diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2023-11-01 11:16:17 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-11-01 12:03:50 +0300 |
| commit | 948552a0ebc797aecf90797407b0333fbccc43e9 (patch) | |
| tree | 1aac066ba2ba2896bc232fafca426d54f04df9b1 | |
| parent | 28b7d19f293b1c4b5e43e69fd34700c1b07026fe (diff) | |
| download | ydb-948552a0ebc797aecf90797407b0333fbccc43e9.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.55
20 files changed, 185 insertions, 62 deletions
diff --git a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c index 830f9e50d0..31ed894e1b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c @@ -221,9 +221,11 @@ int s2n_is_cert_type_valid_for_auth(struct s2n_connection *conn, s2n_pkey_type c int s2n_select_certs_for_server_auth(struct s2n_connection *conn, struct s2n_cert_chain_and_key **chosen_certs) { POSIX_ENSURE_REF(conn); + POSIX_ENSURE_REF(conn->handshake_params.server_cert_sig_scheme); + s2n_signature_algorithm sig_alg = conn->handshake_params.server_cert_sig_scheme->sig_alg; - s2n_pkey_type cert_type; - POSIX_GUARD(s2n_get_cert_type_for_sig_alg(conn->handshake_params.conn_sig_scheme.sig_alg, &cert_type)); + s2n_pkey_type cert_type = 0; + POSIX_GUARD(s2n_get_cert_type_for_sig_alg(sig_alg, &cert_type)); *chosen_certs = s2n_get_compatible_cert_chain_and_key(conn, cert_type); S2N_ERROR_IF(*chosen_certs == NULL, S2N_ERR_CERT_TYPE_UNSUPPORTED); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c b/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c index d15b4d9f53..aa3919436b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c @@ -32,14 +32,17 @@ int s2n_client_cert_verify_recv(struct s2n_connection *conn) POSIX_ENSURE_REF(hashes); struct s2n_stuffer *in = &conn->handshake.io; - struct s2n_signature_scheme *chosen_sig_scheme = &conn->handshake_params.client_cert_sig_scheme; if (conn->actual_protocol_version < S2N_TLS12) { - POSIX_GUARD(s2n_choose_default_sig_scheme(conn, chosen_sig_scheme, S2N_CLIENT)); + POSIX_GUARD(s2n_choose_default_sig_scheme(conn, + &conn->handshake_params.client_cert_sig_scheme, S2N_CLIENT)); } else { /* Verify the SigScheme picked by the Client was in the preference list we sent (or is the default SigScheme) */ - POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, in, chosen_sig_scheme)); + POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, in, + &conn->handshake_params.client_cert_sig_scheme)); } + const struct s2n_signature_scheme *chosen_sig_scheme = conn->handshake_params.client_cert_sig_scheme; + POSIX_ENSURE_REF(chosen_sig_scheme); uint16_t signature_size; struct s2n_blob signature = { 0 }; @@ -70,12 +73,13 @@ int s2n_client_cert_verify_send(struct s2n_connection *conn) S2N_ASYNC_PKEY_GUARD(conn); struct s2n_stuffer *out = &conn->handshake.io; - struct s2n_signature_scheme *chosen_sig_scheme = &conn->handshake_params.client_cert_sig_scheme; if (conn->actual_protocol_version < S2N_TLS12) { - POSIX_GUARD(s2n_choose_default_sig_scheme(conn, chosen_sig_scheme, S2N_CLIENT)); + POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &conn->handshake_params.client_cert_sig_scheme, S2N_CLIENT)); } else { - POSIX_GUARD(s2n_stuffer_write_uint16(out, conn->handshake_params.client_cert_sig_scheme.iana_value)); + POSIX_GUARD(s2n_stuffer_write_uint16(out, conn->handshake_params.client_cert_sig_scheme->iana_value)); } + const struct s2n_signature_scheme *chosen_sig_scheme = conn->handshake_params.client_cert_sig_scheme; + POSIX_ENSURE_REF(chosen_sig_scheme); /* Use a copy of the hash state since the verify digest computation may modify the running hash state we need later. */ struct s2n_hash_state *hash_state = &hashes->hash_workspace; diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c index cbc7cbe4ba..ef147b307e 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c @@ -598,7 +598,7 @@ int s2n_process_client_hello(struct s2n_connection *conn) /* And set the signature and hash algorithm used for key exchange signatures */ POSIX_GUARD(s2n_choose_sig_scheme_from_peer_preference_list(conn, &conn->handshake_params.client_sig_hash_algs, - &conn->handshake_params.conn_sig_scheme)); + &conn->handshake_params.server_cert_sig_scheme)); /* And finally, set the certs specified by the final auth + sig_alg combo. */ POSIX_GUARD(s2n_select_certs_for_server_auth(conn, &conn->handshake_params.our_chain_and_key)); @@ -833,7 +833,7 @@ int s2n_sslv2_client_hello_recv(struct s2n_connection *conn) POSIX_GUARD(s2n_conn_find_name_matching_certs(conn)); POSIX_GUARD(s2n_set_cipher_as_sslv2_server(conn, client_hello->cipher_suites.data, client_hello->cipher_suites.size / S2N_SSLv2_CIPHER_SUITE_LEN)); - POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &conn->handshake_params.conn_sig_scheme, S2N_SERVER)); + POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &conn->handshake_params.server_cert_sig_scheme, S2N_SERVER)); POSIX_GUARD(s2n_select_certs_for_server_auth(conn, &conn->handshake_params.our_chain_and_key)); S2N_ERROR_IF(session_id_length > s2n_stuffer_data_available(in), S2N_ERR_BAD_MESSAGE); diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.c b/contrib/restricted/aws/s2n/tls/s2n_connection.c index 5d499cbbd1..c57975fa9f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.c @@ -557,6 +557,8 @@ int s2n_connection_wipe(struct s2n_connection *conn) conn->secure = secure; conn->client = conn->initial; conn->server = conn->initial; + conn->handshake_params.client_cert_sig_scheme = &s2n_null_sig_scheme; + conn->handshake_params.server_cert_sig_scheme = &s2n_null_sig_scheme; POSIX_GUARD_RESULT(s2n_psk_parameters_init(&conn->psk_params)); conn->server_keying_material_lifetime = ONE_WEEK_IN_SEC; @@ -1404,7 +1406,8 @@ int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct return S2N_SUCCESS; } -static S2N_RESULT s2n_signature_scheme_to_tls_iana(struct s2n_signature_scheme *sig_scheme, s2n_tls_hash_algorithm *converted_scheme) +static S2N_RESULT s2n_signature_scheme_to_tls_iana(const struct s2n_signature_scheme *sig_scheme, + s2n_tls_hash_algorithm *converted_scheme) { RESULT_ENSURE_REF(sig_scheme); RESULT_ENSURE_REF(converted_scheme); @@ -1439,26 +1442,31 @@ static S2N_RESULT s2n_signature_scheme_to_tls_iana(struct s2n_signature_scheme * return S2N_RESULT_OK; } -int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *converted_scheme) +int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn, + s2n_tls_hash_algorithm *converted_scheme) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(converted_scheme); - POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana(&conn->handshake_params.conn_sig_scheme, converted_scheme)); + POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana( + conn->handshake_params.server_cert_sig_scheme, converted_scheme)); return S2N_SUCCESS; } -int s2n_connection_get_selected_client_cert_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *converted_scheme) +int s2n_connection_get_selected_client_cert_digest_algorithm(struct s2n_connection *conn, + s2n_tls_hash_algorithm *converted_scheme) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(converted_scheme); - POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana(&conn->handshake_params.client_cert_sig_scheme, converted_scheme)); + POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana( + conn->handshake_params.client_cert_sig_scheme, converted_scheme)); return S2N_SUCCESS; } -static S2N_RESULT s2n_signature_scheme_to_signature_algorithm(struct s2n_signature_scheme *sig_scheme, s2n_tls_signature_algorithm *converted_scheme) +static S2N_RESULT s2n_signature_scheme_to_signature_algorithm(const struct s2n_signature_scheme *sig_scheme, + s2n_tls_signature_algorithm *converted_scheme) { RESULT_ENSURE_REF(sig_scheme); RESULT_ENSURE_REF(converted_scheme); @@ -1484,22 +1492,26 @@ static S2N_RESULT s2n_signature_scheme_to_signature_algorithm(struct s2n_signatu return S2N_RESULT_OK; } -int s2n_connection_get_selected_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *converted_scheme) +int s2n_connection_get_selected_signature_algorithm(struct s2n_connection *conn, + s2n_tls_signature_algorithm *converted_scheme) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(converted_scheme); - POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm(&conn->handshake_params.conn_sig_scheme, converted_scheme)); + POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm( + conn->handshake_params.server_cert_sig_scheme, converted_scheme)); return S2N_SUCCESS; } -int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *converted_scheme) +int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_connection *conn, + s2n_tls_signature_algorithm *converted_scheme) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(converted_scheme); - POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm(&conn->handshake_params.client_cert_sig_scheme, converted_scheme)); + POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm( + conn->handshake_params.client_cert_sig_scheme, converted_scheme)); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_handshake.h index 93b3da4175..6ff1664cf4 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake.h @@ -104,12 +104,12 @@ struct s2n_handshake_parameters { /* Signature/hash algorithm pairs offered by the client in the signature_algorithms extension */ struct s2n_sig_scheme_list client_sig_hash_algs; /* Signature scheme chosen by the server */ - struct s2n_signature_scheme conn_sig_scheme; + const struct s2n_signature_scheme *server_cert_sig_scheme; /* Signature/hash algorithm pairs offered by the server in the certificate request */ struct s2n_sig_scheme_list server_sig_hash_algs; /* Signature scheme chosen by the client */ - struct s2n_signature_scheme client_cert_sig_scheme; + const struct s2n_signature_scheme *client_cert_sig_scheme; /* The cert chain we will send the peer. */ struct s2n_cert_chain_and_key *our_chain_and_key; diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c index 2e479785e8..6255fa9c00 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c @@ -21,7 +21,7 @@ #include "tls/s2n_tls.h" #include "utils/s2n_safety.h" -static S2N_RESULT s2n_post_handshake_process(struct s2n_connection *conn, struct s2n_stuffer *in, uint8_t message_type) +S2N_RESULT s2n_post_handshake_process(struct s2n_connection *conn, struct s2n_stuffer *in, uint8_t message_type) { RESULT_ENSURE_REF(conn); diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h index 56621df778..0230a798ae 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h @@ -31,3 +31,4 @@ struct s2n_post_handshake { S2N_RESULT s2n_post_handshake_recv(struct s2n_connection *conn); int s2n_post_handshake_send(struct s2n_connection *conn, s2n_blocked_status *blocked); S2N_RESULT s2n_post_handshake_write_records(struct s2n_connection *conn, s2n_blocked_status *blocked); +S2N_RESULT s2n_post_handshake_process(struct s2n_connection *conn, struct s2n_stuffer *in, uint8_t message_type); diff --git a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c index 1534229946..246a939832 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c +++ b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c @@ -90,6 +90,35 @@ int s2n_connection_set_secret_callback(struct s2n_connection *conn, s2n_secret_c return S2N_SUCCESS; } +/* Currently we need an API that quic can call to process post-handshake messages. Ideally + * we could re-use the s2n_recv API but that function needs to be refactored to support quic. + * For now we just call this API. + */ +int s2n_recv_quic_post_handshake_message(struct s2n_connection *conn, s2n_blocked_status *blocked) +{ + POSIX_ENSURE_REF(conn); + + *blocked = S2N_BLOCKED_ON_READ; + + uint8_t message_type = 0; + /* This function uses the stuffer conn->handshake.io to read in the header. This stuffer is also used + * for sending post-handshake messages. This could cause a concurrency issue if we start both sending + * and receiving post-handshake messages while quic is enabled. Currently there's no post-handshake + * message that is both sent and received in quic (servers only send session tickets + * and clients only receive session tickets.) Therefore it is safe for us + * to use the stuffer here. + */ + POSIX_GUARD_RESULT(s2n_quic_read_handshake_message(conn, &message_type)); + + /* The only post-handshake messages we support from QUIC currently are session tickets */ + POSIX_ENSURE(message_type == TLS_SERVER_NEW_SESSION_TICKET, S2N_ERR_UNSUPPORTED_WITH_QUIC); + POSIX_GUARD_RESULT(s2n_post_handshake_process(conn, &conn->in, message_type)); + + *blocked = S2N_NOT_BLOCKED; + + return S2N_SUCCESS; +} + /* When using QUIC, S2N reads unencrypted handshake messages instead of encrypted records. * This method sets up the S2N input buffers to match the results of using s2n_read_full_record. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_quic_support.h b/contrib/restricted/aws/s2n/tls/s2n_quic_support.h index 04e8165e4e..b9106a914f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_quic_support.h +++ b/contrib/restricted/aws/s2n/tls/s2n_quic_support.h @@ -89,3 +89,8 @@ S2N_API int s2n_connection_set_secret_callback(struct s2n_connection *conn, s2n_ * not relied on for production logic. */ S2N_API int s2n_error_get_alert(int error, uint8_t *alert); + +/* Attempts to read and process a post-handshake message from QUIC. This function + * should be called when post-handshake messages in QUIC have been received. + */ +S2N_API int s2n_recv_quic_post_handshake_message(struct s2n_connection *conn, s2n_blocked_status *blocked); diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c index f4cf3c042d..f3a272966d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c @@ -615,6 +615,42 @@ const struct s2n_security_policy security_policy_pq_tls_1_3_2023_06_01 = { .ecc_preferences = &s2n_ecc_preferences_20201021, }; +/* Same as security_policy_pq_tls_1_2_2023_04_07, but with updated KEM prefs */ +const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_07 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_pq_tls_1_1_2021_05_21, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + +/* Same as security_policy_pq_tls_1_2_2023_04_08, but with updated KEM prefs */ +const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_08 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_22, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + +/* Same as security_policy_pq_tls_1_2_2023_04_09, but with updated KEM prefs */ +const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_09 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_24, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + +/* Same as security_policy_pq_tls_1_2_2023_04_10, but with updated KEM prefs */ +const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_pq_tls_1_0_2021_05_26, + .kem_preferences = &kem_preferences_pq_tls_1_3_2023_06, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_kms_fips_tls_1_2_2018_10, @@ -960,6 +996,10 @@ struct s2n_security_policy_selection security_policy_selection[] = { { .version = "PQ-TLS-1-2-2023-04-09", .security_policy = &security_policy_pq_tls_1_2_2023_04_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-2-2023-04-10", .security_policy = &security_policy_pq_tls_1_2_2023_04_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "PQ-TLS-1-3-2023-06-01", .security_policy = &security_policy_pq_tls_1_3_2023_06_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-07", .security_policy = &security_policy_pq_tls_1_2_2023_10_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-08", .security_policy = &security_policy_pq_tls_1_2_2023_10_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-09", .security_policy = &security_policy_pq_tls_1_2_2023_10_09, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-2-2023-10-10", .security_policy = &security_policy_pq_tls_1_2_2023_10_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h index 17d8b79149..953cb1d259 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h @@ -151,6 +151,10 @@ extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_08; extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_09; extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_04_10; extern const struct s2n_security_policy security_policy_pq_tls_1_3_2023_06_01; +extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_07; +extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_08; +extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_09; +extern const struct s2n_security_policy security_policy_pq_tls_1_2_2023_10_10; extern const struct s2n_security_policy security_policy_cloudfront_upstream; extern const struct s2n_security_policy security_policy_cloudfront_upstream_tls10; diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c index 70f8bf14e6..1e63da2b4d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c @@ -287,7 +287,7 @@ int s2n_server_hello_recv(struct s2n_connection *conn) } /* Choose a default signature scheme */ - POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &conn->handshake_params.conn_sig_scheme, S2N_SERVER)); + POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &conn->handshake_params.server_cert_sig_scheme, S2N_SERVER)); /* Update the required hashes for this connection */ POSIX_GUARD(s2n_conn_update_required_handshake_hashes(conn)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c index 2466c1e6ff..8ee64905d3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c @@ -49,11 +49,12 @@ int s2n_server_key_recv(struct s2n_connection *conn) POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(key_exchange, conn, &data_to_verify, &kex_data)); /* Add common signature data */ - struct s2n_signature_scheme *active_sig_scheme = &conn->handshake_params.conn_sig_scheme; if (conn->actual_protocol_version == S2N_TLS12) { /* Verify the SigScheme picked by the Server was in the preference list we sent (or is the default SigScheme) */ - POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, in, active_sig_scheme)); + POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, in, &conn->handshake_params.server_cert_sig_scheme)); } + const struct s2n_signature_scheme *active_sig_scheme = conn->handshake_params.server_cert_sig_scheme; + POSIX_ENSURE_REF(active_sig_scheme); /* FIPS specifically allows MD5 for <TLS1.2 */ if (s2n_is_in_fips_mode() && conn->actual_protocol_version < S2N_TLS12) { @@ -257,6 +258,8 @@ int s2n_server_key_send(struct s2n_connection *conn) struct s2n_hash_state *signature_hash = &conn->handshake.hashes->hash_workspace; const struct s2n_kex *key_exchange = conn->secure->cipher_suite->key_exchange_alg; + const struct s2n_signature_scheme *sig_scheme = conn->handshake_params.server_cert_sig_scheme; + POSIX_ENSURE_REF(sig_scheme); struct s2n_stuffer *out = &conn->handshake.io; struct s2n_blob data_to_sign = { 0 }; @@ -265,7 +268,7 @@ int s2n_server_key_send(struct s2n_connection *conn) /* Add common signature data */ if (conn->actual_protocol_version == S2N_TLS12) { - POSIX_GUARD(s2n_stuffer_write_uint16(out, conn->handshake_params.conn_sig_scheme.iana_value)); + POSIX_GUARD(s2n_stuffer_write_uint16(out, sig_scheme->iana_value)); } /* FIPS specifically allows MD5 for <TLS1.2 */ @@ -274,14 +277,14 @@ int s2n_server_key_send(struct s2n_connection *conn) } /* Add the random data to the hash */ - POSIX_GUARD(s2n_hash_init(signature_hash, conn->handshake_params.conn_sig_scheme.hash_alg)); + POSIX_GUARD(s2n_hash_init(signature_hash, sig_scheme->hash_alg)); POSIX_GUARD(s2n_hash_update(signature_hash, conn->handshake_params.client_random, S2N_TLS_RANDOM_DATA_LEN)); POSIX_GUARD(s2n_hash_update(signature_hash, conn->handshake_params.server_random, S2N_TLS_RANDOM_DATA_LEN)); /* Add KEX specific data to the hash */ POSIX_GUARD(s2n_hash_update(signature_hash, data_to_sign.data, data_to_sign.size)); - S2N_ASYNC_PKEY_SIGN(conn, conn->handshake_params.conn_sig_scheme.sig_alg, signature_hash, + S2N_ASYNC_PKEY_SIGN(conn, sig_scheme->sig_alg, signature_hash, s2n_server_key_send_write_signature); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c index e922a1dffc..043ba425b5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c @@ -126,6 +126,14 @@ S2N_RESULT s2n_tls13_server_nst_send(struct s2n_connection *conn, s2n_blocked_st return S2N_RESULT_OK; } + /* Legacy behavior is that the s2n server sends a NST even if the client did not indicate support + * for resumption or does not support the psk_dhe_ke mode. This is potentially wasteful so we + * choose to not extend this behavior to QUIC. + */ + if (conn->quic_enabled && conn->psk_params.psk_ke_mode != S2N_PSK_DHE_KE) { + return S2N_RESULT_OK; + } + /* No-op if all tickets already sent. * Clean up the stuffer used for the ticket to conserve memory. */ if (conn->tickets_to_send == conn->tickets_sent) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c index 00c7dfcfd7..08b8e3650f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c @@ -83,7 +83,7 @@ static int s2n_is_signature_scheme_usable(struct s2n_connection *conn, const str } static int s2n_choose_sig_scheme(struct s2n_connection *conn, struct s2n_sig_scheme_list *peer_wire_prefs, - struct s2n_signature_scheme *chosen_scheme_out) + const struct s2n_signature_scheme **chosen_scheme_out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); @@ -105,7 +105,7 @@ static int s2n_choose_sig_scheme(struct s2n_connection *conn, struct s2n_sig_sch uint16_t their_iana_val = peer_wire_prefs->iana_list[j]; if (candidate->iana_value == their_iana_val) { - *chosen_scheme_out = *candidate; + *chosen_scheme_out = candidate; return S2N_SUCCESS; } } @@ -116,7 +116,8 @@ static int s2n_choose_sig_scheme(struct s2n_connection *conn, struct s2n_sig_sch } /* similar to s2n_choose_sig_scheme() without matching client's preference */ -int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signature_scheme *chosen_scheme_out) +int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, + const struct s2n_signature_scheme **chosen_scheme_out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); @@ -135,7 +136,7 @@ int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signatu continue; } - *chosen_scheme_out = *candidate; + *chosen_scheme_out = candidate; return S2N_SUCCESS; } @@ -143,7 +144,7 @@ int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signatu } int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn, struct s2n_stuffer *in, - struct s2n_signature_scheme *chosen_sig_scheme) + const struct s2n_signature_scheme **chosen_sig_scheme) { uint16_t actual_iana_val; POSIX_GUARD(s2n_stuffer_read_uint16(in, &actual_iana_val)); @@ -160,7 +161,7 @@ int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn } if (candidate->iana_value == actual_iana_val) { - *chosen_sig_scheme = *candidate; + *chosen_sig_scheme = candidate; return S2N_SUCCESS; } } @@ -168,7 +169,8 @@ int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn POSIX_BAIL(S2N_ERR_INVALID_SIGNATURE_SCHEME); } -int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signature_scheme *sig_scheme_out, s2n_mode signer) +int s2n_choose_default_sig_scheme(struct s2n_connection *conn, + const struct s2n_signature_scheme **sig_scheme_out, s2n_mode signer) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); @@ -194,7 +196,7 @@ int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signat if (conn->actual_protocol_version < S2N_TLS12) { /* Before TLS1.2, signature algorithms were fixed, not chosen / negotiated. */ - *sig_scheme_out = *default_sig_scheme; + *sig_scheme_out = default_sig_scheme; return S2N_SUCCESS; } else { /* If we attempt to negotiate a default in TLS1.2, we should ensure that @@ -205,7 +207,7 @@ int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signat POSIX_ENSURE_REF(signature_preferences); for (size_t i = 0; i < signature_preferences->count; i++) { if (signature_preferences->signature_schemes[i]->iana_value == default_sig_scheme->iana_value) { - *sig_scheme_out = *default_sig_scheme; + *sig_scheme_out = default_sig_scheme; return S2N_SUCCESS; } } @@ -214,22 +216,19 @@ int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signat * is actually necessary. * If no valid default exists, set an unusable, invalid empty scheme. */ - *sig_scheme_out = (struct s2n_signature_scheme){ - .hash_alg = S2N_HASH_NONE, - .sig_alg = S2N_SIGNATURE_ANONYMOUS, - }; + *sig_scheme_out = &s2n_null_sig_scheme; return S2N_SUCCESS; } - } -int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, struct s2n_sig_scheme_list *peer_wire_prefs, - struct s2n_signature_scheme *sig_scheme_out) +int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, + struct s2n_sig_scheme_list *peer_wire_prefs, + const struct s2n_signature_scheme **sig_scheme_out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(sig_scheme_out); - struct s2n_signature_scheme chosen_scheme = { 0 }; + const struct s2n_signature_scheme *chosen_scheme = &s2n_null_sig_scheme; if (conn->actual_protocol_version < S2N_TLS13) { POSIX_GUARD(s2n_choose_default_sig_scheme(conn, &chosen_scheme, conn->mode)); } else { diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h index 5867eaf8a3..8c118df980 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h @@ -28,13 +28,16 @@ struct s2n_sig_scheme_list { uint8_t len; }; -int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signature_scheme *sig_scheme_out, s2n_mode signer); -int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signature_scheme *sig_scheme_out); +int s2n_choose_default_sig_scheme(struct s2n_connection *conn, + const struct s2n_signature_scheme **sig_scheme_out, s2n_mode signer); +int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, + const struct s2n_signature_scheme **sig_scheme_out); -int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, struct s2n_sig_scheme_list *sig_hash_algs, - struct s2n_signature_scheme *sig_scheme_out); +int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, + struct s2n_sig_scheme_list *sig_hash_algs, + const struct s2n_signature_scheme **sig_scheme_out); int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn, struct s2n_stuffer *in, - struct s2n_signature_scheme *chosen_sig_scheme); + const struct s2n_signature_scheme **chosen_sig_scheme); int s2n_recv_supported_sig_scheme_list(struct s2n_stuffer *in, struct s2n_sig_scheme_list *sig_hash_algs); int s2n_send_supported_sig_scheme_list(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c index 3c2e17d48b..f5ac033a22 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c @@ -22,6 +22,15 @@ #include "tls/s2n_connection.h" #include "utils/s2n_safety.h" +const struct s2n_signature_scheme s2n_null_sig_scheme = { + .iana_value = 0, + .hash_alg = S2N_HASH_NONE, + .sig_alg = S2N_SIGNATURE_ANONYMOUS, + .libcrypto_nid = 0, + .signature_curve = NULL, + .maximum_protocol_version = 0, +}; + /* RSA PKCS1 */ const struct s2n_signature_scheme s2n_rsa_pkcs1_md5_sha1 = { .iana_value = TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1, diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h index a1c58db5ce..03828a27e8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h @@ -39,6 +39,8 @@ struct s2n_signature_preferences { const struct s2n_signature_scheme *const *signature_schemes; }; +extern const struct s2n_signature_scheme s2n_null_sig_scheme; + /* RSA PKCS1 */ /* s2n_rsa_pkcs1_md5_sha1 is not in any preference list, but it is needed since it's the default for TLS 1.0 and 1.1 if * no SignatureScheme is sent. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c index f8babab4c7..cd859cb1c3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c @@ -49,12 +49,12 @@ const uint8_t S2N_CLIENT_CERT_VERIFY_CONTEXT[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00 }; static int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, - struct s2n_signature_scheme *chosen_sig_scheme); + const struct s2n_signature_scheme *chosen_sig_scheme); static int s2n_tls13_write_signature(struct s2n_connection *conn, struct s2n_blob *signature); static int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, struct s2n_stuffer *unsigned_content, s2n_mode mode); static int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, - struct s2n_signature_scheme *chosen_sig_scheme); + const struct s2n_signature_scheme *chosen_sig_scheme); static uint8_t s2n_tls13_cert_verify_header_length(s2n_mode mode); int s2n_tls13_cert_verify_send(struct s2n_connection *conn) @@ -63,16 +63,17 @@ int s2n_tls13_cert_verify_send(struct s2n_connection *conn) if (conn->mode == S2N_SERVER) { /* Write digital signature */ - POSIX_GUARD(s2n_tls13_write_cert_verify_signature(conn, &conn->handshake_params.conn_sig_scheme)); + POSIX_GUARD(s2n_tls13_write_cert_verify_signature(conn, conn->handshake_params.server_cert_sig_scheme)); } else { /* Write digital signature */ - POSIX_GUARD(s2n_tls13_write_cert_verify_signature(conn, &conn->handshake_params.client_cert_sig_scheme)); + POSIX_GUARD(s2n_tls13_write_cert_verify_signature(conn, conn->handshake_params.client_cert_sig_scheme)); } return 0; } -int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, struct s2n_signature_scheme *chosen_sig_scheme) +int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, + const struct s2n_signature_scheme *chosen_sig_scheme) { POSIX_ENSURE_REF(conn->handshake_params.our_chain_and_key); @@ -151,21 +152,22 @@ int s2n_tls13_cert_verify_recv(struct s2n_connection *conn) /* Read the rest of the signature and verify */ POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, - &conn->handshake_params.client_cert_sig_scheme)); + conn->handshake_params.client_cert_sig_scheme)); } else { /* Read the algorithm and update sig_scheme */ POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, &conn->handshake.io, - &conn->handshake_params.conn_sig_scheme)); + &conn->handshake_params.server_cert_sig_scheme)); /* Read the rest of the signature and verify */ - POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, &conn->handshake_params.conn_sig_scheme)); + POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, + conn->handshake_params.server_cert_sig_scheme)); } return 0; } int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, - struct s2n_signature_scheme *chosen_sig_scheme) + const struct s2n_signature_scheme *chosen_sig_scheme) { struct s2n_stuffer *in = &conn->handshake.io; DEFER_CLEANUP(struct s2n_blob signed_content = { 0 }, s2n_free); diff --git a/contrib/restricted/aws/s2n/ya.make b/contrib/restricted/aws/s2n/ya.make index 8de78874c1..609b6421d4 100644 --- a/contrib/restricted/aws/s2n/ya.make +++ b/contrib/restricted/aws/s2n/ya.make @@ -12,9 +12,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(1.3.54) +VERSION(1.3.55) -ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.54.tar.gz) +ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.55.tar.gz) PEERDIR( contrib/libs/openssl |