diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-22 08:12:51 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-22 08:12:51 +0300 |
commit | 5e473ae99515dcc385d93e469a3b5bcce2a316e6 (patch) | |
tree | 2069fa52e25be8cdc325780d273ddcff70b4fb8a /contrib/restricted/aws/s2n/tls | |
parent | fb9ac8a6a226ef5b6aa8fc8d58563d5e69680766 (diff) | |
download | ydb-5e473ae99515dcc385d93e469a3b5bcce2a316e6.tar.gz |
Update contrib/restricted/aws/s2n to 1.3.30
Diffstat (limited to 'contrib/restricted/aws/s2n/tls')
20 files changed, 376 insertions, 84 deletions
diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c index 3690338fd3..62d5951e99 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c @@ -55,6 +55,7 @@ struct s2n_cipher_suite *cipher_suites_20190801[] = { const struct s2n_cipher_preferences cipher_preferences_20190801 = { .count = s2n_array_len(cipher_suites_20190801), .suites = cipher_suites_20190801, + .allow_chacha20_boosting = false, }; /* Same as 20190801, but with ECDSA for TLS 1.2 added */ @@ -80,6 +81,7 @@ struct s2n_cipher_suite *cipher_suites_20210831[] = { const struct s2n_cipher_preferences cipher_preferences_20210831 = { .count = s2n_array_len(cipher_suites_20210831), .suites = cipher_suites_20210831, + .allow_chacha20_boosting = false, }; /* @@ -107,6 +109,7 @@ struct s2n_cipher_suite *cipher_suites_default_fips[] = { const struct s2n_cipher_preferences cipher_preferences_default_fips = { .count = s2n_array_len(cipher_suites_default_fips), .suites = cipher_suites_default_fips, + .allow_chacha20_boosting = false, }; /* s2n's list of cipher suites, in order of preference, as of 2014-06-01 */ @@ -124,12 +127,14 @@ struct s2n_cipher_suite *cipher_suites_20140601[] = { const struct s2n_cipher_preferences cipher_preferences_20140601 = { .count = s2n_array_len(cipher_suites_20140601), .suites = cipher_suites_20140601, + .allow_chacha20_boosting = false, }; /* Disable SSLv3 due to POODLE */ const struct s2n_cipher_preferences cipher_preferences_20141001 = { .count = s2n_array_len(cipher_suites_20140601), .suites = cipher_suites_20140601, + .allow_chacha20_boosting = false, }; /* Disable RC4 */ @@ -145,6 +150,7 @@ struct s2n_cipher_suite *cipher_suites_20150202[] = { const struct s2n_cipher_preferences cipher_preferences_20150202 = { .count = s2n_array_len(cipher_suites_20150202), .suites = cipher_suites_20150202, + .allow_chacha20_boosting = false, }; /* Support AES-GCM modes */ @@ -162,6 +168,7 @@ struct s2n_cipher_suite *cipher_suites_20150214[] = { const struct s2n_cipher_preferences cipher_preferences_20150214 = { .count = s2n_array_len(cipher_suites_20150214), .suites = cipher_suites_20150214, + .allow_chacha20_boosting = false, }; /* Make a CBC cipher #1 to avoid negotiating GCM with buggy Java clients */ @@ -184,6 +191,7 @@ struct s2n_cipher_suite *cipher_suites_20160411[] = { const struct s2n_cipher_preferences cipher_preferences_20160411 = { .count = s2n_array_len(cipher_suites_20160411), .suites = cipher_suites_20160411, + .allow_chacha20_boosting = false, }; /* Use ECDHE instead of plain DHE. Prioritize ECDHE in favour of non ECDHE; GCM in favour of CBC; AES128 in favour of AES256. */ @@ -203,6 +211,7 @@ struct s2n_cipher_suite *cipher_suites_20150306[] = { const struct s2n_cipher_preferences cipher_preferences_20150306 = { .count = s2n_array_len(cipher_suites_20150306), .suites = cipher_suites_20150306, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_20160804[] = { @@ -224,6 +233,7 @@ struct s2n_cipher_suite *cipher_suites_20160804[] = { const struct s2n_cipher_preferences cipher_preferences_20160804 = { .count = s2n_array_len(cipher_suites_20160804), .suites = cipher_suites_20160804, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_20160824[] = { @@ -240,6 +250,7 @@ struct s2n_cipher_suite *cipher_suites_20160824[] = { const struct s2n_cipher_preferences cipher_preferences_20160824 = { .count = s2n_array_len(cipher_suites_20160824), .suites = cipher_suites_20160824, + .allow_chacha20_boosting = false, }; /* Add ChaCha20 suite */ @@ -258,6 +269,7 @@ struct s2n_cipher_suite *cipher_suites_20170210[] = { const struct s2n_cipher_preferences cipher_preferences_20170210 = { .count = s2n_array_len(cipher_suites_20170210), .suites = cipher_suites_20170210, + .allow_chacha20_boosting = false, }; /* Same as 20160411, but with ChaCha20 added as 1st in Preference List */ @@ -281,6 +293,7 @@ struct s2n_cipher_suite *cipher_suites_20190122[] = { const struct s2n_cipher_preferences cipher_preferences_20190122 = { .count = s2n_array_len(cipher_suites_20190122), .suites = cipher_suites_20190122, + .allow_chacha20_boosting = false, }; /* Same as 20160804, but with ChaCha20 added as 2nd in Preference List */ @@ -304,6 +317,7 @@ struct s2n_cipher_suite *cipher_suites_20190121[] = { const struct s2n_cipher_preferences cipher_preferences_20190121 = { .count = s2n_array_len(cipher_suites_20190121), .suites = cipher_suites_20190121, + .allow_chacha20_boosting = false, }; /* Same as 20160411, but with ChaCha20 in 3rd Place after CBC and GCM */ @@ -327,6 +341,7 @@ struct s2n_cipher_suite *cipher_suites_20190120[] = { const struct s2n_cipher_preferences cipher_preferences_20190120 = { .count = s2n_array_len(cipher_suites_20190120), .suites = cipher_suites_20190120, + .allow_chacha20_boosting = false, }; /* Preferences optimized for interop, includes ECDSA priortitized. DHE and 3DES are added(at the lowest preference). */ @@ -361,6 +376,7 @@ struct s2n_cipher_suite *cipher_suites_20190214[] = { const struct s2n_cipher_preferences cipher_preferences_20190214 = { .count = s2n_array_len(cipher_suites_20190214), .suites = cipher_suites_20190214, + .allow_chacha20_boosting = false, }; /* 20190214 with aes-gcm prioritized above aes-cbc */ @@ -395,6 +411,7 @@ struct s2n_cipher_suite *cipher_suites_20190214_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20190214_gcm = { .count = s2n_array_len(cipher_suites_20190214_gcm), .suites = cipher_suites_20190214_gcm, + .allow_chacha20_boosting = false, }; /* Same as cipher_suites_20190214, but with TLS 1.3 Ciphers */ @@ -430,6 +447,7 @@ struct s2n_cipher_suite *cipher_suites_20210825[] = { const struct s2n_cipher_preferences cipher_preferences_20210825 = { .count = s2n_array_len(cipher_suites_20210825), .suites = cipher_suites_20210825, + .allow_chacha20_boosting = false, }; /* Same as cipher_suites_20190214_gcm, but with TLS 1.3 Ciphers */ @@ -465,6 +483,7 @@ struct s2n_cipher_suite *cipher_suites_20210825_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20210825_gcm = { .count = s2n_array_len(cipher_suites_20210825_gcm), .suites = cipher_suites_20210825_gcm, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_null[] = { @@ -474,6 +493,7 @@ struct s2n_cipher_suite *cipher_suites_null[] = { const struct s2n_cipher_preferences cipher_preferences_null = { .count = s2n_array_len(cipher_suites_null), .suites = cipher_suites_null, + .allow_chacha20_boosting = false, }; /* Preferences optimized for interop. DHE and 3DES are added(at the lowest preference). */ @@ -502,6 +522,7 @@ struct s2n_cipher_suite *cipher_suites_20170328[] = { const struct s2n_cipher_preferences cipher_preferences_20170328 = { .count = s2n_array_len(cipher_suites_20170328), .suites = cipher_suites_20170328, + .allow_chacha20_boosting = false, }; /* Equivalent to cipher_suites_20170328 with aes-gcm prioritized above aes-cbc */ @@ -530,6 +551,7 @@ struct s2n_cipher_suite *cipher_suites_20170328_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20170328_gcm = { .count = s2n_array_len(cipher_suites_20170328_gcm), .suites = cipher_suites_20170328_gcm, + .allow_chacha20_boosting = false, }; /* Preferences optimized for FIPS compatibility. */ @@ -550,6 +572,7 @@ struct s2n_cipher_suite *cipher_suites_20170405[] = { const struct s2n_cipher_preferences cipher_preferences_20170405 = { .count = s2n_array_len(cipher_suites_20170405), .suites = cipher_suites_20170405, + .allow_chacha20_boosting = false, }; /* Preferences optimized for FIPS compatibility with GCM prioritized */ @@ -570,6 +593,7 @@ struct s2n_cipher_suite *cipher_suites_20170405_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20170405_gcm = { .count = s2n_array_len(cipher_suites_20170405_gcm), .suites = cipher_suites_20170405_gcm, + .allow_chacha20_boosting = false, }; /* Equivalent to cipher_suite_20160411 with 3DES removed. @@ -592,6 +616,7 @@ struct s2n_cipher_suite *cipher_suites_20170718[] = { const struct s2n_cipher_preferences cipher_preferences_20170718 = { .count = s2n_array_len(cipher_suites_20170718), .suites = cipher_suites_20170718, + .allow_chacha20_boosting = false, }; /* Equivalent to cipher_suites_20170718 with aes-gcm prioritized above aes-cbc */ @@ -613,6 +638,7 @@ struct s2n_cipher_suite *cipher_suites_20170718_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20170718_gcm = { .count = s2n_array_len(cipher_suites_20170718_gcm), .suites = cipher_suites_20170718_gcm, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_2015_04[] = { @@ -640,6 +666,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_2015_04[] = { const struct s2n_cipher_preferences elb_security_policy_2015_04 = { .count = s2n_array_len(cipher_suites_elb_security_policy_2015_04), .suites = cipher_suites_elb_security_policy_2015_04, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_2016_08[] = { @@ -666,6 +693,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_2016_08[] = { const struct s2n_cipher_preferences elb_security_policy_2016_08 = { .count = s2n_array_len(cipher_suites_elb_security_policy_2016_08), .suites = cipher_suites_elb_security_policy_2016_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_2_2017_01[] = { @@ -686,6 +714,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_2_2017_01[] = { const struct s2n_cipher_preferences elb_security_policy_tls_1_2_2017_01 = { .count = s2n_array_len(cipher_suites_elb_security_policy_tls_1_2_2017_01), .suites = cipher_suites_elb_security_policy_tls_1_2_2017_01, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_1_2017_01[] = { @@ -712,6 +741,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_1_2017_01[] = { const struct s2n_cipher_preferences elb_security_policy_tls_1_1_2017_01 = { .count = s2n_array_len(cipher_suites_elb_security_policy_tls_1_1_2017_01), .suites = cipher_suites_elb_security_policy_tls_1_1_2017_01, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_2_ext_2018_06[] = { @@ -738,6 +768,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_tls_1_2_ext_2018_06[] const struct s2n_cipher_preferences elb_security_policy_tls_1_2_ext_2018_06 = { .count = s2n_array_len(cipher_suites_elb_security_policy_tls_1_2_ext_2018_06), .suites = cipher_suites_elb_security_policy_tls_1_2_ext_2018_06, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_2018_06[] = { @@ -758,6 +789,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_2018_06[] = { const struct s2n_cipher_preferences elb_security_policy_fs_2018_06 = { .count = s2n_array_len(cipher_suites_elb_security_policy_fs_2018_06), .suites = cipher_suites_elb_security_policy_fs_2018_06, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_2_2019_08[] = { @@ -778,6 +810,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_2_2019_08[] = { const struct s2n_cipher_preferences elb_security_policy_fs_1_2_2019_08 = { .count = s2n_array_len(cipher_suites_elb_security_policy_fs_1_2_2019_08), .suites = cipher_suites_elb_security_policy_fs_1_2_2019_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_1_2019_08[] = { @@ -798,6 +831,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_1_2019_08[] = { const struct s2n_cipher_preferences elb_security_policy_fs_1_1_2019_08 = { .count = s2n_array_len(cipher_suites_elb_security_policy_fs_1_1_2019_08), .suites = cipher_suites_elb_security_policy_fs_1_1_2019_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_2_Res_2019_08[] = { @@ -814,6 +848,7 @@ struct s2n_cipher_suite *cipher_suites_elb_security_policy_fs_1_2_Res_2019_08[] const struct s2n_cipher_preferences elb_security_policy_fs_1_2_Res_2019_08 = { .count = s2n_array_len(cipher_suites_elb_security_policy_fs_1_2_Res_2019_08), .suites = cipher_suites_elb_security_policy_fs_1_2_Res_2019_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_upstream[] = { @@ -841,6 +876,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_upstream[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_upstream = { .count = s2n_array_len(cipher_suites_cloudfront_upstream), .suites = cipher_suites_cloudfront_upstream, + .allow_chacha20_boosting = false, }; /* CloudFront viewer facing (with TLS 1.3) */ @@ -865,6 +901,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_ssl_v_3[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_ssl_v_3 = { .count = s2n_array_len(cipher_suites_cloudfront_ssl_v_3), .suites = cipher_suites_cloudfront_ssl_v_3, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2014[] = { @@ -894,6 +931,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2014[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2014 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_0_2014), .suites = cipher_suites_cloudfront_tls_1_0_2014, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2016[] = { @@ -922,6 +960,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2016[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2016 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_0_2016), .suites = cipher_suites_cloudfront_tls_1_0_2016, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_1_2016[] = { @@ -950,6 +989,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_1_2016[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_1_2016 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_1_2016), .suites = cipher_suites_cloudfront_tls_1_1_2016, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2018[] = { @@ -972,6 +1012,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2018[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2018 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2018), .suites = cipher_suites_cloudfront_tls_1_2_2018, + .allow_chacha20_boosting = false, }; /* CloudFront viewer facing legacy TLS 1.2 policies */ @@ -1000,6 +1041,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_ssl_v_3_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_ssl_v_3_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_ssl_v_3_legacy), .suites = cipher_suites_cloudfront_ssl_v_3_legacy, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2014_legacy[] = { @@ -1026,6 +1068,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2014_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2014_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_0_2014_legacy), .suites = cipher_suites_cloudfront_tls_1_0_2014_legacy, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2016_legacy[] = { @@ -1051,6 +1094,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_0_2016_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2016_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_0_2016_legacy), .suites = cipher_suites_cloudfront_tls_1_0_2016_legacy, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_1_2016_legacy[] = { @@ -1076,6 +1120,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_1_2016_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_1_2016_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_1_2016_legacy), .suites = cipher_suites_cloudfront_tls_1_1_2016_legacy, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2018_legacy[] = { @@ -1095,6 +1140,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2018_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2018_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2018_legacy), .suites = cipher_suites_cloudfront_tls_1_2_2018_legacy, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2019_legacy[] = { @@ -1111,6 +1157,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2019_legacy[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2019_legacy = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2019_legacy), .suites = cipher_suites_cloudfront_tls_1_2_2019_legacy, + .allow_chacha20_boosting = false, }; /* CloudFront upstream */ @@ -1139,6 +1186,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_upstream_tls10[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_upstream_tls10 = { .count = s2n_array_len(cipher_suites_cloudfront_upstream_tls10), .suites = cipher_suites_cloudfront_upstream_tls10, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_upstream_tls11[] = { @@ -1166,6 +1214,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_upstream_tls11[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_upstream_tls11 = { .count = s2n_array_len(cipher_suites_cloudfront_upstream_tls11), .suites = cipher_suites_cloudfront_upstream_tls11, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_upstream_tls12[] = { @@ -1193,6 +1242,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_upstream_tls12[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_upstream_tls12 = { .count = s2n_array_len(cipher_suites_cloudfront_upstream_tls12), .suites = cipher_suites_cloudfront_upstream_tls12, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2019[] = { @@ -1212,6 +1262,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2019[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2019 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2019), .suites = cipher_suites_cloudfront_tls_1_2_2019, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2021[] = { @@ -1227,6 +1278,7 @@ struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2021[] = { const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021 = { .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2021), .suites = cipher_suites_cloudfront_tls_1_2_2021, + .allow_chacha20_boosting = false, }; /* Based on cipher_preferences_cloudfront_tls_1_0_2016, but with ordering changed and AES256-SHA256, DES-CBC3-SHA, and @@ -1260,6 +1312,7 @@ struct s2n_cipher_suite *cipher_suites_aws_crt_sdk_ssl_v3[] = { const struct s2n_cipher_preferences cipher_preferences_aws_crt_sdk_ssl_v3 = { .count = s2n_array_len(cipher_suites_aws_crt_sdk_ssl_v3), .suites = cipher_suites_aws_crt_sdk_ssl_v3, + .allow_chacha20_boosting = false, }; /* Based on cipher_preferences_cloudfront_tls_1_0_2016, but with ordering changed and AES256-SHA256 added for @@ -1291,6 +1344,7 @@ struct s2n_cipher_suite *cipher_suites_aws_crt_sdk_default[] = { const struct s2n_cipher_preferences cipher_preferences_aws_crt_sdk_default = { .count = s2n_array_len(cipher_suites_aws_crt_sdk_default), .suites = cipher_suites_aws_crt_sdk_default, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_aws_crt_sdk_tls_13[] = { @@ -1300,6 +1354,7 @@ struct s2n_cipher_suite *cipher_suites_aws_crt_sdk_tls_13[] = { const struct s2n_cipher_preferences cipher_preferences_aws_crt_sdk_tls_13 = { .count = s2n_array_len(cipher_suites_aws_crt_sdk_tls_13), .suites = cipher_suites_aws_crt_sdk_tls_13, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_kms_tls_1_0_2018_10[] = { @@ -1318,6 +1373,7 @@ struct s2n_cipher_suite *cipher_suites_kms_tls_1_0_2018_10[] = { const struct s2n_cipher_preferences cipher_preferences_kms_tls_1_0_2018_10 = { .count = s2n_array_len(cipher_suites_kms_tls_1_0_2018_10), .suites = cipher_suites_kms_tls_1_0_2018_10, + .allow_chacha20_boosting = false, }; @@ -1338,6 +1394,7 @@ struct s2n_cipher_suite *cipher_suites_kms_tls_1_0_2021_08[] = { const struct s2n_cipher_preferences cipher_preferences_kms_tls_1_0_2021_08 = { .count = s2n_array_len(cipher_suites_kms_tls_1_0_2021_08), .suites = cipher_suites_kms_tls_1_0_2021_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2019_06[] = { @@ -1357,6 +1414,7 @@ struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2019_06[] = { const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06 = { .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), .suites = cipher_suites_kms_pq_tls_1_0_2019_06, + .allow_chacha20_boosting = false, }; /* Includes round 1 and round 2 PQ KEM params. The cipher suite list is the same @@ -1364,6 +1422,7 @@ const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2019_06 = const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_02 = { .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2019_06), .suites = cipher_suites_kms_pq_tls_1_0_2019_06, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_pq_sike_test_tls_1_0_2019_11[] = { @@ -1383,6 +1442,7 @@ struct s2n_cipher_suite *cipher_suites_pq_sike_test_tls_1_0_2019_11[] = { const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019_11 = { .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, + .allow_chacha20_boosting = false, }; /* Previously included SIKE round 1 and round 2 (for integration tests). The cipher suite list @@ -1390,6 +1450,7 @@ const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2019 const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020_02 = { .count = s2n_array_len(cipher_suites_pq_sike_test_tls_1_0_2019_11), .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11, + .allow_chacha20_boosting = false, }; /* Includes Kyber PQ algorithm */ @@ -1410,6 +1471,7 @@ struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2020_07[] = { const struct s2n_cipher_preferences cipher_preferences_kms_pq_tls_1_0_2020_07 = { .count = s2n_array_len(cipher_suites_kms_pq_tls_1_0_2020_07), .suites = cipher_suites_kms_pq_tls_1_0_2020_07, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2020_12[] = { @@ -1430,6 +1492,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2020_12[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2020_12 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2020_12), .suites = cipher_suites_pq_tls_1_0_2020_12, + .allow_chacha20_boosting = false, }; /* Same as ELBSecurityPolicy-TLS-1-1-2017-01, but with PQ Ciphers appended to top of preference list */ @@ -1458,6 +1521,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_17[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_17 = { .count = s2n_array_len(cipher_suites_pq_tls_1_1_2021_05_17), .suites = cipher_suites_pq_tls_1_1_2021_05_17, + .allow_chacha20_boosting = false, }; /* Same as cipher_preferences_20190214, but with PQ Ciphers appended to top of preference list */ @@ -1493,6 +1557,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_18[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_18 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_18), .suites = cipher_suites_pq_tls_1_0_2021_05_18, + .allow_chacha20_boosting = false, }; /* Same as ELBSecurityPolicy-2016-08, but with PQ Ciphers appended to top of preference list */ @@ -1521,6 +1586,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_19[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_19), .suites = cipher_suites_pq_tls_1_0_2021_05_19, + .allow_chacha20_boosting = false, }; /* Same as ELBSecurityPolicy-TLS-1-1-2017-01, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ @@ -1551,6 +1617,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_21[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_21 = { .count = s2n_array_len(cipher_suites_pq_tls_1_1_2021_05_21), .suites = cipher_suites_pq_tls_1_1_2021_05_21, + .allow_chacha20_boosting = false, }; /* Same as cipher_preferences_20190214, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ @@ -1588,6 +1655,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_22[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_22), .suites = cipher_suites_pq_tls_1_0_2021_05_22, + .allow_chacha20_boosting = false, }; /* Same as ELBSecurityPolicy-2016-08, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ @@ -1618,6 +1686,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_23[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_23 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_23), .suites = cipher_suites_pq_tls_1_0_2021_05_23, + .allow_chacha20_boosting = false, }; /* Same as cipher_preferences_kms_pq_tls_1_0_2020_07, but with TLS 1.3 appended to top of preference list */ @@ -1640,6 +1709,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_24[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_24), .suites = cipher_suites_pq_tls_1_0_2021_05_24, + .allow_chacha20_boosting = false, }; /* Same as 20190214_gcm, but with PQ Ciphers appended to top of preference list */ @@ -1675,6 +1745,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_25[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_25), .suites = cipher_suites_pq_tls_1_0_2021_05_25, + .allow_chacha20_boosting = false, }; /* Same as 20190214_gcm, but with TLS 1.3 and PQ Ciphers appended to top of preference list */ @@ -1712,6 +1783,7 @@ struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_26[] = { const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26 = { .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_26), .suites = cipher_suites_pq_tls_1_0_2021_05_26, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2018_10[] = { @@ -1726,6 +1798,7 @@ struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2018_10[] = { const struct s2n_cipher_preferences cipher_preferences_kms_fips_tls_1_2_2018_10 = { .count = s2n_array_len(cipher_suites_kms_fips_tls_1_2_2018_10), .suites = cipher_suites_kms_fips_tls_1_2_2018_10, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2021_08[] = { @@ -1742,6 +1815,7 @@ struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2021_08[] = { const struct s2n_cipher_preferences cipher_preferences_kms_fips_tls_1_2_2021_08 = { .count = s2n_array_len(cipher_suites_kms_fips_tls_1_2_2021_08), .suites = cipher_suites_kms_fips_tls_1_2_2021_08, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_20210816[] = { @@ -1754,6 +1828,7 @@ struct s2n_cipher_suite *cipher_suites_20210816[] = { const struct s2n_cipher_preferences cipher_preferences_20210816 = { .count = s2n_array_len(cipher_suites_20210816), .suites = cipher_suites_20210816, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_20210816_gcm[] = { @@ -1766,6 +1841,7 @@ struct s2n_cipher_suite *cipher_suites_20210816_gcm[] = { const struct s2n_cipher_preferences cipher_preferences_20210816_gcm = { .count = s2n_array_len(cipher_suites_20210816_gcm), .suites = cipher_suites_20210816_gcm, + .allow_chacha20_boosting = false, }; struct s2n_cipher_suite *cipher_suites_rfc9151[] = { @@ -1782,6 +1858,7 @@ struct s2n_cipher_suite *cipher_suites_rfc9151[] = { const struct s2n_cipher_preferences cipher_preferences_rfc9151 = { .count = s2n_array_len(cipher_suites_rfc9151), .suites = cipher_suites_rfc9151, + .allow_chacha20_boosting = false, }; /* clang-format on */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h index 455c8a71f2..6cfa6700a8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h @@ -23,6 +23,7 @@ struct s2n_cipher_preferences { uint8_t count; struct s2n_cipher_suite **suites; + bool allow_chacha20_boosting; }; extern const struct s2n_cipher_preferences cipher_preferences_20140601; @@ -125,4 +126,3 @@ extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05 extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26; extern const struct s2n_cipher_preferences cipher_preferences_null; - diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c index f16304a6ce..f6f3cce710 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c @@ -1169,6 +1169,30 @@ static int s2n_wire_ciphers_contain(const uint8_t *match, const uint8_t *wire, u return 0; } +bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite) { + return cipher_suite && cipher_suite->record_alg && cipher_suite->record_alg->cipher == &s2n_chacha20_poly1305; +} + +/* Iff the server has enabled allow_chacha20_boosting and the client has a chacha20 cipher suite as its most + * preferred cipher suite, then we have mutual chacha20 boosting support. + */ +static S2N_RESULT s2n_validate_chacha20_boosting(const struct s2n_cipher_preferences *cipher_preferences, const uint8_t *wire, + uint32_t cipher_suite_len) { + RESULT_ENSURE_REF(cipher_preferences); + RESULT_ENSURE_REF(wire); + + RESULT_ENSURE_EQ(cipher_preferences->allow_chacha20_boosting, true); + + const uint8_t *clients_first_cipher_iana = wire + cipher_suite_len - S2N_TLS_CIPHER_SUITE_LEN; + + struct s2n_cipher_suite *client_first_cipher_suite = NULL; + RESULT_GUARD(s2n_cipher_suite_from_iana(clients_first_cipher_iana, S2N_TLS_CIPHER_SUITE_LEN, &client_first_cipher_suite)); + RESULT_ENSURE_REF(client_first_cipher_suite); + + RESULT_ENSURE_EQ(s2n_cipher_suite_uses_chacha20_alg(client_first_cipher_suite), true); + return S2N_RESULT_OK; +} + static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, uint32_t count, uint32_t cipher_suite_len) { POSIX_ENSURE_REF(conn); @@ -1176,6 +1200,7 @@ static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, uint8_t renegotiation_info_scsv[S2N_TLS_CIPHER_SUITE_LEN] = { TLS_EMPTY_RENEGOTIATION_INFO_SCSV }; struct s2n_cipher_suite *higher_vers_match = NULL; + struct s2n_cipher_suite *non_chacha20_match = NULL; /* RFC 7507 - If client is attempting to negotiate a TLS Version that is lower than the highest supported server * version, and the client cipher list contains TLS_FALLBACK_SCSV, then the server must abort the connection since @@ -1210,13 +1235,27 @@ static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, const struct s2n_security_policy *security_policy; POSIX_GUARD(s2n_connection_get_security_policy(conn, &security_policy)); - /* s2n supports only server order */ - for (int i = 0; i < security_policy->cipher_preferences->count; i++) { - const uint8_t *ours = security_policy->cipher_preferences->suites[i]->iana_value; + const struct s2n_cipher_preferences *cipher_preferences = security_policy->cipher_preferences; + POSIX_ENSURE_REF(cipher_preferences); + + bool try_chacha20_boosting = s2n_result_is_ok(s2n_validate_chacha20_boosting(cipher_preferences, wire, cipher_suite_len)); + + /* + * s2n only respects server preference order and chooses the server's + * most preferred mutually supported cipher suite. + * + * If chacha20 boosting is enabled, we prefer chacha20 cipher suites over all + * other cipher suites. + * + * If no mutually supported cipher suites are found, we choose one with a version + * too high for the current connection (higher_vers_match). + */ + for (size_t i = 0; i < cipher_preferences->count; i++) { + const uint8_t *ours = cipher_preferences->suites[i]->iana_value; if (s2n_wire_ciphers_contain(ours, wire, count, cipher_suite_len)) { /* We have a match */ - struct s2n_cipher_suite *match = security_policy->cipher_preferences->suites[i]; + struct s2n_cipher_suite *match = cipher_preferences->suites[i]; /* Never use TLS1.3 ciphers on a pre-TLS1.3 connection, and vice versa */ if ((conn->actual_protocol_version >= S2N_TLS13) != (match->minimum_required_tls_version >= S2N_TLS13)) { @@ -1272,11 +1311,30 @@ static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, continue; } + /* The server and client have chacha20 boosting support enabled AND the server identified a negotiable match */ + if (try_chacha20_boosting) { + if (s2n_cipher_suite_uses_chacha20_alg(match)) { + conn->secure->cipher_suite = match; + return S2N_SUCCESS; + } + + /* Save the valid non-chacha20 match in case no valid chacha20 match is found */ + if (!non_chacha20_match) { + non_chacha20_match = match; + } + continue; + } + conn->secure->cipher_suite = match; return S2N_SUCCESS; } } + if (non_chacha20_match) { + conn->secure->cipher_suite = non_chacha20_match; + return S2N_SUCCESS; + } + /* Settle for a cipher with a higher required proto version, if it was set */ if (higher_vers_match) { conn->secure->cipher_suite = higher_vers_match; diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h index 08d878575e..f00fa19a14 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h @@ -161,6 +161,7 @@ extern struct s2n_cipher_suite s2n_tls13_chacha20_poly1305_sha256; extern int s2n_cipher_suites_init(void); S2N_RESULT s2n_cipher_suites_cleanup(void); S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t *iana, size_t iana_len, struct s2n_cipher_suite **cipher_suite); +bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite); extern int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_CIPHER_SUITE_LEN]); extern int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t * wire, uint16_t count); extern int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t * wire, uint16_t count); diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c index 75ea75dd79..48fb0f0ece 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.c +++ b/contrib/restricted/aws/s2n/tls/s2n_config.c @@ -160,7 +160,7 @@ static int s2n_config_update_domain_name_to_cert_map(struct s2n_config *config, POSIX_GUARD_RESULT(s2n_map_add(domain_name_to_cert_map, name, &s2n_map_value)); POSIX_GUARD_RESULT(s2n_map_complete(domain_name_to_cert_map)); } else { - struct certs_by_type *value = (void *) s2n_map_value.data;; + struct certs_by_type *value = (void *) s2n_map_value.data; if (value->certs[cert_type] == NULL) { value->certs[cert_type] = cert_key_pair; } else if (config->cert_tiebreak_cb) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.c b/contrib/restricted/aws/s2n/tls/s2n_connection.c index f0bb3c4888..c7b5e69951 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.c @@ -271,6 +271,7 @@ int s2n_connection_free(struct s2n_connection *conn) POSIX_GUARD(s2n_stuffer_free(&conn->in)); POSIX_GUARD(s2n_stuffer_free(&conn->out)); POSIX_GUARD(s2n_stuffer_free(&conn->handshake.io)); + POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in)); s2n_x509_validator_wipe(&conn->x509_validator); POSIX_GUARD(s2n_client_hello_free(&conn->client_hello)); POSIX_GUARD(s2n_free(&conn->application_protocols_overridden)); @@ -397,6 +398,9 @@ int s2n_connection_release_buffers(struct s2n_connection *conn) POSIX_ENSURE(s2n_stuffer_is_consumed(&conn->in), S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA); POSIX_GUARD(s2n_stuffer_resize(&conn->in, 0)); + POSIX_ENSURE(s2n_stuffer_is_consumed(&conn->post_handshake.in), S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA); + POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in)); + POSIX_POSTCONDITION(s2n_stuffer_validate(&conn->out)); POSIX_POSTCONDITION(s2n_stuffer_validate(&conn->in)); return S2N_SUCCESS; @@ -487,11 +491,15 @@ int s2n_connection_wipe(struct s2n_connection *conn) POSIX_GUARD(s2n_stuffer_wipe(&conn->writer_alert_out)); POSIX_GUARD(s2n_stuffer_wipe(&conn->client_ticket_to_decrypt)); POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io)); + POSIX_GUARD(s2n_stuffer_wipe(&conn->post_handshake.in)); POSIX_GUARD(s2n_blob_zero(&conn->client_hello.raw_message)); POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in)); POSIX_GUARD(s2n_stuffer_wipe(&conn->in)); POSIX_GUARD(s2n_stuffer_wipe(&conn->out)); + /* Free stuffers we plan to just recreate */ + POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in)); + POSIX_GUARD_RESULT(s2n_psk_parameters_wipe(&conn->psk_params)); /* Wipe the I/O-related info and restore the original socket if necessary */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.h b/contrib/restricted/aws/s2n/tls/s2n_connection.h index deacc58d82..aed7d56314 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.h +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.h @@ -30,6 +30,7 @@ #include "tls/s2n_handshake.h" #include "tls/s2n_kem_preferences.h" #include "tls/s2n_key_update.h" +#include "tls/s2n_post_handshake.h" #include "tls/s2n_prf.h" #include "tls/s2n_quic_support.h" #include "tls/s2n_record.h" @@ -382,6 +383,8 @@ struct s2n_connection { uint32_t server_max_early_data_size; struct s2n_blob server_early_data_context; uint32_t server_keying_material_lifetime; + + struct s2n_post_handshake post_handshake; }; S2N_CLEANUP_RESULT s2n_connection_ptr_free(struct s2n_connection **s2n_connection); diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_handshake.c index cc343d622d..e622fb8f51 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake.c @@ -57,15 +57,15 @@ int s2n_handshake_finish_header(struct s2n_stuffer *out) return S2N_SUCCESS; } -int s2n_handshake_parse_header(struct s2n_connection *conn, uint8_t * message_type, uint32_t * length) +S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t * message_type, uint32_t * length) { - S2N_ERROR_IF(s2n_stuffer_data_available(&conn->handshake.io) < TLS_HANDSHAKE_HEADER_LENGTH, S2N_ERR_SIZE_MISMATCH); + RESULT_ENSURE(s2n_stuffer_data_available(io) >= TLS_HANDSHAKE_HEADER_LENGTH, S2N_ERR_SIZE_MISMATCH); /* read the message header */ - POSIX_GUARD(s2n_stuffer_read_uint8(&conn->handshake.io, message_type)); - POSIX_GUARD(s2n_stuffer_read_uint24(&conn->handshake.io, length)); + RESULT_GUARD_POSIX(s2n_stuffer_read_uint8(io, message_type)); + RESULT_GUARD_POSIX(s2n_stuffer_read_uint24(io, length)); - return S2N_SUCCESS; + return S2N_RESULT_OK; } static int s2n_handshake_get_hash_state_ptr(struct s2n_connection *conn, s2n_hash_algorithm hash_alg, struct s2n_hash_state **hash_state) diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c index 3df9b21270..fb7de64ae8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c @@ -1257,8 +1257,8 @@ static int s2n_read_full_handshake_message(struct s2n_connection *conn, uint8_t POSIX_GUARD(s2n_stuffer_copy(&conn->in, &conn->handshake.io, (TLS_HANDSHAKE_HEADER_LENGTH - current_handshake_data))); } - uint32_t handshake_message_length; - POSIX_GUARD(s2n_handshake_parse_header(conn, message_type, &handshake_message_length)); + uint32_t handshake_message_length = 0; + POSIX_GUARD_RESULT(s2n_handshake_parse_header(&conn->handshake.io, message_type, &handshake_message_length)); S2N_ERROR_IF(handshake_message_length > S2N_MAXIMUM_HANDSHAKE_MESSAGE_LENGTH, S2N_ERR_BAD_MESSAGE); @@ -1285,7 +1285,7 @@ static int s2n_handshake_conn_update_hashes(struct s2n_connection *conn) uint32_t handshake_message_length; POSIX_GUARD(s2n_stuffer_reread(&conn->handshake.io)); - POSIX_GUARD(s2n_handshake_parse_header(conn, &message_type, &handshake_message_length)); + POSIX_GUARD_RESULT(s2n_handshake_parse_header(&conn->handshake.io, &message_type, &handshake_message_length)); struct s2n_blob handshake_record = {0}; handshake_record.data = conn->handshake.io.blob.data; diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.c b/contrib/restricted/aws/s2n/tls/s2n_kem.c index 82394f8f03..affe9e02c4 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.c @@ -13,13 +13,15 @@ * permissions and limitations under the License. */ -#include "stuffer/s2n_stuffer.h" -#include "tls/s2n_tls_parameters.h" #include "tls/s2n_kem.h" + +#include "pq-crypto/s2n_kyber_512_evp.h" +#include "pq-crypto/s2n_pq.h" +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_key_share.h" +#include "tls/s2n_tls_parameters.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" -#include "pq-crypto/s2n_pq.h" /* The KEM IDs and names come from https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ @@ -30,9 +32,15 @@ const struct s2n_kem s2n_kyber_512_r3 = { .private_key_length = S2N_KYBER_512_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_512_R3_SHARED_SECRET_BYTES, .ciphertext_length = S2N_KYBER_512_R3_CIPHERTEXT_BYTES, +#if defined (S2N_LIBCRYPTO_SUPPORTS_KYBER512) + .generate_keypair = &s2n_kyber_512_evp_generate_keypair, + .encapsulate = &s2n_kyber_512_evp_encapsulate, + .decapsulate = &s2n_kyber_512_evp_decapsulate, +#else .generate_keypair = &s2n_kyber_512_r3_crypto_kem_keypair, .encapsulate = &s2n_kyber_512_r3_crypto_kem_enc, .decapsulate = &s2n_kyber_512_r3_crypto_kem_dec, +#endif }; const struct s2n_kem *kyber_kems[] = { @@ -359,7 +367,7 @@ int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_p /* If S2N_NO_PQ was defined at compile time, the PQ KEM code will have been entirely excluded * from compilation. We define stubs of these functions here to error if they are called. */ /* kyber512r3 */ -int s2n_kyber_512_r3_crypto_kem_keypair(OUT unsigned char *pk, OUT unsigned char *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } -int s2n_kyber_512_r3_crypto_kem_enc(OUT unsigned char *ct, OUT unsigned char *ss, IN const unsigned char *pk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } -int s2n_kyber_512_r3_crypto_kem_dec(OUT unsigned char *ss, IN const unsigned char *ct, IN const unsigned char *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } +int s2n_kyber_512_r3_crypto_kem_keypair(OUT uint8_t *pk, OUT uint8_t *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } +int s2n_kyber_512_r3_crypto_kem_enc(OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } +int s2n_kyber_512_r3_crypto_kem_dec(OUT uint8_t *ss, IN const uint8_t *ct, IN const uint8_t *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } #endif diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.h b/contrib/restricted/aws/s2n/tls/s2n_kem.h index 8e78d649ab..44f16ecc72 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.h @@ -38,9 +38,9 @@ struct s2n_kem { const kem_shared_secret_size shared_secret_key_length; const kem_ciphertext_key_size ciphertext_length; /* NIST Post Quantum KEM submissions require the following API for compatibility */ - int (*generate_keypair)(OUT unsigned char *public_key, OUT unsigned char *private_key); - int (*encapsulate)(OUT unsigned char *ciphertext, OUT unsigned char *shared_secret, IN const unsigned char *public_key); - int (*decapsulate)(OUT unsigned char *shared_secret, IN const unsigned char *ciphertext, IN const unsigned char *private_key); + int (*generate_keypair)(OUT uint8_t *public_key, OUT uint8_t *private_key); + int (*encapsulate)(OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key); + int (*decapsulate)(OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key); }; struct s2n_kem_params { @@ -135,6 +135,6 @@ extern int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params #define S2N_KYBER_512_R3_SECRET_KEY_BYTES 1632 #define S2N_KYBER_512_R3_CIPHERTEXT_BYTES 768 #define S2N_KYBER_512_R3_SHARED_SECRET_BYTES 32 -int s2n_kyber_512_r3_crypto_kem_keypair(OUT unsigned char *pk, OUT unsigned char *sk); -int s2n_kyber_512_r3_crypto_kem_enc(OUT unsigned char *ct, OUT unsigned char *ss, IN const unsigned char *pk); -int s2n_kyber_512_r3_crypto_kem_dec(OUT unsigned char *ss, IN const unsigned char *ct, IN const unsigned char *sk); +int s2n_kyber_512_r3_crypto_kem_keypair(OUT uint8_t *pk, OUT uint8_t *sk); +int s2n_kyber_512_r3_crypto_kem_enc(OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk); +int s2n_kyber_512_r3_crypto_kem_dec(OUT uint8_t *ss, IN const uint8_t *ct, IN const uint8_t *sk); diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c index 9ae3039f4b..52ba7ca389 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c @@ -13,6 +13,8 @@ * permissions and limitations under the License. */ +#include <sys/param.h> + #include "error/s2n_errno.h" #include "tls/s2n_connection.h" @@ -20,59 +22,150 @@ #include "tls/s2n_tls.h" #include "utils/s2n_safety.h" -int s2n_post_handshake_recv(struct s2n_connection *conn) +static S2N_RESULT s2n_post_handshake_process(struct s2n_connection *conn, struct s2n_stuffer *in, uint8_t message_type) { - POSIX_ENSURE_REF(conn); + RESULT_ENSURE_REF(conn); - uint8_t post_handshake_id; - uint32_t message_length; + switch (message_type) { + case TLS_KEY_UPDATE: + RESULT_GUARD_POSIX(s2n_key_update_recv(conn, in)); + break; + case TLS_SERVER_NEW_SESSION_TICKET: + RESULT_GUARD(s2n_tls13_server_nst_recv(conn, in)); + break; + case TLS_HELLO_REQUEST: + RESULT_GUARD(s2n_client_hello_request_recv(conn)); + break; + case TLS_CERT_REQ: + /* + * s2n-tls does not support post-handshake authentication. + * + *= https://tools.ietf.org/rfc/rfc8446#section-4.6.2 + *# A client that receives a CertificateRequest message without having + *# sent the "post_handshake_auth" extension MUST send an + *# "unexpected_message" fatal alert. + */ + RESULT_BAIL(S2N_ERR_BAD_MESSAGE); + default: + /* All other messages are unexpected */ + RESULT_BAIL(S2N_ERR_BAD_MESSAGE); + } - while(s2n_stuffer_data_available(&conn->in)) { - POSIX_GUARD(s2n_stuffer_read_uint8(&conn->in, &post_handshake_id)); - POSIX_GUARD(s2n_stuffer_read_uint24(&conn->in, &message_length)); - - struct s2n_blob post_handshake_blob = { 0 }; - uint8_t *message_data = s2n_stuffer_raw_read(&conn->in, message_length); - POSIX_ENSURE_REF(message_data); - POSIX_GUARD(s2n_blob_init(&post_handshake_blob, message_data, message_length)); - - struct s2n_stuffer post_handshake_stuffer = { 0 }; - POSIX_GUARD(s2n_stuffer_init(&post_handshake_stuffer, &post_handshake_blob)); - POSIX_GUARD(s2n_stuffer_skip_write(&post_handshake_stuffer, message_length)); - - switch (post_handshake_id) - { - case TLS_KEY_UPDATE: - POSIX_GUARD(s2n_key_update_recv(conn, &post_handshake_stuffer)); - break; - case TLS_SERVER_NEW_SESSION_TICKET: - POSIX_GUARD_RESULT(s2n_tls13_server_nst_recv(conn, &post_handshake_stuffer)); - break; - case TLS_HELLO_REQUEST: - POSIX_GUARD_RESULT(s2n_client_hello_request_recv(conn)); - break; - case TLS_CLIENT_HELLO: - case TLS_SERVER_HELLO: - case TLS_END_OF_EARLY_DATA: - case TLS_ENCRYPTED_EXTENSIONS: - case TLS_CERTIFICATE: - case TLS_SERVER_KEY: - case TLS_CERT_REQ: - case TLS_SERVER_HELLO_DONE: - case TLS_CERT_VERIFY: - case TLS_CLIENT_KEY: - case TLS_FINISHED: - case TLS_SERVER_CERT_STATUS: - /* All other known handshake messages should be rejected */ - POSIX_BAIL(S2N_ERR_BAD_MESSAGE); - break; - default: - /* Ignore all other messages */ - break; + return S2N_RESULT_OK; +} + +/* + * Read a handshake message from conn->in. + * + * Handshake messages can be fragmented, meaning that a single message + * may be split between multiple records. conn->in only holds a single + * record at a time, so we may need to call this method multiple + * times to construct the complete message. We store the partial message + * in conn->post_handshake.in between calls. + */ +S2N_RESULT s2n_post_handshake_message_recv(struct s2n_connection *conn) +{ + RESULT_ENSURE_REF(conn); + + struct s2n_stuffer *in = &conn->in; + struct s2n_stuffer *message = &conn->post_handshake.in; + uint8_t message_type = 0; + uint32_t message_len = 0; + + /* We always start reading from the beginning of the message. + * Reset the read progress, but keep the write progress since + * there may already be a partial message stored in `message`. + */ + RESULT_GUARD_POSIX(s2n_stuffer_reread(message)); + + /* At minimum, the message stuffer needs to have enough space to read the header. + * For small messages like KeyUpdate and HelloRequest, this is all the space we will need. + */ + if (s2n_stuffer_is_freed(message)) { + struct s2n_blob b = { 0 }; + RESULT_GUARD_POSIX(s2n_blob_init(&b, conn->post_handshake.header_in, + sizeof(conn->post_handshake.header_in))); + RESULT_GUARD_POSIX(s2n_stuffer_init(message, &b)); + } + + /* Try to copy the header into the message stuffer. + * The message stuffer may already contain some or all of the header if + * we have read fragments of this message from previous records. + */ + if (s2n_stuffer_data_available(message) < TLS_HANDSHAKE_HEADER_LENGTH) { + uint32_t remaining = TLS_HANDSHAKE_HEADER_LENGTH - s2n_stuffer_data_available(message); + uint32_t to_read = MIN(remaining, s2n_stuffer_data_available(in)); + RESULT_GUARD_POSIX(s2n_stuffer_copy(in, message, to_read)); + } + RESULT_ENSURE(s2n_stuffer_data_available(message) >= TLS_HANDSHAKE_HEADER_LENGTH, S2N_ERR_IO_BLOCKED); + + /* Parse the header */ + RESULT_GUARD(s2n_handshake_parse_header(message, &message_type, &message_len)); + RESULT_ENSURE(message_len == 0 || s2n_stuffer_data_available(in), S2N_ERR_IO_BLOCKED); + RESULT_ENSURE(message_len <= S2N_MAXIMUM_HANDSHAKE_MESSAGE_LENGTH, S2N_ERR_BAD_MESSAGE); + + /* If the message body is not fragmented, just process it directly from conn->in. + * This will be the most common case, and does not require us to allocate any new memory. + */ + if (s2n_stuffer_data_available(message) == 0 && s2n_stuffer_data_available(in) >= message_len) { + struct s2n_stuffer full_message = { 0 }; + struct s2n_blob full_message_blob = { 0 }; + RESULT_GUARD_POSIX(s2n_blob_init(&full_message_blob, s2n_stuffer_raw_read(in, message_len), message_len)); + RESULT_GUARD_POSIX(s2n_stuffer_init(&full_message, &full_message_blob)); + RESULT_GUARD_POSIX(s2n_stuffer_skip_write(&full_message, message_len)); + RESULT_GUARD(s2n_post_handshake_process(conn, &full_message, message_type)); + return S2N_RESULT_OK; + } + + /* If the message body is fragmented, then the current fragment will be wiped from conn->in + * in order to read the next record. So the message stuffer needs enough space to store + * the full message as we reconstruct it from multiple records. + * For large messages like NewSessionTicket, this will require allocating new memory. + */ + if (s2n_stuffer_space_remaining(message) < message_len) { + /* We want to avoid servers allocating memory in response to post-handshake messages + * to avoid a potential DDOS / resource exhaustion attack. + * + * Currently, s2n-tls servers only support the KeyUpdate message, + * which should never require additional memory to parse. + */ + RESULT_ENSURE(conn->mode == S2N_CLIENT, S2N_ERR_BAD_MESSAGE); + + uint32_t total_size = message_len + TLS_HANDSHAKE_HEADER_LENGTH; + if (message->alloced) { + RESULT_GUARD_POSIX(s2n_stuffer_resize(message, total_size)); + } else { + /* Manually convert our static stuffer to a growable stuffer */ + RESULT_GUARD_POSIX(s2n_stuffer_growable_alloc(message, total_size)); + RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(message, conn->post_handshake.header_in, TLS_HANDSHAKE_HEADER_LENGTH)); + RESULT_GUARD_POSIX(s2n_stuffer_skip_read(message, TLS_HANDSHAKE_HEADER_LENGTH)); } } - return S2N_SUCCESS; + /* Try to copy the message body into the message stuffer. + * The message stuffer may already contain some of the message body if + * we have already read fragments from previous records. + */ + if (s2n_stuffer_data_available(message) < message_len) { + uint32_t remaining = message_len - s2n_stuffer_data_available(message); + uint32_t to_read = MIN(remaining, s2n_stuffer_data_available(in)); + RESULT_GUARD_POSIX(s2n_stuffer_copy(in, message, to_read)); + } + RESULT_ENSURE(s2n_stuffer_data_available(message) == message_len, S2N_ERR_IO_BLOCKED); + + /* Now that the full message body is available, process it. */ + RESULT_GUARD(s2n_post_handshake_process(conn, message, message_type)); + return S2N_RESULT_OK; +} + +S2N_RESULT s2n_post_handshake_recv(struct s2n_connection *conn) +{ + RESULT_ENSURE_REF(conn); + while(s2n_stuffer_data_available(&conn->in)) { + RESULT_GUARD(s2n_post_handshake_message_recv(conn)); + RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->post_handshake.in)); + } + return S2N_RESULT_OK; } int s2n_post_handshake_send(struct s2n_connection *conn, s2n_blocked_status *blocked) diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h index f021f7afb5..cb70af7ee2 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h @@ -15,7 +15,12 @@ #pragma once -#include "tls/s2n_connection.h" +struct s2n_connection; -int s2n_post_handshake_recv(struct s2n_connection *conn); +struct s2n_post_handshake { + struct s2n_stuffer in; + uint8_t header_in[TLS_HANDSHAKE_HEADER_LENGTH]; +}; + +S2N_RESULT s2n_post_handshake_recv(struct s2n_connection *conn); int s2n_post_handshake_send(struct s2n_connection *conn, s2n_blocked_status *blocked); diff --git a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h index 327249e80b..259d4ed8ae 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h @@ -17,7 +17,9 @@ #include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" #include "utils/s2n_result.h" +#include "utils/s2n_blob.h" S2N_RESULT s2n_protocol_preferences_read(struct s2n_stuffer *protocol_preferences, struct s2n_blob *protocol); S2N_RESULT s2n_protocol_preferences_contain(struct s2n_blob *protocol_preferences, struct s2n_blob *protocol, bool *contains); diff --git a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c index bd0b44f906..c1da75bf6c 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c +++ b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c @@ -105,7 +105,7 @@ S2N_RESULT s2n_quic_read_handshake_message(struct s2n_connection *conn, uint8_t RESULT_GUARD(s2n_read_in_bytes(conn, &conn->handshake.io, TLS_HANDSHAKE_HEADER_LENGTH)); uint32_t message_len; - RESULT_GUARD_POSIX(s2n_handshake_parse_header(conn, message_type, &message_len)); + RESULT_GUARD(s2n_handshake_parse_header(&conn->handshake.io, message_type, &message_len)); RESULT_GUARD_POSIX(s2n_stuffer_reread(&conn->handshake.io)); RESULT_ENSURE(message_len < S2N_MAXIMUM_HANDSHAKE_MESSAGE_LENGTH, S2N_ERR_BAD_MESSAGE); diff --git a/contrib/restricted/aws/s2n/tls/s2n_recv.c b/contrib/restricted/aws/s2n/tls/s2n_recv.c index ddd3fa8062..84b87e433f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_recv.c +++ b/contrib/restricted/aws/s2n/tls/s2n_recv.c @@ -157,6 +157,24 @@ ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n S2N_ERROR_IF(isSSLv2, S2N_ERR_BAD_MESSAGE); + if (record_type != TLS_HANDSHAKE) { + /* + *= https://tools.ietf.org/rfc/rfc8446#section-5.1 + *# - Handshake messages MUST NOT be interleaved with other record + *# types. That is, if a handshake message is split over two or more + *# records, there MUST NOT be any other records between them. + */ + POSIX_ENSURE(s2n_stuffer_is_wiped(&conn->post_handshake.in), S2N_ERR_BAD_MESSAGE); + + /* If not handling a handshake message, free the post-handshake memory. + * Post-handshake messages are infrequent enough that we don't want to + * keep a potentially large buffer around unnecessarily. + */ + if (!s2n_stuffer_is_freed(&conn->post_handshake.in)) { + POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in)); + } + } + if (record_type != TLS_APPLICATION_DATA) { switch (record_type) { @@ -164,9 +182,16 @@ ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n POSIX_GUARD(s2n_process_alert_fragment(conn)); POSIX_GUARD(s2n_flush(conn, blocked)); break; - case TLS_HANDSHAKE: - WITH_ERROR_BLINDING(conn, POSIX_GUARD(s2n_post_handshake_recv(conn))); + case TLS_HANDSHAKE: { + s2n_result result = s2n_post_handshake_recv(conn); + /* Ignore any errors due to insufficient input data from io. + * The next iteration of this loop will attempt to read more input data. + */ + if (s2n_result_is_error(result) && s2n_errno != S2N_ERR_IO_BLOCKED) { + WITH_ERROR_BLINDING(conn, POSIX_GUARD_RESULT(result)); + } break; + } } POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in)); POSIX_GUARD(s2n_stuffer_wipe(&conn->in)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c index 9072932670..aad1a07828 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c @@ -921,6 +921,8 @@ int s2n_security_policies_init() POSIX_ENSURE_REF(ecc_preference); POSIX_GUARD(s2n_check_ecc_preferences_curves_list(ecc_preference)); + bool cipher_preferences_has_chacha20_cipher_suite = false; + const struct s2n_signature_preferences *certificate_signature_preference = security_policy->certificate_signature_preferences; if (certificate_signature_preference != NULL) { POSIX_GUARD_RESULT(s2n_validate_certificate_signature_preferences(certificate_signature_preference)); @@ -935,12 +937,14 @@ int s2n_security_policies_init() struct s2n_cipher_suite *cipher = cipher_preference->suites[j]; POSIX_ENSURE_REF(cipher); + const uint8_t *iana = cipher->iana_value; + if (cipher->minimum_required_tls_version >= S2N_TLS13) { security_policy_selection[i].supports_tls13 = 1; } /* Sanity check that valid tls13 has minimum tls version set correctly */ - S2N_ERROR_IF(s2n_is_valid_tls13_cipher(cipher->iana_value) ^ + S2N_ERROR_IF(s2n_is_valid_tls13_cipher(iana) ^ (cipher->minimum_required_tls_version >= S2N_TLS13), S2N_ERR_INVALID_SECURITY_POLICY); if (s2n_cipher_suite_requires_ecc_extension(cipher)) { @@ -950,6 +954,15 @@ int s2n_security_policies_init() if (s2n_cipher_suite_requires_pq_extension(cipher)) { security_policy_selection[i].pq_kem_extension_required = 1; } + + if (s2n_cipher_suite_uses_chacha20_alg(cipher)) { + cipher_preferences_has_chacha20_cipher_suite = true; + } + } + + if (cipher_preference->allow_chacha20_boosting) { + /* If chacha20 boosting support is enabled, then the cipher preference must have at least one chacha20 cipher suite */ + POSIX_ENSURE(cipher_preferences_has_chacha20_cipher_suite, S2N_ERR_INVALID_SECURITY_POLICY); } POSIX_GUARD(s2n_validate_kem_preferences(kem_preference, security_policy_selection[i].pq_kem_extension_required)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h index f1533335ba..3bab8e9953 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h @@ -22,6 +22,8 @@ #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_signature_scheme.h" + struct s2n_connection; struct s2n_sig_scheme_list { diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls.h b/contrib/restricted/aws/s2n/tls/s2n_tls.h index 03a5737770..c99d53d66f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls.h @@ -81,7 +81,7 @@ extern int s2n_end_of_early_data_recv(struct s2n_connection *conn); extern int s2n_process_client_hello(struct s2n_connection *conn); extern int s2n_handshake_write_header(struct s2n_stuffer *out, uint8_t message_type); extern int s2n_handshake_finish_header(struct s2n_stuffer *out); -extern int s2n_handshake_parse_header(struct s2n_connection *conn, uint8_t * message_type, uint32_t * length); +S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t *message_type, uint32_t *length); extern int s2n_read_full_record(struct s2n_connection *conn, uint8_t * record_type, int *isSSLv2); extern int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status * blocked); diff --git a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c index 696e7ed463..561be9d815 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c +++ b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c @@ -71,8 +71,6 @@ int s2n_x509_trust_store_from_system_defaults(struct s2n_x509_trust_store *store POSIX_BAIL(S2N_ERR_X509_TRUST_STORE); } - X509_STORE_set_flags(store->trust_store, X509_VP_FLAG_DEFAULT); - return 0; } @@ -127,8 +125,7 @@ int s2n_x509_trust_store_from_ca_file(struct s2n_x509_trust_store *store, const * without a trust anchor. However if you call this function, the assumption is you trust ca_file or path and if a certificate * is encountered that's in that path, it should be trusted. The following flag tells libcrypto to not care that the cert * is missing a root anchor. */ - unsigned long flags = X509_VP_FLAG_DEFAULT; - flags |= X509_V_FLAG_PARTIAL_CHAIN; + unsigned long flags = X509_V_FLAG_PARTIAL_CHAIN; X509_STORE_set_flags(store->trust_store, flags); return 0; |