, &public_key_size), S2N_ERR_PQ_CRYPTO); + POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kyber_pkey, private_key, &private_key_size), S2N_ERR_PQ_CRYPTO); return S2N_SUCCESS; } @@ -50,8 +50,8 @@ int s2n_kyber_512_evp_encapsulate(uint8_t *ciphertext, uint8_t *shared_secret, size_t cipher_text_size = S2N_KYBER_512_R3_CIPHERTEXT_BYTES; size_t shared_secret_size = S2N_KYBER_512_R3_SHARED_SECRET_BYTES; - POSIX_ENSURE(EVP_PKEY_encapsulate(kyber_pkey_ctx, ciphertext, &cipher_text_size, shared_secret, - &shared_secret_size), S2N_FAILURE); + POSIX_GUARD_OSSL(EVP_PKEY_encapsulate(kyber_pkey_ctx, ciphertext, &cipher_text_size, shared_secret, + &shared_secret_size), S2N_ERR_PQ_CRYPTO); return S2N_SUCCESS; } @@ -65,8 +65,8 @@ int s2n_kyber_512_evp_decapsulate(uint8_t *shared_secret, const uint8_t *ciphert POSIX_GUARD_PTR(kyber_pkey_ctx); size_t shared_secret_size = S2N_KYBER_512_R3_SHARED_SECRET_BYTES; - POSIX_ENSURE(EVP_PKEY_decapsulate(kyber_pkey_ctx, shared_secret, &shared_secret_size, (uint8_t *) ciphertext, - S2N_KYBER_512_R3_CIPHERTEXT_BYTES), S2N_FAILURE); + POSIX_GUARD_OSSL(EVP_PKEY_decapsulate(kyber_pkey_ctx, shared_secret, &shared_secret_size, (uint8_t *) ciphertext, + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), S2N_ERR_PQ_CRYPTO); return S2N_SUCCESS; } #else diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c index 92a47a3db46..e8d7c883b49 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c @@ -360,11 +360,11 @@ int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *io continue; } size_t iov_len_op = iov[i].iov_len - to_skip; - POSIX_ENSURE(iov_len_op <= UINT32_MAX, S2N_FAILURE); + POSIX_ENSURE_LTE(iov_len_op, UINT32_MAX); uint32_t iov_len = (uint32_t) iov_len_op; uint32_t iov_size_to_take = MIN(size_left, iov_len); POSIX_ENSURE_REF(iov[i].iov_base); - POSIX_ENSURE(to_skip < iov[i].iov_len, S2N_FAILURE); + POSIX_ENSURE_LT(to_skip, iov[i].iov_len); POSIX_CHECKED_MEMCPY(ptr, ((uint8_t *) (iov[i].iov_base)) + to_skip, iov_size_to_take); size_left -= iov_size_to_take; if (size_left == 0) { diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c index ac2453041e4..a41564d54b4 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c @@ -80,14 +80,14 @@ int s2n_stuffer_alloc_ro_from_fd(struct s2n_stuffer *stuffer, int rfd) POSIX_ENSURE(fstat(rfd, &st) >= 0, S2N_ERR_FSTAT); - POSIX_ENSURE(st.st_size > 0, S2N_FAILURE); - POSIX_ENSURE(st.st_size <= UINT32_MAX, S2N_FAILURE); + POSIX_ENSURE_GT(st.st_size, 0); + POSIX_ENSURE_LTE(st.st_size, UINT32_MAX); uint8_t *map = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, rfd, 0); POSIX_ENSURE(map != MAP_FAILED, S2N_ERR_MMAP); struct s2n_blob b = { 0 }; - POSIX_ENSURE(s2n_blob_init(&b, map, (uint32_t) st.st_size), S2N_FAILURE); + POSIX_GUARD(s2n_blob_init(&b, map, (uint32_t) st.st_size)); return s2n_stuffer_init(stuffer, &b); } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c index 0c3909e7cf0..1b59001d398 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c @@ -111,13 +111,6 @@ static int s2n_generate_pq_hybrid_key_share(struct s2n_stuffer *out, struct s2n_ const struct s2n_kem_group *kem_group = kem_group_params->kem_group; POSIX_ENSURE_REF(kem_group); - /* The structure of the PQ share is: - * IANA ID (2 bytes) - * || total share size (2 bytes) - * || size of ECC key share (2 bytes) - * || ECC key share (variable bytes) - * || size of PQ key share (2 bytes) - * || PQ key share (variable bytes) */ POSIX_GUARD(s2n_stuffer_write_uint16(out, kem_group->iana_id)); struct s2n_stuffer_reservation total_share_size = { 0 }; @@ -125,10 +118,11 @@ static int s2n_generate_pq_hybrid_key_share(struct s2n_stuffer *out, struct s2n_ struct s2n_ecc_evp_params *ecc_params = &kem_group_params->ecc_params; ecc_params->negotiated_curve = kem_group->curve; - POSIX_GUARD_RESULT(s2n_ecdhe_send_public_key(ecc_params, out)); struct s2n_kem_params *kem_params = &kem_group_params->kem_params; kem_params->kem = kem_group->kem; + + POSIX_GUARD_RESULT(s2n_ecdhe_send_public_key(ecc_params, out, kem_params->len_prefixed)); POSIX_GUARD(s2n_kem_send_public_key(out, kem_params)); POSIX_GUARD(s2n_stuffer_write_vector_size(&total_share_size)); @@ -158,6 +152,7 @@ static int s2n_generate_default_pq_hybrid_key_share(struct s2n_connection *conn, * during a retry, or the most preferred share according to local preferences. */ struct s2n_kem_group_params *client_params = &conn->kex_params.client_kem_group_params; + if (s2n_is_hello_retry_handshake(conn)) { const struct s2n_kem_group *server_group = conn->kex_params.server_kem_group_params.kem_group; @@ -181,7 +176,9 @@ static int s2n_generate_default_pq_hybrid_key_share(struct s2n_connection *conn, client_params->kem_group = server_group; } else { client_params->kem_group = kem_pref->tls13_kem_groups[0]; + client_params->kem_params.len_prefixed = s2n_tls13_client_must_use_hybrid_kem_length_prefix(kem_pref); } + POSIX_GUARD(s2n_generate_pq_hybrid_key_share(out, client_params)); return S2N_SUCCESS; @@ -342,21 +339,34 @@ static int s2n_client_key_share_recv_pq_hybrid(struct s2n_connection *conn, stru return S2N_SUCCESS; } + /* The length of the hybrid key share must be one of two possible lengths. Its internal values are either length + * prefixed, or they are not. */ + uint16_t actual_hybrid_share_size = key_share->blob.size; + uint16_t unprefixed_hybrid_share_size = kem_group->curve->share_size + kem_group->kem->public_key_length; + uint16_t prefixed_hybrid_share_size = (2 * S2N_SIZE_OF_KEY_SHARE_SIZE) + unprefixed_hybrid_share_size; + /* Ignore KEM groups with unexpected overall total share sizes */ - if (key_share->blob.size != kem_group->client_share_size) { + if ((actual_hybrid_share_size != unprefixed_hybrid_share_size) && (actual_hybrid_share_size != prefixed_hybrid_share_size)) { return S2N_SUCCESS; } - /* Ignore KEM groups with unexpected ECC share sizes */ - uint16_t ec_share_size = 0; - POSIX_GUARD(s2n_stuffer_read_uint16(key_share, &ec_share_size)); - if (ec_share_size != kem_group->curve->share_size) { - return S2N_SUCCESS; + bool is_hybrid_share_length_prefixed = (actual_hybrid_share_size == prefixed_hybrid_share_size); + + if (is_hybrid_share_length_prefixed) { + /* Ignore KEM groups with unexpected ECC share sizes */ + uint16_t ec_share_size = 0; + POSIX_GUARD(s2n_stuffer_read_uint16(key_share, &ec_share_size)); + if (ec_share_size != kem_group->curve->share_size) { + return S2N_SUCCESS; + } } DEFER_CLEANUP(struct s2n_kem_group_params new_client_params = { 0 }, s2n_kem_group_free); new_client_params.kem_group = kem_group; + /* Need to save whether the client included the length prefix so that we can match their behavior in our response. */ + new_client_params.kem_params.len_prefixed = is_hybrid_share_length_prefixed; + POSIX_GUARD(s2n_client_key_share_parse_ecc(key_share, kem_group->curve, &new_client_params.ecc_params)); /* If we were unable to parse the EC portion of the share, negotiated_curve * will be NULL, and we should ignore the entire key share. */ diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c index 7428eb9fd86..36217f05889 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c @@ -21,12 +21,15 @@ /* Generate and write an ecc point. * This is used to write the ecc portion of PQ hybrid keyshares, which does NOT include the curve id. */ -S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out) +S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out, bool len_prefixed) { RESULT_ENSURE_REF(ecc_evp_params); RESULT_ENSURE_REF(ecc_evp_params->negotiated_curve); - RESULT_GUARD_POSIX(s2n_stuffer_write_uint16(out, ecc_evp_params->negotiated_curve->share_size)); + if (len_prefixed) { + RESULT_GUARD_POSIX(s2n_stuffer_write_uint16(out, ecc_evp_params->negotiated_curve->share_size)); + } + if (ecc_evp_params->evp_pkey == NULL) { RESULT_GUARD_POSIX(s2n_ecc_evp_generate_ephemeral_key(ecc_evp_params)); } @@ -44,7 +47,7 @@ int s2n_ecdhe_parameters_send(struct s2n_ecc_evp_params *ecc_evp_params, struct POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); POSIX_GUARD(s2n_stuffer_write_uint16(out, ecc_evp_params->negotiated_curve->iana_id)); - POSIX_GUARD_RESULT(s2n_ecdhe_send_public_key(ecc_evp_params, out)); + POSIX_GUARD_RESULT(s2n_ecdhe_send_public_key(ecc_evp_params, out, true)); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h index c8c6f989506..fe87befd9a5 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h @@ -25,5 +25,5 @@ #define S2N_SIZE_OF_NAMED_GROUP 2 #define S2N_SIZE_OF_KEY_SHARE_SIZE 2 -S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out); +S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out, bool len_prefixed); int s2n_ecdhe_parameters_send(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c index 4d1a2f1927d..185a41273bf 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c @@ -42,6 +42,7 @@ static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, POSIX_ENSURE(s2n_pq_is_enabled(), S2N_ERR_PQ_DISABLED); struct s2n_kem_group_params *server_kem_group_params = &conn->kex_params.server_kem_group_params; + struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; POSIX_ENSURE_REF(server_kem_group_params->kem_group); POSIX_GUARD(s2n_stuffer_write_uint16(out, server_kem_group_params->kem_group->iana_id)); @@ -51,11 +52,12 @@ static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_ecc_evp_params *server_ecc_params = &server_kem_group_params->ecc_params; POSIX_ENSURE_REF(server_ecc_params->negotiated_curve); - POSIX_GUARD(s2n_stuffer_write_uint16(out, server_ecc_params->negotiated_curve->share_size)); + if (client_kem_params->len_prefixed) { + POSIX_GUARD(s2n_stuffer_write_uint16(out, server_ecc_params->negotiated_curve->share_size)); + } POSIX_GUARD(s2n_ecc_evp_generate_ephemeral_key(server_ecc_params)); POSIX_GUARD(s2n_ecc_evp_write_params_point(server_ecc_params, out)); - struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; POSIX_ENSURE_REF(client_kem_params->public_key.data); /* s2n_kem_send_ciphertext() will generate the PQ shared secret and use * the client's public key to encapsulate; the PQ shared secret will be @@ -199,21 +201,30 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint POSIX_ENSURE(client_kem_group_params->ecc_params.evp_pkey, S2N_ERR_BAD_KEY_SHARE); POSIX_ENSURE(client_kem_group_params->kem_group == server_kem_group_params->kem_group, S2N_ERR_BAD_KEY_SHARE); - uint16_t received_total_share_size; - POSIX_GUARD(s2n_stuffer_read_uint16(extension, &received_total_share_size)); - POSIX_ENSURE(received_total_share_size == server_kem_group_params->kem_group->server_share_size, S2N_ERR_BAD_KEY_SHARE); - POSIX_ENSURE(s2n_stuffer_data_available(extension) == received_total_share_size, S2N_ERR_BAD_KEY_SHARE); + uint16_t actual_hybrid_share_size = 0; + POSIX_GUARD(s2n_stuffer_read_uint16(extension, &actual_hybrid_share_size)); + POSIX_ENSURE(s2n_stuffer_data_available(extension) == actual_hybrid_share_size, S2N_ERR_BAD_KEY_SHARE); + + struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; + + /* Don't need to call s2n_is_tls13_hybrid_kem_length_prefixed() to set client_kem_params->len_prefixed since we are + * the client, and server-side should auto-detect hybrid share size and match our behavior. */ /* Parse ECC key share */ - uint16_t ecc_share_size; + uint16_t expected_ecc_share_size = server_kem_group_params->kem_group->curve->share_size; + if (client_kem_params->len_prefixed) { + uint16_t actual_ecc_share_size = 0; + POSIX_GUARD(s2n_stuffer_read_uint16(extension, &actual_ecc_share_size)); + POSIX_ENSURE(actual_ecc_share_size == expected_ecc_share_size, S2N_ERR_BAD_KEY_SHARE); + } + struct s2n_blob point_blob = { 0 }; - POSIX_GUARD(s2n_stuffer_read_uint16(extension, &ecc_share_size)); - POSIX_ENSURE(s2n_ecc_evp_read_params_point(extension, ecc_share_size, &point_blob) == S2N_SUCCESS, S2N_ERR_BAD_KEY_SHARE); + POSIX_ENSURE(s2n_ecc_evp_read_params_point(extension, expected_ecc_share_size, &point_blob) == S2N_SUCCESS, S2N_ERR_BAD_KEY_SHARE); POSIX_ENSURE(s2n_ecc_evp_parse_params_point(&point_blob, &server_kem_group_params->ecc_params) == S2N_SUCCESS, S2N_ERR_BAD_KEY_SHARE); POSIX_ENSURE(server_kem_group_params->ecc_params.evp_pkey != NULL, S2N_ERR_BAD_KEY_SHARE); /* Parse the PQ KEM key share */ - POSIX_ENSURE(s2n_kem_recv_ciphertext(extension, &conn->kex_params.client_kem_group_params.kem_params) == S2N_SUCCESS, + POSIX_ENSURE(s2n_kem_recv_ciphertext(extension, client_kem_params) == S2N_SUCCESS, S2N_ERR_BAD_KEY_SHARE); return S2N_SUCCESS; diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c index bc227698999..865427952c3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c @@ -204,6 +204,7 @@ int s2n_kem_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared * to kem_params.shared_secret. */ POSIX_ENSURE_REF(shared_key); S2N_ERROR_IF(shared_key != &(conn->kex_params.kem_params.shared_secret), S2N_ERR_SAFETY); + conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ POSIX_GUARD(s2n_kem_recv_ciphertext(&(conn->handshake.io), &(conn->kex_params.kem_params))); @@ -304,6 +305,8 @@ int s2n_kem_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared POSIX_ENSURE_REF(shared_key); S2N_ERROR_IF(shared_key != &(conn->kex_params.kem_params.shared_secret), S2N_ERR_SAFETY); + conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed */ + POSIX_GUARD(s2n_kem_send_ciphertext(&(conn->handshake.io), &(conn->kex_params.kem_params))); return 0; diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c index e057984a75a..9545defa4cb 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.c +++ b/contrib/restricted/aws/s2n/tls/s2n_config.c @@ -526,6 +526,25 @@ int s2n_config_add_cert_chain_and_key(struct s2n_config *config, const char *cer return S2N_SUCCESS; } +/* Only used in the Rust bindings. Superseded by s2n_config_add_cert_chain_and_key_to_store */ +int s2n_config_add_cert_chain(struct s2n_config *config, + uint8_t *cert_chain_pem, uint32_t cert_chain_pem_size) +{ + POSIX_ENSURE_REF(config); + POSIX_ENSURE(config->cert_ownership != S2N_APP_OWNED, S2N_ERR_CERT_OWNERSHIP); + + DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = s2n_cert_chain_and_key_new(), + s2n_cert_chain_and_key_ptr_free); + POSIX_ENSURE_REF(chain_and_key); + POSIX_GUARD(s2n_cert_chain_and_key_load_public_pem_bytes(chain_and_key, + cert_chain_pem, cert_chain_pem_size)); + POSIX_GUARD(s2n_config_add_cert_chain_and_key_impl(config, chain_and_key)); + config->cert_ownership = S2N_LIB_OWNED; + + ZERO_TO_DISABLE_DEFER_CLEANUP(chain_and_key); + return S2N_SUCCESS; +} + int s2n_config_add_cert_chain_and_key_to_store(struct s2n_config *config, struct s2n_cert_chain_and_key *cert_key_pair) { POSIX_ENSURE_REF(config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_internal.h b/contrib/restricted/aws/s2n/tls/s2n_internal.h index 87076a7e544..ed4f5d936b1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_internal.h +++ b/contrib/restricted/aws/s2n/tls/s2n_internal.h @@ -44,3 +44,12 @@ struct s2n_connection; * modified after it has been built. Doing so is undefined behavior. */ S2N_PRIVATE_API int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); + +/* + * Sets a certificate chain on the config. + * + * It does NOT set a private key, so the connection will need to be configured to + * [offload private key operations](https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md#offloading-asynchronous-private-key-operations). + */ +S2N_PRIVATE_API int s2n_config_add_cert_chain(struct s2n_config *config, + uint8_t *cert_chain_pem, uint32_t cert_chain_pem_size); diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.c b/contrib/restricted/aws/s2n/tls/s2n_kem.c index 373d9b543fb..8f752890044 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.c @@ -70,8 +70,6 @@ const struct s2n_iana_to_kem kem_mapping[3] = { const struct s2n_kem_group s2n_secp256r1_kyber_512_r3 = { .name = "secp256r1_kyber-512-r3", .iana_id = TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3, - .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), - .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), .curve = &s2n_ecc_curve_secp256r1, .kem = &s2n_kyber_512_r3, }; @@ -80,8 +78,6 @@ const struct s2n_kem_group s2n_secp256r1_kyber_512_r3 = { const struct s2n_kem_group s2n_x25519_kyber_512_r3 = { .name = "x25519_kyber-512-r3", .iana_id = TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3, - .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), - .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), .curve = &s2n_ecc_curve_x25519, .kem = &s2n_kyber_512_r3, }; @@ -285,7 +281,9 @@ int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_ const struct s2n_kem *kem = kem_params->kem; - POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->public_key_length)); + if (kem_params->len_prefixed) { + POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->public_key_length)); + } /* We don't need to store the public key after sending it. * We write it directly to *out. */ @@ -313,15 +311,17 @@ int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_p POSIX_ENSURE_REF(kem_params->kem); const struct s2n_kem *kem = kem_params->kem; - kem_public_key_size public_key_length; - POSIX_GUARD(s2n_stuffer_read_uint16(in, &public_key_length)); - S2N_ERROR_IF(public_key_length != kem->public_key_length, S2N_ERR_BAD_MESSAGE); + if (kem_params->len_prefixed) { + kem_public_key_size public_key_length = 0; + POSIX_GUARD(s2n_stuffer_read_uint16(in, &public_key_length)); + POSIX_ENSURE(public_key_length == kem->public_key_length, S2N_ERR_BAD_MESSAGE); + } /* Alloc memory for the public key; the peer receiving it will need it * later during the handshake to encapsulate the shared secret. */ - POSIX_GUARD(s2n_alloc(&(kem_params->public_key), public_key_length)); - POSIX_GUARD(s2n_stuffer_read_bytes(in, kem_params->public_key.data, public_key_length)); + POSIX_GUARD(s2n_alloc(&(kem_params->public_key), kem->public_key_length)); + POSIX_GUARD(s2n_stuffer_read_bytes(in, kem_params->public_key.data, kem->public_key_length)); return S2N_SUCCESS; } @@ -335,7 +335,9 @@ int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_ const struct s2n_kem *kem = kem_params->kem; - POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->ciphertext_length)); + if (kem_params->len_prefixed) { + POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->ciphertext_length)); + } /* Ciphertext will get written to *out */ struct s2n_blob ciphertext = { 0 }; @@ -356,12 +358,14 @@ int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_p POSIX_ENSURE_REF(kem_params->private_key.data); const struct s2n_kem *kem = kem_params->kem; - kem_ciphertext_key_size ciphertext_length; - POSIX_GUARD(s2n_stuffer_read_uint16(in, &ciphertext_length)); - S2N_ERROR_IF(ciphertext_length != kem->ciphertext_length, S2N_ERR_BAD_MESSAGE); + if (kem_params->len_prefixed) { + kem_ciphertext_key_size ciphertext_length = 0; + POSIX_GUARD(s2n_stuffer_read_uint16(in, &ciphertext_length)); + POSIX_ENSURE(ciphertext_length == kem->ciphertext_length, S2N_ERR_BAD_MESSAGE); + } - const struct s2n_blob ciphertext = { .data = s2n_stuffer_raw_read(in, ciphertext_length), .size = ciphertext_length }; + const struct s2n_blob ciphertext = { .data = s2n_stuffer_raw_read(in, kem->ciphertext_length), .size = kem->ciphertext_length }; POSIX_ENSURE_REF(ciphertext.data); /* Saves the shared secret in kem_params */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.h b/contrib/restricted/aws/s2n/tls/s2n_kem.h index 7424fa15f6f..4387c4a2803 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.h @@ -49,6 +49,9 @@ struct s2n_kem_params { struct s2n_blob public_key; struct s2n_blob private_key; struct s2n_blob shared_secret; + /* Store whether the client included the length prefix of the PQ and ECC Shares in their ClientHello, so that the + * server can match the client's behavior. For the client side, store whether it should send the length prefix. */ + bool len_prefixed; }; struct s2n_iana_to_kem { @@ -60,8 +63,6 @@ struct s2n_iana_to_kem { struct s2n_kem_group { const char *name; uint16_t iana_id; - uint16_t client_share_size; - uint16_t server_share_size; const struct s2n_ecc_named_curve *curve; const struct s2n_kem *kem; }; diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c index e217fd43732..fe0c17e2c4c 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c @@ -32,6 +32,15 @@ const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05 = { .kems = pq_kems_r3_2021_05, .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3), .tls13_kem_groups = pq_kem_groups_r3, + .tls13_pq_hybrid_draft_revision = 0 +}; + +const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2023_01 = { + .kem_count = s2n_array_len(pq_kems_r3_2021_05), + .kems = pq_kems_r3_2021_05, + .tls13_kem_group_count = s2n_array_len(pq_kem_groups_r3), + .tls13_kem_groups = pq_kem_groups_r3, + .tls13_pq_hybrid_draft_revision = 5 }; const struct s2n_kem_preferences kem_preferences_null = { @@ -39,6 +48,7 @@ const struct s2n_kem_preferences kem_preferences_null = { .kems = NULL, .tls13_kem_group_count = 0, .tls13_kem_groups = NULL, + .tls13_pq_hybrid_draft_revision = 0 }; /* Determines if query_iana_id corresponds to a tls13_kem_group for these KEM preferences. */ @@ -57,3 +67,11 @@ bool s2n_kem_preferences_includes_tls13_kem_group(const struct s2n_kem_preferenc return false; } + +/* Whether the client must include the length prefix in the PQ TLS 1.3 KEM KeyShares that it sends. Draft 0 of + * the PQ TLS 1.3 standard required length prefixing, and drafts 1-5 removed this length prefix. To not break + * backwards compatibility, we check what revision of the draft standard is configured to determine whether to send it. */ +bool s2n_tls13_client_must_use_hybrid_kem_length_prefix(const struct s2n_kem_preferences *kem_pref) +{ + return kem_pref && (kem_pref->tls13_pq_hybrid_draft_revision == 0); +} diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h index 8bafa6d2465..7ed785df7c7 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h @@ -28,6 +28,15 @@ struct s2n_kem_preferences { /* tls13_kem_groups used for hybrid TLS 1.3 */ uint8_t tls13_kem_group_count; const struct s2n_kem_group **tls13_kem_groups; + + /* Which draft revision data format should the client use in its ClientHello. Currently the server will auto-detect + * the format the client used from the TotalLength, and will match the client's behavior for backwards compatibility. + * + * Link: https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design + * - Draft 0: PQ Hybrid KEM format: (Total Length, PQ Length, PQ Share, ECC Length, ECC Share) + * - Draft 1-5: PQ Hybrid KEM format: (Total Length, PQ Share, ECC Share) + */ + uint8_t tls13_pq_hybrid_draft_revision; }; extern const struct s2n_kem *pq_kems_r3_2021_05[1]; @@ -35,7 +44,10 @@ extern const struct s2n_kem *pq_kems_r3_2021_05[1]; extern const struct s2n_kem_group *pq_kem_groups_r3[]; extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05; +extern const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2023_01; extern const struct s2n_kem_preferences kem_preferences_null; bool s2n_kem_preferences_includes_tls13_kem_group(const struct s2n_kem_preferences *kem_preferences, uint16_t query_iana_id); + +bool s2n_tls13_client_must_use_hybrid_kem_length_prefix(const struct s2n_kem_preferences *kem_pref); diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c index 924de6fa6ab..a0aee179637 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c @@ -506,6 +506,14 @@ const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26 = { .ecc_preferences = &s2n_ecc_preferences_20200310, }; +const struct s2n_security_policy security_policy_pq_tls_1_0_2023_01_24 = { + .minimum_protocol_version = S2N_TLS10, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .kem_preferences = &kem_preferences_pq_tls_1_0_2023_01, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2018_10, @@ -837,6 +845,7 @@ struct s2n_security_policy_selection security_policy_selection[] = { { .version = "PQ-TLS-1-0-2021-05-24", .security_policy = &security_policy_pq_tls_1_0_2021_05_24, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-0-2021-05-25", .security_policy = &security_policy_pq_tls_1_0_2021_05_25, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-0-2021-05-26", .security_policy = &security_policy_pq_tls_1_0_2021_05_26, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2023-01-24", .security_policy = &security_policy_pq_tls_1_0_2023_01_24, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h index c049d81bf6e..3828d7544f9 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h @@ -107,6 +107,7 @@ extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_23; extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_24; extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_25; extern const struct s2n_security_policy security_policy_pq_tls_1_0_2021_05_26; +extern const struct s2n_security_policy security_policy_pq_tls_1_0_2023_01_24; extern const struct s2n_security_policy security_policy_cloudfront_upstream; extern const struct s2n_security_policy security_policy_cloudfront_upstream_tls10; diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c index e3593280c22..2466c1e6ffa 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c @@ -173,6 +173,7 @@ int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_bl POSIX_GUARD(s2n_stuffer_read_uint16(&kem_id_stuffer, &kem_id)); POSIX_GUARD(s2n_get_kem_from_extension_id(kem_id, &(conn->kex_params.kem_params.kem))); + conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ POSIX_GUARD(s2n_kem_recv_public_key(in, &(conn->kex_params.kem_params))); kem_data->raw_public_key.data = conn->kex_params.kem_params.public_key.data; @@ -320,6 +321,7 @@ int s2n_kem_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_t POSIX_ENSURE_REF(data_to_sign->data); POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->kem_extension_id)); + conn->kex_params.kem_params.len_prefixed = true; /* PQ TLS 1.2 is always length prefixed. */ POSIX_GUARD(s2n_kem_send_public_key(out, &(conn->kex_params.kem_params))); data_to_sign->size = sizeof(kem_extension_size) + sizeof(kem_public_key_size) + kem->public_key_length; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13.c b/contrib/restricted/aws/s2n/tls/s2n_tls13.c index 983c979bac5..1ff247e2f97 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13.c @@ -128,19 +128,19 @@ S2N_RESULT s2n_connection_validate_tls13_support(struct s2n_connection *conn) * So a server might choose to use RSA-PSS even if even if the client does not advertise support for RSA-PSS. * Therefore, only servers can perform TLS1.3 without full feature support. */ - RESULT_ENSURE(conn->mode == S2N_SERVER, S2N_RSA_PSS_NOT_SUPPORTED); + RESULT_ENSURE(conn->mode == S2N_SERVER, S2N_ERR_RSA_PSS_NOT_SUPPORTED); /* RSA signatures must use RSA-PSS in TLS1.3. * So RSA-PSS is required for TLS1.3 servers if an RSA certificate is used. */ - RESULT_ENSURE(!conn->config->is_rsa_cert_configured, S2N_RSA_PSS_NOT_SUPPORTED); + RESULT_ENSURE(!conn->config->is_rsa_cert_configured, S2N_ERR_RSA_PSS_NOT_SUPPORTED); /* RSA-PSS is also required for TLS1.3 servers if client auth is requested, because the * client might offer an RSA certificate. */ s2n_cert_auth_type client_auth_status = S2N_CERT_AUTH_NONE; RESULT_GUARD_POSIX(s2n_connection_get_client_auth_type(conn, &client_auth_status)); - RESULT_ENSURE(client_auth_status == S2N_CERT_AUTH_NONE, S2N_RSA_PSS_NOT_SUPPORTED); + RESULT_ENSURE(client_auth_status == S2N_CERT_AUTH_NONE, S2N_ERR_RSA_PSS_NOT_SUPPORTED); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/utils/s2n_mem.c b/contrib/restricted/aws/s2n/utils/s2n_mem.c index fc0b3a8f19e..1650a4b2b6e 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_mem.c +++ b/contrib/restricted/aws/s2n/utils/s2n_mem.c @@ -48,10 +48,10 @@ static int s2n_mem_init_impl(void) long sysconf_rc = sysconf(_SC_PAGESIZE); /* sysconf must not error, and page_size cannot be 0 */ - POSIX_ENSURE(sysconf_rc > 0, S2N_FAILURE); + POSIX_ENSURE_GT(sysconf_rc, 0); /* page_size must be a valid uint32 */ - POSIX_ENSURE(sysconf_rc <= UINT32_MAX, S2N_FAILURE); + POSIX_ENSURE_LTE(sysconf_rc, UINT32_MAX); page_size = (uint32_t) sysconf_rc; diff --git a/contrib/restricted/aws/s2n/ya.make b/contrib/restricted/aws/s2n/ya.make index 74a80e88dae..62666de86e6 100644 --- a/contrib/restricted/aws/s2n/ya.make +++ b/contrib/restricted/aws/s2n/ya.make @@ -12,9 +12,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(1.3.38) +VERSION(1.3.39) -ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.38.tar.gz) +ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.39.tar.gz) PEERDIR( contrib/libs/openssl |