diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-16 19:16:32 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-16 19:16:32 +0300 |
commit | 9a4fa88b2022a37c2abe42603049e49e0e83735d (patch) | |
tree | 25d03a2c73bee8033c6de28f74c51744cf3efd52 | |
parent | 8f60d032b1180f55355c5f2b694e47dab3653056 (diff) | |
download | ydb-9a4fa88b2022a37c2abe42603049e49e0e83735d.tar.gz |
Update contrib/restricted/aws/s2n to 1.3.38
49 files changed, 271 insertions, 161 deletions
diff --git a/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt b/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt index 976996467f..32d251a3fd 100644 --- a/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt +++ b/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt @@ -111,6 +111,7 @@ target_sources(restricted-aws-s2n PRIVATE ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c + ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cookie.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c diff --git a/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt b/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt index c7372a04a0..bf1ec3e599 100644 --- a/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt +++ b/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt @@ -106,6 +106,7 @@ target_sources(restricted-aws-s2n PRIVATE ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c + ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cookie.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c diff --git a/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt b/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt index e4b895391c..8a2bd8ff47 100644 --- a/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt +++ b/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt @@ -113,6 +113,7 @@ target_sources(restricted-aws-s2n PRIVATE ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c + ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cookie.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c diff --git a/contrib/restricted/aws/s2n/api/s2n.h b/contrib/restricted/aws/s2n/api/s2n.h index 9993a61062..a4d7afab96 100644 --- a/contrib/restricted/aws/s2n/api/s2n.h +++ b/contrib/restricted/aws/s2n/api/s2n.h @@ -997,7 +997,7 @@ S2N_API extern int s2n_config_set_protocol_preferences(struct s2n_config *config /** * Enum used to define the type, if any, of certificate status request - * an S2N_CLIENT should make during the handshake. The only supported status request type is + * a connection should make during the handshake. The only supported status request type is * OCSP, `S2N_STATUS_REQUEST_OCSP`. */ typedef enum { @@ -1006,7 +1006,7 @@ typedef enum { } s2n_status_request_type; /** - * Sets up an S2N_CLIENT to request the server certificate status during an SSL handshake. If set + * Sets up a connection to request the certificate status of a peer during an SSL handshake. If set * to S2N_STATUS_REQUEST_NONE, no status request is made. * * @param config The configuration object being updated @@ -2208,7 +2208,7 @@ S2N_API extern int s2n_connection_get_session_id(struct s2n_connection *conn, ui S2N_API extern int s2n_connection_is_session_resumed(struct s2n_connection *conn); /** - * Check is the connection is OCSP stapled. + * Check if the connection is OCSP stapled. * * @param conn A pointer to the s2n_connection object * diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c index 96914c0a13..c2460efe9a 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c @@ -35,7 +35,7 @@ static int s2n_cbc_cipher_3des_encrypt(struct s2n_session_key *key, struct s2n_b /* len is set by EVP_EncryptUpdate and checked post operation */ int len = 0; POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT); - S2N_ERROR_IF(len != in->size, S2N_ERR_ENCRYPT); + POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_ENCRYPT); return 0; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c index 892dea59c6..da09a11873 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c @@ -40,7 +40,7 @@ static int s2n_cbc_cipher_aes_encrypt(struct s2n_session_key *key, struct s2n_bl /* len is set by EVP_EncryptUpdate and checked post operation */ int len = 0; POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT); - S2N_ERROR_IF(len != in->size, S2N_ERR_ENCRYPT); + POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_ENCRYPT); return 0; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c index baeee2dc64..1f0f5109f8 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c @@ -113,21 +113,21 @@ int s2n_cert_chain_and_key_set_cert_chain(struct s2n_cert_chain_and_key *cert_an return S2N_SUCCESS; } -int s2n_cert_chain_and_key_set_private_key_from_stuffer(struct s2n_cert_chain_and_key *cert_and_key, struct s2n_stuffer *key_in_stuffer, struct s2n_stuffer *key_out_stuffer) +int s2n_cert_chain_and_key_set_private_key_from_stuffer(struct s2n_cert_chain_and_key *cert_and_key, + struct s2n_stuffer *key_in_stuffer, struct s2n_stuffer *key_out_stuffer) { struct s2n_blob key_blob = { 0 }; POSIX_GUARD(s2n_pkey_zero_init(cert_and_key->private_key)); /* Convert pem to asn1 and asn1 to the private key. Handles both PKCS#1 and PKCS#8 formats */ - POSIX_GUARD(s2n_stuffer_private_key_from_pem(key_in_stuffer, key_out_stuffer)); + int type = 0; + POSIX_GUARD(s2n_stuffer_private_key_from_pem(key_in_stuffer, key_out_stuffer, &type)); key_blob.size = s2n_stuffer_data_available(key_out_stuffer); key_blob.data = s2n_stuffer_raw_read(key_out_stuffer, key_blob.size); POSIX_ENSURE_REF(key_blob.data); - /* Get key type and create appropriate key context */ - POSIX_GUARD(s2n_asn1der_to_private_key(cert_and_key->private_key, &key_blob)); - + POSIX_GUARD(s2n_asn1der_to_private_key(cert_and_key->private_key, &key_blob, type)); return S2N_SUCCESS; } @@ -721,7 +721,7 @@ static int s2n_utf8_string_from_extension_data(const uint8_t *extension_data, ui int len = ASN1_STRING_length(asn1_str); if (out_data != NULL) { - POSIX_ENSURE(*out_len >= len, S2N_ERR_INSUFFICIENT_MEM_SIZE); + POSIX_ENSURE((int64_t) *out_len >= (int64_t) len, S2N_ERR_INSUFFICIENT_MEM_SIZE); /* ASN1_STRING_data() returns an internal pointer to the data. * Since this is an internal pointer it should not be freed or modified in any way. * Ref: https://www.openssl.org/docs/man1.0.2/man3/ASN1_STRING_data.html. @@ -776,8 +776,9 @@ static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, * X509_get_ext_count returns the number of extensions in the x509 certificate. * Ref: https://www.openssl.org/docs/man1.1.0/man3/X509_get_ext_count.html. */ - int ext_count = X509_get_ext_count(x509_cert); - POSIX_ENSURE_GT(ext_count, 0); + int ext_count_value = X509_get_ext_count(x509_cert); + POSIX_ENSURE_GT(ext_count_value, 0); + size_t ext_count = (size_t) ext_count_value; /* OBJ_txt2obj() converts the input text string into an ASN1_OBJECT structure. * If no_name is 0 then long names and short names will be interpreted as well as numerical forms. @@ -825,7 +826,8 @@ static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, */ int len = ASN1_STRING_length(asn1_str); if (ext_value != NULL) { - POSIX_ENSURE(*ext_value_len >= len, S2N_ERR_INSUFFICIENT_MEM_SIZE); + POSIX_ENSURE_GTE(len, 0); + POSIX_ENSURE(*ext_value_len >= (uint32_t) len, S2N_ERR_INSUFFICIENT_MEM_SIZE); /* ASN1_STRING_data() returns an internal pointer to the data. * Since this is an internal pointer it should not be freed or modified in any way. * Ref: https://www.openssl.org/docs/man1.0.2/man3/ASN1_STRING_data.html. diff --git a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c index 7583b47da0..6db71912ce 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c @@ -171,7 +171,7 @@ static int s2n_composite_cipher_aes_sha_encrypt(struct s2n_session_key *key, str int len = 0; POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT); - S2N_ERROR_IF(len != in->size, S2N_ERR_ENCRYPT); + POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_ENCRYPT); return 0; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_drbg.c b/contrib/restricted/aws/s2n/crypto/s2n_drbg.c index 536a16da09..99e4c682e2 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_drbg.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_drbg.c @@ -32,7 +32,7 @@ static bool ignore_prediction_resistance_for_testing = false; acceptable in DRBG */ S2N_RESULT s2n_increment_drbg_counter(struct s2n_blob *counter) { - for (uint32_t i = counter->size; i > 0; i--) { + for (uint32_t i = (uint32_t) counter->size; i > 0; i--) { counter->data[i - 1] += 1; if (counter->data[i - 1]) { break; @@ -63,10 +63,10 @@ static S2N_RESULT s2n_drbg_bits(struct s2n_drbg *drbg, struct s2n_blob *out) struct s2n_blob value = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&value, drbg->v, sizeof(drbg->v))); - int block_aligned_size = out->size - (out->size % S2N_DRBG_BLOCK_SIZE); + uint32_t block_aligned_size = out->size - (out->size % S2N_DRBG_BLOCK_SIZE); /* Per NIST SP800-90A 10.2.1.2: */ - for (int i = 0; i < block_aligned_size; i += S2N_DRBG_BLOCK_SIZE) { + for (size_t i = 0; i < block_aligned_size; i += S2N_DRBG_BLOCK_SIZE) { RESULT_GUARD(s2n_increment_drbg_counter(&value)); RESULT_GUARD(s2n_drbg_block_encrypt(drbg->ctx, drbg->v, out->data + i)); drbg->bytes_used += S2N_DRBG_BLOCK_SIZE; @@ -94,7 +94,7 @@ static S2N_RESULT s2n_drbg_update(struct s2n_drbg *drbg, struct s2n_blob *provid RESULT_STACK_BLOB(temp_blob, s2n_drbg_seed_size(drgb), S2N_DRBG_MAX_SEED_SIZE); - RESULT_ENSURE_EQ(provided_data->size, s2n_drbg_seed_size(drbg)); + RESULT_ENSURE_EQ(provided_data->size, (uint32_t) s2n_drbg_seed_size(drbg)); RESULT_GUARD(s2n_drbg_bits(drbg, &temp_blob)); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hash.c b/contrib/restricted/aws/s2n/crypto/s2n_hash.c index f1401357ac..e42a1091d8 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hash.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_hash.c @@ -388,14 +388,14 @@ static int s2n_evp_hash_digest(struct s2n_hash_state *state, void *out, uint32_t unsigned int md5_secondary_digest_size = digest_size - sha1_primary_digest_size; POSIX_ENSURE(EVP_MD_CTX_size(state->digest.high_level.evp.ctx) <= sha1_digest_size, S2N_ERR_HASH_DIGEST_FAILED); - POSIX_ENSURE(EVP_MD_CTX_size(state->digest.high_level.evp_md5_secondary.ctx) <= md5_secondary_digest_size, S2N_ERR_HASH_DIGEST_FAILED); + POSIX_ENSURE((size_t) EVP_MD_CTX_size(state->digest.high_level.evp_md5_secondary.ctx) <= md5_secondary_digest_size, S2N_ERR_HASH_DIGEST_FAILED); POSIX_GUARD_OSSL(EVP_DigestFinal_ex(state->digest.high_level.evp.ctx, ((uint8_t *) out) + MD5_DIGEST_LENGTH, &sha1_primary_digest_size), S2N_ERR_HASH_DIGEST_FAILED); POSIX_GUARD_OSSL(EVP_DigestFinal_ex(state->digest.high_level.evp_md5_secondary.ctx, out, &md5_secondary_digest_size), S2N_ERR_HASH_DIGEST_FAILED); return S2N_SUCCESS; } - POSIX_ENSURE(EVP_MD_CTX_size(state->digest.high_level.evp.ctx) <= digest_size, S2N_ERR_HASH_DIGEST_FAILED); + POSIX_ENSURE((size_t) EVP_MD_CTX_size(state->digest.high_level.evp.ctx) <= digest_size, S2N_ERR_HASH_DIGEST_FAILED); POSIX_GUARD_OSSL(EVP_DigestFinal_ex(state->digest.high_level.evp.ctx, out, &digest_size), S2N_ERR_HASH_DIGEST_FAILED); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c b/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c index c7efef1454..92ed4bf15d 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c @@ -35,17 +35,17 @@ * the new API. When dropping OpenSSL 1.0.2 support, we can move to the new API. */ -/* Version name for OpenSSL depends on the version string, but for AWS-LC and - * BoringSSL, this can be statically asserted. +/* The result of SSLeay_version(SSLEAY_VERSION) for OpenSSL and AWS-LC depends on the + * version. AWS-LC and BoringSSL have consistent prefixes that can be statically asserted. * * https://github.com/awslabs/aws-lc/commit/8f184f5d69604cc4645bafec47c2d6d9929cb50f * has not been pushed to the fips branch of AWS-LC. In addition, we can't * distinguish AWS-LC fips and non-fips at pre-processing time since AWS-LC * doesn't distribute fips-specific header files. */ -#define EXPECTED_AWSLC_VERSION_NAME_FIPS_OR_OLD "BoringSSL" -#define EXPECTED_AWSLC_VERSION_NAME_NON_FIPS "AWS-LC" -#define EXPECTED_BORINGSSL_VERSION_NAME "BoringSSL" +#define EXPECTED_AWSLC_VERSION_PREFIX_FIPS_OR_OLD "BoringSSL" +#define EXPECTED_AWSLC_VERSION_PREFIX_NON_FIPS "AWS-LC" +#define EXPECTED_BORINGSSL_VERSION_PREFIX "BoringSSL" /* https://www.openssl.org/docs/man{1.0.2, 1.1.1, 3.0}/man3/OPENSSL_VERSION_NUMBER.html * OPENSSL_VERSION_NUMBER in hex is: MNNFFPPS major minor fix patch status. @@ -64,12 +64,12 @@ static const char *s2n_libcrypto_get_version_name(void) return SSLeay_version(SSLEAY_VERSION); } -static S2N_RESULT s2n_libcrypto_validate_expected_version_name(const char *expected_version_name) +static S2N_RESULT s2n_libcrypto_validate_expected_version_prefix(const char *expected_name_prefix) { - RESULT_ENSURE_REF(expected_version_name); + RESULT_ENSURE_REF(expected_name_prefix); RESULT_ENSURE_REF(s2n_libcrypto_get_version_name()); - RESULT_ENSURE_EQ(strlen(expected_version_name), strlen(s2n_libcrypto_get_version_name())); - RESULT_ENSURE(s2n_constant_time_equals((const uint8_t *) expected_version_name, (const uint8_t *) s2n_libcrypto_get_version_name(), (const uint32_t) strlen(expected_version_name)), S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH); + RESULT_ENSURE_LTE(strlen(expected_name_prefix), strlen(s2n_libcrypto_get_version_name())); + RESULT_ENSURE(s2n_constant_time_equals((const uint8_t *) expected_name_prefix, (const uint8_t *) s2n_libcrypto_get_version_name(), (const uint32_t) strlen(expected_name_prefix)), S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH); return S2N_RESULT_OK; } @@ -186,20 +186,20 @@ S2N_RESULT s2n_libcrypto_validate_runtime(void) /* If we know the expected version name, we can validate it. */ if (s2n_libcrypto_is_awslc()) { - const char *expected_awslc_version_name = NULL; + const char *expected_awslc_name_prefix = NULL; /* For backwards compatability, also check the AWS-LC API version see * https://github.com/awslabs/aws-lc/pull/467. When we are confident we * don't meet anymore "old" AWS-LC libcrypto's, this API version check * can be removed. */ if (s2n_libcrypto_is_fips() || s2n_libcrypto_awslc_api_version() < 17) { - expected_awslc_version_name = EXPECTED_AWSLC_VERSION_NAME_FIPS_OR_OLD; + expected_awslc_name_prefix = EXPECTED_AWSLC_VERSION_PREFIX_FIPS_OR_OLD; } else { - expected_awslc_version_name = EXPECTED_AWSLC_VERSION_NAME_NON_FIPS; + expected_awslc_name_prefix = EXPECTED_AWSLC_VERSION_PREFIX_NON_FIPS; } - RESULT_GUARD(s2n_libcrypto_validate_expected_version_name(expected_awslc_version_name)); + RESULT_GUARD(s2n_libcrypto_validate_expected_version_prefix(expected_awslc_name_prefix)); } else if (s2n_libcrypto_is_boringssl()) { - RESULT_GUARD(s2n_libcrypto_validate_expected_version_name(EXPECTED_BORINGSSL_VERSION_NAME)); + RESULT_GUARD(s2n_libcrypto_validate_expected_version_prefix(EXPECTED_BORINGSSL_VERSION_PREFIX)); } RESULT_GUARD(s2n_libcrypto_validate_expected_version_number()); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_locking.c b/contrib/restricted/aws/s2n/crypto/s2n_locking.c index 7f4b3ff15b..3f48b4dc37 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_locking.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_locking.c @@ -52,7 +52,7 @@ static size_t mutexes_count = 0; static void s2n_locking_cb(int mode, int n, char *file, int line) { pthread_mutex_t *mutexes = S2N_MUTEXES(mutexes_mem); - if (!mutexes_mem.data || n >= mutexes_count) { + if (!mutexes_mem.data || n < 0 || (size_t) n >= mutexes_count) { return; } @@ -70,12 +70,13 @@ S2N_RESULT s2n_locking_init(void) } int num_locks = CRYPTO_num_locks(); + RESULT_ENSURE_GTE(num_locks, 0); RESULT_GUARD_POSIX(s2n_realloc(&mutexes_mem, num_locks * sizeof(pthread_mutex_t))); pthread_mutex_t *mutexes = S2N_MUTEXES(mutexes_mem); mutexes_count = 0; - for (size_t i = 0; i < num_locks; i++) { + for (size_t i = 0; i < (size_t) num_locks; i++) { RESULT_ENSURE_EQ(pthread_mutex_init(&(mutexes[i]), NULL), 0); mutexes_count++; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_pkey.c b/contrib/restricted/aws/s2n/crypto/s2n_pkey.c index ab0c6615f9..b44535a01c 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_pkey.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_pkey.c @@ -129,14 +129,29 @@ int s2n_pkey_free(struct s2n_pkey *key) return S2N_SUCCESS; } -int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der) +int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint) { - uint8_t *key_to_parse = asn1der->data; - - /* Detect key type */ - DEFER_CLEANUP(EVP_PKEY *evp_private_key = d2i_AutoPrivateKey(NULL, (const unsigned char **) (void *) &key_to_parse, asn1der->size), + const unsigned char *key_to_parse = asn1der->data; + + /* We use "d2i_AutoPrivateKey" instead of "PEM_read_bio_PrivateKey" because + * s2n-tls prefers to perform its own custom PEM parsing. Historically, + * openssl's PEM parsing tended to ignore invalid certificates rather than + * error on them. We prefer to fail early rather than continue without + * the full and correct chain intended by the application. + */ + DEFER_CLEANUP(EVP_PKEY *evp_private_key = d2i_AutoPrivateKey(NULL, &key_to_parse, asn1der->size), EVP_PKEY_free_pointer); - S2N_ERROR_IF(evp_private_key == NULL, S2N_ERR_DECODE_PRIVATE_KEY); + + /* We have found cases where d2i_AutoPrivateKey fails to detect the type of + * the key. For example, openssl fails to identify an EC key without the + * optional publicKey field. + * + * If d2i_AutoPrivateKey fails, try once more with the type we parsed from the PEM. + */ + if (evp_private_key == NULL) { + evp_private_key = d2i_PrivateKey(type_hint, NULL, &key_to_parse, asn1der->size); + } + POSIX_ENSURE(evp_private_key, S2N_ERR_DECODE_PRIVATE_KEY); /* If key parsing is successful, d2i_AutoPrivateKey increments *key_to_parse to the byte following the parsed data */ uint32_t parsed_len = key_to_parse - asn1der->data; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_pkey.h b/contrib/restricted/aws/s2n/crypto/s2n_pkey.h index 137a68e0d6..a826ebdc3d 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_pkey.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_pkey.h @@ -69,5 +69,5 @@ int s2n_pkey_decrypt(const struct s2n_pkey *pkey, struct s2n_blob *in, struct s2 int s2n_pkey_match(const struct s2n_pkey *pub_key, const struct s2n_pkey *priv_key); int s2n_pkey_free(struct s2n_pkey *pkey); -int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der); +int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint); int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type *pkey_type, struct s2n_blob *asn1der); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c index 7e70e27d94..9fc1d4b5ca 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c @@ -121,7 +121,7 @@ static int s2n_rsa_encrypt(const struct s2n_pkey *pub, struct s2n_blob *in, stru /* Safety: RSA_public_encrypt does not mutate the key */ int r = RSA_public_encrypt(in->size, (unsigned char *) in->data, (unsigned char *) out->data, s2n_unsafe_rsa_get_non_const(pub_key), RSA_PKCS1_PADDING); - S2N_ERROR_IF(r != out->size, S2N_ERR_SIZE_MISMATCH); + POSIX_ENSURE((int64_t) r == (int64_t) out->size, S2N_ERR_SIZE_MISMATCH); return 0; } @@ -143,7 +143,7 @@ static int s2n_rsa_decrypt(const struct s2n_pkey *priv, struct s2n_blob *in, str /* Safety: RSA_private_decrypt does not mutate the key */ int r = RSA_private_decrypt(in->size, (unsigned char *) in->data, intermediate, s2n_unsafe_rsa_get_non_const(priv_key), RSA_NO_PADDING); - S2N_ERROR_IF(r != expected_size, S2N_ERR_SIZE_MISMATCH); + POSIX_ENSURE((int64_t) r == (int64_t) expected_size, S2N_ERR_SIZE_MISMATCH); s2n_constant_time_pkcs1_unpad_or_dont(out->data, intermediate, r, out->size); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c index 569a11a2f9..85bf5bca90 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c @@ -43,7 +43,7 @@ static int s2n_stream_cipher_rc4_encrypt(struct s2n_session_key *key, struct s2n int len = 0; POSIX_GUARD_OSSL(EVP_EncryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_ENCRYPT); - S2N_ERROR_IF(len != in->size, S2N_ERR_ENCRYPT); + POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_DECRYPT); return 0; } @@ -56,7 +56,7 @@ static int s2n_stream_cipher_rc4_decrypt(struct s2n_session_key *key, struct s2n int len = 0; POSIX_GUARD_OSSL(EVP_DecryptUpdate(key->evp_cipher_ctx, out->data, &len, in->data, in->size), S2N_ERR_DECRYPT); - S2N_ERROR_IF(len != in->size, S2N_ERR_DECRYPT); + POSIX_ENSURE((int64_t) len == (int64_t) in->size, S2N_ERR_DECRYPT); return 0; } diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h index 56088e2608..ee9eda1287 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h @@ -166,7 +166,7 @@ int s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *st int s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length); /* Read a private key from a PEM encoded stuffer to an ASN1/DER encoded one */ -int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); +int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1, int *type); /* Read a certificate from a PEM encoded stuffer to an ASN1/DER encoded one */ int s2n_stuffer_certificate_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c index cae76ef5a2..9db807a60c 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c @@ -166,7 +166,8 @@ static int length_matches_value_check(uint32_t value, uint8_t length) if (length < sizeof(uint32_t)) { /* Value should be less than the maximum for its length */ - POSIX_ENSURE(value < (0x01 << (length * 8)), S2N_ERR_SIZE_MISMATCH); + const uint32_t size_max = 1 << (length * 8); + POSIX_ENSURE(value < size_max, S2N_ERR_SIZE_MISMATCH); } return S2N_SUCCESS; diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c index 9d54a123f3..546f1f189f 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c @@ -13,6 +13,7 @@ * permissions and limitations under the License. */ +#include <openssl/evp.h> #include <string.h> #include "error/s2n_errno.h" @@ -127,15 +128,15 @@ static int s2n_stuffer_data_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer return S2N_SUCCESS; } -int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1) +int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1, int *type) { POSIX_PRECONDITION(s2n_stuffer_validate(pem)); POSIX_PRECONDITION(s2n_stuffer_validate(asn1)); - int rc; + POSIX_ENSURE_REF(type); - rc = s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS1_RSA_PRIVATE_KEY); - if (!rc) { - return rc; + if (s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS1_RSA_PRIVATE_KEY) == S2N_SUCCESS) { + *type = EVP_PKEY_RSA; + return S2N_SUCCESS; } s2n_stuffer_reread(pem); @@ -146,21 +147,25 @@ int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer * compatible with OpenSSL's default output, and since "EC PARAMETERS" is * only needed for non-standard curves that aren't currently supported. */ - rc = s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_EC_PARAMETERS); - if (rc < 0) { + if (s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_EC_PARAMETERS) != S2N_SUCCESS) { s2n_stuffer_reread(pem); } s2n_stuffer_wipe(asn1); - rc = s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS1_EC_PRIVATE_KEY); - if (!rc) { - return rc; + if (s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS1_EC_PRIVATE_KEY) == S2N_SUCCESS) { + *type = EVP_PKEY_EC; + return S2N_SUCCESS; } /* If it does not match either format, try PKCS#8 */ s2n_stuffer_reread(pem); s2n_stuffer_reread(asn1); - return s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS8_PRIVATE_KEY); + if (s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_PKCS8_PRIVATE_KEY) == S2N_SUCCESS) { + *type = EVP_PKEY_RSA; + return S2N_SUCCESS; + } + + POSIX_BAIL(S2N_ERR_INVALID_PEM); } int s2n_stuffer_certificate_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1) diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c index 265bf90e56..e78663e91c 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c @@ -82,7 +82,7 @@ int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char *target) { POSIX_PRECONDITION(s2n_stuffer_validate(stuffer)); POSIX_ENSURE_REF(target); - const int len = strlen(target); + const uint32_t len = strlen(target); if (len == 0) { return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_cert_status.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_cert_status.c index 57521653b7..454795ce25 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_cert_status.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_cert_status.c @@ -23,12 +23,14 @@ #define U24_SIZE 3 -/* In TLS 1.3, a response to a Status Request extension is sent as an extension with - * status request as well as the OCSP response. This contrasts to TLS 1.2 where - * the OCSP response is sent in the Certificate Status handshake message */ - static bool s2n_cert_status_should_send(struct s2n_connection *conn); +/* + * The cert_status extension is sent in response to OCSP status requests in TLS 1.3. The + * OCSP response is contained in the extension data. In TLS 1.2, the cert_status_response + * extension is sent instead, indicating that the OCSP response will be sent in a + * Certificate Status handshake message. + */ const s2n_extension_type s2n_cert_status_extension = { .iana_value = TLS_EXTENSION_STATUS_REQUEST, .is_response = true, @@ -40,7 +42,8 @@ const s2n_extension_type s2n_cert_status_extension = { static bool s2n_cert_status_should_send(struct s2n_connection *conn) { - return s2n_server_can_send_ocsp(conn); + return conn->handshake_params.our_chain_and_key + && conn->handshake_params.our_chain_and_key->ocsp_status.size > 0; } int s2n_cert_status_send(struct s2n_connection *conn, struct s2n_stuffer *out) @@ -80,7 +83,14 @@ int s2n_cert_status_recv(struct s2n_connection *conn, struct s2n_stuffer *in) /* We only support OCSP */ return S2N_SUCCESS; } - conn->status_type = S2N_STATUS_REQUEST_OCSP; + + /* The status_type variable is only used when a client requests OCSP stapling from a + * server. A server can request OCSP stapling from a client, but it is not tracked + * with this variable. + */ + if (conn->mode == S2N_CLIENT) { + conn->status_type = S2N_STATUS_REQUEST_OCSP; + } uint32_t status_size; POSIX_GUARD(s2n_stuffer_read_uint24(in, &status_size)); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_cert_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_cert_status_request.c index 7b5e658f6f..3872f277aa 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_cert_status_request.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_cert_status_request.c @@ -37,12 +37,12 @@ const s2n_extension_type s2n_client_cert_status_request_extension = { static bool s2n_client_cert_status_request_should_send(struct s2n_connection *conn) { - return conn->config->status_request_type != S2N_STATUS_REQUEST_NONE; + return conn->request_ocsp_status; } static int s2n_client_cert_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out) { - POSIX_GUARD(s2n_stuffer_write_uint8(out, (uint8_t) conn->config->status_request_type)); + POSIX_GUARD(s2n_stuffer_write_uint8(out, (uint8_t) S2N_STATUS_REQUEST_OCSP)); /* responder_id_list * diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c index adf957a8eb..f0a4ffd911 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c @@ -34,12 +34,12 @@ s2n_extension_type_id s2n_extension_ianas_to_ids[S2N_MAX_INDEXED_EXTENSION_IANA] int s2n_extension_type_init() { /* Initialize to s2n_unsupported_extension */ - for (int i = 0; i < S2N_MAX_INDEXED_EXTENSION_IANA; i++) { + for (size_t i = 0; i < S2N_MAX_INDEXED_EXTENSION_IANA; i++) { s2n_extension_ianas_to_ids[i] = s2n_unsupported_extension; } /* Reverse the mapping */ - for (int i = 0; i < S2N_SUPPORTED_EXTENSIONS_COUNT; i++) { + for (size_t i = 0; i < S2N_SUPPORTED_EXTENSIONS_COUNT; i++) { uint16_t iana_value = s2n_supported_extensions[i]; if (iana_value < S2N_MAX_INDEXED_EXTENSION_IANA) { s2n_extension_ianas_to_ids[iana_value] = i; @@ -61,7 +61,7 @@ s2n_extension_type_id s2n_extension_iana_value_to_id(const uint16_t iana_value) /* Fall back to the full list. We can handle this more * efficiently later if our extension list gets long. */ - for (int i = 0; i < S2N_SUPPORTED_EXTENSIONS_COUNT; i++) { + for (size_t i = 0; i < S2N_SUPPORTED_EXTENSIONS_COUNT; i++) { if (s2n_supported_extensions[i] == iana_value) { return i; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c index 49b771bee3..3e2a607fd3 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c @@ -39,6 +39,7 @@ #include "tls/extensions/s2n_psk_key_exchange_modes.h" #include "tls/extensions/s2n_quic_transport_params.h" #include "tls/extensions/s2n_server_alpn.h" +#include "tls/extensions/s2n_server_cert_status_request.h" #include "tls/extensions/s2n_server_key_share.h" #include "tls/extensions/s2n_server_max_fragment_length.h" #include "tls/extensions/s2n_server_psk.h" @@ -129,6 +130,7 @@ static const s2n_extension_type *const encrypted_extensions[] = { static const s2n_extension_type *const cert_req_extensions[] = { &s2n_server_signature_algorithms_extension, + &s2n_server_cert_status_request_extension, }; static const s2n_extension_type *const certificate_extensions[] = { diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c new file mode 100644 index 0000000000..1e63d4de43 --- /dev/null +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.c @@ -0,0 +1,46 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#include "tls/extensions/s2n_server_cert_status_request.h" + +#include "tls/s2n_connection.h" + +static bool s2n_server_cert_status_request_should_send(struct s2n_connection *conn); +static int s2n_server_cert_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out); + +const s2n_extension_type s2n_server_cert_status_request_extension = { + .iana_value = TLS_EXTENSION_STATUS_REQUEST, + .is_response = false, + .send = s2n_server_cert_status_request_send, + .recv = s2n_extension_recv_noop, + .should_send = s2n_server_cert_status_request_should_send, + .if_missing = s2n_extension_noop_if_missing, +}; + +static int s2n_server_cert_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out) +{ + /** + *= https://tools.ietf.org/rfc/rfc8446#4.4.2.1 + *# A server MAY request that a client present an OCSP response with its + *# certificate by sending an empty "status_request" extension in its + *# CertificateRequest message. + */ + return S2N_SUCCESS; +} + +static bool s2n_server_cert_status_request_should_send(struct s2n_connection *conn) +{ + return conn->request_ocsp_status; +} diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.h new file mode 100644 index 0000000000..53aabd3c21 --- /dev/null +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_cert_status_request.h @@ -0,0 +1,20 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#pragma once + +#include "tls/extensions/s2n_extension_type.h" + +extern const s2n_extension_type s2n_server_cert_status_request_extension; diff --git a/contrib/restricted/aws/s2n/tls/s2n_cbc.c b/contrib/restricted/aws/s2n/tls/s2n_cbc.c index 4022d31782..cc9d0546dc 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cbc.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cbc.c @@ -83,10 +83,12 @@ int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, str } /* Check the maximum amount that could theoretically be padding */ - int check = MIN(255, (payload_and_padding_size - 1)); + uint32_t check = MIN(255, (payload_and_padding_size - 1)); - int cutoff = check - padding_length; - for (uint32_t i = 0, j = decrypted->size - 1 - check; i < check && j < decrypted->size; i++, j++) { + POSIX_ENSURE_GTE(check, padding_length); + + uint32_t cutoff = check - padding_length; + for (size_t i = 0, j = decrypted->size - 1 - check; i < check && j < decrypted->size; i++, j++) { uint8_t mask = ~(0xff << ((i >= cutoff) * 8)); mismatches |= (decrypted->data[j] ^ padding_length) & mask; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c index d3a19746ad..84e0c94d02 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c @@ -1157,7 +1157,7 @@ int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_C static int s2n_wire_ciphers_contain(const uint8_t *match, const uint8_t *wire, uint32_t count, uint32_t cipher_suite_len) { - for (uint32_t i = 0; i < count; i++) { + for (size_t i = 0; i < count; i++) { const uint8_t *theirs = wire + (i * cipher_suite_len) + (cipher_suite_len - S2N_TLS_CIPHER_SUITE_LEN); if (!memcmp(match, theirs, S2N_TLS_CIPHER_SUITE_LEN)) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c index f185292ea0..c0dbabe67b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c @@ -69,8 +69,14 @@ static S2N_RESULT s2n_generate_client_session_id(struct s2n_connection *conn) return S2N_RESULT_OK; } - /* Only generate the session id for TLS1.3 if in middlebox compatibility mode */ - if (conn->client_protocol_version >= S2N_TLS13 && !s2n_is_middlebox_compat_enabled(conn)) { + /* Only generate the session id for TLS1.3 if in middlebox compatibility mode + * + * s2n_connection_get_protocol_version, which returns conn->actual_protocol_version, is used here because + * s2n_tls12_client_deserialize_session_state sets actual_protocol_version based on the protocol the + * server that issued the session ticket indicated. If we are attempting to resume a session for that + * session ticket, we should base the decision of whether to generate a session ID on the protocol version + * we are attempting to resume with. */ + if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13 && !s2n_is_middlebox_compat_enabled(conn)) { return S2N_RESULT_OK; } @@ -499,31 +505,24 @@ fail: RESULT_BAIL(S2N_ERR_CANCELLED); } -bool s2n_client_hello_invoke_callback(struct s2n_connection *conn) -{ - /* Invoke only if the callback has not been called or if polling mode is enabled */ - bool invoke = !conn->client_hello.callback_invoked || conn->config->client_hello_cb_enable_poll; - /* - * The callback should not be called if this client_hello is in response to a hello retry. - */ - return invoke && !IS_HELLO_RETRY_HANDSHAKE(conn); -} - int s2n_client_hello_recv(struct s2n_connection *conn) { - if (conn->config->client_hello_cb_enable_poll == 0) { - POSIX_ENSURE(conn->client_hello.callback_async_blocked == 0, S2N_ERR_ASYNC_BLOCKED); - } + POSIX_ENSURE(!conn->client_hello.callback_async_blocked, S2N_ERR_ASYNC_BLOCKED); - if (conn->client_hello.parsed == 0) { - /* Parse client hello */ + /* Only parse the ClientHello once */ + if (!conn->client_hello.parsed) { POSIX_GUARD(s2n_parse_client_hello(conn)); - conn->client_hello.parsed = 1; + conn->client_hello.parsed = true; } - /* Call the client_hello_cb once unless polling is enabled. */ - if (s2n_client_hello_invoke_callback(conn)) { + + /* Only invoke the ClientHello callback once. + * This means that we do NOT invoke the callback again on the second ClientHello + * in a TLS1.3 retry handshake. We explicitly check for a retry because the + * callback state may have been cleared while parsing the second ClientHello. + */ + if (!conn->client_hello.callback_invoked && !IS_HELLO_RETRY_HANDSHAKE(conn)) { /* Mark the collected client hello as available when parsing is done and before the client hello callback */ - conn->client_hello.callback_invoked = 1; + conn->client_hello.callback_invoked = true; /* Call client_hello_cb if exists, letting application to modify s2n_connection or swap s2n_config */ if (conn->config->client_hello_cb) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c index 71abae5903..e057984a75 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.c +++ b/contrib/restricted/aws/s2n/tls/s2n_config.c @@ -85,7 +85,6 @@ static int s2n_config_setup_fips(struct s2n_config *config) static int s2n_config_init(struct s2n_config *config) { - config->status_request_type = S2N_STATUS_REQUEST_NONE; config->wall_clock = wall_clock; config->monotonic_clock = monotonic_clock; config->ct_type = S2N_CT_SUPPORT_NONE; @@ -439,7 +438,12 @@ int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_req S2N_ERROR_IF(type == S2N_STATUS_REQUEST_OCSP && !s2n_x509_ocsp_stapling_supported(), S2N_ERR_OCSP_NOT_SUPPORTED); POSIX_ENSURE_REF(config); - config->status_request_type = type; + config->ocsp_status_requested_by_user = (type == S2N_STATUS_REQUEST_OCSP); + + /* Reset the ocsp_status_requested_by_s2n flag if OCSP status requests were disabled. */ + if (type == S2N_STATUS_REQUEST_NONE) { + config->ocsp_status_requested_by_s2n = false; + } return 0; } @@ -469,7 +473,7 @@ int s2n_config_set_verification_ca_location(struct s2n_config *config, const cha int err_code = s2n_x509_trust_store_from_ca_file(&config->trust_store, ca_pem_filename, ca_dir); if (!err_code) { - config->status_request_type = s2n_x509_ocsp_stapling_supported() ? S2N_STATUS_REQUEST_OCSP : S2N_STATUS_REQUEST_NONE; + config->ocsp_status_requested_by_s2n = s2n_x509_ocsp_stapling_supported() ? S2N_STATUS_REQUEST_OCSP : S2N_STATUS_REQUEST_NONE; } return err_code; @@ -575,7 +579,7 @@ int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, /* Validate certs being set before clearing auto-chosen defaults or previously set defaults */ struct certs_by_type new_defaults = { { 0 } }; - for (uint32_t i = 0; i < num_cert_key_pairs; i++) { + for (size_t i = 0; i < num_cert_key_pairs; i++) { POSIX_ENSURE_REF(cert_key_pairs[i]); s2n_pkey_type cert_type = s2n_cert_chain_and_key_get_pkey_type(cert_key_pairs[i]); S2N_ERROR_IF(new_defaults.certs[cert_type] != NULL, S2N_ERR_MULTIPLE_DEFAULT_CERTIFICATES_PER_AUTH_TYPE); @@ -583,7 +587,7 @@ int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, } POSIX_GUARD(s2n_config_clear_default_certificates(config)); - for (uint32_t i = 0; i < num_cert_key_pairs; i++) { + for (size_t i = 0; i < num_cert_key_pairs; i++) { s2n_pkey_type cert_type = s2n_cert_chain_and_key_get_pkey_type(cert_key_pairs[i]); config->is_rsa_cert_configured |= (cert_type == S2N_PKEY_TYPE_RSA); config->default_certs_by_type.certs[cert_type] = cert_key_pairs[i]; @@ -986,20 +990,6 @@ int s2n_config_get_ctx(struct s2n_config *config, void **ctx) return S2N_SUCCESS; } -/* - * Set the client_hello callback behavior to polling. - * - * Polling means that the callback function can be called multiple times. - */ -int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) -{ - POSIX_ENSURE_REF(config); - - config->client_hello_cb_enable_poll = 1; - - return S2N_SUCCESS; -} - int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size) { POSIX_ENSURE_REF(config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.h b/contrib/restricted/aws/s2n/tls/s2n_config.h index 86bdd77d8d..16eaba6183 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.h +++ b/contrib/restricted/aws/s2n/tls/s2n_config.h @@ -80,12 +80,6 @@ struct s2n_config { */ unsigned no_signing_key : 1; /* - * This option exists to allow for polling the client_hello callback. - * - * Note: This defaults to false to ensure backwards compatibility. - */ - unsigned client_hello_cb_enable_poll : 1; - /* * Whether to verify signatures locally before sending them over the wire. * See s2n_config_set_verify_after_sign. */ @@ -101,6 +95,12 @@ struct s2n_config { */ unsigned recv_multi_record : 1; + /* Indicates whether the user has enabled OCSP status requests */ + unsigned ocsp_status_requested_by_user : 1; + + /* Indicates whether s2n has enabled OCSP status requests, for backwards compatibility */ + unsigned ocsp_status_requested_by_s2n : 1; + struct s2n_dh_params *dhparams; /* Needed until we can deprecate s2n_config_add_cert_chain_and_key. This is * used to release memory allocated only in the deprecated API that the application @@ -108,7 +108,6 @@ struct s2n_config { struct s2n_map *domain_name_to_cert_map; struct certs_by_type default_certs_by_type; struct s2n_blob application_protocols; - s2n_status_request_type status_request_type; s2n_clock_time_nanoseconds wall_clock; s2n_clock_time_nanoseconds monotonic_clock; diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.c b/contrib/restricted/aws/s2n/tls/s2n_connection.c index d599be8659..5fd809ab00 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.c @@ -71,7 +71,7 @@ struct s2n_connection *s2n_connection_new(s2n_mode mode) PTR_GUARD_POSIX(s2n_connection_set_config(conn, s2n_fetch_default_config())); - /* `mode` is initialized here since its passed in as a parameter. */ + /* `mode` is initialized here since it's passed in as a parameter. */ conn->mode = mode; /* Allocate the fixed-size stuffers */ @@ -352,6 +352,19 @@ int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *co conn->multirecord_send = true; } + /* Historically, calling s2n_config_set_verification_ca_location enabled OCSP stapling + * regardless of the value set by an application calling s2n_config_set_status_request_type. + * We maintain this behavior for backwards compatibility. + * + * However, the s2n_config_set_verification_ca_location behavior predates client authentication + * support for OCSP stapling, so could only affect whether clients requested OCSP stapling. We + * therefore only have to maintain the legacy behavior for clients, not servers. + */ + conn->request_ocsp_status = config->ocsp_status_requested_by_user; + if (config->ocsp_status_requested_by_s2n && conn->mode == S2N_CLIENT) { + conn->request_ocsp_status = true; + } + conn->config = config; return S2N_SUCCESS; } @@ -1042,9 +1055,10 @@ int s2n_connection_get_session_id(struct s2n_connection *conn, uint8_t *session_ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(session_id); - int session_id_len = s2n_connection_get_session_id_length(conn); + const int session_id_len = s2n_connection_get_session_id_length(conn); + POSIX_GUARD(session_id_len); - S2N_ERROR_IF(session_id_len > max_length, S2N_ERR_SESSION_ID_TOO_LONG); + POSIX_ENSURE((size_t) session_id_len <= max_length, S2N_ERR_SESSION_ID_TOO_LONG); POSIX_CHECKED_MEMCPY(session_id, conn->session_id, session_id_len); @@ -1343,7 +1357,10 @@ int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct s2n_openssl_x509_stack_pop_free); POSIX_ENSURE_REF(cert_chain_validated); - for (size_t cert_idx = 0; cert_idx < sk_X509_num(cert_chain_validated); cert_idx++) { + int cert_count = sk_X509_num(cert_chain_validated); + POSIX_ENSURE_GTE(cert_count, 0); + + for (size_t cert_idx = 0; cert_idx < (size_t) cert_count; cert_idx++) { X509 *cert = sk_X509_value(cert_chain_validated, cert_idx); POSIX_ENSURE_REF(cert); DEFER_CLEANUP(uint8_t *cert_data = NULL, s2n_crypto_free); diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.h b/contrib/restricted/aws/s2n/tls/s2n_connection.h index 1711eb75a5..503b488ff5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.h +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.h @@ -138,6 +138,9 @@ struct s2n_connection { unsigned ktls_send_enabled : 1; unsigned ktls_recv_enabled : 1; + /* Indicates whether the connection should request OCSP stapling from the peer */ + unsigned request_ocsp_status : 1; + /* The configuration (cert, key .. etc ) */ struct s2n_config *config; diff --git a/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c b/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c index be2caaff4c..8c7730b829 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c +++ b/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c @@ -88,7 +88,7 @@ S2N_RESULT s2n_early_data_record_bytes(struct s2n_connection *conn, ssize_t data } /* Ensure the bytes read are within the bounds of what we can actually record. */ - if (data_len > (UINT64_MAX - conn->early_data_bytes)) { + if ((size_t) data_len > (UINT64_MAX - conn->early_data_bytes)) { conn->early_data_bytes = UINT64_MAX; RESULT_BAIL(S2N_ERR_INTEGER_OVERFLOW); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_fingerprint.c b/contrib/restricted/aws/s2n/tls/s2n_fingerprint.c index db21d6ca6f..e55162cd1a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_fingerprint.c +++ b/contrib/restricted/aws/s2n/tls/s2n_fingerprint.c @@ -99,7 +99,7 @@ static S2N_RESULT s2n_fingerprint_write_entry(struct s2n_stuffer *stuffer, RESULT_ENSURE_GT(written, 0); RESULT_ENSURE_LTE(written, S2N_UINT16_STR_MAX_SIZE); - if (s2n_stuffer_space_remaining(stuffer) < written) { + if (s2n_stuffer_space_remaining(stuffer) < (uint64_t) written) { RESULT_GUARD(s2n_fingerprint_hash_flush(hash, stuffer)); } RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(stuffer, entry, written)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_internal.h b/contrib/restricted/aws/s2n/tls/s2n_internal.h index 2f6e70cab0..87076a7e54 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_internal.h +++ b/contrib/restricted/aws/s2n/tls/s2n_internal.h @@ -44,11 +44,3 @@ struct s2n_connection; * modified after it has been built. Doing so is undefined behavior. */ S2N_PRIVATE_API int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); - -/* - * Enable polling the async client_hello callback to make progress. - * - * `s2n_negotiate` must be called multiple times to poll the callback function - * and make progress. - */ -S2N_PRIVATE_API int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.c b/contrib/restricted/aws/s2n/tls/s2n_kem.c index 4c830e6960..373d9b543f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.c @@ -250,7 +250,7 @@ int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params) int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_iana_to_kem **compatible_params) { - for (int i = 0; i < s2n_array_len(kem_mapping); i++) { + for (size_t i = 0; i < s2n_array_len(kem_mapping); i++) { const struct s2n_iana_to_kem *candidate = &kem_mapping[i]; if (memcmp(iana_value, candidate->iana_value, S2N_TLS_CIPHER_SUITE_LEN) == 0) { *compatible_params = candidate; @@ -262,7 +262,7 @@ int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem) { - for (int i = 0; i < s2n_array_len(kem_mapping); i++) { + for (size_t i = 0; i < s2n_array_len(kem_mapping); i++) { const struct s2n_iana_to_kem *iana_to_kem = &kem_mapping[i]; for (int j = 0; j < iana_to_kem->kem_count; j++) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_prf.c b/contrib/restricted/aws/s2n/tls/s2n_prf.c index 131c26ef2f..3519f08365 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_prf.c +++ b/contrib/restricted/aws/s2n/tls/s2n_prf.c @@ -400,7 +400,7 @@ static int s2n_p_hash(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, uint32_t bytes_to_xor = MIN(outputlen, digest_size); - for (uint32_t i = 0; i < bytes_to_xor; i++) { + for (size_t i = 0; i < bytes_to_xor; i++) { *output ^= ws->digest1[i]; output++; outputlen--; diff --git a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c index 2a4ea614a5..83fbbbd5f9 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c @@ -107,8 +107,9 @@ S2N_RESULT s2n_protocol_preferences_set(struct s2n_blob *application_protocols, * s2n_realloc will just update the size field here */ RESULT_GUARD_POSIX(s2n_realloc(&new_protocols, 0)); + RESULT_ENSURE_GTE(protocol_count, 0); - for (size_t i = 0; i < protocol_count; i++) { + for (size_t i = 0; i < (size_t) protocol_count; i++) { const uint8_t *protocol = (const uint8_t *) protocols[i]; size_t length = strlen(protocols[i]); diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_write.c b/contrib/restricted/aws/s2n/tls/s2n_record_write.c index a6275769b5..9a3ed93fd3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_write.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_write.c @@ -547,6 +547,6 @@ S2N_RESULT s2n_record_write(struct s2n_connection *conn, uint8_t content_type, s iov.iov_len = in->size; int written = s2n_record_writev(conn, content_type, &iov, 1, 0, in->size); RESULT_GUARD_POSIX(written); - RESULT_ENSURE(written == in->size, S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE); + RESULT_ENSURE((uint32_t) written == in->size, S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_resume.c b/contrib/restricted/aws/s2n/tls/s2n_resume.c index 48b3d52024..bd8015e475 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_resume.c +++ b/contrib/restricted/aws/s2n/tls/s2n_resume.c @@ -470,13 +470,14 @@ int s2n_connection_get_session(struct s2n_connection *conn, uint8_t *session, si POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(session); - int len = s2n_connection_get_session_length(conn); + const int len = s2n_connection_get_session_length(conn); + POSIX_GUARD(len); if (len == 0) { return 0; } - S2N_ERROR_IF(len > max_length, S2N_ERR_SERIALIZED_SESSION_STATE_TOO_LONG); + POSIX_ENSURE((size_t) len <= max_length, S2N_ERR_SERIALIZED_SESSION_STATE_TOO_LONG); struct s2n_blob serialized_data = { 0 }; POSIX_GUARD(s2n_blob_init(&serialized_data, session, len)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_send.c b/contrib/restricted/aws/s2n/tls/s2n_send.c index 65b3e07813..34d7a8f613 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_send.c +++ b/contrib/restricted/aws/s2n/tls/s2n_send.c @@ -165,10 +165,10 @@ ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iov } /* Defensive check against an invalid retry */ - if (offs) { + if (offs > 0) { const struct iovec *_bufs = bufs; ssize_t _count = count; - while (offs >= _bufs->iov_len && _count > 0) { + while ((size_t) offs >= _bufs->iov_len && _count > 0) { offs -= _bufs->iov_len; _bufs++; _count--; diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c b/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c index 68016373fa..65de1e5471 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c @@ -69,7 +69,7 @@ static int s2n_recv_client_cert_preferences(struct s2n_stuffer *in, s2n_cert_typ POSIX_ENSURE_REF(their_cert_type_pref_list); /* Iterate through our preference list from most to least preferred, and return the first match that we find. */ - for (int our_cert_pref_idx = 0; our_cert_pref_idx < sizeof(s2n_cert_type_preference_list); our_cert_pref_idx++) { + for (size_t our_cert_pref_idx = 0; our_cert_pref_idx < sizeof(s2n_cert_type_preference_list); our_cert_pref_idx++) { for (int their_cert_idx = 0; their_cert_idx < cert_types_len; their_cert_idx++) { if (their_cert_type_pref_list[their_cert_idx] == s2n_cert_type_preference_list[our_cert_pref_idx]) { *chosen_cert_type_out = s2n_cert_type_preference_list[our_cert_pref_idx]; diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c index 6453862e5a..4dfaf37cd7 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c @@ -294,7 +294,7 @@ int s2n_recv_supported_sig_scheme_list(struct s2n_stuffer *in, struct s2n_sig_sc sig_hash_algs->len = 0; - for (size_t i = 0; i < pairs_available; i++) { + for (size_t i = 0; i < (size_t) pairs_available; i++) { uint16_t sig_scheme = 0; POSIX_GUARD(s2n_stuffer_read_uint16(in, &sig_scheme)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c index da32793643..3f63c81fa0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c +++ b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c @@ -334,9 +334,9 @@ static S2N_RESULT s2n_verify_host_information_common_name(struct s2n_connection *cn_found = true; char peer_cn[255] = { 0 }; - int len = ASN1_STRING_length(common_name); - - RESULT_ENSURE_GT(len, 0); + int cn_len = ASN1_STRING_length(common_name); + RESULT_ENSURE_GT(cn_len, 0); + uint32_t len = (uint32_t) cn_len; RESULT_ENSURE_LTE(len, s2n_array_len(peer_cn) - 1); RESULT_CHECKED_MEMCPY(peer_cn, ASN1_STRING_data(common_name), len); RESULT_ENSURE(conn->verify_host_fn(peer_cn, len, conn->data_for_verify_host), S2N_ERR_CERT_UNTRUSTED); diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.c b/contrib/restricted/aws/s2n/utils/s2n_map.c index ad0cabcaa2..e95679553e 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_map.c +++ b/contrib/restricted/aws/s2n/utils/s2n_map.c @@ -63,7 +63,7 @@ static S2N_RESULT s2n_map_embiggen(struct s2n_map *map, uint32_t capacity) tmp.table = (void *) mem.data; tmp.immutable = 0; - for (uint32_t i = 0; i < map->capacity; i++) { + for (size_t i = 0; i < map->capacity; i++) { if (map->table[i].key.size) { RESULT_GUARD(s2n_map_add(&tmp, &map->table[i].key, &map->table[i].value)); RESULT_GUARD_POSIX(s2n_free(&map->table[i].key)); @@ -231,7 +231,7 @@ S2N_RESULT s2n_map_free(struct s2n_map *map) /* Free the keys and values */ /* cppcheck has a false positive warning for checking the pointer here */ /* cppcheck-suppress nullPointerRedundantCheck */ - for (uint32_t i = 0; i < map->capacity; i++) { + for (size_t i = 0; i < map->capacity; i++) { if (map->table[i].key.size) { RESULT_GUARD_POSIX(s2n_free(&map->table[i].key)); RESULT_GUARD_POSIX(s2n_free(&map->table[i].value)); diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.c b/contrib/restricted/aws/s2n/utils/s2n_random.c index fa6ec242f8..d730c64d03 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_random.c +++ b/contrib/restricted/aws/s2n/utils/s2n_random.c @@ -492,7 +492,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) #if defined(__x86_64__) || defined(__i386__) struct s2n_blob out = { 0 }; POSIX_GUARD(s2n_blob_init(&out, data, size)); - int space_remaining = 0; + size_t space_remaining = 0; struct s2n_stuffer stuffer = { 0 }; union { uint64_t u64; @@ -583,7 +583,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) POSIX_ENSURE(success, S2N_ERR_RDRAND_FAILED); - int data_to_fill = MIN(sizeof(output), space_remaining); + size_t data_to_fill = MIN(sizeof(output), space_remaining); POSIX_GUARD(s2n_stuffer_write_bytes(&stuffer, output.u8, data_to_fill)); } diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.c b/contrib/restricted/aws/s2n/utils/s2n_safety.c index dad46f8ded..f6f200777e 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety.c +++ b/contrib/restricted/aws/s2n/utils/s2n_safety.c @@ -61,7 +61,7 @@ bool s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, const uint32_t uint8_t xor = !((a_inc == 1) & (b_inc == 1)); /* iterate over each byte in the slices */ - for (uint32_t i = 0; i < len; i++) { + for (size_t i = 0; i < len; i++) { /* Invariants must hold for each execution of the loop * and at loop exit, hence the <= */ S2N_INVARIANT(i <= len); @@ -99,7 +99,7 @@ int s2n_constant_time_copy_or_dont(uint8_t *dest, const uint8_t *src, uint32_t l /* dont = 0 : mask = 0xff */ /* dont > 0 : mask = 0x00 */ - for (uint32_t i = 0; i < len; i++) { + for (size_t i = 0; i < len; i++) { uint8_t old = dest[i]; uint8_t diff = (old ^ src[i]) & mask; dest[i] = old ^ diff; @@ -140,7 +140,7 @@ int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t *dst, const uint8_t *src, uint dont_copy |= src[1] ^ 0x02; dont_copy |= *(start_of_data - 1) ^ 0x00; - for (uint32_t i = 2; i < srclen - expectlen - 1; i++) { + for (size_t i = 2; i < srclen - expectlen - 1; i++) { /* Note! We avoid using logical NOT (!) here; while in practice * many compilers will use constant-time sequences for this operator, * at least on x86 (e.g. cmp -> setcc, or vectorized pcmpeq), this is diff --git a/contrib/restricted/aws/s2n/ya.make b/contrib/restricted/aws/s2n/ya.make index 38653e686e..74a80e88da 100644 --- a/contrib/restricted/aws/s2n/ya.make +++ b/contrib/restricted/aws/s2n/ya.make @@ -12,9 +12,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(1.3.37) +VERSION(1.3.38) -ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.37.tar.gz) +ORIGINAL_SOURCE(https://github.com/aws/s2n-tls/archive/v1.3.38.tar.gz) PEERDIR( contrib/libs/openssl @@ -150,6 +150,7 @@ SRCS( tls/extensions/s2n_psk_key_exchange_modes.c tls/extensions/s2n_quic_transport_params.c tls/extensions/s2n_server_alpn.c + tls/extensions/s2n_server_cert_status_request.c tls/extensions/s2n_server_cookie.c tls/extensions/s2n_server_early_data_indication.c tls/extensions/s2n_server_ems.c |