aboutsummaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorrobot-contrib <robot-contrib@yandex-team.com>2023-04-19 09:30:08 +0300
committerrobot-contrib <robot-contrib@yandex-team.com>2023-04-19 09:30:08 +0300
commitbbce3f5cecdf453747a498f97c3a644782ba80ec (patch)
treedba4ad561b48e2f96e7b252b1d600fa3cd2815fd /contrib
parent9c7fa5c7b2caf9a0f6416289b2cd9e8feb19a191 (diff)
downloadydb-bbce3f5cecdf453747a498f97c3a644782ba80ec.tar.gz
Update contrib/restricted/aws/s2n to 1.3.42
Diffstat (limited to 'contrib')
-rw-r--r--contrib/restricted/aws/s2n/api/unstable/fingerprint.h8
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_client_hello.c31
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c16
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_connection.h7
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_crypto.h9
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_key_log.c2
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_prf.c24
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_resume.c31
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_server_hello.c9
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c2
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c4
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c2
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c14
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h3
14 files changed, 97 insertions, 65 deletions
diff --git a/contrib/restricted/aws/s2n/api/unstable/fingerprint.h b/contrib/restricted/aws/s2n/api/unstable/fingerprint.h
index f76b2e03da..90ecbfb144 100644
--- a/contrib/restricted/aws/s2n/api/unstable/fingerprint.h
+++ b/contrib/restricted/aws/s2n/api/unstable/fingerprint.h
@@ -52,7 +52,7 @@ typedef enum {
* output of `s2n_client_hello_get_fingerprint_string`.
* @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
*/
-int s2n_client_hello_get_fingerprint_hash(struct s2n_client_hello *ch,
+S2N_API int s2n_client_hello_get_fingerprint_hash(struct s2n_client_hello *ch,
s2n_fingerprint_type type, uint32_t max_hash_size,
uint8_t *hash, uint32_t *hash_size, uint32_t *str_size);
@@ -71,7 +71,7 @@ int s2n_client_hello_get_fingerprint_hash(struct s2n_client_hello *ch,
* @param output_size The actual size of the data written to `output`.
* @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
*/
-int s2n_client_hello_get_fingerprint_string(struct s2n_client_hello *ch,
+S2N_API int s2n_client_hello_get_fingerprint_string(struct s2n_client_hello *ch,
s2n_fingerprint_type type, uint32_t max_size,
uint8_t *output, uint32_t *output_size);
@@ -87,7 +87,7 @@ int s2n_client_hello_get_fingerprint_string(struct s2n_client_hello *ch,
* @param size The size of raw_message.
* @returns A new s2n_client_hello on success, or NULL on failure.
*/
-struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size);
+S2N_API struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size);
/**
* Frees an s2n_client_hello structure.
@@ -99,4 +99,4 @@ struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, ui
* @param ch The structure to be freed.
* @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
*/
-int s2n_client_hello_free(struct s2n_client_hello **ch);
+S2N_API int s2n_client_hello_free(struct s2n_client_hello **ch);
diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c
index 91d8664371..4e3c33ed30 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c
@@ -64,27 +64,34 @@ static S2N_RESULT s2n_generate_client_session_id(struct s2n_connection *conn)
return S2N_RESULT_OK;
}
- /* Only generate the session id for pre-TLS1.3 if using tickets */
- if (conn->client_protocol_version < S2N_TLS13 && !conn->config->use_tickets) {
- return S2N_RESULT_OK;
+ /* Only generate the session id if using tickets */
+ bool generate = conn->config->use_tickets;
+
+ /* TLS1.3 doesn't require session ids. The field is actually renamed to legacy_session_id.
+ * However, we still set a session id if dealing with troublesome middleboxes
+ * (middlebox compatibility mode) or if trying to use a TLS1.2 ticket.
+ */
+ if (conn->client_protocol_version >= S2N_TLS13) {
+ generate = s2n_is_middlebox_compat_enabled(conn) || conn->resume_protocol_version;
}
- /* Only generate the session id for TLS1.3 if in middlebox compatibility mode
- *
- * s2n_connection_get_protocol_version, which returns conn->actual_protocol_version, is used here because
- * s2n_tls12_client_deserialize_session_state sets actual_protocol_version based on the protocol the
- * server that issued the session ticket indicated. If we are attempting to resume a session for that
- * session ticket, we should base the decision of whether to generate a session ID on the protocol version
- * we are attempting to resume with. */
- if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13 && !s2n_is_middlebox_compat_enabled(conn)) {
+ /* Session id not needed - no-op */
+ if (!generate) {
return S2N_RESULT_OK;
}
+ /* QUIC should not allow session ids for any reason.
+ *
+ *= https://tools.ietf.org/rfc/rfc9001#section-8.4
+ *# A server SHOULD treat the receipt of a TLS ClientHello with a non-empty
+ *# legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.
+ */
+ RESULT_ENSURE(!conn->quic_enabled, S2N_ERR_UNSUPPORTED_WITH_QUIC);
+
struct s2n_blob session_id = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&session_id, conn->session_id, S2N_TLS_SESSION_ID_MAX_LEN));
RESULT_GUARD(s2n_get_public_random_data(&session_id));
conn->session_id_len = S2N_TLS_SESSION_ID_MAX_LEN;
-
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c
index 865427952c..fdb08fb88b 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c
@@ -104,7 +104,7 @@ int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared
{
/* Set shared_key before async guard to pass the proper shared_key to the caller upon async completion */
POSIX_ENSURE_REF(shared_key);
- shared_key->data = conn->secrets.tls12.rsa_premaster_secret;
+ shared_key->data = conn->secrets.version.tls12.rsa_premaster_secret;
shared_key->size = S2N_TLS_SECRET_LEN;
S2N_ASYNC_PKEY_GUARD(conn);
@@ -137,8 +137,8 @@ int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared
/* First: use a random pre-master secret */
POSIX_GUARD_RESULT(s2n_get_private_random_data(shared_key));
- conn->secrets.tls12.rsa_premaster_secret[0] = client_hello_protocol_version[0];
- conn->secrets.tls12.rsa_premaster_secret[1] = client_hello_protocol_version[1];
+ conn->secrets.version.tls12.rsa_premaster_secret[0] = client_hello_protocol_version[0];
+ conn->secrets.version.tls12.rsa_premaster_secret[1] = client_hello_protocol_version[1];
S2N_ASYNC_PKEY_DECRYPT(conn, &encrypted, shared_key, s2n_rsa_client_key_recv_complete);
}
@@ -148,9 +148,9 @@ int s2n_rsa_client_key_recv_complete(struct s2n_connection *conn, bool rsa_faile
S2N_ERROR_IF(decrypted->size != S2N_TLS_SECRET_LEN, S2N_ERR_SIZE_MISMATCH);
/* Avoid copying the same buffer for the case where async pkey is not used */
- if (conn->secrets.tls12.rsa_premaster_secret != decrypted->data) {
+ if (conn->secrets.version.tls12.rsa_premaster_secret != decrypted->data) {
/* Copy (maybe) decrypted data into shared key */
- POSIX_CHECKED_MEMCPY(conn->secrets.tls12.rsa_premaster_secret, decrypted->data, S2N_TLS_SECRET_LEN);
+ POSIX_CHECKED_MEMCPY(conn->secrets.version.tls12.rsa_premaster_secret, decrypted->data, S2N_TLS_SECRET_LEN);
}
/* Get client hello protocol version for comparison with decrypted data */
@@ -163,7 +163,7 @@ int s2n_rsa_client_key_recv_complete(struct s2n_connection *conn, bool rsa_faile
/* Set rsa_failed to true, if it isn't already, if the protocol version isn't what we expect */
conn->handshake.rsa_failed |= !s2n_constant_time_equals(client_hello_protocol_version,
- conn->secrets.tls12.rsa_premaster_secret, S2N_TLS_PROTOCOL_VERSION_LEN);
+ conn->secrets.version.tls12.rsa_premaster_secret, S2N_TLS_PROTOCOL_VERSION_LEN);
return 0;
}
@@ -258,7 +258,7 @@ int s2n_rsa_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared
client_hello_protocol_version[0] = legacy_client_hello_protocol_version / 10;
client_hello_protocol_version[1] = legacy_client_hello_protocol_version % 10;
- shared_key->data = conn->secrets.tls12.rsa_premaster_secret;
+ shared_key->data = conn->secrets.version.tls12.rsa_premaster_secret;
shared_key->size = S2N_TLS_SECRET_LEN;
POSIX_GUARD_RESULT(s2n_get_private_random_data(shared_key));
@@ -267,7 +267,7 @@ int s2n_rsa_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared
* The latest version supported by client (as seen from the the client hello version) are <= TLS1.2
* for all clients, because TLS 1.3 clients freezes the TLS1.2 legacy version in client hello.
*/
- POSIX_CHECKED_MEMCPY(conn->secrets.tls12.rsa_premaster_secret, client_hello_protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN);
+ POSIX_CHECKED_MEMCPY(conn->secrets.version.tls12.rsa_premaster_secret, client_hello_protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN);
uint32_t encrypted_size = 0;
POSIX_GUARD_RESULT(s2n_pkey_size(&conn->handshake_params.server_public_key, &encrypted_size));
diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.h b/contrib/restricted/aws/s2n/tls/s2n_connection.h
index 503b488ff5..60d29b6cad 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_connection.h
+++ b/contrib/restricted/aws/s2n/tls/s2n_connection.h
@@ -201,6 +201,11 @@ struct s2n_connection {
uint8_t client_protocol_version;
uint8_t server_protocol_version;
uint8_t actual_protocol_version;
+ /* The version stored in the ticket / session we are resuming.
+ * We expect the connection to negotiate this version during
+ * the resumption handshake.
+ */
+ uint8_t resume_protocol_version;
/* Flag indicating whether a protocol version has been
* negotiated yet. */
@@ -209,7 +214,7 @@ struct s2n_connection {
/* Our crypto parameters */
struct s2n_crypto_parameters *initial;
struct s2n_crypto_parameters *secure;
- union s2n_secrets secrets;
+ struct s2n_secrets secrets;
/* Which set is the client/server actually using? */
struct s2n_crypto_parameters *client;
diff --git a/contrib/restricted/aws/s2n/tls/s2n_crypto.h b/contrib/restricted/aws/s2n/tls/s2n_crypto.h
index 2e72224f3c..5dd5d16b4b 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_crypto.h
+++ b/contrib/restricted/aws/s2n/tls/s2n_crypto.h
@@ -47,9 +47,12 @@ struct s2n_tls12_secrets {
uint8_t master_secret[S2N_TLS_SECRET_LEN];
};
-union s2n_secrets {
- struct s2n_tls12_secrets tls12;
- struct s2n_tls13_secrets tls13;
+struct s2n_secrets {
+ union {
+ struct s2n_tls12_secrets tls12;
+ struct s2n_tls13_secrets tls13;
+ } version;
+ s2n_extract_secret_type_t extract_secret_type;
};
struct s2n_crypto_parameters {
diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_log.c b/contrib/restricted/aws/s2n/tls/s2n_key_log.c
index ec2ea3cb6c..0ea0ed182f 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_key_log.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_key_log.c
@@ -160,7 +160,7 @@ S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn)
RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&output, label, label_size));
RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->handshake_params.client_random, S2N_TLS_RANDOM_DATA_LEN));
RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(&output, ' '));
- RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->secrets.tls12.master_secret, S2N_TLS_SECRET_LEN));
+ RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->secrets.version.tls12.master_secret, S2N_TLS_SECRET_LEN));
uint8_t *data = s2n_stuffer_raw_read(&output, len);
RESULT_ENSURE_REF(data);
diff --git a/contrib/restricted/aws/s2n/tls/s2n_prf.c b/contrib/restricted/aws/s2n/tls/s2n_prf.c
index 3519f08365..325968cff4 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_prf.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_prf.c
@@ -507,7 +507,7 @@ int s2n_tls_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *prem
struct s2n_blob server_random = { 0 };
POSIX_GUARD(s2n_blob_init(&server_random, conn->handshake_params.server_random, sizeof(conn->handshake_params.server_random)));
struct s2n_blob master_secret = { 0 };
- POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
uint8_t master_secret_label[] = "master secret";
struct s2n_blob label = { 0 };
@@ -525,7 +525,7 @@ int s2n_hybrid_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *p
struct s2n_blob server_random = { 0 };
POSIX_GUARD(s2n_blob_init(&server_random, conn->handshake_params.server_random, sizeof(conn->handshake_params.server_random)));
struct s2n_blob master_secret = { 0 };
- POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
uint8_t master_secret_label[] = "hybrid master secret";
struct s2n_blob label = { 0 };
@@ -590,7 +590,7 @@ S2N_RESULT s2n_tls_prf_extended_master_secret(struct s2n_connection *conn, struc
RESULT_ENSURE_REF(conn);
struct s2n_blob extended_master_secret = { 0 };
- RESULT_GUARD_POSIX(s2n_blob_init(&extended_master_secret, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ RESULT_GUARD_POSIX(s2n_blob_init(&extended_master_secret, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
uint8_t extended_master_secret_label[] = "extended master secret";
/* Subtract one from the label size to remove the "\0" */
@@ -639,11 +639,11 @@ static int s2n_sslv3_finished(struct s2n_connection *conn, uint8_t prefix[4], st
struct s2n_hash_state *md5 = hash_workspace;
POSIX_GUARD(s2n_hash_copy(md5, &conn->handshake.hashes->md5));
POSIX_GUARD(s2n_hash_update(md5, prefix, 4));
- POSIX_GUARD(s2n_hash_update(md5, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_hash_update(md5, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
POSIX_GUARD(s2n_hash_update(md5, xorpad1, 48));
POSIX_GUARD(s2n_hash_digest(md5, md5_digest, MD5_DIGEST_LENGTH));
POSIX_GUARD(s2n_hash_reset(md5));
- POSIX_GUARD(s2n_hash_update(md5, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_hash_update(md5, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
POSIX_GUARD(s2n_hash_update(md5, xorpad2, 48));
POSIX_GUARD(s2n_hash_update(md5, md5_digest, MD5_DIGEST_LENGTH));
POSIX_GUARD(s2n_hash_digest(md5, md5_digest, MD5_DIGEST_LENGTH));
@@ -652,11 +652,11 @@ static int s2n_sslv3_finished(struct s2n_connection *conn, uint8_t prefix[4], st
struct s2n_hash_state *sha1 = hash_workspace;
POSIX_GUARD(s2n_hash_copy(sha1, &conn->handshake.hashes->sha1));
POSIX_GUARD(s2n_hash_update(sha1, prefix, 4));
- POSIX_GUARD(s2n_hash_update(sha1, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_hash_update(sha1, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
POSIX_GUARD(s2n_hash_update(sha1, xorpad1, 40));
POSIX_GUARD(s2n_hash_digest(sha1, sha_digest, SHA_DIGEST_LENGTH));
POSIX_GUARD(s2n_hash_reset(sha1));
- POSIX_GUARD(s2n_hash_update(sha1, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_hash_update(sha1, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
POSIX_GUARD(s2n_hash_update(sha1, xorpad2, 40));
POSIX_GUARD(s2n_hash_update(sha1, sha_digest, SHA_DIGEST_LENGTH));
POSIX_GUARD(s2n_hash_digest(sha1, sha_digest, SHA_DIGEST_LENGTH));
@@ -708,8 +708,8 @@ int s2n_prf_client_finished(struct s2n_connection *conn)
label.data = client_finished_label;
label.size = sizeof(client_finished_label) - 1;
- master_secret.data = conn->secrets.tls12.master_secret;
- master_secret.size = sizeof(conn->secrets.tls12.master_secret);
+ master_secret.data = conn->secrets.version.tls12.master_secret;
+ master_secret.size = sizeof(conn->secrets.version.tls12.master_secret);
if (conn->actual_protocol_version == S2N_TLS12) {
switch (conn->secure->cipher_suite->prf_alg) {
case S2N_HMAC_SHA256:
@@ -766,8 +766,8 @@ int s2n_prf_server_finished(struct s2n_connection *conn)
label.data = server_finished_label;
label.size = sizeof(server_finished_label) - 1;
- master_secret.data = conn->secrets.tls12.master_secret;
- master_secret.size = sizeof(conn->secrets.tls12.master_secret);
+ master_secret.data = conn->secrets.version.tls12.master_secret;
+ master_secret.size = sizeof(conn->secrets.version.tls12.master_secret);
if (conn->actual_protocol_version == S2N_TLS12) {
switch (conn->secure->cipher_suite->prf_alg) {
case S2N_HMAC_SHA256:
@@ -849,7 +849,7 @@ int s2n_prf_key_expansion(struct s2n_connection *conn)
struct s2n_blob server_random = { 0 };
POSIX_GUARD(s2n_blob_init(&server_random, conn->handshake_params.server_random, sizeof(conn->handshake_params.server_random)));
struct s2n_blob master_secret = { 0 };
- POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.tls12.master_secret, sizeof(conn->secrets.tls12.master_secret)));
+ POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.version.tls12.master_secret, sizeof(conn->secrets.version.tls12.master_secret)));
struct s2n_blob label, out;
uint8_t key_expansion_label[] = "key expansion";
uint8_t key_block[S2N_MAX_KEY_BLOCK_LEN];
diff --git a/contrib/restricted/aws/s2n/tls/s2n_resume.c b/contrib/restricted/aws/s2n/tls/s2n_resume.c
index bd8015e475..c667020017 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_resume.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_resume.c
@@ -43,6 +43,23 @@ int s2n_allowed_to_cache_connection(struct s2n_connection *conn)
return config->use_session_cache;
}
+/* If a protocol version is required before the actual_protocol_version
+ * is negotiated, we should fall back to resume_protocol_version if available.
+ *
+ * This covers the case where the application requests a ticket / session state
+ * before a NewSessionTicket message has been sent or received. Historically,
+ * in that case we return the ticket / session state already set for the connection.
+ * resume_protocol_version represents the protocol version of that existing ticket / state.
+ */
+static uint8_t s2n_resume_protocol_version(struct s2n_connection *conn)
+{
+ if (!IS_NEGOTIATED(conn) && conn->resume_protocol_version) {
+ return conn->resume_protocol_version;
+ } else {
+ return conn->actual_protocol_version;
+ }
+}
+
static int s2n_tls12_serialize_resumption_state(struct s2n_connection *conn, struct s2n_stuffer *to)
{
POSIX_ENSURE_REF(to);
@@ -58,10 +75,10 @@ static int s2n_tls12_serialize_resumption_state(struct s2n_connection *conn, str
/* Write the entry */
POSIX_GUARD(s2n_stuffer_write_uint8(to, S2N_SERIALIZED_FORMAT_TLS12_V3));
- POSIX_GUARD(s2n_stuffer_write_uint8(to, conn->actual_protocol_version));
+ POSIX_GUARD(s2n_stuffer_write_uint8(to, s2n_resume_protocol_version(conn)));
POSIX_GUARD(s2n_stuffer_write_bytes(to, conn->secure->cipher_suite->iana_value, S2N_TLS_CIPHER_SUITE_LEN));
POSIX_GUARD(s2n_stuffer_write_uint64(to, now));
- POSIX_GUARD(s2n_stuffer_write_bytes(to, conn->secrets.tls12.master_secret, S2N_TLS_SECRET_LEN));
+ POSIX_GUARD(s2n_stuffer_write_bytes(to, conn->secrets.version.tls12.master_secret, S2N_TLS_SECRET_LEN));
POSIX_GUARD(s2n_stuffer_write_uint8(to, conn->ems_negotiated));
return S2N_SUCCESS;
@@ -126,7 +143,7 @@ static S2N_RESULT s2n_tls13_serialize_resumption_state(struct s2n_connection *co
static S2N_RESULT s2n_serialize_resumption_state(struct s2n_connection *conn, struct s2n_stuffer *out)
{
- if (conn->actual_protocol_version < S2N_TLS13) {
+ if (s2n_resume_protocol_version(conn) < S2N_TLS13) {
RESULT_GUARD_POSIX(s2n_tls12_serialize_resumption_state(conn, out));
} else {
RESULT_GUARD(s2n_tls13_serialize_resumption_state(conn, out));
@@ -158,7 +175,7 @@ static int s2n_tls12_deserialize_resumption_state(struct s2n_connection *conn, s
S2N_ERROR_IF(then > now, S2N_ERR_INVALID_SERIALIZED_SESSION_STATE);
S2N_ERROR_IF(now - then > conn->config->session_state_lifetime_in_nanos, S2N_ERR_INVALID_SERIALIZED_SESSION_STATE);
- POSIX_GUARD(s2n_stuffer_read_bytes(from, conn->secrets.tls12.master_secret, S2N_TLS_SECRET_LEN));
+ POSIX_GUARD(s2n_stuffer_read_bytes(from, conn->secrets.version.tls12.master_secret, S2N_TLS_SECRET_LEN));
if (s2n_stuffer_data_available(from)) {
uint8_t ems_negotiated = 0;
@@ -216,7 +233,7 @@ static S2N_RESULT s2n_tls12_client_deserialize_session_state(struct s2n_connecti
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(from);
- RESULT_GUARD_POSIX(s2n_stuffer_read_uint8(from, &conn->actual_protocol_version));
+ RESULT_GUARD_POSIX(s2n_stuffer_read_uint8(from, &conn->resume_protocol_version));
uint8_t *cipher_suite_wire = s2n_stuffer_raw_read(from, S2N_TLS_CIPHER_SUITE_LEN);
RESULT_ENSURE_REF(cipher_suite_wire);
@@ -225,7 +242,7 @@ static S2N_RESULT s2n_tls12_client_deserialize_session_state(struct s2n_connecti
uint64_t then = 0;
RESULT_GUARD_POSIX(s2n_stuffer_read_uint64(from, &then));
- RESULT_GUARD_POSIX(s2n_stuffer_read_bytes(from, conn->secrets.tls12.master_secret, S2N_TLS_SECRET_LEN));
+ RESULT_GUARD_POSIX(s2n_stuffer_read_bytes(from, conn->secrets.version.tls12.master_secret, S2N_TLS_SECRET_LEN));
if (s2n_stuffer_data_available(from)) {
uint8_t ems_negotiated = 0;
@@ -505,7 +522,7 @@ S2N_RESULT s2n_connection_get_session_state_size(struct s2n_connection *conn, si
RESULT_ENSURE_REF(conn->secure);
RESULT_ENSURE_REF(state_size);
- if (conn->actual_protocol_version < S2N_TLS13) {
+ if (s2n_resume_protocol_version(conn) < S2N_TLS13) {
*state_size = S2N_TLS12_STATE_SIZE_IN_BYTES;
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c
index 708346f1cb..b95d0157f9 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c
@@ -218,7 +218,7 @@ static int s2n_server_hello_parse(struct s2n_connection *conn)
POSIX_BAIL(S2N_ERR_PROTOCOL_VERSION_UNSUPPORTED);
}
- uint8_t actual_protocol_version = MIN(conn->server_protocol_version, conn->client_protocol_version);
+ conn->actual_protocol_version = MIN(conn->server_protocol_version, conn->client_protocol_version);
/*
*= https://tools.ietf.org/rfc/rfc5077#section-3.4
@@ -230,8 +230,8 @@ static int s2n_server_hello_parse(struct s2n_connection *conn)
*/
if (session_ids_match) {
/* check if the resumed session state is valid */
- S2N_ERROR_IF(conn->actual_protocol_version != actual_protocol_version, S2N_ERR_BAD_MESSAGE);
- S2N_ERROR_IF(memcmp(conn->secure->cipher_suite->iana_value, cipher_suite_wire, S2N_TLS_CIPHER_SUITE_LEN) != 0,
+ POSIX_ENSURE(conn->resume_protocol_version == conn->actual_protocol_version, S2N_ERR_BAD_MESSAGE);
+ POSIX_ENSURE(memcmp(conn->secure->cipher_suite->iana_value, cipher_suite_wire, S2N_TLS_CIPHER_SUITE_LEN) == 0,
S2N_ERR_BAD_MESSAGE);
/* Session is resumed */
@@ -239,10 +239,9 @@ static int s2n_server_hello_parse(struct s2n_connection *conn)
} else {
conn->session_id_len = session_id_len;
POSIX_CHECKED_MEMCPY(conn->session_id, session_id, session_id_len);
- conn->actual_protocol_version = actual_protocol_version;
POSIX_GUARD(s2n_set_cipher_as_client(conn, cipher_suite_wire));
/* Erase master secret which might have been set for session resumption */
- POSIX_CHECKED_MEMSET((uint8_t *) conn->secrets.tls12.master_secret, 0, S2N_TLS_SECRET_LEN);
+ POSIX_CHECKED_MEMSET((uint8_t *) conn->secrets.version.tls12.master_secret, 0, S2N_TLS_SECRET_LEN);
/* Erase client session ticket which might have been set for session resumption */
POSIX_GUARD(s2n_free(&conn->client_ticket));
diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c
index 6a269a720c..2f8166def3 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c
@@ -243,7 +243,7 @@ static int s2n_generate_session_secret(struct s2n_connection *conn, struct s2n_b
s2n_tls13_connection_keys(secrets, conn);
struct s2n_blob master_secret = { 0 };
- POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.tls13.resumption_master_secret, secrets.size));
+ POSIX_GUARD(s2n_blob_init(&master_secret, conn->secrets.version.tls13.resumption_master_secret, secrets.size));
POSIX_GUARD(s2n_realloc(output, secrets.size));
POSIX_GUARD_RESULT(s2n_tls13_derive_session_ticket_secret(&secrets, &master_secret, nonce, output));
diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c
index 8d0e8423d9..26c523be87 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c
@@ -168,11 +168,11 @@ int s2n_update_application_traffic_keys(struct s2n_connection *conn, s2n_mode mo
if (mode == S2N_CLIENT) {
old_key = &conn->secure->client_key;
- POSIX_GUARD(s2n_blob_init(&old_app_secret, conn->secrets.tls13.client_app_secret, keys.size));
+ POSIX_GUARD(s2n_blob_init(&old_app_secret, conn->secrets.version.tls13.client_app_secret, keys.size));
POSIX_GUARD(s2n_blob_init(&app_iv, conn->secure->client_implicit_iv, S2N_TLS13_FIXED_IV_LEN));
} else {
old_key = &conn->secure->server_key;
- POSIX_GUARD(s2n_blob_init(&old_app_secret, conn->secrets.tls13.server_app_secret, keys.size));
+ POSIX_GUARD(s2n_blob_init(&old_app_secret, conn->secrets.version.tls13.server_app_secret, keys.size));
POSIX_GUARD(s2n_blob_init(&app_iv, conn->secure->server_implicit_iv, S2N_TLS13_FIXED_IV_LEN));
}
diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c
index de7b493cce..1aecbef345 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c
@@ -332,6 +332,6 @@ S2N_RESULT s2n_tls13_key_schedule_reset(struct s2n_connection *conn)
RESULT_ENSURE_REF(conn->initial);
conn->client = conn->initial;
conn->server = conn->initial;
- conn->secrets.tls13.extract_secret_type = S2N_NONE_SECRET;
+ conn->secrets.extract_secret_type = S2N_NONE_SECRET;
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c
index 66343fbd7d..3914a04461 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c
@@ -23,7 +23,7 @@
#define S2N_MAX_HASHLEN SHA384_DIGEST_LENGTH
#define CONN_HMAC_ALG(conn) ((conn)->secure->cipher_suite->prf_alg)
-#define CONN_SECRETS(conn) ((conn)->secrets.tls13)
+#define CONN_SECRETS(conn) ((conn)->secrets.version.tls13)
#define CONN_HASHES(conn) ((conn)->handshake.hashes)
#define CONN_SECRET(conn, secret) ( \
@@ -170,7 +170,7 @@ static S2N_RESULT s2n_derive_secret_with_context(struct s2n_connection *conn,
RESULT_ENSURE_REF(label);
RESULT_ENSURE_REF(output);
- RESULT_ENSURE(CONN_SECRETS(conn).extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
+ RESULT_ENSURE(conn->secrets.extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
RESULT_ENSURE(s2n_conn_get_current_message_type(conn) == transcript_end_msg, S2N_ERR_SECRET_SCHEDULE_STATE);
RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn), &CONN_SECRET(conn, extract_secret),
label, &CONN_HASH(conn, transcript_hash_digest), output));
@@ -183,7 +183,7 @@ static S2N_RESULT s2n_derive_secret_without_context(struct s2n_connection *conn,
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(output);
- RESULT_ENSURE(CONN_SECRETS(conn).extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
+ RESULT_ENSURE(conn->secrets.extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn), &CONN_SECRET(conn, extract_secret),
&s2n_tls13_label_derived_secret, &EMPTY_CONTEXT(CONN_HMAC_ALG(conn)), output));
return S2N_RESULT_OK;
@@ -537,11 +537,11 @@ S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_sec
RESULT_ENSURE_GTE(secret_type, 0);
RESULT_ENSURE_LT(secret_type, s2n_array_len(extract_methods));
- s2n_extract_secret_type_t next_secret_type = CONN_SECRETS(conn).extract_secret_type + 1;
+ s2n_extract_secret_type_t next_secret_type = conn->secrets.extract_secret_type + 1;
for (s2n_extract_secret_type_t i = next_secret_type; i <= secret_type; i++) {
RESULT_ENSURE_REF(extract_methods[i]);
RESULT_GUARD(extract_methods[i](conn));
- CONN_SECRETS(conn).extract_secret_type = i;
+ conn->secrets.extract_secret_type = i;
}
return S2N_RESULT_OK;
@@ -592,7 +592,7 @@ S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn)
* so these are the most sensitive secrets.
*/
RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, extract_secret)));
- conn->secrets.tls13.extract_secret_type = S2N_NONE_SECRET;
+ conn->secrets.extract_secret_type = S2N_NONE_SECRET;
/* Wipe other secrets no longer needed */
RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, client_early_secret)));
@@ -663,7 +663,7 @@ S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret
};
RESULT_ENSURE_GT(secret_type, S2N_NONE_SECRET);
RESULT_ENSURE_LT(secret_type, s2n_array_len(secrets));
- RESULT_ENSURE_LTE(secret_type, CONN_SECRETS(conn).extract_secret_type);
+ RESULT_ENSURE_LTE(secret_type, conn->secrets.extract_secret_type);
RESULT_ENSURE_REF(secrets[secret_type][mode]);
secret->size = s2n_get_hash_len(CONN_HMAC_ALG(conn));
diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h
index 526089169f..b99f76df8f 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h
+++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h
@@ -32,7 +32,6 @@ typedef enum {
struct s2n_tls13_secrets {
uint8_t extract_secret[S2N_TLS13_SECRET_MAX_LEN];
- s2n_extract_secret_type_t extract_secret_type;
uint8_t client_early_secret[S2N_TLS13_SECRET_MAX_LEN];
uint8_t client_handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
@@ -41,6 +40,8 @@ struct s2n_tls13_secrets {
uint8_t client_app_secret[S2N_TLS13_SECRET_MAX_LEN];
uint8_t server_app_secret[S2N_TLS13_SECRET_MAX_LEN];
uint8_t resumption_master_secret[S2N_TLS13_SECRET_MAX_LEN];
+
+ s2n_extract_secret_type_t extract_secret_type;
};
S2N_RESULT s2n_tls13_empty_transcripts_init();