diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-29 11:19:28 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-29 11:19:28 +0300 |
commit | fed8d432668e1993b6d0d429398d65aa40f3f5fe (patch) | |
tree | 5b837c62d01f3fcdafb6a31ae4914f530053c5b9 /contrib | |
parent | d6e1a495bd3ea25012ef907b23327e085f36be1c (diff) | |
download | ydb-fed8d432668e1993b6d0d429398d65aa40f3f5fe.tar.gz |
Update contrib/restricted/aws/s2n to 1.3.31
Diffstat (limited to 'contrib')
162 files changed, 2899 insertions, 2926 deletions
diff --git a/contrib/restricted/aws/s2n/api/s2n.h b/contrib/restricted/aws/s2n/api/s2n.h index a1006caf44..b14494c5b6 100644 --- a/contrib/restricted/aws/s2n/api/s2n.h +++ b/contrib/restricted/aws/s2n/api/s2n.h @@ -869,6 +869,18 @@ S2N_API extern int s2n_config_set_verify_after_sign(struct s2n_config *config, s S2N_API extern int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size); /** + * Enable or disable recieving of multiple TLS records in a single s2n_recv call + * + * Legacy behavior is to return after reading a single TLS record which may not be the most + * efficient way to invoke this function, especially if larger receive buffers are used. + * + * @param config The configuration object being updated + * @param enabled Set to `true` if multiple record recieve is to be enabled; `false` to disable. + * @returns S2N_SUCCESS on success. S2N_FAILURE on failure + */ +S2N_API extern int s2n_config_set_recv_multi_record(struct s2n_config *config, bool enabled); + +/** * A callback function invoked (usually multiple times) during X.509 validation for each * name encountered in the leaf certificate. * diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c index 395c500994..0dde774d89 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c @@ -17,14 +17,12 @@ #include <openssl/evp.h> #include "crypto/s2n_cipher.h" - #include "tls/s2n_crypto.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -#define S2N_AEAD_AES_GCM_AVAILABLE + #define S2N_AEAD_AES_GCM_AVAILABLE #endif static uint8_t s2n_aead_cipher_aes128_gcm_available() @@ -382,11 +380,11 @@ const struct s2n_cipher s2n_aes128_gcm = { .key_material_size = S2N_TLS_AES_128_GCM_KEY_LEN, .type = S2N_AEAD, .io.aead = { - .record_iv_size = S2N_TLS_GCM_EXPLICIT_IV_LEN, - .fixed_iv_size = S2N_TLS_GCM_FIXED_IV_LEN, - .tag_size = S2N_TLS_GCM_TAG_LEN, - .decrypt = s2n_aead_cipher_aes_gcm_decrypt, - .encrypt = s2n_aead_cipher_aes_gcm_encrypt}, + .record_iv_size = S2N_TLS_GCM_EXPLICIT_IV_LEN, + .fixed_iv_size = S2N_TLS_GCM_FIXED_IV_LEN, + .tag_size = S2N_TLS_GCM_TAG_LEN, + .decrypt = s2n_aead_cipher_aes_gcm_decrypt, + .encrypt = s2n_aead_cipher_aes_gcm_encrypt }, .is_available = s2n_aead_cipher_aes128_gcm_available, .init = s2n_aead_cipher_aes_gcm_init, .set_encryption_key = s2n_aead_cipher_aes128_gcm_set_encryption_key, @@ -398,11 +396,11 @@ const struct s2n_cipher s2n_aes256_gcm = { .key_material_size = S2N_TLS_AES_256_GCM_KEY_LEN, .type = S2N_AEAD, .io.aead = { - .record_iv_size = S2N_TLS_GCM_EXPLICIT_IV_LEN, - .fixed_iv_size = S2N_TLS_GCM_FIXED_IV_LEN, - .tag_size = S2N_TLS_GCM_TAG_LEN, - .decrypt = s2n_aead_cipher_aes_gcm_decrypt, - .encrypt = s2n_aead_cipher_aes_gcm_encrypt}, + .record_iv_size = S2N_TLS_GCM_EXPLICIT_IV_LEN, + .fixed_iv_size = S2N_TLS_GCM_FIXED_IV_LEN, + .tag_size = S2N_TLS_GCM_TAG_LEN, + .decrypt = s2n_aead_cipher_aes_gcm_decrypt, + .encrypt = s2n_aead_cipher_aes_gcm_encrypt }, .is_available = s2n_aead_cipher_aes256_gcm_available, .init = s2n_aead_cipher_aes_gcm_init, .set_encryption_key = s2n_aead_cipher_aes256_gcm_set_encryption_key, @@ -415,11 +413,11 @@ const struct s2n_cipher s2n_tls13_aes128_gcm = { .key_material_size = S2N_TLS_AES_128_GCM_KEY_LEN, .type = S2N_AEAD, .io.aead = { - .record_iv_size = S2N_TLS13_RECORD_IV_LEN, - .fixed_iv_size = S2N_TLS13_FIXED_IV_LEN, - .tag_size = S2N_TLS_GCM_TAG_LEN, - .decrypt = s2n_aead_cipher_aes_gcm_decrypt, - .encrypt = s2n_aead_cipher_aes_gcm_encrypt}, + .record_iv_size = S2N_TLS13_RECORD_IV_LEN, + .fixed_iv_size = S2N_TLS13_FIXED_IV_LEN, + .tag_size = S2N_TLS_GCM_TAG_LEN, + .decrypt = s2n_aead_cipher_aes_gcm_decrypt, + .encrypt = s2n_aead_cipher_aes_gcm_encrypt }, .is_available = s2n_aead_cipher_aes128_gcm_available, .init = s2n_aead_cipher_aes_gcm_init, .set_encryption_key = s2n_aead_cipher_aes128_gcm_set_encryption_key_tls13, @@ -431,11 +429,11 @@ const struct s2n_cipher s2n_tls13_aes256_gcm = { .key_material_size = S2N_TLS_AES_256_GCM_KEY_LEN, .type = S2N_AEAD, .io.aead = { - .record_iv_size = S2N_TLS13_RECORD_IV_LEN, - .fixed_iv_size = S2N_TLS13_FIXED_IV_LEN, - .tag_size = S2N_TLS_GCM_TAG_LEN, - .decrypt = s2n_aead_cipher_aes_gcm_decrypt, - .encrypt = s2n_aead_cipher_aes_gcm_encrypt}, + .record_iv_size = S2N_TLS13_RECORD_IV_LEN, + .fixed_iv_size = S2N_TLS13_FIXED_IV_LEN, + .tag_size = S2N_TLS_GCM_TAG_LEN, + .decrypt = s2n_aead_cipher_aes_gcm_decrypt, + .encrypt = s2n_aead_cipher_aes_gcm_encrypt }, .is_available = s2n_aead_cipher_aes256_gcm_available, .init = s2n_aead_cipher_aes_gcm_init, .set_encryption_key = s2n_aead_cipher_aes256_gcm_set_encryption_key_tls13, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c index 0a119baac6..55f12908f1 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c @@ -17,11 +17,9 @@ #include "crypto/s2n_cipher.h" #include "crypto/s2n_openssl.h" - #include "tls/s2n_crypto.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" /* We support two different backing implementations of ChaCha20-Poly1305: one * implementation for OpenSSL (>= 1.1.0, see @@ -31,9 +29,9 @@ * Note, the order in the if/elif below matters because both BoringSSL and * AWS-LC define OPENSSL_VERSION_NUMBER. */ #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -#define S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC -#elif (S2N_OPENSSL_VERSION_AT_LEAST(1,1,0) && !defined(LIBRESSL_VERSION_NUMBER)) -#define S2N_CHACHA20_POLY1305_AVAILABLE_OSSL + #define S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC +#elif (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)) + #define S2N_CHACHA20_POLY1305_AVAILABLE_OSSL #endif static uint8_t s2n_aead_chacha20_poly1305_available(void) @@ -266,11 +264,11 @@ const struct s2n_cipher s2n_chacha20_poly1305 = { .key_material_size = S2N_TLS_CHACHA20_POLY1305_KEY_LEN, .type = S2N_AEAD, .io.aead = { - .record_iv_size = S2N_TLS_CHACHA20_POLY1305_EXPLICIT_IV_LEN, - .fixed_iv_size = S2N_TLS_CHACHA20_POLY1305_FIXED_IV_LEN, - .tag_size = S2N_TLS_CHACHA20_POLY1305_TAG_LEN, - .decrypt = s2n_aead_chacha20_poly1305_decrypt, - .encrypt = s2n_aead_chacha20_poly1305_encrypt}, + .record_iv_size = S2N_TLS_CHACHA20_POLY1305_EXPLICIT_IV_LEN, + .fixed_iv_size = S2N_TLS_CHACHA20_POLY1305_FIXED_IV_LEN, + .tag_size = S2N_TLS_CHACHA20_POLY1305_TAG_LEN, + .decrypt = s2n_aead_chacha20_poly1305_decrypt, + .encrypt = s2n_aead_chacha20_poly1305_encrypt }, .is_available = s2n_aead_chacha20_poly1305_available, .init = s2n_aead_chacha20_poly1305_init, .set_encryption_key = s2n_aead_chacha20_poly1305_set_encryption_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c index f90d116f01..96914c0a13 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c @@ -15,13 +15,11 @@ #include <openssl/evp.h> -#include "error/s2n_errno.h" - #include "crypto/s2n_cipher.h" #include "crypto/s2n_openssl.h" - -#include "utils/s2n_safety.h" +#include "error/s2n_errno.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" static uint8_t s2n_cbc_cipher_3des_available() { @@ -94,10 +92,10 @@ const struct s2n_cipher s2n_3des = { .key_material_size = 24, .type = S2N_CBC, .io.cbc = { - .block_size = 8, - .record_iv_size = 8, - .decrypt = s2n_cbc_cipher_3des_decrypt, - .encrypt = s2n_cbc_cipher_3des_encrypt}, + .block_size = 8, + .record_iv_size = 8, + .decrypt = s2n_cbc_cipher_3des_decrypt, + .encrypt = s2n_cbc_cipher_3des_encrypt }, .is_available = s2n_cbc_cipher_3des_available, .init = s2n_cbc_cipher_3des_init, .set_decryption_key = s2n_cbc_cipher_3des_set_decryption_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c index 489a0e329f..892dea59c6 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c @@ -15,13 +15,11 @@ #include <openssl/aes.h> -#include "error/s2n_errno.h" - #include "crypto/s2n_cipher.h" #include "crypto/s2n_openssl.h" - -#include "utils/s2n_safety.h" +#include "error/s2n_errno.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" static uint8_t s2n_cbc_cipher_aes128_available() { @@ -120,10 +118,10 @@ const struct s2n_cipher s2n_aes128 = { .key_material_size = 16, .type = S2N_CBC, .io.cbc = { - .block_size = 16, - .record_iv_size = 16, - .decrypt = s2n_cbc_cipher_aes_decrypt, - .encrypt = s2n_cbc_cipher_aes_encrypt}, + .block_size = 16, + .record_iv_size = 16, + .decrypt = s2n_cbc_cipher_aes_decrypt, + .encrypt = s2n_cbc_cipher_aes_encrypt }, .is_available = s2n_cbc_cipher_aes128_available, .init = s2n_cbc_cipher_aes_init, .set_decryption_key = s2n_cbc_cipher_aes128_set_decryption_key, @@ -135,10 +133,10 @@ const struct s2n_cipher s2n_aes256 = { .key_material_size = 32, .type = S2N_CBC, .io.cbc = { - .block_size = 16, - .record_iv_size = 16, - .decrypt = s2n_cbc_cipher_aes_decrypt, - .encrypt = s2n_cbc_cipher_aes_encrypt}, + .block_size = 16, + .record_iv_size = 16, + .decrypt = s2n_cbc_cipher_aes_decrypt, + .encrypt = s2n_cbc_cipher_aes_encrypt }, .is_available = s2n_cbc_cipher_aes256_available, .init = s2n_cbc_cipher_aes_init, .set_decryption_key = s2n_cbc_cipher_aes256_set_decryption_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c index 9e3f4bc551..baeee2dc64 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_certificate.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_certificate.c @@ -14,23 +14,23 @@ */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE + #define _GNU_SOURCE #endif -#include "api/s2n.h" -#include <openssl/x509v3.h> +#include "crypto/s2n_certificate.h" + #include <openssl/pem.h> +#include <openssl/x509v3.h> #include <string.h> #include <strings.h> -#include "crypto/s2n_certificate.h" +#include "api/s2n.h" #include "crypto/s2n_openssl_x509.h" -#include "utils/s2n_array.h" -#include "utils/s2n_safety.h" -#include "utils/s2n_mem.h" - #include "tls/extensions/s2n_extension_list.h" #include "tls/s2n_connection.h" +#include "utils/s2n_array.h" +#include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" int s2n_cert_set_cert_type(struct s2n_cert *cert, s2n_pkey_type pkey_type) { @@ -42,7 +42,7 @@ int s2n_cert_set_cert_type(struct s2n_cert *cert, s2n_pkey_type pkey_type) int s2n_create_cert_chain_from_stuffer(struct s2n_cert_chain *cert_chain_out, struct s2n_stuffer *chain_in_stuffer) { - DEFER_CLEANUP(struct s2n_stuffer cert_out_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer cert_out_stuffer = { 0 }, s2n_stuffer_free); POSIX_GUARD(s2n_stuffer_growable_alloc(&cert_out_stuffer, 2048)); struct s2n_cert **insert = &cert_chain_out->head; @@ -56,9 +56,9 @@ int s2n_create_cert_chain_from_stuffer(struct s2n_cert_chain *cert_chain_out, st } break; } - struct s2n_blob mem = {0}; + struct s2n_blob mem = { 0 }; POSIX_GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert))); - new_node = (struct s2n_cert *)(void *)mem.data; + new_node = (struct s2n_cert *) (void *) mem.data; if (s2n_alloc(&new_node->raw, s2n_stuffer_data_available(&cert_out_stuffer)) != S2N_SUCCESS) { POSIX_GUARD(s2n_free(&mem)); @@ -94,7 +94,7 @@ int s2n_cert_chain_and_key_set_cert_chain_from_stuffer(struct s2n_cert_chain_and int s2n_cert_chain_and_key_set_cert_chain_bytes(struct s2n_cert_chain_and_key *cert_and_key, uint8_t *cert_chain_pem, uint32_t cert_chain_len) { - DEFER_CLEANUP(struct s2n_stuffer chain_in_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer chain_in_stuffer = { 0 }, s2n_stuffer_free); POSIX_GUARD(s2n_stuffer_init_ro_from_string(&chain_in_stuffer, cert_chain_pem, cert_chain_len)); POSIX_GUARD(s2n_cert_chain_and_key_set_cert_chain_from_stuffer(cert_and_key, &chain_in_stuffer)); @@ -104,7 +104,7 @@ int s2n_cert_chain_and_key_set_cert_chain_bytes(struct s2n_cert_chain_and_key *c int s2n_cert_chain_and_key_set_cert_chain(struct s2n_cert_chain_and_key *cert_and_key, const char *cert_chain_pem) { - DEFER_CLEANUP(struct s2n_stuffer chain_in_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer chain_in_stuffer = { 0 }, s2n_stuffer_free); /* Turn the chain into a stuffer */ POSIX_GUARD(s2n_stuffer_alloc_ro_from_string(&chain_in_stuffer, cert_chain_pem)); @@ -115,7 +115,7 @@ int s2n_cert_chain_and_key_set_cert_chain(struct s2n_cert_chain_and_key *cert_an int s2n_cert_chain_and_key_set_private_key_from_stuffer(struct s2n_cert_chain_and_key *cert_and_key, struct s2n_stuffer *key_in_stuffer, struct s2n_stuffer *key_out_stuffer) { - struct s2n_blob key_blob = {0}; + struct s2n_blob key_blob = { 0 }; POSIX_GUARD(s2n_pkey_zero_init(cert_and_key->private_key)); @@ -133,8 +133,8 @@ int s2n_cert_chain_and_key_set_private_key_from_stuffer(struct s2n_cert_chain_an int s2n_cert_chain_and_key_set_private_key_bytes(struct s2n_cert_chain_and_key *cert_and_key, uint8_t *private_key_pem, uint32_t private_key_len) { - DEFER_CLEANUP(struct s2n_stuffer key_in_stuffer = {0}, s2n_stuffer_free); - DEFER_CLEANUP(struct s2n_stuffer key_out_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer key_in_stuffer = { 0 }, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer key_out_stuffer = { 0 }, s2n_stuffer_free); /* Put the private key pem in a stuffer */ POSIX_GUARD(s2n_stuffer_init_ro_from_string(&key_in_stuffer, private_key_pem, private_key_len)); @@ -149,8 +149,8 @@ int s2n_cert_chain_and_key_set_private_key(struct s2n_cert_chain_and_key *cert_a { POSIX_ENSURE_REF(private_key_pem); - DEFER_CLEANUP(struct s2n_stuffer key_in_stuffer = {0}, s2n_stuffer_free); - DEFER_CLEANUP(struct s2n_stuffer key_out_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer key_in_stuffer = { 0 }, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer key_out_stuffer = { 0 }, s2n_stuffer_free); /* Put the private key pem in a stuffer */ POSIX_GUARD(s2n_stuffer_alloc_ro_from_string(&key_in_stuffer, private_key_pem)); @@ -205,9 +205,9 @@ struct s2n_cert_chain_and_key *s2n_cert_chain_and_key_new(void) san_names = s2n_array_new(sizeof(struct s2n_blob)); PTR_ENSURE_REF(san_names); - struct s2n_cert_chain_and_key *chain_and_key = (struct s2n_cert_chain_and_key *)(void *)chain_and_key_mem.data; - chain_and_key->cert_chain = (struct s2n_cert_chain *)(void *)cert_chain_mem.data; - chain_and_key->private_key = (s2n_cert_private_key *)(void *)pkey_mem.data; + struct s2n_cert_chain_and_key *chain_and_key = (struct s2n_cert_chain_and_key *) (void *) chain_and_key_mem.data; + chain_and_key->cert_chain = (struct s2n_cert_chain *) (void *) cert_chain_mem.data; + chain_and_key->private_key = (s2n_cert_private_key *) (void *) pkey_mem.data; chain_and_key->cn_names = cn_names; chain_and_key->san_names = san_names; @@ -243,7 +243,7 @@ int s2n_cert_chain_and_key_load_sans(struct s2n_cert_chain_and_key *chain_and_ke unsigned char *san_str = san_name->d.dNSName->data; const size_t san_str_len = san_name->d.dNSName->length; struct s2n_blob *san_blob = NULL; - POSIX_GUARD_RESULT(s2n_array_pushback(chain_and_key->san_names, (void **)&san_blob)); + POSIX_GUARD_RESULT(s2n_array_pushback(chain_and_key->san_names, (void **) &san_blob)); if (!san_blob) { POSIX_BAIL(S2N_ERR_NULL_SANS); } @@ -283,7 +283,7 @@ int s2n_cert_chain_and_key_load_cns(struct s2n_cert_chain_and_key *chain_and_key } int lastpos = -1; - while((lastpos = X509_NAME_get_index_by_NID(subject, NID_commonName, lastpos)) >= 0) { + while ((lastpos = X509_NAME_get_index_by_NID(subject, NID_commonName, lastpos)) >= 0) { X509_NAME_ENTRY *name_entry = X509_NAME_get_entry(subject, lastpos); if (!name_entry) { continue; @@ -308,7 +308,7 @@ int s2n_cert_chain_and_key_load_cns(struct s2n_cert_chain_and_key *chain_and_key OPENSSL_free(utf8_str); } else { struct s2n_blob *cn_name = NULL; - POSIX_GUARD_RESULT(s2n_array_pushback(chain_and_key->cn_names, (void **)&cn_name)); + POSIX_GUARD_RESULT(s2n_array_pushback(chain_and_key->cn_names, (void **) &cn_name)); if (cn_name == NULL) { POSIX_BAIL(S2N_ERR_NULL_CN_NAME); } @@ -354,7 +354,7 @@ int s2n_cert_chain_and_key_load(struct s2n_cert_chain_and_key *chain_and_key) struct s2n_cert *head = chain_and_key->cert_chain->head; /* Parse the leaf cert for the public key and certificate type */ - DEFER_CLEANUP(struct s2n_pkey public_key = {0}, s2n_pkey_free); + DEFER_CLEANUP(struct s2n_pkey public_key = { 0 }, s2n_pkey_free); s2n_pkey_type pkey_type = S2N_PKEY_TYPE_UNKNOWN; POSIX_GUARD(s2n_asn1der_to_public_key_and_type(&public_key, &pkey_type, &head->raw)); POSIX_ENSURE(pkey_type != S2N_PKEY_TYPE_UNKNOWN, S2N_ERR_CERT_TYPE_UNSUPPORTED); @@ -399,7 +399,7 @@ int s2n_cert_chain_and_key_load_public_pem_bytes(struct s2n_cert_chain_and_key * } int s2n_cert_chain_and_key_load_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, - uint32_t chain_pem_len, uint8_t *private_key_pem, uint32_t private_key_pem_len) + uint32_t chain_pem_len, uint8_t *private_key_pem, uint32_t private_key_pem_len) { POSIX_ENSURE_REF(chain_and_key); @@ -434,16 +434,16 @@ int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key) /* update head so it won't point to freed memory */ cert_and_key->cert_chain->head = node->next; /* Free the node */ - POSIX_GUARD(s2n_free_object((uint8_t **)&node, sizeof(struct s2n_cert))); + POSIX_GUARD(s2n_free_object((uint8_t **) &node, sizeof(struct s2n_cert))); node = cert_and_key->cert_chain->head; } - POSIX_GUARD(s2n_free_object((uint8_t **)&cert_and_key->cert_chain, sizeof(struct s2n_cert_chain))); + POSIX_GUARD(s2n_free_object((uint8_t **) &cert_and_key->cert_chain, sizeof(struct s2n_cert_chain))); } if (cert_and_key->private_key) { POSIX_GUARD(s2n_pkey_free(cert_and_key->private_key)); - POSIX_GUARD(s2n_free_object((uint8_t **)&cert_and_key->private_key, sizeof(s2n_cert_private_key))); + POSIX_GUARD(s2n_free_object((uint8_t **) &cert_and_key->private_key, sizeof(s2n_cert_private_key))); } uint32_t len = 0; @@ -452,7 +452,7 @@ int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key) POSIX_GUARD_RESULT(s2n_array_num_elements(cert_and_key->san_names, &len)); for (uint32_t i = 0; i < len; i++) { struct s2n_blob *san_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(cert_and_key->san_names, i, (void **)&san_name)); + POSIX_GUARD_RESULT(s2n_array_get(cert_and_key->san_names, i, (void **) &san_name)); POSIX_GUARD(s2n_free(san_name)); } POSIX_GUARD_RESULT(s2n_array_free(cert_and_key->san_names)); @@ -463,7 +463,7 @@ int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key) POSIX_GUARD_RESULT(s2n_array_num_elements(cert_and_key->cn_names, &len)); for (uint32_t i = 0; i < len; i++) { struct s2n_blob *cn_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(cert_and_key->cn_names, i, (void **)&cn_name)); + POSIX_GUARD_RESULT(s2n_array_get(cert_and_key->cn_names, i, (void **) &cn_name)); POSIX_GUARD(s2n_free(cn_name)); } POSIX_GUARD_RESULT(s2n_array_free(cert_and_key->cn_names)); @@ -473,7 +473,7 @@ int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key) POSIX_GUARD(s2n_free(&cert_and_key->ocsp_status)); POSIX_GUARD(s2n_free(&cert_and_key->sct_list)); - POSIX_GUARD(s2n_free_object((uint8_t **)&cert_and_key, sizeof(struct s2n_cert_chain_and_key))); + POSIX_GUARD(s2n_free_object((uint8_t **) &cert_and_key, sizeof(struct s2n_cert_chain_and_key))); return 0; } @@ -488,7 +488,7 @@ int s2n_cert_chain_free(struct s2n_cert_chain *cert_chain) /* update head so it won't point to freed memory */ cert_chain->head = node->next; /* Free the node */ - POSIX_GUARD(s2n_free_object((uint8_t **)&node, sizeof(struct s2n_cert))); + POSIX_GUARD(s2n_free_object((uint8_t **) &node, sizeof(struct s2n_cert))); node = cert_chain->head; } } @@ -506,7 +506,7 @@ int s2n_send_cert_chain(struct s2n_connection *conn, struct s2n_stuffer *out, st struct s2n_cert *cur_cert = chain->head; POSIX_ENSURE_REF(cur_cert); - struct s2n_stuffer_reservation cert_chain_size = {0}; + struct s2n_stuffer_reservation cert_chain_size = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint24(out, &cert_chain_size)); /* Send certs and extensions (in TLS 1.3) */ @@ -554,7 +554,7 @@ static int s2n_does_cert_san_match_hostname(const struct s2n_cert_chain_and_key POSIX_GUARD_RESULT(s2n_array_num_elements(san_names, &len)); for (uint32_t i = 0; i < len; i++) { struct s2n_blob *san_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(san_names, i, (void **)&san_name)); + POSIX_GUARD_RESULT(s2n_array_get(san_names, i, (void **) &san_name)); POSIX_ENSURE_REF(san_name); if ((dns_name->size == san_name->size) && (strncasecmp((const char *) dns_name->data, (const char *) san_name->data, dns_name->size) == 0)) { return 1; @@ -574,7 +574,7 @@ static int s2n_does_cert_cn_match_hostname(const struct s2n_cert_chain_and_key * POSIX_GUARD_RESULT(s2n_array_num_elements(cn_names, &len)); for (uint32_t i = 0; i < len; i++) { struct s2n_blob *cn_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(cn_names, i, (void **)&cn_name)); + POSIX_GUARD_RESULT(s2n_array_get(cn_names, i, (void **) &cn_name)); POSIX_ENSURE_REF(cn_name); if ((dns_name->size == cn_name->size) && (strncasecmp((const char *) dns_name->data, (const char *) cn_name->data, dns_name->size) == 0)) { return 1; @@ -619,8 +619,8 @@ void *s2n_cert_chain_and_key_get_ctx(struct s2n_cert_chain_and_key *cert_and_key s2n_pkey_type s2n_cert_chain_and_key_get_pkey_type(struct s2n_cert_chain_and_key *chain_and_key) { if (chain_and_key == NULL - || chain_and_key->cert_chain == NULL - || chain_and_key->cert_chain->head == NULL) { + || chain_and_key->cert_chain == NULL + || chain_and_key->cert_chain->head == NULL) { return S2N_PKEY_TYPE_UNKNOWN; } return chain_and_key->cert_chain->head->pkey_type; @@ -650,7 +650,7 @@ int s2n_cert_chain_get_length(const struct s2n_cert_chain_and_key *chain_and_key } int s2n_cert_chain_get_cert(const struct s2n_cert_chain_and_key *chain_and_key, struct s2n_cert **out_cert, - const uint32_t cert_idx) + const uint32_t cert_idx) { POSIX_ENSURE_REF(chain_and_key); POSIX_ENSURE_REF(out_cert); @@ -662,7 +662,7 @@ int s2n_cert_chain_get_cert(const struct s2n_cert_chain_and_key *chain_and_key, struct s2n_cert *next_cert = cur_cert->next; while ((next_cert != NULL) && (counter < cert_idx)) { - cur_cert = next_cert; + cur_cert = next_cert; next_cert = next_cert->next; counter++; } @@ -686,15 +686,15 @@ int s2n_cert_get_der(const struct s2n_cert *cert, const uint8_t **out_cert_der, return S2N_SUCCESS; } -static int s2n_asn1_obj_free(ASN1_OBJECT ** data) +static int s2n_asn1_obj_free(ASN1_OBJECT **data) { if (*data != NULL) { - ASN1_OBJECT_free(*data); + ASN1_OBJECT_free(*data); } return S2N_SUCCESS; } -static int s2n_asn1_string_free(ASN1_STRING** data) +static int s2n_asn1_string_free(ASN1_STRING **data) { if (*data != NULL) { ASN1_STRING_free(*data); @@ -711,7 +711,7 @@ static int s2n_utf8_string_from_extension_data(const uint8_t *extension_data, ui * https://www.openssl.org/docs/man1.1.0/man3/d2i_ASN1_UTF8STRING.html. */ const uint8_t *asn1_str_data = extension_data; - asn1_str = d2i_ASN1_UTF8STRING(NULL, (const unsigned char **)(void *)&asn1_str_data, extension_len); + asn1_str = d2i_ASN1_UTF8STRING(NULL, (const unsigned char **) (void *) &asn1_str_data, extension_len); POSIX_ENSURE(asn1_str != NULL, S2N_ERR_INVALID_X509_EXTENSION_TYPE); /* ASN1_STRING_type() returns the type of `asn1_str`, using standard constants such as V_ASN1_OCTET_STRING. * Ref: https://www.openssl.org/docs/man1.1.0/man3/ASN1_STRING_type.html. @@ -725,13 +725,13 @@ static int s2n_utf8_string_from_extension_data(const uint8_t *extension_data, ui /* ASN1_STRING_data() returns an internal pointer to the data. * Since this is an internal pointer it should not be freed or modified in any way. * Ref: https://www.openssl.org/docs/man1.0.2/man3/ASN1_STRING_data.html. - */ + */ unsigned char *internal_data = ASN1_STRING_data(asn1_str); POSIX_ENSURE_REF(internal_data); POSIX_CHECKED_MEMCPY(out_data, internal_data, len); } *out_len = len; - return S2N_SUCCESS; + return S2N_SUCCESS; } int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *extension_data, uint32_t extension_len, uint32_t *utf8_str_len) @@ -758,7 +758,7 @@ int s2n_cert_get_utf8_string_from_extension_data(const uint8_t *extension_data, } static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, - uint8_t *ext_value, uint32_t *ext_value_len, bool *critical) + uint8_t *ext_value, uint32_t *ext_value_len, bool *critical) { POSIX_ENSURE_REF(cert->raw.data); /* Obtain the openssl x509 cert from the ASN1 DER certificate input. @@ -768,8 +768,8 @@ static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, * https://www.openssl.org/docs/man1.1.0/man3/d2i_X509.html. */ uint8_t *der_in = cert->raw.data; - DEFER_CLEANUP(X509 *x509_cert = d2i_X509(NULL, (const unsigned char **)(void *)&der_in, cert->raw.size), - X509_free_pointer); + DEFER_CLEANUP(X509 *x509_cert = d2i_X509(NULL, (const unsigned char **) (void *) &der_in, cert->raw.size), + X509_free_pointer); POSIX_ENSURE_REF(x509_cert); /* Retrieve the number of x509 extensions present in the certificate @@ -784,12 +784,12 @@ static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, * If no_name is 1 only the numerical form is acceptable. * Ref: https://www.openssl.org/docs/man1.1.0/man3/OBJ_txt2obj.html. */ - DEFER_CLEANUP(ASN1_OBJECT *asn1_obj_in = OBJ_txt2obj((const char *)oid, 0), s2n_asn1_obj_free); + DEFER_CLEANUP(ASN1_OBJECT *asn1_obj_in = OBJ_txt2obj((const char *) oid, 0), s2n_asn1_obj_free); POSIX_ENSURE_REF(asn1_obj_in); for (size_t loc = 0; loc < ext_count; loc++) { ASN1_OCTET_STRING *asn1_str = NULL; - bool match_found = false; + bool match_found = false; /* Retrieve the x509 extension at location loc. * X509_get_ext() retrieves extension loc from x. @@ -822,24 +822,24 @@ static int s2n_parse_x509_extension(struct s2n_cert *cert, const uint8_t *oid, asn1_str = X509_EXTENSION_get_data(x509_ext); /* ASN1_STRING_length() returns the length of the content of `asn1_str`. * Ref: https://www.openssl.org/docs/man1.1.0/man3/ASN1_STRING_length.html. - */ + */ int len = ASN1_STRING_length(asn1_str); if (ext_value != NULL) { POSIX_ENSURE(*ext_value_len >= len, S2N_ERR_INSUFFICIENT_MEM_SIZE); /* ASN1_STRING_data() returns an internal pointer to the data. - * Since this is an internal pointer it should not be freed or modified in any way. - * Ref: https://www.openssl.org/docs/man1.0.2/man3/ASN1_STRING_data.html. - */ + * Since this is an internal pointer it should not be freed or modified in any way. + * Ref: https://www.openssl.org/docs/man1.0.2/man3/ASN1_STRING_data.html. + */ unsigned char *internal_data = ASN1_STRING_data(asn1_str); POSIX_ENSURE_REF(internal_data); POSIX_CHECKED_MEMCPY(ext_value, internal_data, len); } if (critical != NULL) { - /* Retrieve the x509 extension's critical value. - * X509_EXTENSION_get_critical() returns the criticality of extension `x509_ext`, - * it returns 1 for critical and 0 for non-critical. - * Ref: https://www.openssl.org/docs/man1.1.0/man3/X509_EXTENSION_get_critical.html. - */ + /* Retrieve the x509 extension's critical value. + * X509_EXTENSION_get_critical() returns the criticality of extension `x509_ext`, + * it returns 1 for critical and 0 for non-critical. + * Ref: https://www.openssl.org/docs/man1.1.0/man3/X509_EXTENSION_get_critical.html. + */ *critical = X509_EXTENSION_get_critical(x509_ext); } *ext_value_len = len; @@ -862,7 +862,7 @@ int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const uint8_ } int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_t *oid, - uint8_t *ext_value, uint32_t *ext_value_len, bool *critical) + uint8_t *ext_value, uint32_t *ext_value_len, bool *critical) { POSIX_ENSURE_REF(cert); POSIX_ENSURE_REF(oid); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_certificate.h b/contrib/restricted/aws/s2n/crypto/s2n_certificate.h index c0cfad98da..db4be5c2ae 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_certificate.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_certificate.h @@ -15,9 +15,8 @@ #pragma once -#include <stdint.h> - #include <openssl/x509.h> +#include <stdint.h> #include "api/s2n.h" #include "crypto/s2n_pkey.h" diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cipher.c b/contrib/restricted/aws/s2n/crypto/s2n_cipher.c index c01e44d8da..aaada9dfad 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cipher.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_cipher.c @@ -15,11 +15,10 @@ #include <openssl/evp.h> #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -#error #include <openssl/mem.h> + #error #include <openssl/mem.h> #endif #include "crypto/s2n_cipher.h" - #include "utils/s2n_safety.h" int s2n_session_key_alloc(struct s2n_session_key *key) diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h index 460187ee10..ac0baa6fba 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h @@ -15,19 +15,18 @@ #pragma once -#include <openssl/evp.h> #include <openssl/aes.h> -#include <openssl/rc4.h> #include <openssl/des.h> -#include <openssl/rsa.h> #include <openssl/dh.h> +#include <openssl/evp.h> +#include <openssl/rc4.h> +#include <openssl/rsa.h> #include "crypto/s2n_crypto.h" - #include "utils/s2n_blob.h" #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -#define S2N_CIPHER_AEAD_API_AVAILABLE + #define S2N_CIPHER_AEAD_API_AVAILABLE #endif struct s2n_session_key { @@ -38,38 +37,43 @@ struct s2n_session_key { }; struct s2n_stream_cipher { - int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * in, struct s2n_blob * out); - int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * in, struct s2n_blob * out); + int (*decrypt)(struct s2n_session_key *key, struct s2n_blob *in, struct s2n_blob *out); + int (*encrypt)(struct s2n_session_key *key, struct s2n_blob *in, struct s2n_blob *out); }; struct s2n_cbc_cipher { uint8_t block_size; uint8_t record_iv_size; - int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * in, struct s2n_blob * out); - int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * in, struct s2n_blob * out); + int (*decrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); + int (*encrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); }; struct s2n_aead_cipher { uint8_t fixed_iv_size; uint8_t record_iv_size; uint8_t tag_size; - int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * add, struct s2n_blob * in, struct s2n_blob * out); - int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * add, struct s2n_blob * in, struct s2n_blob * out); + int (*decrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *add, struct s2n_blob *in, struct s2n_blob *out); + int (*encrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *add, struct s2n_blob *in, struct s2n_blob *out); }; struct s2n_composite_cipher { uint8_t block_size; uint8_t record_iv_size; uint8_t mac_key_size; - int (*decrypt) (struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); - int (*encrypt) (struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); - int (*set_mac_write_key) (struct s2n_session_key *key, uint8_t *mac_key, uint32_t mac_size); - int (*initial_hmac) (struct s2n_session_key *key, uint8_t *sequence_number, uint8_t content_type, uint16_t protocol_version, - uint16_t payload_and_eiv_len, int *extra); + int (*decrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); + int (*encrypt)(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out); + int (*set_mac_write_key)(struct s2n_session_key *key, uint8_t *mac_key, uint32_t mac_size); + int (*initial_hmac)(struct s2n_session_key *key, uint8_t *sequence_number, uint8_t content_type, uint16_t protocol_version, + uint16_t payload_and_eiv_len, int *extra); }; struct s2n_cipher { - enum { S2N_STREAM, S2N_CBC, S2N_AEAD, S2N_COMPOSITE } type; + enum { + S2N_STREAM, + S2N_CBC, + S2N_AEAD, + S2N_COMPOSITE + } type; union { struct s2n_stream_cipher stream; struct s2n_aead_cipher aead; @@ -77,11 +81,11 @@ struct s2n_cipher { struct s2n_composite_cipher comp; } io; uint8_t key_material_size; - uint8_t (*is_available) (void); - int (*init) (struct s2n_session_key *key); - int (*set_decryption_key) (struct s2n_session_key *key, struct s2n_blob *in); - int (*set_encryption_key) (struct s2n_session_key *key, struct s2n_blob *in); - int (*destroy_key) (struct s2n_session_key *key); + uint8_t (*is_available)(void); + int (*init)(struct s2n_session_key *key); + int (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in); + int (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in); + int (*destroy_key)(struct s2n_session_key *key); }; extern int s2n_session_key_alloc(struct s2n_session_key *key); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c index 10bedf3941..57a308d227 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c @@ -20,72 +20,70 @@ #include "crypto/s2n_cipher.h" #include "crypto/s2n_fips.h" #include "crypto/s2n_openssl.h" - #include "tls/s2n_crypto.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" /* LibreSSL and BoringSSL support the cipher, but the interface is different from Openssl's. We * should define a separate s2n_cipher struct for LibreSSL and BoringSSL. */ #if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) -/* Symbols for AES-SHA1-CBC composite ciphers were added in Openssl 1.0.1 - * These composite ciphers exhibit erratic behavior in LibreSSL releases. - */ -#if S2N_OPENSSL_VERSION_AT_LEAST(1,0,1) -#define S2N_AES_SHA1_COMPOSITE_AVAILABLE -#endif -#if defined(AWSLC_API_VERSION) && (AWSLC_API_VERSION <= 17) -#undef S2N_AES_SHA1_COMPOSITE_AVAILABLE -#endif -/* Symbols for AES-SHA256-CBC composite ciphers were added in Openssl 1.0.2 - * See https://www.openssl.org/news/cl102.txt - * These composite ciphers exhibit erratic behavior in LibreSSL releases. - */ -#if S2N_OPENSSL_VERSION_AT_LEAST(1,0,2) -#define S2N_AES_SHA256_COMPOSITE_AVAILABLE -#endif -#if defined(AWSLC_API_VERSION) && (AWSLC_API_VERSION <= 17) -#undef S2N_AES_SHA256_COMPOSITE_AVAILABLE -#endif + /* Symbols for AES-SHA1-CBC composite ciphers were added in Openssl 1.0.1 + * These composite ciphers exhibit erratic behavior in LibreSSL releases. + */ + #if S2N_OPENSSL_VERSION_AT_LEAST(1, 0, 1) + #define S2N_AES_SHA1_COMPOSITE_AVAILABLE + #endif + #if defined(AWSLC_API_VERSION) && (AWSLC_API_VERSION <= 17) + #undef S2N_AES_SHA1_COMPOSITE_AVAILABLE + #endif + /* Symbols for AES-SHA256-CBC composite ciphers were added in Openssl 1.0.2 + * See https://www.openssl.org/news/cl102.txt + * These composite ciphers exhibit erratic behavior in LibreSSL releases. + */ + #if S2N_OPENSSL_VERSION_AT_LEAST(1, 0, 2) + #define S2N_AES_SHA256_COMPOSITE_AVAILABLE + #endif + #if defined(AWSLC_API_VERSION) && (AWSLC_API_VERSION <= 17) + #undef S2N_AES_SHA256_COMPOSITE_AVAILABLE + #endif #endif /* Silly accessors, but we avoid using version macro guards in multiple places */ static const EVP_CIPHER *s2n_evp_aes_128_cbc_hmac_sha1(void) { - #if defined(S2N_AES_SHA1_COMPOSITE_AVAILABLE) - return EVP_aes_128_cbc_hmac_sha1(); - #else - return NULL; - #endif +#if defined(S2N_AES_SHA1_COMPOSITE_AVAILABLE) + return EVP_aes_128_cbc_hmac_sha1(); +#else + return NULL; +#endif } static const EVP_CIPHER *s2n_evp_aes_256_cbc_hmac_sha1(void) { - #if defined(S2N_AES_SHA1_COMPOSITE_AVAILABLE) - return EVP_aes_256_cbc_hmac_sha1(); - #else - return NULL; - #endif +#if defined(S2N_AES_SHA1_COMPOSITE_AVAILABLE) + return EVP_aes_256_cbc_hmac_sha1(); +#else + return NULL; +#endif } static const EVP_CIPHER *s2n_evp_aes_128_cbc_hmac_sha256(void) { - #if defined(S2N_AES_SHA256_COMPOSITE_AVAILABLE) - return EVP_aes_128_cbc_hmac_sha256(); - #else - return NULL; - #endif +#if defined(S2N_AES_SHA256_COMPOSITE_AVAILABLE) + return EVP_aes_128_cbc_hmac_sha256(); +#else + return NULL; +#endif } static const EVP_CIPHER *s2n_evp_aes_256_cbc_hmac_sha256(void) { - #if defined(S2N_AES_SHA256_COMPOSITE_AVAILABLE) - return EVP_aes_256_cbc_hmac_sha256(); - #else - return NULL; - #endif +#if defined(S2N_AES_SHA256_COMPOSITE_AVAILABLE) + return EVP_aes_256_cbc_hmac_sha256(); +#else + return NULL; +#endif } static uint8_t s2n_composite_cipher_aes128_sha_available(void) @@ -128,18 +126,18 @@ static uint8_t s2n_composite_cipher_aes256_sha256_available(void) } static int s2n_composite_cipher_aes_sha_initial_hmac(struct s2n_session_key *key, uint8_t *sequence_number, uint8_t content_type, - uint16_t protocol_version, uint16_t payload_and_eiv_len, int *extra) + uint16_t protocol_version, uint16_t payload_and_eiv_len, int *extra) { /* BoringSSL and AWS-LC(AWSLC_API_VERSION <= 17) do not support these composite ciphers with the existing EVP API, and they took out the * constants used below. This method should never be called with BoringSSL or AWS-LC(AWSLC_API_VERSION <= 17) because the isAvaliable checked * will fail. Instead of defining a possibly dangerous default or hard coding this to 0x16 error out with BoringSSL and AWS-LC(AWSLC_API_VERSION <= 17). */ #if defined(OPENSSL_IS_BORINGSSL) || (defined(AWSLC_API_VERSION) && (AWSLC_API_VERSION <= 17)) - POSIX_BAIL(S2N_ERR_NO_SUPPORTED_LIBCRYPTO_API); + POSIX_BAIL(S2N_ERR_NO_SUPPORTED_LIBCRYPTO_API); #else uint8_t ctrl_buf[S2N_TLS12_AAD_LEN]; struct s2n_blob ctrl_blob = { .data = ctrl_buf, .size = S2N_TLS12_AAD_LEN }; - struct s2n_stuffer ctrl_stuffer = {0}; + struct s2n_stuffer ctrl_stuffer = { 0 }; POSIX_GUARD(s2n_stuffer_init(&ctrl_stuffer, &ctrl_blob)); POSIX_GUARD(s2n_stuffer_write_bytes(&ctrl_stuffer, sequence_number, S2N_TLS_SEQUENCE_NUM_LEN)); @@ -208,7 +206,6 @@ static int s2n_composite_cipher_aes_sha256_set_mac_write_key(struct s2n_session_ return 0; } - static int s2n_composite_cipher_aes128_sha_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { POSIX_ENSURE_EQ(in->size, 16); @@ -307,13 +304,13 @@ const struct s2n_cipher s2n_aes128_sha = { .key_material_size = 16, .type = S2N_COMPOSITE, .io.comp = { - .block_size = 16, - .record_iv_size = 16, - .mac_key_size = SHA_DIGEST_LENGTH, - .decrypt = s2n_composite_cipher_aes_sha_decrypt, - .encrypt = s2n_composite_cipher_aes_sha_encrypt, - .set_mac_write_key = s2n_composite_cipher_aes_sha_set_mac_write_key, - .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, + .block_size = 16, + .record_iv_size = 16, + .mac_key_size = SHA_DIGEST_LENGTH, + .decrypt = s2n_composite_cipher_aes_sha_decrypt, + .encrypt = s2n_composite_cipher_aes_sha_encrypt, + .set_mac_write_key = s2n_composite_cipher_aes_sha_set_mac_write_key, + .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, .is_available = s2n_composite_cipher_aes128_sha_available, .init = s2n_composite_cipher_aes_sha_init, .set_encryption_key = s2n_composite_cipher_aes128_sha_set_encryption_key, @@ -325,13 +322,13 @@ const struct s2n_cipher s2n_aes256_sha = { .key_material_size = 32, .type = S2N_COMPOSITE, .io.comp = { - .block_size = 16, - .record_iv_size = 16, - .mac_key_size = SHA_DIGEST_LENGTH, - .decrypt = s2n_composite_cipher_aes_sha_decrypt, - .encrypt = s2n_composite_cipher_aes_sha_encrypt, - .set_mac_write_key = s2n_composite_cipher_aes_sha_set_mac_write_key, - .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, + .block_size = 16, + .record_iv_size = 16, + .mac_key_size = SHA_DIGEST_LENGTH, + .decrypt = s2n_composite_cipher_aes_sha_decrypt, + .encrypt = s2n_composite_cipher_aes_sha_encrypt, + .set_mac_write_key = s2n_composite_cipher_aes_sha_set_mac_write_key, + .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, .is_available = s2n_composite_cipher_aes256_sha_available, .init = s2n_composite_cipher_aes_sha_init, .set_encryption_key = s2n_composite_cipher_aes256_sha_set_encryption_key, @@ -343,13 +340,13 @@ const struct s2n_cipher s2n_aes128_sha256 = { .key_material_size = 16, .type = S2N_COMPOSITE, .io.comp = { - .block_size = 16, - .record_iv_size = 16, - .mac_key_size = SHA256_DIGEST_LENGTH, - .decrypt = s2n_composite_cipher_aes_sha_decrypt, - .encrypt = s2n_composite_cipher_aes_sha_encrypt, - .set_mac_write_key = s2n_composite_cipher_aes_sha256_set_mac_write_key, - .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, + .block_size = 16, + .record_iv_size = 16, + .mac_key_size = SHA256_DIGEST_LENGTH, + .decrypt = s2n_composite_cipher_aes_sha_decrypt, + .encrypt = s2n_composite_cipher_aes_sha_encrypt, + .set_mac_write_key = s2n_composite_cipher_aes_sha256_set_mac_write_key, + .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, .is_available = s2n_composite_cipher_aes128_sha256_available, .init = s2n_composite_cipher_aes_sha_init, .set_encryption_key = s2n_composite_cipher_aes128_sha256_set_encryption_key, @@ -361,13 +358,13 @@ const struct s2n_cipher s2n_aes256_sha256 = { .key_material_size = 32, .type = S2N_COMPOSITE, .io.comp = { - .block_size = 16, - .record_iv_size = 16, - .mac_key_size = SHA256_DIGEST_LENGTH, - .decrypt = s2n_composite_cipher_aes_sha_decrypt, - .encrypt = s2n_composite_cipher_aes_sha_encrypt, - .set_mac_write_key = s2n_composite_cipher_aes_sha256_set_mac_write_key, - .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, + .block_size = 16, + .record_iv_size = 16, + .mac_key_size = SHA256_DIGEST_LENGTH, + .decrypt = s2n_composite_cipher_aes_sha_decrypt, + .encrypt = s2n_composite_cipher_aes_sha_encrypt, + .set_mac_write_key = s2n_composite_cipher_aes_sha256_set_mac_write_key, + .initial_hmac = s2n_composite_cipher_aes_sha_initial_hmac }, .is_available = s2n_composite_cipher_aes256_sha256_available, .init = s2n_composite_cipher_aes_sha_init, .set_encryption_key = s2n_composite_cipher_aes256_sha256_set_encryption_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_crypto.c b/contrib/restricted/aws/s2n/crypto/s2n_crypto.c index d9062f0578..37c3c0f14b 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_crypto.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_crypto.c @@ -13,17 +13,18 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_crypto.h" + #include <stdint.h> #include "api/s2n.h" -#include "crypto/s2n_crypto.h" /* OPENSSL_free is defined within <openssl/crypto.h> for OpenSSL Libcrypto * and within <openssl/mem.h> for AWS_LC and BoringSSL */ #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -#error #include <openssl/mem.h> -#else -#include <openssl/crypto.h> + #error #include <openssl/mem.h> +#else + #include <openssl/crypto.h> #endif int s2n_crypto_free(uint8_t** data) diff --git a/contrib/restricted/aws/s2n/crypto/s2n_crypto.h b/contrib/restricted/aws/s2n/crypto/s2n_crypto.h index 8c5fc04266..3e39f15040 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_crypto.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_crypto.h @@ -15,12 +15,11 @@ #pragma once -#include <stdint.h> - #include <openssl/aes.h> -#include <openssl/rc4.h> #include <openssl/des.h> -#include <openssl/rsa.h> #include <openssl/dh.h> +#include <openssl/rc4.h> +#include <openssl/rsa.h> +#include <stdint.h> int s2n_crypto_free(uint8_t** data); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_dhe.c b/contrib/restricted/aws/s2n/crypto/s2n_dhe.c index 513b6d09ed..aa5b629c09 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_dhe.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_dhe.c @@ -40,7 +40,7 @@ static const BIGNUM *s2n_get_Ys_dh_param(struct s2n_dh_params *dh_params) #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) DH_get0_key(dh_params->dh, &Ys, NULL); #else - Ys = dh_params->dh->pub_key; + Ys = dh_params->dh->pub_key; #endif return Ys; @@ -52,7 +52,7 @@ static const BIGNUM *s2n_get_p_dh_param(struct s2n_dh_params *dh_params) #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) DH_get0_pqg(dh_params->dh, &p, NULL, NULL); #else - p = dh_params->dh->p; + p = dh_params->dh->p; #endif return p; @@ -64,7 +64,7 @@ static const BIGNUM *s2n_get_g_dh_param(struct s2n_dh_params *dh_params) #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) DH_get0_pqg(dh_params->dh, NULL, NULL, &g); #else - g = dh_params->dh->g; + g = dh_params->dh->g; #endif return g; @@ -100,14 +100,14 @@ static int s2n_check_pub_key_dh_params(struct s2n_dh_params *dh_params) } static int s2n_set_p_g_Ys_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *p, struct s2n_blob *g, - struct s2n_blob *Ys) + struct s2n_blob *Ys) { POSIX_ENSURE(p->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW); POSIX_ENSURE(g->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW); POSIX_ENSURE(Ys->size <= INT_MAX, S2N_ERR_INTEGER_OVERFLOW); - BIGNUM *bn_p = BN_bin2bn(( const unsigned char * )p->data, p->size, NULL); - BIGNUM *bn_g = BN_bin2bn(( const unsigned char * )g->data, g->size, NULL); - BIGNUM *bn_Ys = BN_bin2bn(( const unsigned char * )Ys->data, Ys->size, NULL); + BIGNUM *bn_p = BN_bin2bn((const unsigned char *) p->data, p->size, NULL); + BIGNUM *bn_g = BN_bin2bn((const unsigned char *) g->data, g->size, NULL); + BIGNUM *bn_Ys = BN_bin2bn((const unsigned char *) Ys->data, Ys->size, NULL); #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) /* Per https://www.openssl.org/docs/man1.1.0/crypto/DH_get0_pqg.html: @@ -118,8 +118,8 @@ static int s2n_set_p_g_Ys_dh_params(struct s2n_dh_params *dh_params, struct s2n_ /* Same as DH_set0_pqg */ POSIX_GUARD_OSSL(DH_set0_key(dh_params->dh, bn_Ys, NULL), S2N_ERR_DH_PARAMS_CREATE); #else - dh_params->dh->p = bn_p; - dh_params->dh->g = bn_g; + dh_params->dh->p = bn_p; + dh_params->dh->g = bn_g; dh_params->dh->pub_key = bn_Ys; #endif @@ -140,7 +140,7 @@ int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkc POSIX_PRECONDITION(s2n_blob_validate(pkcs3)); uint8_t *original_ptr = pkcs3->data; - dh_params->dh = d2i_DHparams(NULL, ( const unsigned char ** )( void * )&pkcs3->data, pkcs3->size); + dh_params->dh = d2i_DHparams(NULL, (const unsigned char **) (void *) &pkcs3->data, pkcs3->size); POSIX_GUARD(s2n_check_p_g_dh_params(dh_params)); if (pkcs3->data && (pkcs3->data - original_ptr != pkcs3->size)) { DH_free(dh_params->dh); @@ -161,7 +161,7 @@ int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkc } int s2n_dh_p_g_Ys_to_dh_params(struct s2n_dh_params *server_dh_params, struct s2n_blob *p, struct s2n_blob *g, - struct s2n_blob *Ys) + struct s2n_blob *Ys) { POSIX_ENSURE_REF(server_dh_params); POSIX_PRECONDITION(s2n_blob_validate(p)); @@ -183,12 +183,12 @@ int s2n_dh_params_to_p_g_Ys(struct s2n_dh_params *server_dh_params, struct s2n_s POSIX_PRECONDITION(s2n_stuffer_validate(out)); POSIX_PRECONDITION(s2n_blob_validate(output)); - const BIGNUM *bn_p = s2n_get_p_dh_param(server_dh_params); - const BIGNUM *bn_g = s2n_get_g_dh_param(server_dh_params); + const BIGNUM *bn_p = s2n_get_p_dh_param(server_dh_params); + const BIGNUM *bn_g = s2n_get_g_dh_param(server_dh_params); const BIGNUM *bn_Ys = s2n_get_Ys_dh_param(server_dh_params); - uint16_t p_size = BN_num_bytes(bn_p); - uint16_t g_size = BN_num_bytes(bn_g); + uint16_t p_size = BN_num_bytes(bn_p); + uint16_t g_size = BN_num_bytes(bn_g); uint16_t Ys_size = BN_num_bytes(bn_Ys); uint8_t *p = NULL; uint8_t *g = NULL; @@ -218,12 +218,12 @@ int s2n_dh_params_to_p_g_Ys(struct s2n_dh_params *server_dh_params, struct s2n_s } int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_out, - struct s2n_blob *shared_key) + struct s2n_blob *shared_key) { struct s2n_dh_params client_params = { 0 }; - uint8_t * client_pub_key = NULL; - uint16_t client_pub_key_size = 0; - int shared_key_size = 0; + uint8_t *client_pub_key = NULL; + uint16_t client_pub_key_size = 0; + int shared_key_size = 0; POSIX_GUARD(s2n_dh_params_check(server_dh_params)); POSIX_GUARD(s2n_dh_params_copy(server_dh_params, &client_params)); @@ -232,7 +232,7 @@ int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_param const BIGNUM *client_pub_key_bn = s2n_get_Ys_dh_param(&client_params); POSIX_ENSURE_REF(client_pub_key_bn); - client_pub_key_size = BN_num_bytes(client_pub_key_bn); + client_pub_key_size = BN_num_bytes(client_pub_key_bn); POSIX_GUARD(s2n_stuffer_write_uint16(Yc_out, client_pub_key_size)); client_pub_key = s2n_stuffer_raw_write(Yc_out, client_pub_key_size); if (client_pub_key == NULL) { @@ -249,7 +249,7 @@ int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_param /* server_dh_params already validated */ const BIGNUM *server_pub_key_bn = s2n_get_Ys_dh_param(server_dh_params); - shared_key_size = DH_compute_key(shared_key->data, server_pub_key_bn, client_params.dh); + shared_key_size = DH_compute_key(shared_key->data, server_pub_key_bn, client_params.dh); if (shared_key_size < 0) { POSIX_GUARD(s2n_free(shared_key)); POSIX_GUARD(s2n_dh_params_free(&client_params)); @@ -264,12 +264,12 @@ int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_param } int s2n_dh_compute_shared_secret_as_server(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_in, - struct s2n_blob *shared_key) + struct s2n_blob *shared_key) { - uint16_t Yc_length = 0; + uint16_t Yc_length = 0; struct s2n_blob Yc = { 0 }; - int shared_key_size = 0; - BIGNUM * pub_key = NULL; + int shared_key_size = 0; + BIGNUM *pub_key = NULL; POSIX_GUARD(s2n_check_all_dh_params(server_dh_params)); @@ -278,7 +278,7 @@ int s2n_dh_compute_shared_secret_as_server(struct s2n_dh_params *server_dh_param Yc.data = s2n_stuffer_raw_read(Yc_in, Yc.size); POSIX_ENSURE_REF(Yc.data); - pub_key = BN_bin2bn(( const unsigned char * )Yc.data, Yc.size, NULL); + pub_key = BN_bin2bn((const unsigned char *) Yc.data, Yc.size, NULL); POSIX_ENSURE_REF(pub_key); int server_dh_params_size = DH_size(server_dh_params->dh); POSIX_ENSURE(server_dh_params_size <= INT32_MAX, S2N_ERR_INTEGER_OVERFLOW); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_dhe.h b/contrib/restricted/aws/s2n/crypto/s2n_dhe.h index f9e004e5e5..c5c940c090 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_dhe.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_dhe.h @@ -18,7 +18,6 @@ #include <openssl/dh.h> #include "stuffer/s2n_stuffer.h" - #include "utils/s2n_blob.h" struct s2n_dh_params { diff --git a/contrib/restricted/aws/s2n/crypto/s2n_drbg.c b/contrib/restricted/aws/s2n/crypto/s2n_drbg.c index 9f0acd5bf2..536a16da09 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_drbg.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_drbg.c @@ -13,19 +13,18 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "crypto/s2n_drbg.h" #include <openssl/evp.h> +#include <sys/param.h> -#include "crypto/s2n_drbg.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_random.h" #include "utils/s2n_blob.h" +#include "utils/s2n_random.h" +#include "utils/s2n_safety.h" static bool ignore_prediction_resistance_for_testing = false; -#define s2n_drbg_key_size(drgb) EVP_CIPHER_CTX_key_length((drbg)->ctx) +#define s2n_drbg_key_size(drgb) EVP_CIPHER_CTX_key_length((drbg)->ctx) #define s2n_drbg_seed_size(drgb) (S2N_DRBG_BLOCK_SIZE + s2n_drbg_key_size(drgb)) /* This function is the same as s2n_increment_sequence_number @@ -34,12 +33,12 @@ static bool ignore_prediction_resistance_for_testing = false; S2N_RESULT s2n_increment_drbg_counter(struct s2n_blob *counter) { for (uint32_t i = counter->size; i > 0; i--) { - counter->data[i-1] += 1; - if (counter->data[i-1]) { + counter->data[i - 1] += 1; + if (counter->data[i - 1]) { break; } - /* seq[i] wrapped, so let it carry */ + /* seq[i] wrapped, so let it carry */ } return S2N_RESULT_OK; } @@ -62,7 +61,7 @@ static S2N_RESULT s2n_drbg_bits(struct s2n_drbg *drbg, struct s2n_blob *out) RESULT_ENSURE_REF(drbg->ctx); RESULT_ENSURE_REF(out); - struct s2n_blob value = {0}; + struct s2n_blob value = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&value, drbg->v, sizeof(drbg->v))); int block_aligned_size = out->size - (out->size % S2N_DRBG_BLOCK_SIZE); @@ -168,7 +167,7 @@ S2N_RESULT s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personal RESULT_EVP_CTX_INIT(drbg->ctx); - switch(mode) { + switch (mode) { case S2N_AES_128_CTR_NO_DF_PR: RESULT_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, EVP_aes_128_ecb(), NULL, NULL, NULL), S2N_ERR_DRBG); break; @@ -182,7 +181,7 @@ S2N_RESULT s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personal RESULT_ENSURE_LTE(s2n_drbg_key_size(drbg), S2N_DRBG_MAX_KEY_SIZE); RESULT_ENSURE_LTE(s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE); - static const uint8_t zero_key[S2N_DRBG_MAX_KEY_SIZE] = {0}; + static const uint8_t zero_key[S2N_DRBG_MAX_KEY_SIZE] = { 0 }; /* Start off with zeroed data, per 10.2.1.3.1 item 4 and 5 */ memset(drbg->v, 0, sizeof(drbg->v)); @@ -235,7 +234,7 @@ S2N_RESULT s2n_drbg_wipe(struct s2n_drbg *drbg) drbg->ctx = NULL; } - *drbg = (struct s2n_drbg) {0}; + *drbg = (struct s2n_drbg){ 0 }; return S2N_RESULT_OK; } @@ -248,7 +247,8 @@ S2N_RESULT s2n_drbg_bytes_used(struct s2n_drbg *drbg, uint64_t *bytes_used) return S2N_RESULT_OK; } -S2N_RESULT s2n_ignore_prediction_resistance_for_testing(bool ignore_bool) { +S2N_RESULT s2n_ignore_prediction_resistance_for_testing(bool ignore_bool) +{ RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST); ignore_prediction_resistance_for_testing = ignore_bool; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_drbg.h b/contrib/restricted/aws/s2n/crypto/s2n_drbg.h index f3a5661554..dc4074006d 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_drbg.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_drbg.h @@ -21,8 +21,8 @@ #include "utils/s2n_blob.h" #include "utils/s2n_result.h" -#define S2N_DRBG_BLOCK_SIZE 16 -#define S2N_DRBG_MAX_KEY_SIZE 32 +#define S2N_DRBG_BLOCK_SIZE 16 +#define S2N_DRBG_MAX_KEY_SIZE 32 #define S2N_DRBG_MAX_SEED_SIZE (S2N_DRBG_BLOCK_SIZE + S2N_DRBG_MAX_KEY_SIZE) /* The maximum size of any one request: from NIST SP800-90A 10.2.1 Table 3 */ @@ -48,7 +48,10 @@ struct s2n_drbg { * S2N_AES_256_CTR_NO_DF_PR is a deterministic random bit generator using AES 256 in counter mode (AES_128_CTR). It does not * use a derivation function on the seed but does have prediction resistance. */ -typedef enum {S2N_AES_128_CTR_NO_DF_PR, S2N_AES_256_CTR_NO_DF_PR} s2n_drbg_mode; +typedef enum { + S2N_AES_128_CTR_NO_DF_PR, + S2N_AES_256_CTR_NO_DF_PR +} s2n_drbg_mode; /* Per NIST SP 800-90C 6.3 * diff --git a/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.c b/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.c index 4d1a72c408..ab369f79d6 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.c @@ -18,7 +18,7 @@ #include <openssl/ecdh.h> #include <openssl/evp.h> #if defined(OPENSSL_IS_AWSLC) -#error #include <openssl/mem.h> + #error #include <openssl/mem.h> #endif #include <stdint.h> @@ -52,31 +52,28 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p /* IANA values can be found here: https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4 */ -const struct s2n_ecc_named_curve s2n_ecc_curve_secp256r1 = -{ - .iana_id = TLS_EC_CURVE_SECP_256_R1, - .libcrypto_nid = NID_X9_62_prime256v1, - .name = "secp256r1", - .share_size = SECP256R1_SHARE_SIZE, - .generate_key = s2n_ecc_evp_generate_key_nist_curves, +const struct s2n_ecc_named_curve s2n_ecc_curve_secp256r1 = { + .iana_id = TLS_EC_CURVE_SECP_256_R1, + .libcrypto_nid = NID_X9_62_prime256v1, + .name = "secp256r1", + .share_size = SECP256R1_SHARE_SIZE, + .generate_key = s2n_ecc_evp_generate_key_nist_curves, }; -const struct s2n_ecc_named_curve s2n_ecc_curve_secp384r1 = -{ - .iana_id = TLS_EC_CURVE_SECP_384_R1, - .libcrypto_nid = NID_secp384r1, - .name = "secp384r1", - .share_size = SECP384R1_SHARE_SIZE, - .generate_key = s2n_ecc_evp_generate_key_nist_curves, +const struct s2n_ecc_named_curve s2n_ecc_curve_secp384r1 = { + .iana_id = TLS_EC_CURVE_SECP_384_R1, + .libcrypto_nid = NID_secp384r1, + .name = "secp384r1", + .share_size = SECP384R1_SHARE_SIZE, + .generate_key = s2n_ecc_evp_generate_key_nist_curves, }; -const struct s2n_ecc_named_curve s2n_ecc_curve_secp521r1 = -{ - .iana_id = TLS_EC_CURVE_SECP_521_R1, - .libcrypto_nid = NID_secp521r1, - .name = "secp521r1", - .share_size = SECP521R1_SHARE_SIZE, - .generate_key = s2n_ecc_evp_generate_key_nist_curves, +const struct s2n_ecc_named_curve s2n_ecc_curve_secp521r1 = { + .iana_id = TLS_EC_CURVE_SECP_521_R1, + .libcrypto_nid = NID_secp521r1, + .name = "secp521r1", + .share_size = SECP521R1_SHARE_SIZE, + .generate_key = s2n_ecc_evp_generate_key_nist_curves, }; #if EVP_APIS_SUPPORTED @@ -88,14 +85,15 @@ const struct s2n_ecc_named_curve s2n_ecc_curve_x25519 = { .generate_key = s2n_ecc_evp_generate_key_x25519, }; #else -const struct s2n_ecc_named_curve s2n_ecc_curve_x25519 = {0}; +const struct s2n_ecc_named_curve s2n_ecc_curve_x25519 = { 0 }; #endif /* A fake / unsupported curve for use in triggering retries * during testing. */ const struct s2n_ecc_named_curve s2n_unsupported_curve = { - .iana_id = 0, .name = "unsupported", + .iana_id = 0, + .name = "unsupported", .libcrypto_nid = NID_X9_62_prime256v1, .share_size = SECP256R1_SHARE_SIZE, .generate_key = s2n_ecc_evp_generate_key_nist_curves, @@ -115,17 +113,16 @@ const struct s2n_ecc_named_curve *const s2n_all_supported_curves_list[] = { const size_t s2n_all_supported_curves_list_len = s2n_array_len(s2n_all_supported_curves_list); - int s2n_is_evp_apis_supported() { return EVP_APIS_SUPPORTED; } #if EVP_APIS_SUPPORTED -static int s2n_ecc_evp_generate_key_x25519(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) { - +static int s2n_ecc_evp_generate_key_x25519(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) +{ DEFER_CLEANUP(EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(named_curve->libcrypto_nid, NULL), - EVP_PKEY_CTX_free_pointer); + EVP_PKEY_CTX_free_pointer); S2N_ERROR_IF(pctx == NULL, S2N_ERR_ECDHE_GEN_KEY); POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(pctx), S2N_ERR_ECDHE_GEN_KEY); @@ -136,8 +133,8 @@ static int s2n_ecc_evp_generate_key_x25519(const struct s2n_ecc_named_curve *nam } #endif -static int s2n_ecc_evp_generate_key_nist_curves(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) { - +static int s2n_ecc_evp_generate_key_nist_curves(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) +{ DEFER_CLEANUP(EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free_pointer); S2N_ERROR_IF(pctx == NULL, S2N_ERR_ECDHE_GEN_KEY); @@ -158,14 +155,16 @@ static int s2n_ecc_evp_generate_key_nist_curves(const struct s2n_ecc_named_curve return 0; } -static int s2n_ecc_evp_generate_own_key(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) { +static int s2n_ecc_evp_generate_own_key(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) +{ POSIX_ENSURE_REF(named_curve); S2N_ERROR_IF(named_curve->generate_key == NULL, S2N_ERR_ECDHE_GEN_KEY); return named_curve->generate_key(named_curve, evp_pkey); } -static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_public, uint16_t iana_id, struct s2n_blob *shared_secret) { +static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_public, uint16_t iana_id, struct s2n_blob *shared_secret) +{ POSIX_ENSURE_REF(peer_public); POSIX_ENSURE_REF(own_key); @@ -202,37 +201,40 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p return 0; } -int s2n_ecc_evp_generate_ephemeral_key(struct s2n_ecc_evp_params *ecc_evp_params) { +int s2n_ecc_evp_generate_ephemeral_key(struct s2n_ecc_evp_params *ecc_evp_params) +{ POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); S2N_ERROR_IF(ecc_evp_params->evp_pkey != NULL, S2N_ERR_ECDHE_GEN_KEY); S2N_ERROR_IF(s2n_ecc_evp_generate_own_key(ecc_evp_params->negotiated_curve, &ecc_evp_params->evp_pkey) != 0, - S2N_ERR_ECDHE_GEN_KEY); + S2N_ERR_ECDHE_GEN_KEY); S2N_ERROR_IF(ecc_evp_params->evp_pkey == NULL, S2N_ERR_ECDHE_GEN_KEY); return 0; } int s2n_ecc_evp_compute_shared_secret_from_params(struct s2n_ecc_evp_params *private_ecc_evp_params, - struct s2n_ecc_evp_params *public_ecc_evp_params, - struct s2n_blob *shared_key) { + struct s2n_ecc_evp_params *public_ecc_evp_params, + struct s2n_blob *shared_key) +{ POSIX_ENSURE_REF(private_ecc_evp_params->negotiated_curve); POSIX_ENSURE_REF(private_ecc_evp_params->evp_pkey); POSIX_ENSURE_REF(public_ecc_evp_params->negotiated_curve); POSIX_ENSURE_REF(public_ecc_evp_params->evp_pkey); S2N_ERROR_IF(private_ecc_evp_params->negotiated_curve->iana_id != public_ecc_evp_params->negotiated_curve->iana_id, - S2N_ERR_ECDHE_UNSUPPORTED_CURVE); + S2N_ERR_ECDHE_UNSUPPORTED_CURVE); POSIX_GUARD(s2n_ecc_evp_compute_shared_secret(private_ecc_evp_params->evp_pkey, public_ecc_evp_params->evp_pkey, - private_ecc_evp_params->negotiated_curve->iana_id, shared_key)); + private_ecc_evp_params->negotiated_curve->iana_id, shared_key)); return 0; } int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_evp_params, - struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key) { + struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key) +{ POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); POSIX_ENSURE_REF(ecc_evp_params->evp_pkey); POSIX_ENSURE_REF(Yc_in); uint8_t client_public_len; - struct s2n_blob client_public_blob = {0}; + struct s2n_blob client_public_blob = { 0 }; DEFER_CLEANUP(EVP_PKEY *peer_key = EVP_PKEY_new(), EVP_PKEY_free_pointer); S2N_ERROR_IF(peer_key == NULL, S2N_ERR_BAD_MESSAGE); @@ -252,10 +254,10 @@ int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_e POSIX_GUARD_OSSL(EVP_PKEY_paramgen(pctx, &peer_key), S2N_ERR_ECDHE_SERIALIZING); } POSIX_GUARD_OSSL(EVP_PKEY_set1_tls_encodedpoint(peer_key, client_public_blob.data, client_public_blob.size), - S2N_ERR_ECDHE_SERIALIZING); + S2N_ERR_ECDHE_SERIALIZING); #else DEFER_CLEANUP(EC_KEY *ec_key = EC_KEY_new_by_curve_name(ecc_evp_params->negotiated_curve->libcrypto_nid), - EC_KEY_free_pointer); + EC_KEY_free_pointer); S2N_ERROR_IF(ec_key == NULL, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); DEFER_CLEANUP(EC_POINT *point = s2n_ecc_evp_blob_to_point(&client_public_blob, ec_key), EC_POINT_free_pointer); @@ -267,22 +269,21 @@ int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_e #endif return s2n_ecc_evp_compute_shared_secret(ecc_evp_params->evp_pkey, peer_key, - ecc_evp_params->negotiated_curve->iana_id, shared_key); - + ecc_evp_params->negotiated_curve->iana_id, shared_key); } int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *ecc_evp_params, - struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key) { - - DEFER_CLEANUP(struct s2n_ecc_evp_params client_params = {0}, s2n_ecc_evp_params_free); + struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key) +{ + DEFER_CLEANUP(struct s2n_ecc_evp_params client_params = { 0 }, s2n_ecc_evp_params_free); POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); client_params.negotiated_curve = ecc_evp_params->negotiated_curve; POSIX_GUARD(s2n_ecc_evp_generate_own_key(client_params.negotiated_curve, &client_params.evp_pkey)); S2N_ERROR_IF(client_params.evp_pkey == NULL, S2N_ERR_ECDHE_GEN_KEY); - if (s2n_ecc_evp_compute_shared_secret(client_params.evp_pkey, ecc_evp_params->evp_pkey, - ecc_evp_params->negotiated_curve->iana_id, shared_key) != S2N_SUCCESS) { + if (s2n_ecc_evp_compute_shared_secret(client_params.evp_pkey, ecc_evp_params->evp_pkey, ecc_evp_params->negotiated_curve->iana_id, shared_key) + != S2N_SUCCESS) { POSIX_BAIL(S2N_ERR_ECDHE_SHARED_SECRET); } @@ -292,25 +293,27 @@ int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *ecc_e POSIX_BAIL(S2N_ERR_ECDHE_SERIALIZING); } return 0; - } #if (!EVP_APIS_SUPPORTED) -static int s2n_ecc_evp_calculate_point_length(const EC_POINT *point, const EC_GROUP *group, uint8_t *length) { +static int s2n_ecc_evp_calculate_point_length(const EC_POINT *point, const EC_GROUP *group, uint8_t *length) +{ size_t ret = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); S2N_ERROR_IF(ret == 0, S2N_ERR_ECDHE_SERIALIZING); S2N_ERROR_IF(ret > UINT8_MAX, S2N_ERR_ECDHE_SERIALIZING); - *length = (uint8_t)ret; + *length = (uint8_t) ret; return 0; } -static int s2n_ecc_evp_write_point_data_snug(const EC_POINT *point, const EC_GROUP *group, struct s2n_blob *out) { +static int s2n_ecc_evp_write_point_data_snug(const EC_POINT *point, const EC_GROUP *group, struct s2n_blob *out) +{ size_t ret = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, out->data, out->size, NULL); S2N_ERROR_IF(ret != out->size, S2N_ERR_ECDHE_SERIALIZING); return 0; } -static EC_POINT *s2n_ecc_evp_blob_to_point(struct s2n_blob *blob, const EC_KEY *ec_key) { +static EC_POINT *s2n_ecc_evp_blob_to_point(struct s2n_blob *blob, const EC_KEY *ec_key) +{ const EC_GROUP *group = EC_KEY_get0_group(ec_key); EC_POINT *point = EC_POINT_new(group); if (point == NULL) { @@ -324,7 +327,8 @@ static EC_POINT *s2n_ecc_evp_blob_to_point(struct s2n_blob *blob, const EC_KEY * } #endif -int s2n_ecc_evp_read_params_point(struct s2n_stuffer *in, int point_size, struct s2n_blob *point_blob) { +int s2n_ecc_evp_read_params_point(struct s2n_stuffer *in, int point_size, struct s2n_blob *point_blob) +{ POSIX_ENSURE_REF(in); POSIX_ENSURE_REF(point_blob); POSIX_ENSURE_GTE(point_size, 0); @@ -338,7 +342,8 @@ int s2n_ecc_evp_read_params_point(struct s2n_stuffer *in, int point_size, struct } int s2n_ecc_evp_read_params(struct s2n_stuffer *in, struct s2n_blob *data_to_verify, - struct s2n_ecdhe_raw_server_params *raw_server_ecc_params) { + struct s2n_ecdhe_raw_server_params *raw_server_ecc_params) +{ POSIX_ENSURE_REF(in); uint8_t curve_type; uint8_t point_length; @@ -350,7 +355,7 @@ int s2n_ecc_evp_read_params(struct s2n_stuffer *in, struct s2n_blob *data_to_ver /* Read the curve */ POSIX_GUARD(s2n_stuffer_read_uint8(in, &curve_type)); S2N_ERROR_IF(curve_type != TLS_EC_CURVE_TYPE_NAMED, S2N_ERR_BAD_MESSAGE); - raw_server_ecc_params->curve_blob.data = s2n_stuffer_raw_read(in, 2); + raw_server_ecc_params->curve_blob.data = s2n_stuffer_raw_read(in, 2); POSIX_ENSURE_REF(raw_server_ecc_params->curve_blob.data); raw_server_ecc_params->curve_blob.size = 2; @@ -365,22 +370,22 @@ int s2n_ecc_evp_read_params(struct s2n_stuffer *in, struct s2n_blob *data_to_ver return 0; } -int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out) { +int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out) +{ POSIX_ENSURE_REF(ecc_evp_params); POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); POSIX_ENSURE_REF(ecc_evp_params->evp_pkey); POSIX_ENSURE_REF(out); #if EVP_APIS_SUPPORTED - struct s2n_blob point_blob = {0}; + struct s2n_blob point_blob = { 0 }; uint8_t *encoded_point = NULL; size_t size = EVP_PKEY_get1_tls_encodedpoint(ecc_evp_params->evp_pkey, &encoded_point); if (size != ecc_evp_params->negotiated_curve->share_size) { OPENSSL_free(encoded_point); POSIX_BAIL(S2N_ERR_ECDHE_SERIALIZING); - } - else { + } else { point_blob.data = s2n_stuffer_raw_write(out, ecc_evp_params->negotiated_curve->share_size); POSIX_ENSURE_REF(point_blob.data); POSIX_CHECKED_MEMCPY(point_blob.data, encoded_point, size); @@ -388,7 +393,7 @@ int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, st } #else uint8_t point_len; - struct s2n_blob point_blob = {0}; + struct s2n_blob point_blob = { 0 }; DEFER_CLEANUP(EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(ecc_evp_params->evp_pkey), EC_KEY_free_pointer); S2N_ERROR_IF(ec_key == NULL, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); @@ -408,7 +413,8 @@ int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, st } int s2n_ecc_evp_write_params(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out, - struct s2n_blob *written) { + struct s2n_blob *written) +{ POSIX_ENSURE_REF(ecc_evp_params); POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); POSIX_ENSURE_REF(ecc_evp_params->evp_pkey); @@ -432,7 +438,8 @@ int s2n_ecc_evp_write_params(struct s2n_ecc_evp_params *ecc_evp_params, struct s return written->size; } -int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_evp_params *ecc_evp_params) { +int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_evp_params *ecc_evp_params) +{ POSIX_ENSURE_REF(point_blob->data); POSIX_ENSURE_REF(ecc_evp_params->negotiated_curve); S2N_ERROR_IF(point_blob->size != ecc_evp_params->negotiated_curve->share_size, S2N_ERR_ECDHE_SERIALIZING); @@ -444,8 +451,7 @@ int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_e } S2N_ERROR_IF(ecc_evp_params->evp_pkey == NULL, S2N_ERR_BAD_MESSAGE); POSIX_GUARD(EVP_PKEY_set_type(ecc_evp_params->evp_pkey, ecc_evp_params->negotiated_curve->libcrypto_nid)); - } - else { + } else { DEFER_CLEANUP(EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free_pointer); S2N_ERROR_IF(pctx == NULL, S2N_ERR_ECDHE_SERIALIZING); POSIX_GUARD_OSSL(EVP_PKEY_paramgen_init(pctx), S2N_ERR_ECDHE_SERIALIZING); @@ -453,7 +459,7 @@ int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_e POSIX_GUARD_OSSL(EVP_PKEY_paramgen(pctx, &ecc_evp_params->evp_pkey), S2N_ERR_ECDHE_SERIALIZING); } POSIX_GUARD_OSSL(EVP_PKEY_set1_tls_encodedpoint(ecc_evp_params->evp_pkey, point_blob->data, point_blob->size), - S2N_ERR_ECDHE_SERIALIZING); + S2N_ERR_ECDHE_SERIALIZING); #else if (ecc_evp_params->evp_pkey == NULL) { ecc_evp_params->evp_pkey = EVP_PKEY_new(); @@ -461,7 +467,7 @@ int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_e S2N_ERROR_IF(ecc_evp_params->evp_pkey == NULL, S2N_ERR_BAD_MESSAGE); /* Create a key to store the point */ DEFER_CLEANUP(EC_KEY *ec_key = EC_KEY_new_by_curve_name(ecc_evp_params->negotiated_curve->libcrypto_nid), - EC_KEY_free_pointer); + EC_KEY_free_pointer); S2N_ERROR_IF(ec_key == NULL, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); /* Parse and store the server public point */ @@ -471,7 +477,7 @@ int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_e /* Set the point as the public key */ int success = EC_KEY_set_public_key(ec_key, point); - POSIX_GUARD_OSSL(EVP_PKEY_set1_EC_KEY(ecc_evp_params->evp_pkey,ec_key), S2N_ERR_ECDHE_SERIALIZING); + POSIX_GUARD_OSSL(EVP_PKEY_set1_EC_KEY(ecc_evp_params->evp_pkey, ec_key), S2N_ERR_ECDHE_SERIALIZING); /* EC_KEY_set_public_key returns 1 on success, 0 on failure */ S2N_ERROR_IF(success == 0, S2N_ERR_BAD_MESSAGE); @@ -480,21 +486,21 @@ int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_e return 0; } -int s2n_ecc_evp_parse_params(struct s2n_connection* conn, - struct s2n_ecdhe_raw_server_params* raw_server_ecc_params, - struct s2n_ecc_evp_params* ecc_evp_params) { - POSIX_ENSURE( - s2n_ecc_evp_find_supported_curve(conn, &raw_server_ecc_params->curve_blob, &ecc_evp_params->negotiated_curve) == 0, +int s2n_ecc_evp_parse_params(struct s2n_connection *conn, struct s2n_ecdhe_raw_server_params *raw_server_ecc_params, + struct s2n_ecc_evp_params *ecc_evp_params) +{ + POSIX_ENSURE(s2n_ecc_evp_find_supported_curve(conn, &raw_server_ecc_params->curve_blob, &ecc_evp_params->negotiated_curve) == 0, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); return s2n_ecc_evp_parse_params_point(&raw_server_ecc_params->point_blob, ecc_evp_params); } -int s2n_ecc_evp_find_supported_curve(struct s2n_connection* conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found) { - const struct s2n_ecc_preferences* ecc_prefs = NULL; +int s2n_ecc_evp_find_supported_curve(struct s2n_connection *conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found) +{ + const struct s2n_ecc_preferences *ecc_prefs = NULL; POSIX_GUARD(s2n_connection_get_ecc_preferences(conn, &ecc_prefs)); POSIX_ENSURE_REF(ecc_prefs); - struct s2n_stuffer iana_ids_in = {0}; + struct s2n_stuffer iana_ids_in = { 0 }; POSIX_GUARD(s2n_stuffer_init(&iana_ids_in, iana_ids)); POSIX_GUARD(s2n_stuffer_write(&iana_ids_in, iana_ids)); @@ -514,7 +520,8 @@ int s2n_ecc_evp_find_supported_curve(struct s2n_connection* conn, struct s2n_blo POSIX_BAIL(S2N_ERR_ECDHE_UNSUPPORTED_CURVE); } -int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params) { +int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params) +{ if (ecc_evp_params->evp_pkey != NULL) { EVP_PKEY_free(ecc_evp_params->evp_pkey); ecc_evp_params->evp_pkey = NULL; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.h b/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.h index 1d09e2c89d..cd76417770 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_ecc_evp.h @@ -18,17 +18,17 @@ #include <openssl/evp.h> #include "crypto/s2n_hash.h" -#include "tls/s2n_kex_data.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_kex_data.h" #include "tls/s2n_tls_parameters.h" #include "utils/s2n_safety.h" /* Share sizes are described here: https://tools.ietf.org/html/rfc8446#section-4.2.8.2 * and include the extra "legacy_form" byte */ -#define SECP256R1_SHARE_SIZE ((32 * 2 ) + 1) -#define SECP384R1_SHARE_SIZE ((48 * 2 ) + 1) -#define SECP521R1_SHARE_SIZE ((66 * 2 ) + 1) -#define X25519_SHARE_SIZE (32) +#define SECP256R1_SHARE_SIZE ((32 * 2) + 1) +#define SECP384R1_SHARE_SIZE ((48 * 2) + 1) +#define SECP521R1_SHARE_SIZE ((66 * 2) + 1) +#define X25519_SHARE_SIZE (32) struct s2n_ecc_named_curve { /* See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 */ @@ -37,7 +37,7 @@ struct s2n_ecc_named_curve { int libcrypto_nid; const char *name; const uint8_t share_size; - int (*generate_key) (const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey); + int (*generate_key)(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey); }; extern const struct s2n_ecc_named_curve s2n_ecc_curve_secp256r1; @@ -49,10 +49,10 @@ extern const struct s2n_ecc_named_curve s2n_ecc_curve_x25519; * the future. See https://github.com/google/boringssl/blob/master/crypto/evp/p_x25519_asn1.c#L233 */ #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) - #define EVP_APIS_SUPPORTED 1 + #define EVP_APIS_SUPPORTED 1 #define S2N_ECC_EVP_SUPPORTED_CURVES_COUNT 4 #else - #define EVP_APIS_SUPPORTED 0 + #define EVP_APIS_SUPPORTED 0 #define S2N_ECC_EVP_SUPPORTED_CURVES_COUNT 3 #endif @@ -66,22 +66,22 @@ struct s2n_ecc_evp_params { int s2n_ecc_evp_generate_ephemeral_key(struct s2n_ecc_evp_params *ecc_evp_params); int s2n_ecc_evp_compute_shared_secret_from_params(struct s2n_ecc_evp_params *private_ecc_evp_params, - struct s2n_ecc_evp_params *public_ecc_evp_params, - struct s2n_blob *shared_key); + struct s2n_ecc_evp_params *public_ecc_evp_params, + struct s2n_blob *shared_key); int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out); int s2n_ecc_evp_read_params_point(struct s2n_stuffer *in, int point_size, struct s2n_blob *point_blob); int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *server_ecc_evp_params, - struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key); -int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *server_ecc_evp_params, - struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key); + struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key); +int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *server_ecc_evp_params, + struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key); int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_evp_params *ecc_evp_params); int s2n_ecc_evp_write_params(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out, - struct s2n_blob *written); + struct s2n_blob *written); int s2n_ecc_evp_read_params(struct s2n_stuffer *in, struct s2n_blob *data_to_verify, - struct s2n_ecdhe_raw_server_params *raw_server_ecc_params); + struct s2n_ecdhe_raw_server_params *raw_server_ecc_params); int s2n_ecc_evp_parse_params(struct s2n_connection *conn, - struct s2n_ecdhe_raw_server_params *raw_server_ecc_params, - struct s2n_ecc_evp_params* ecc_evp_params); -int s2n_ecc_evp_find_supported_curve(struct s2n_connection* conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found); + struct s2n_ecdhe_raw_server_params *raw_server_ecc_params, + struct s2n_ecc_evp_params *ecc_evp_params); +int s2n_ecc_evp_find_supported_curve(struct s2n_connection *conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found); int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params); int s2n_is_evp_apis_supported(); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.c b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.c index d775e5b7b9..e4da43f7f0 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.c @@ -13,42 +13,41 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_ecdsa.h" + #include <openssl/ec.h> #include <openssl/ecdsa.h> #include <openssl/x509.h> +#include "crypto/s2n_ecc_evp.h" +#include "crypto/s2n_evp_signing.h" +#include "crypto/s2n_hash.h" +#include "crypto/s2n_openssl.h" +#include "crypto/s2n_pkey.h" #include "error/s2n_errno.h" #include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety_macros.h" #include "utils/s2n_blob.h" #include "utils/s2n_compiler.h" #include "utils/s2n_mem.h" #include "utils/s2n_random.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" - -#include "crypto/s2n_ecdsa.h" -#include "crypto/s2n_ecc_evp.h" -#include "crypto/s2n_evp_signing.h" -#include "crypto/s2n_hash.h" -#include "crypto/s2n_openssl.h" -#include "crypto/s2n_pkey.h" - +#include "utils/s2n_safety_macros.h" #define S2N_ECDSA_TYPE 0 -EC_KEY *s2n_unsafe_ecdsa_get_non_const(const struct s2n_ecdsa_key *ecdsa_key) { +EC_KEY *s2n_unsafe_ecdsa_get_non_const(const struct s2n_ecdsa_key *ecdsa_key) +{ PTR_ENSURE_REF(ecdsa_key); /* pragma gcc diagnostic was added in gcc 4.6 */ -#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wcast-qual" +#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wcast-qual" #endif EC_KEY *out_ec_key = (EC_KEY *) ecdsa_key->ec_key; -#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic pop +#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic pop #endif return out_ec_key; @@ -82,7 +81,8 @@ int s2n_ecdsa_sign_digest(const struct s2n_pkey *priv, struct s2n_blob *digest, /* Safety: ECDSA_sign does not mutate the key */ POSIX_GUARD_OSSL(ECDSA_sign(S2N_ECDSA_TYPE, digest->data, digest->size, signature->data, &signature_size, - s2n_unsafe_ecdsa_get_non_const(key)), S2N_ERR_SIGN); + s2n_unsafe_ecdsa_get_non_const(key)), + S2N_ERR_SIGN); POSIX_ENSURE(signature_size <= signature->size, S2N_ERR_SIZE_MISMATCH); signature->size = signature_size; @@ -129,7 +129,8 @@ static int s2n_ecdsa_verify(const struct s2n_pkey *pub, s2n_signature_algorithm /* Safety: ECDSA_verify does not mutate the key */ /* ECDSA_verify ignores the first parameter */ POSIX_GUARD_OSSL(ECDSA_verify(0, digest_out, digest_length, signature->data, signature->size, - s2n_unsafe_ecdsa_get_non_const(key)), S2N_ERR_VERIFY_SIGNATURE); + s2n_unsafe_ecdsa_get_non_const(key)), + S2N_ERR_VERIFY_SIGNATURE); POSIX_GUARD(s2n_hash_reset(digest)); @@ -202,7 +203,8 @@ int s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY * return 0; } -int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey) { +int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey) +{ pkey->size = &s2n_ecdsa_der_signature_size; pkey->sign = &s2n_ecdsa_sign; pkey->verify = &s2n_ecdsa_verify; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h index f6670a7b04..e5fe8efe31 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h @@ -17,13 +17,11 @@ #include <openssl/ecdsa.h> #include <stdint.h> -#include "api/s2n.h" - -#include "stuffer/s2n_stuffer.h" +#include "api/s2n.h" #include "crypto/s2n_ecc_evp.h" #include "crypto/s2n_hash.h" - +#include "stuffer/s2n_stuffer.h" #include "utils/s2n_blob.h" /* Forward declaration to avoid the circular dependency with s2n_pkey.h */ diff --git a/contrib/restricted/aws/s2n/crypto/s2n_evp.c b/contrib/restricted/aws/s2n/crypto/s2n_evp.c index 81fecdce5b..8ae88205e7 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_evp.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_evp.c @@ -14,6 +14,7 @@ */ #include "crypto/s2n_evp.h" + #include "crypto/s2n_fips.h" #include "error/s2n_errno.h" #include "utils/s2n_safety.h" diff --git a/contrib/restricted/aws/s2n/crypto/s2n_evp.h b/contrib/restricted/aws/s2n/crypto/s2n_evp.h index 6c443efba7..e28c40b861 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_evp.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_evp.h @@ -35,14 +35,14 @@ struct s2n_evp_hmac_state { }; /* Define API's that change based on the OpenSSL Major Version. */ -#if S2N_OPENSSL_VERSION_AT_LEAST(1,1,0) && !defined(LIBRESSL_VERSION_NUMBER) -#define S2N_EVP_MD_CTX_NEW() (EVP_MD_CTX_new()) -#define S2N_EVP_MD_CTX_RESET(md_ctx) (EVP_MD_CTX_reset(md_ctx)) -#define S2N_EVP_MD_CTX_FREE(md_ctx) (EVP_MD_CTX_free(md_ctx)) +#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER) + #define S2N_EVP_MD_CTX_NEW() (EVP_MD_CTX_new()) + #define S2N_EVP_MD_CTX_RESET(md_ctx) (EVP_MD_CTX_reset(md_ctx)) + #define S2N_EVP_MD_CTX_FREE(md_ctx) (EVP_MD_CTX_free(md_ctx)) #else -#define S2N_EVP_MD_CTX_NEW() (EVP_MD_CTX_create()) -#define S2N_EVP_MD_CTX_RESET(md_ctx) (EVP_MD_CTX_cleanup(md_ctx)) -#define S2N_EVP_MD_CTX_FREE(md_ctx) (EVP_MD_CTX_destroy(md_ctx)) + #define S2N_EVP_MD_CTX_NEW() (EVP_MD_CTX_create()) + #define S2N_EVP_MD_CTX_RESET(md_ctx) (EVP_MD_CTX_cleanup(md_ctx)) + #define S2N_EVP_MD_CTX_FREE(md_ctx) (EVP_MD_CTX_destroy(md_ctx)) #endif /* On some versions of OpenSSL, "EVP_PKEY_CTX_set_signature_md()" is just a macro that casts digest_alg to "void*", @@ -50,7 +50,7 @@ struct s2n_evp_hmac_state { * issue by turning off this compiler check for this one function with a cast through. */ #define S2N_EVP_PKEY_CTX_set_signature_md(ctx, md) \ - EVP_PKEY_CTX_set_signature_md(ctx, (EVP_MD*) (uintptr_t) md) + EVP_PKEY_CTX_set_signature_md(ctx, (EVP_MD *) (uintptr_t) md) extern int s2n_digest_allow_md5_for_fips(struct s2n_evp_digest *evp_digest); extern S2N_RESULT s2n_digest_is_md5_allowed_for_fips(struct s2n_evp_digest *evp_digest, bool *out); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.c b/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.c index 22aeb1b93b..886c3b1fa3 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.c @@ -13,13 +13,12 @@ * permissions and limitations under the License. */ -#include "error/s2n_errno.h" +#include "crypto/s2n_evp_signing.h" #include "crypto/s2n_evp.h" -#include "crypto/s2n_evp_signing.h" #include "crypto/s2n_pkey.h" #include "crypto/s2n_rsa_pss.h" - +#include "error/s2n_errno.h" #include "utils/s2n_safety.h" DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY_CTX *, EVP_PKEY_CTX_free); @@ -77,7 +76,7 @@ S2N_RESULT s2n_evp_signing_set_pkey_overrides(struct s2n_pkey *pkey) static S2N_RESULT s2n_evp_signing_validate_hash_alg(s2n_signature_algorithm sig_alg, s2n_hash_algorithm hash_alg) { - switch(hash_alg) { + switch (hash_alg) { case S2N_HASH_NONE: case S2N_HASH_MD5: /* MD5 alone is never supported */ diff --git a/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.h b/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.h index 872f63b682..720ce1b9f0 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_evp_signing.h @@ -16,7 +16,6 @@ #pragma once #include "api/s2n.h" - #include "crypto/s2n_hash.h" #include "crypto/s2n_signature.h" #include "utils/s2n_blob.h" diff --git a/contrib/restricted/aws/s2n/crypto/s2n_fips.c b/contrib/restricted/aws/s2n/crypto/s2n_fips.c index 2eff17a45c..29229dd607 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_fips.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_fips.c @@ -13,12 +13,12 @@ * permissions and limitations under the License. */ -#include <openssl/crypto.h> - #include "crypto/s2n_fips.h" +#include <openssl/crypto.h> + #if defined(S2N_INTERN_LIBCRYPTO) && defined(OPENSSL_FIPS) -#error "Interning with OpenSSL fips-validated libcrypto is not currently supported. See https://github.com/aws/s2n-tls/issues/2741" + #error "Interning with OpenSSL fips-validated libcrypto is not currently supported. See https://github.com/aws/s2n-tls/issues/2741" #endif static int s2n_fips_mode = 0; @@ -34,7 +34,8 @@ static int s2n_fips_mode = 0; * Note: FIPS_mode() does not change the FIPS state of libcrypto. This only returns the current state. Applications * using s2n must call FIPS_mode_set(1) prior to s2n_init. * */ -bool s2n_libcrypto_is_fips(void) { +bool s2n_libcrypto_is_fips(void) +{ #if defined(OPENSSL_FIPS) || defined(OPENSSL_IS_AWSLC) if (FIPS_mode() == 1) { return true; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hash.c b/contrib/restricted/aws/s2n/crypto/s2n_hash.c index 96dae1424c..f1401357ac 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hash.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_hash.c @@ -13,13 +13,12 @@ * permissions and limitations under the License. */ -#include "error/s2n_errno.h" - #include "crypto/s2n_hash.h" + +#include "crypto/s2n_fips.h" #include "crypto/s2n_hmac.h" #include "crypto/s2n_openssl.h" -#include "crypto/s2n_fips.h" - +#include "error/s2n_errno.h" #include "utils/s2n_safety.h" static bool s2n_use_custom_md5_sha1() @@ -41,7 +40,7 @@ bool s2n_hash_evp_fully_supported() return s2n_use_evp_impl() && !s2n_use_custom_md5_sha1(); } -const EVP_MD* s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg) +const EVP_MD *s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg) { switch (alg) { case S2N_HASH_MD5: @@ -68,18 +67,20 @@ const EVP_MD* s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg) int s2n_hash_digest_size(s2n_hash_algorithm alg, uint8_t *out) { POSIX_ENSURE(S2N_MEM_IS_WRITABLE_CHECK(out, sizeof(*out)), S2N_ERR_PRECONDITION_VIOLATION); + /* clang-format off */ switch (alg) { - case S2N_HASH_NONE: *out = 0; break; - case S2N_HASH_MD5: *out = MD5_DIGEST_LENGTH; break; - case S2N_HASH_SHA1: *out = SHA_DIGEST_LENGTH; break; - case S2N_HASH_SHA224: *out = SHA224_DIGEST_LENGTH; break; - case S2N_HASH_SHA256: *out = SHA256_DIGEST_LENGTH; break; - case S2N_HASH_SHA384: *out = SHA384_DIGEST_LENGTH; break; - case S2N_HASH_SHA512: *out = SHA512_DIGEST_LENGTH; break; - case S2N_HASH_MD5_SHA1: *out = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH; break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + case S2N_HASH_NONE: *out = 0; break; + case S2N_HASH_MD5: *out = MD5_DIGEST_LENGTH; break; + case S2N_HASH_SHA1: *out = SHA_DIGEST_LENGTH; break; + case S2N_HASH_SHA224: *out = SHA224_DIGEST_LENGTH; break; + case S2N_HASH_SHA256: *out = SHA256_DIGEST_LENGTH; break; + case S2N_HASH_SHA384: *out = SHA384_DIGEST_LENGTH; break; + case S2N_HASH_SHA512: *out = SHA512_DIGEST_LENGTH; break; + case S2N_HASH_MD5_SHA1: *out = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH; break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } + /* clang-format on */ return S2N_SUCCESS; } @@ -89,18 +90,20 @@ int s2n_hash_digest_size(s2n_hash_algorithm alg, uint8_t *out) int s2n_hash_block_size(s2n_hash_algorithm alg, uint64_t *block_size) { POSIX_ENSURE(S2N_MEM_IS_WRITABLE_CHECK(block_size, sizeof(*block_size)), S2N_ERR_PRECONDITION_VIOLATION); - switch(alg) { - case S2N_HASH_NONE: *block_size = 64; break; - case S2N_HASH_MD5: *block_size = 64; break; - case S2N_HASH_SHA1: *block_size = 64; break; - case S2N_HASH_SHA224: *block_size = 64; break; - case S2N_HASH_SHA256: *block_size = 64; break; - case S2N_HASH_SHA384: *block_size = 128; break; - case S2N_HASH_SHA512: *block_size = 128; break; - case S2N_HASH_MD5_SHA1: *block_size = 64; break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + /* clang-format off */ + switch (alg) { + case S2N_HASH_NONE: *block_size = 64; break; + case S2N_HASH_MD5: *block_size = 64; break; + case S2N_HASH_SHA1: *block_size = 64; break; + case S2N_HASH_SHA224: *block_size = 64; break; + case S2N_HASH_SHA256: *block_size = 64; break; + case S2N_HASH_SHA384: *block_size = 128; break; + case S2N_HASH_SHA512: *block_size = 128; break; + case S2N_HASH_MD5_SHA1: *block_size = 64; break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } + /* clang-format on */ return S2N_SUCCESS; } @@ -108,19 +111,19 @@ int s2n_hash_block_size(s2n_hash_algorithm alg, uint64_t *block_size) bool s2n_hash_is_available(s2n_hash_algorithm alg) { switch (alg) { - case S2N_HASH_MD5: - case S2N_HASH_MD5_SHA1: - /* return false if in FIPS mode, as MD5 algs are not available in FIPS mode. */ - return !s2n_is_in_fips_mode(); - case S2N_HASH_NONE: - case S2N_HASH_SHA1: - case S2N_HASH_SHA224: - case S2N_HASH_SHA256: - case S2N_HASH_SHA384: - case S2N_HASH_SHA512: - return true; - case S2N_HASH_SENTINEL: - return false; + case S2N_HASH_MD5: + case S2N_HASH_MD5_SHA1: + /* return false if in FIPS mode, as MD5 algs are not available in FIPS mode. */ + return !s2n_is_in_fips_mode(); + case S2N_HASH_NONE: + case S2N_HASH_SHA1: + case S2N_HASH_SHA224: + case S2N_HASH_SHA256: + case S2N_HASH_SHA384: + case S2N_HASH_SHA512: + return true; + case S2N_HASH_SENTINEL: + return false; } return false; } @@ -137,40 +140,40 @@ static int s2n_low_level_hash_new(struct s2n_hash_state *state) * being used. For the s2n_low_level_hash implementation, new is a no-op. */ - *state = (struct s2n_hash_state) { 0 }; + *state = (struct s2n_hash_state){ 0 }; return S2N_SUCCESS; } static int s2n_low_level_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg) { switch (alg) { - case S2N_HASH_NONE: - break; - case S2N_HASH_MD5: - POSIX_GUARD_OSSL(MD5_Init(&state->digest.low_level.md5), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_SHA1: - POSIX_GUARD_OSSL(SHA1_Init(&state->digest.low_level.sha1), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_SHA224: - POSIX_GUARD_OSSL(SHA224_Init(&state->digest.low_level.sha224), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_SHA256: - POSIX_GUARD_OSSL(SHA256_Init(&state->digest.low_level.sha256), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_SHA384: - POSIX_GUARD_OSSL(SHA384_Init(&state->digest.low_level.sha384), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_SHA512: - POSIX_GUARD_OSSL(SHA512_Init(&state->digest.low_level.sha512), S2N_ERR_HASH_INIT_FAILED); - break; - case S2N_HASH_MD5_SHA1: - POSIX_GUARD_OSSL(SHA1_Init(&state->digest.low_level.md5_sha1.sha1), S2N_ERR_HASH_INIT_FAILED); - POSIX_GUARD_OSSL(MD5_Init(&state->digest.low_level.md5_sha1.md5), S2N_ERR_HASH_INIT_FAILED); - break; - - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + case S2N_HASH_NONE: + break; + case S2N_HASH_MD5: + POSIX_GUARD_OSSL(MD5_Init(&state->digest.low_level.md5), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_SHA1: + POSIX_GUARD_OSSL(SHA1_Init(&state->digest.low_level.sha1), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_SHA224: + POSIX_GUARD_OSSL(SHA224_Init(&state->digest.low_level.sha224), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_SHA256: + POSIX_GUARD_OSSL(SHA256_Init(&state->digest.low_level.sha256), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_SHA384: + POSIX_GUARD_OSSL(SHA384_Init(&state->digest.low_level.sha384), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_SHA512: + POSIX_GUARD_OSSL(SHA512_Init(&state->digest.low_level.sha512), S2N_ERR_HASH_INIT_FAILED); + break; + case S2N_HASH_MD5_SHA1: + POSIX_GUARD_OSSL(SHA1_Init(&state->digest.low_level.md5_sha1.sha1), S2N_ERR_HASH_INIT_FAILED); + POSIX_GUARD_OSSL(MD5_Init(&state->digest.low_level.md5_sha1.md5), S2N_ERR_HASH_INIT_FAILED); + break; + + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } state->alg = alg; @@ -185,32 +188,32 @@ static int s2n_low_level_hash_update(struct s2n_hash_state *state, const void *d POSIX_ENSURE(state->is_ready_for_input, S2N_ERR_HASH_NOT_READY); switch (state->alg) { - case S2N_HASH_NONE: - break; - case S2N_HASH_MD5: - POSIX_GUARD_OSSL(MD5_Update(&state->digest.low_level.md5, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_SHA1: - POSIX_GUARD_OSSL(SHA1_Update(&state->digest.low_level.sha1, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_SHA224: - POSIX_GUARD_OSSL(SHA224_Update(&state->digest.low_level.sha224, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_SHA256: - POSIX_GUARD_OSSL(SHA256_Update(&state->digest.low_level.sha256, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_SHA384: - POSIX_GUARD_OSSL(SHA384_Update(&state->digest.low_level.sha384, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_SHA512: - POSIX_GUARD_OSSL(SHA512_Update(&state->digest.low_level.sha512, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - case S2N_HASH_MD5_SHA1: - POSIX_GUARD_OSSL(SHA1_Update(&state->digest.low_level.md5_sha1.sha1, data, size), S2N_ERR_HASH_UPDATE_FAILED); - POSIX_GUARD_OSSL(MD5_Update(&state->digest.low_level.md5_sha1.md5, data, size), S2N_ERR_HASH_UPDATE_FAILED); - break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + case S2N_HASH_NONE: + break; + case S2N_HASH_MD5: + POSIX_GUARD_OSSL(MD5_Update(&state->digest.low_level.md5, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_SHA1: + POSIX_GUARD_OSSL(SHA1_Update(&state->digest.low_level.sha1, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_SHA224: + POSIX_GUARD_OSSL(SHA224_Update(&state->digest.low_level.sha224, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_SHA256: + POSIX_GUARD_OSSL(SHA256_Update(&state->digest.low_level.sha256, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_SHA384: + POSIX_GUARD_OSSL(SHA384_Update(&state->digest.low_level.sha384, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_SHA512: + POSIX_GUARD_OSSL(SHA512_Update(&state->digest.low_level.sha512, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + case S2N_HASH_MD5_SHA1: + POSIX_GUARD_OSSL(SHA1_Update(&state->digest.low_level.md5_sha1.sha1, data, size), S2N_ERR_HASH_UPDATE_FAILED); + POSIX_GUARD_OSSL(MD5_Update(&state->digest.low_level.md5_sha1.md5, data, size), S2N_ERR_HASH_UPDATE_FAILED); + break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } POSIX_ENSURE(size <= (UINT64_MAX - state->currently_in_hash), S2N_ERR_INTEGER_OVERFLOW); @@ -224,39 +227,39 @@ static int s2n_low_level_hash_digest(struct s2n_hash_state *state, void *out, ui POSIX_ENSURE(state->is_ready_for_input, S2N_ERR_HASH_NOT_READY); switch (state->alg) { - case S2N_HASH_NONE: - break; - case S2N_HASH_MD5: - POSIX_ENSURE_EQ(size, MD5_DIGEST_LENGTH); - POSIX_GUARD_OSSL(MD5_Final(out, &state->digest.low_level.md5), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_SHA1: - POSIX_ENSURE_EQ(size, SHA_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA1_Final(out, &state->digest.low_level.sha1), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_SHA224: - POSIX_ENSURE_EQ(size, SHA224_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA224_Final(out, &state->digest.low_level.sha224), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_SHA256: - POSIX_ENSURE_EQ(size, SHA256_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA256_Final(out, &state->digest.low_level.sha256), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_SHA384: - POSIX_ENSURE_EQ(size, SHA384_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA384_Final(out, &state->digest.low_level.sha384), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_SHA512: - POSIX_ENSURE_EQ(size, SHA512_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA512_Final(out, &state->digest.low_level.sha512), S2N_ERR_HASH_DIGEST_FAILED); - break; - case S2N_HASH_MD5_SHA1: - POSIX_ENSURE_EQ(size, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH); - POSIX_GUARD_OSSL(SHA1_Final(((uint8_t *) out) + MD5_DIGEST_LENGTH, &state->digest.low_level.md5_sha1.sha1), S2N_ERR_HASH_DIGEST_FAILED); - POSIX_GUARD_OSSL(MD5_Final(out, &state->digest.low_level.md5_sha1.md5), S2N_ERR_HASH_DIGEST_FAILED); - break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + case S2N_HASH_NONE: + break; + case S2N_HASH_MD5: + POSIX_ENSURE_EQ(size, MD5_DIGEST_LENGTH); + POSIX_GUARD_OSSL(MD5_Final(out, &state->digest.low_level.md5), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_SHA1: + POSIX_ENSURE_EQ(size, SHA_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA1_Final(out, &state->digest.low_level.sha1), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_SHA224: + POSIX_ENSURE_EQ(size, SHA224_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA224_Final(out, &state->digest.low_level.sha224), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_SHA256: + POSIX_ENSURE_EQ(size, SHA256_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA256_Final(out, &state->digest.low_level.sha256), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_SHA384: + POSIX_ENSURE_EQ(size, SHA384_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA384_Final(out, &state->digest.low_level.sha384), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_SHA512: + POSIX_ENSURE_EQ(size, SHA512_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA512_Final(out, &state->digest.low_level.sha512), S2N_ERR_HASH_DIGEST_FAILED); + break; + case S2N_HASH_MD5_SHA1: + POSIX_ENSURE_EQ(size, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH); + POSIX_GUARD_OSSL(SHA1_Final(((uint8_t *) out) + MD5_DIGEST_LENGTH, &state->digest.low_level.md5_sha1.sha1), S2N_ERR_HASH_DIGEST_FAILED); + POSIX_GUARD_OSSL(MD5_Final(out, &state->digest.low_level.md5_sha1.md5), S2N_ERR_HASH_DIGEST_FAILED); + break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } state->currently_in_hash = 0; @@ -535,8 +538,7 @@ int s2n_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg) bool is_md5_allowed_for_fips = false; POSIX_GUARD_RESULT(s2n_digest_is_md5_allowed_for_fips(&state->digest.high_level.evp, &is_md5_allowed_for_fips)); - if (s2n_hash_is_available(alg) || - ((alg == S2N_HASH_MD5 || alg == S2N_HASH_MD5_SHA1) && is_md5_allowed_for_fips)) { + if (s2n_hash_is_available(alg) || ((alg == S2N_HASH_MD5 || alg == S2N_HASH_MD5_SHA1) && is_md5_allowed_for_fips)) { /* s2n will continue to initialize an "unavailable" hash when s2n is in FIPS mode and * FIPS is forcing the hash to be made available. */ @@ -590,8 +592,7 @@ int s2n_hash_reset(struct s2n_hash_state *state) int s2n_hash_free(struct s2n_hash_state *state) { - if (state == NULL) - { + if (state == NULL) { return S2N_SUCCESS; } /* Ensure that hash_impl is set, as it may have been reset for s2n_hash_state on s2n_connection_wipe. diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hash.h b/contrib/restricted/aws/s2n/crypto/s2n_hash.h index 6ae9b13386..6746358c8c 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hash.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hash.h @@ -15,18 +15,17 @@ #pragma once -#include <stdint.h> -#include <stdbool.h> - #include <openssl/md5.h> #include <openssl/sha.h> +#include <stdbool.h> +#include <stdint.h> #include "crypto/s2n_evp.h" #define S2N_MAX_DIGEST_LEN SHA512_DIGEST_LENGTH typedef enum { - S2N_HASH_NONE=0, + S2N_HASH_NONE = 0, S2N_HASH_MD5, S2N_HASH_SHA1, S2N_HASH_SHA224, @@ -77,18 +76,18 @@ struct s2n_hash_state { * either OpenSSL's low-level algorithm-specific API's or OpenSSL's EVP API's. */ struct s2n_hash { - int (*alloc) (struct s2n_hash_state *state); - int (*allow_md5_for_fips) (struct s2n_hash_state *state); - int (*init) (struct s2n_hash_state *state, s2n_hash_algorithm alg); - int (*update) (struct s2n_hash_state *state, const void *data, uint32_t size); - int (*digest) (struct s2n_hash_state *state, void *out, uint32_t size); - int (*copy) (struct s2n_hash_state *to, struct s2n_hash_state *from); - int (*reset) (struct s2n_hash_state *state); - int (*free) (struct s2n_hash_state *state); + int (*alloc)(struct s2n_hash_state *state); + int (*allow_md5_for_fips)(struct s2n_hash_state *state); + int (*init)(struct s2n_hash_state *state, s2n_hash_algorithm alg); + int (*update)(struct s2n_hash_state *state, const void *data, uint32_t size); + int (*digest)(struct s2n_hash_state *state, void *out, uint32_t size); + int (*copy)(struct s2n_hash_state *to, struct s2n_hash_state *from); + int (*reset)(struct s2n_hash_state *state); + int (*free)(struct s2n_hash_state *state); }; bool s2n_hash_evp_fully_supported(); -const EVP_MD* s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg); +const EVP_MD *s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg); extern int s2n_hash_digest_size(s2n_hash_algorithm alg, uint8_t *out); extern int s2n_hash_block_size(s2n_hash_algorithm alg, uint64_t *block_size); extern bool s2n_hash_is_available(s2n_hash_algorithm alg); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.c b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.c index eda68149d8..e2a26d9050 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.c @@ -15,23 +15,20 @@ #include <stdio.h> +#include "crypto/s2n_hmac.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_hmac.h" - #include "utils/s2n_blob.h" -#include "utils/s2n_safety.h" #include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" -#define MAX_DIGEST_SIZE 64 /* Current highest is SHA512 */ +#define MAX_DIGEST_SIZE 64 /* Current highest is SHA512 */ #define MAX_HKDF_ROUNDS 255 /* Reference: RFC 5869 */ int s2n_hkdf_extract(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, - const struct s2n_blob *key, struct s2n_blob *pseudo_rand_key) + const struct s2n_blob *key, struct s2n_blob *pseudo_rand_key) { uint8_t hmac_size; POSIX_GUARD(s2n_hmac_digest_size(alg, &hmac_size)); @@ -46,7 +43,7 @@ int s2n_hkdf_extract(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const } static int s2n_hkdf_expand(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *pseudo_rand_key, - const struct s2n_blob *info, struct s2n_blob *output) + const struct s2n_blob *info, struct s2n_blob *output) { uint8_t prev[MAX_DIGEST_SIZE] = { 0 }; @@ -79,7 +76,7 @@ static int s2n_hkdf_expand(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, POSIX_CHECKED_MEMCPY(output->data + done_len, prev, cat_len); done_len += cat_len; - + POSIX_GUARD(s2n_hmac_reset(hmac)); } @@ -87,12 +84,12 @@ static int s2n_hkdf_expand(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, } int s2n_hkdf_expand_label(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *secret, const struct s2n_blob *label, - const struct s2n_blob *context, struct s2n_blob *output) + const struct s2n_blob *context, struct s2n_blob *output) { /* Per RFC8446: 7.1, a HKDF label is a 2 byte length field, and two 1...255 byte arrays with a one byte length field each. */ uint8_t hkdf_label_buf[2 + 256 + 256]; - struct s2n_blob hkdf_label_blob = {0}; - struct s2n_stuffer hkdf_label = {0}; + struct s2n_blob hkdf_label_blob = { 0 }; + struct s2n_stuffer hkdf_label = { 0 }; /* RFC8446 specifies that labels must be 12 characters or less, to avoid ** incurring two hash rounds. @@ -115,10 +112,10 @@ int s2n_hkdf_expand_label(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, c } int s2n_hkdf(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, - const struct s2n_blob *key, const struct s2n_blob *info, struct s2n_blob *output) + const struct s2n_blob *key, const struct s2n_blob *info, struct s2n_blob *output) { uint8_t prk_pad[MAX_DIGEST_SIZE]; - struct s2n_blob pseudo_rand_key = {.data = prk_pad,.size = sizeof(prk_pad) }; + struct s2n_blob pseudo_rand_key = { .data = prk_pad, .size = sizeof(prk_pad) }; POSIX_GUARD(s2n_hkdf_extract(hmac, alg, salt, key, &pseudo_rand_key)); POSIX_GUARD(s2n_hkdf_expand(hmac, alg, &pseudo_rand_key, info, output)); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h index 9df0e766ba..1d3b98303d 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h @@ -17,15 +17,14 @@ #include <stdint.h> -#include "utils/s2n_blob.h" - #include "crypto/s2n_hmac.h" +#include "utils/s2n_blob.h" extern int s2n_hkdf(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, - const struct s2n_blob *key, const struct s2n_blob *info, struct s2n_blob *output); + const struct s2n_blob *key, const struct s2n_blob *info, struct s2n_blob *output); extern int s2n_hkdf_extract(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, - const struct s2n_blob *key, struct s2n_blob *pseudo_rand_key); + const struct s2n_blob *key, struct s2n_blob *pseudo_rand_key); extern int s2n_hkdf_expand_label(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *secret, const struct s2n_blob *label, - const struct s2n_blob *context, struct s2n_blob *output); + const struct s2n_blob *context, struct s2n_blob *output); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hmac.c b/contrib/restricted/aws/s2n/crypto/s2n_hmac.c index 29ded952ce..d2bb4e6684 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hmac.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_hmac.c @@ -12,6 +12,8 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ +/* this file is patched by Sidetrail, clang-format invalidates patches */ +/* clang-format off */ #include <openssl/md5.h> #include <openssl/sha.h> diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hmac.h b/contrib/restricted/aws/s2n/crypto/s2n_hmac.h index 1a3d52a343..08ff779d06 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hmac.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hmac.h @@ -12,6 +12,8 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ +/* this file is patched by sidetrail, clang-format invalidates patches */ +/* clang-format off */ #pragma once diff --git a/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c b/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c index bf85f2773f..c7efef1454 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_libcrypto.c @@ -13,17 +13,18 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_libcrypto.h" + +#include <openssl/crypto.h> +#include <openssl/opensslv.h> + #include "crypto/s2n_crypto.h" #include "crypto/s2n_fips.h" #include "crypto/s2n_openssl.h" -#include "crypto/s2n_libcrypto.h" #include "utils/s2n_safety.h" #include "utils/s2n_safety_macros.h" - -#include <openssl/crypto.h> -#include <openssl/opensslv.h> #if S2N_OPENSSL_VERSION_AT_LEAST(3, 0, 0) -#error #include <openssl/provider.h> + #error #include <openssl/provider.h> #endif #include <string.h> @@ -43,8 +44,8 @@ * doesn't distribute fips-specific header files. */ #define EXPECTED_AWSLC_VERSION_NAME_FIPS_OR_OLD "BoringSSL" -#define EXPECTED_AWSLC_VERSION_NAME_NON_FIPS "AWS-LC" -#define EXPECTED_BORINGSSL_VERSION_NAME "BoringSSL" +#define EXPECTED_AWSLC_VERSION_NAME_NON_FIPS "AWS-LC" +#define EXPECTED_BORINGSSL_VERSION_NAME "BoringSSL" /* https://www.openssl.org/docs/man{1.0.2, 1.1.1, 3.0}/man3/OPENSSL_VERSION_NUMBER.html * OPENSSL_VERSION_NUMBER in hex is: MNNFFPPS major minor fix patch status. @@ -58,7 +59,7 @@ * symbol OpenSSL_version binded to at link-time. This can be used as * verification at run-time that s2n linked against the expected libcrypto. */ -static const char * s2n_libcrypto_get_version_name(void) +static const char *s2n_libcrypto_get_version_name(void) { return SSLeay_version(SSLEAY_VERSION); } @@ -68,7 +69,7 @@ static S2N_RESULT s2n_libcrypto_validate_expected_version_name(const char *expec RESULT_ENSURE_REF(expected_version_name); RESULT_ENSURE_REF(s2n_libcrypto_get_version_name()); RESULT_ENSURE_EQ(strlen(expected_version_name), strlen(s2n_libcrypto_get_version_name())); - RESULT_ENSURE(s2n_constant_time_equals((const uint8_t *) expected_version_name, (const uint8_t *) s2n_libcrypto_get_version_name(), (const uint32_t) strlen(expected_version_name)), S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH); + RESULT_ENSURE(s2n_constant_time_equals((const uint8_t *) expected_version_name, (const uint8_t *) s2n_libcrypto_get_version_name(), (const uint32_t) strlen(expected_version_name)), S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH); return S2N_RESULT_OK; } @@ -109,7 +110,7 @@ static S2N_RESULT s2n_libcrypto_validate_expected_version_number(void) */ #if defined(OPENSSL_IS_AWSLC) && defined(OPENSSL_IS_BORINGSSL) -#error "Both OPENSSL_IS_AWSLC and OPENSSL_IS_BORINGSSL are defined at the same time!" + #error "Both OPENSSL_IS_AWSLC and OPENSSL_IS_BORINGSSL are defined at the same time!" #endif bool s2n_libcrypto_is_awslc() @@ -121,7 +122,8 @@ bool s2n_libcrypto_is_awslc() #endif } -static uint64_t s2n_libcrypto_awslc_api_version(void) { +static uint64_t s2n_libcrypto_awslc_api_version(void) +{ #if defined(OPENSSL_IS_AWSLC) return AWSLC_API_VERSION; #else @@ -154,17 +156,20 @@ S2N_RESULT s2n_libcrypto_init(void) } #if S2N_OPENSSL_VERSION_AT_LEAST(3, 0, 0) -int s2n_libcrypto_cleanup_cb(OSSL_PROVIDER *provider, void *cbdata) { +int s2n_libcrypto_cleanup_cb(OSSL_PROVIDER *provider, void *cbdata) +{ return OSSL_PROVIDER_unload(provider); } -S2N_RESULT s2n_libcrypto_cleanup(void) { +S2N_RESULT s2n_libcrypto_cleanup(void) +{ RESULT_GUARD_OSSL(OSSL_PROVIDER_do_all(NULL, *s2n_libcrypto_cleanup_cb, NULL), S2N_ERR_ATEXIT); return S2N_RESULT_OK; } #else -S2N_RESULT s2n_libcrypto_cleanup(void) { +S2N_RESULT s2n_libcrypto_cleanup(void) +{ return S2N_RESULT_OK; } #endif @@ -193,8 +198,7 @@ S2N_RESULT s2n_libcrypto_validate_runtime(void) expected_awslc_version_name = EXPECTED_AWSLC_VERSION_NAME_NON_FIPS; } RESULT_GUARD(s2n_libcrypto_validate_expected_version_name(expected_awslc_version_name)); - } - else if (s2n_libcrypto_is_boringssl()) { + } else if (s2n_libcrypto_is_boringssl()) { RESULT_GUARD(s2n_libcrypto_validate_expected_version_name(EXPECTED_BORINGSSL_VERSION_NAME)); } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_locking.c b/contrib/restricted/aws/s2n/crypto/s2n_locking.c index 84f4b263ae..7f4b3ff15b 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_locking.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_locking.c @@ -13,10 +13,11 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_locking.h" + #include <openssl/crypto.h> #include <pthread.h> -#include "crypto/s2n_locking.h" #include "crypto/s2n_openssl.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -35,7 +36,7 @@ * https://www.openssl.org/docs/man1.0.2/man3/threads.html */ -#define S2N_MUTEXES(mem) ((pthread_mutex_t *) (void*) (mem).data) +#define S2N_MUTEXES(mem) ((pthread_mutex_t *) (void *) (mem).data) /* While the locking-related APIs "exist" in later versions of * Openssl, they tend to be placeholders or hardcoded values like: @@ -91,7 +92,7 @@ S2N_RESULT s2n_locking_cleanup(void) pthread_mutex_t *mutexes = S2N_MUTEXES(mutexes_mem); if (mutexes) { - while(mutexes_count > 0) { + while (mutexes_count > 0) { RESULT_ENSURE_EQ(pthread_mutex_destroy(&(mutexes[mutexes_count - 1])), 0); mutexes_count--; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_openssl.h b/contrib/restricted/aws/s2n/crypto/s2n_openssl.h index d0d2b2d2b2..39ff57f6aa 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_openssl.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_openssl.h @@ -24,12 +24,12 @@ * https://github.com/aws/aws-sdk-cpp/pull/507/commits/2c99f1fe0c4b4683280caeb161538d4724d6a179 */ #if defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x20000000L) -#undef OPENSSL_VERSION_NUMBER -#if LIBRESSL_VERSION_NUMBER < 0x3050000fL -#define OPENSSL_VERSION_NUMBER 0x1000107fL -#else -#define OPENSSL_VERSION_NUMBER 0x1010000fL -#endif + #undef OPENSSL_VERSION_NUMBER + #if LIBRESSL_VERSION_NUMBER < 0x3050000fL + #define OPENSSL_VERSION_NUMBER 0x1000107fL + #else + #define OPENSSL_VERSION_NUMBER 0x1010000fL + #endif #endif /* Per https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3) @@ -43,17 +43,17 @@ (OPENSSL_VERSION_NUMBER >= ((major << 28) + (minor << 20) + (fix << 12))) #if (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)) && (!defined(OPENSSL_IS_BORINGSSL)) && (!defined(OPENSSL_IS_AWSLC)) && (!defined(LIBRESSL_VERSION_NUMBER)) -#define s2n_evp_ctx_init(ctx) POSIX_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG) -#define RESULT_EVP_CTX_INIT(ctx) RESULT_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG) + #define s2n_evp_ctx_init(ctx) POSIX_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG) + #define RESULT_EVP_CTX_INIT(ctx) RESULT_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG) #else -#define s2n_evp_ctx_init(ctx) EVP_CIPHER_CTX_init(ctx) -#define RESULT_EVP_CTX_INIT(ctx) EVP_CIPHER_CTX_init(ctx) + #define s2n_evp_ctx_init(ctx) EVP_CIPHER_CTX_init(ctx) + #define RESULT_EVP_CTX_INIT(ctx) EVP_CIPHER_CTX_init(ctx) #endif #if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_FIPS) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_AWSLC) && !defined(OPENSSL_NO_ENGINE) -#define S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND 1 + #define S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND 1 #else -#define S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND 0 + #define S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND 0 #endif bool s2n_libcrypto_is_awslc(); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.c b/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.c index a61805cee7..f0909fd897 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.c @@ -13,9 +13,10 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" #include "crypto/s2n_openssl_x509.h" +#include "api/s2n.h" + int s2n_openssl_x509_stack_pop_free(STACK_OF(X509) **cert_chain) { if (*cert_chain != NULL) { diff --git a/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.h b/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.h index b27a7f5a92..1eb2069054 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_openssl_x509.h @@ -15,11 +15,11 @@ #pragma once -#include <stdint.h> #include <openssl/x509.h> +#include <stdint.h> #include "utils/s2n_safety.h" -DEFINE_POINTER_CLEANUP_FUNC(X509*, X509_free); +DEFINE_POINTER_CLEANUP_FUNC(X509 *, X509_free); int s2n_openssl_x509_stack_pop_free(STACK_OF(X509) **cert_chain); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_pkey.c b/contrib/restricted/aws/s2n/crypto/s2n_pkey.c index 377eb2585e..ab0c6615f9 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_pkey.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_pkey.c @@ -13,20 +13,20 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_pkey.h" + #include <openssl/evp.h> + #include "crypto/s2n_openssl_evp.h" #include "crypto/s2n_openssl_x509.h" - -#include "error/s2n_errno.h" #include "crypto/s2n_rsa_pss.h" -#include "crypto/s2n_pkey.h" - +#include "error/s2n_errno.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" #define S2N_MAX_ALLOWED_CERT_TRAILING_BYTES 3 -int s2n_pkey_zero_init(struct s2n_pkey *pkey) +int s2n_pkey_zero_init(struct s2n_pkey *pkey) { pkey->pkey = NULL; pkey->size = NULL; @@ -42,7 +42,7 @@ int s2n_pkey_zero_init(struct s2n_pkey *pkey) int s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type) { - switch(pkey_type) { + switch (pkey_type) { case S2N_PKEY_TYPE_RSA: return s2n_rsa_pkey_init(pkey); case S2N_PKEY_TYPE_ECDSA: @@ -79,7 +79,7 @@ int s2n_pkey_sign(const struct s2n_pkey *pkey, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest, struct s2n_blob *signature) { POSIX_ENSURE_REF(pkey->sign); - + return pkey->sign(pkey, sig_alg, digest, signature); } @@ -134,10 +134,10 @@ int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1d uint8_t *key_to_parse = asn1der->data; /* Detect key type */ - DEFER_CLEANUP(EVP_PKEY *evp_private_key = d2i_AutoPrivateKey(NULL, (const unsigned char **)(void *)&key_to_parse, asn1der->size), + DEFER_CLEANUP(EVP_PKEY *evp_private_key = d2i_AutoPrivateKey(NULL, (const unsigned char **) (void *) &key_to_parse, asn1der->size), EVP_PKEY_free_pointer); S2N_ERROR_IF(evp_private_key == NULL, S2N_ERR_DECODE_PRIVATE_KEY); - + /* If key parsing is successful, d2i_AutoPrivateKey increments *key_to_parse to the byte following the parsed data */ uint32_t parsed_len = key_to_parse - asn1der->data; if (parsed_len != asn1der->size) { @@ -146,34 +146,34 @@ int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1d /* Initialize s2n_pkey according to key type */ int type = EVP_PKEY_base_id(evp_private_key); - + int ret; switch (type) { - case EVP_PKEY_RSA: - ret = s2n_rsa_pkey_init(priv_key); - if (ret != 0) { + case EVP_PKEY_RSA: + ret = s2n_rsa_pkey_init(priv_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_rsa_private_key(&priv_key->key.rsa_key, evp_private_key); break; - } - ret = s2n_evp_pkey_to_rsa_private_key(&priv_key->key.rsa_key, evp_private_key); - break; - case EVP_PKEY_RSA_PSS: - ret = s2n_rsa_pss_pkey_init(priv_key); - if (ret != 0) { + case EVP_PKEY_RSA_PSS: + ret = s2n_rsa_pss_pkey_init(priv_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_rsa_pss_private_key(&priv_key->key.rsa_key, evp_private_key); break; - } - ret = s2n_evp_pkey_to_rsa_pss_private_key(&priv_key->key.rsa_key, evp_private_key); - break; - case EVP_PKEY_EC: - ret = s2n_ecdsa_pkey_init(priv_key); - if (ret != 0) { + case EVP_PKEY_EC: + ret = s2n_ecdsa_pkey_init(priv_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_ecdsa_private_key(&priv_key->key.ecdsa_key, evp_private_key); break; - } - ret = s2n_evp_pkey_to_ecdsa_private_key(&priv_key->key.ecdsa_key, evp_private_key); - break; - default: - POSIX_BAIL(S2N_ERR_DECODE_PRIVATE_KEY); + default: + POSIX_BAIL(S2N_ERR_DECODE_PRIVATE_KEY); } - + priv_key->pkey = evp_private_key; /* Reset to avoid DEFER_CLEANUP freeing our key */ evp_private_key = NULL; @@ -186,7 +186,7 @@ int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type * uint8_t *cert_to_parse = asn1der->data; DEFER_CLEANUP(X509 *cert = NULL, X509_free_pointer); - cert = d2i_X509(NULL, (const unsigned char **)(void *)&cert_to_parse, asn1der->size); + cert = d2i_X509(NULL, (const unsigned char **) (void *) &cert_to_parse, asn1der->size); S2N_ERROR_IF(cert == NULL, S2N_ERR_DECODE_CERTIFICATE); /* If cert parsing is successful, d2i_X509 increments *cert_to_parse to the byte following the parsed data */ @@ -205,32 +205,32 @@ int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type * int ret; switch (type) { - case EVP_PKEY_RSA: - ret = s2n_rsa_pkey_init(pub_key); - if (ret != 0) { + case EVP_PKEY_RSA: + ret = s2n_rsa_pkey_init(pub_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_rsa_public_key(&pub_key->key.rsa_key, evp_public_key); + *pkey_type_out = S2N_PKEY_TYPE_RSA; break; - } - ret = s2n_evp_pkey_to_rsa_public_key(&pub_key->key.rsa_key, evp_public_key); - *pkey_type_out = S2N_PKEY_TYPE_RSA; - break; - case EVP_PKEY_RSA_PSS: - ret = s2n_rsa_pss_pkey_init(pub_key); - if (ret != 0) { + case EVP_PKEY_RSA_PSS: + ret = s2n_rsa_pss_pkey_init(pub_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_rsa_pss_public_key(&pub_key->key.rsa_key, evp_public_key); + *pkey_type_out = S2N_PKEY_TYPE_RSA_PSS; break; - } - ret = s2n_evp_pkey_to_rsa_pss_public_key(&pub_key->key.rsa_key, evp_public_key); - *pkey_type_out = S2N_PKEY_TYPE_RSA_PSS; - break; - case EVP_PKEY_EC: - ret = s2n_ecdsa_pkey_init(pub_key); - if (ret != 0) { + case EVP_PKEY_EC: + ret = s2n_ecdsa_pkey_init(pub_key); + if (ret != 0) { + break; + } + ret = s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key); + *pkey_type_out = S2N_PKEY_TYPE_ECDSA; break; - } - ret = s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key); - *pkey_type_out = S2N_PKEY_TYPE_ECDSA; - break; - default: - POSIX_BAIL(S2N_ERR_DECODE_CERTIFICATE); + default: + POSIX_BAIL(S2N_ERR_DECODE_CERTIFICATE); } pub_key->pkey = evp_public_key; @@ -239,4 +239,3 @@ int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type * return ret; } - diff --git a/contrib/restricted/aws/s2n/crypto/s2n_pkey.h b/contrib/restricted/aws/s2n/crypto/s2n_pkey.h index 0edc9f662e..137a68e0d6 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_pkey.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_pkey.h @@ -17,11 +17,10 @@ #include <openssl/evp.h> -#include "crypto/s2n_signature.h" #include "crypto/s2n_ecdsa.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_rsa.h" - +#include "crypto/s2n_signature.h" #include "utils/s2n_blob.h" #include "utils/s2n_result.h" @@ -51,7 +50,7 @@ struct s2n_pkey { struct s2n_hash_state *digest, struct s2n_blob *signature); int (*encrypt)(const struct s2n_pkey *key, struct s2n_blob *in, struct s2n_blob *out); int (*decrypt)(const struct s2n_pkey *key, struct s2n_blob *in, struct s2n_blob *out); - int (*match)(const struct s2n_pkey *pub_key, const struct s2n_pkey *priv_key); + int (*match)(const struct s2n_pkey *pub_key, const struct s2n_pkey *priv_key); int (*free)(struct s2n_pkey *key); int (*check_key)(const struct s2n_pkey *key); }; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c index ff6b5340b7..7e70e27d94 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c @@ -13,37 +13,37 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_rsa.h" + #include <openssl/evp.h> #include <openssl/rsa.h> #include <stdint.h> -#include "error/s2n_errno.h" -#include "stuffer/s2n_stuffer.h" - #include "crypto/s2n_drbg.h" #include "crypto/s2n_evp_signing.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_pkey.h" -#include "crypto/s2n_rsa.h" #include "crypto/s2n_rsa_signing.h" - +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" #include "utils/s2n_blob.h" #include "utils/s2n_compiler.h" #include "utils/s2n_random.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" -RSA *s2n_unsafe_rsa_get_non_const(const struct s2n_rsa_key *rsa_key) { +RSA *s2n_unsafe_rsa_get_non_const(const struct s2n_rsa_key *rsa_key) +{ PTR_ENSURE_REF(rsa_key); /* pragma gcc diagnostic was added in gcc 4.6 */ -#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wcast-qual" +#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wcast-qual" #endif RSA *out_rsa_key = (RSA *) rsa_key->rsa; -#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic pop +#if defined(__clang__) || S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic pop #endif return out_rsa_key; @@ -81,7 +81,7 @@ static S2N_RESULT s2n_rsa_encrypted_size(const struct s2n_pkey *pkey, uint32_t * } static int s2n_rsa_sign(const struct s2n_pkey *priv, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest, - struct s2n_blob *signature) + struct s2n_blob *signature) { switch (sig_alg) { case S2N_SIGNATURE_RSA: @@ -96,7 +96,7 @@ static int s2n_rsa_sign(const struct s2n_pkey *priv, s2n_signature_algorithm sig } static int s2n_rsa_verify(const struct s2n_pkey *pub, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest, - struct s2n_blob *signature) + struct s2n_blob *signature) { switch (sig_alg) { case S2N_SIGNATURE_RSA: @@ -119,7 +119,7 @@ static int s2n_rsa_encrypt(const struct s2n_pkey *pub, struct s2n_blob *in, stru const s2n_rsa_public_key *pub_key = &pub->key.rsa_key; /* Safety: RSA_public_encrypt does not mutate the key */ - int r = RSA_public_encrypt(in->size, ( unsigned char * )in->data, ( unsigned char * )out->data, + int r = RSA_public_encrypt(in->size, (unsigned char *) in->data, (unsigned char *) out->data, s2n_unsafe_rsa_get_non_const(pub_key), RSA_PKCS1_PADDING); S2N_ERROR_IF(r != out->size, S2N_ERR_SIZE_MISMATCH); @@ -128,8 +128,8 @@ static int s2n_rsa_encrypt(const struct s2n_pkey *pub, struct s2n_blob *in, stru static int s2n_rsa_decrypt(const struct s2n_pkey *priv, struct s2n_blob *in, struct s2n_blob *out) { - unsigned char intermediate[ 4096 ]; - uint32_t expected_size = 0; + unsigned char intermediate[4096]; + uint32_t expected_size = 0; POSIX_GUARD_RESULT(s2n_rsa_encrypted_size(priv, &expected_size)); @@ -141,7 +141,7 @@ static int s2n_rsa_decrypt(const struct s2n_pkey *priv, struct s2n_blob *in, str const s2n_rsa_private_key *priv_key = &priv->key.rsa_key; /* Safety: RSA_private_decrypt does not mutate the key */ - int r = RSA_private_decrypt(in->size, ( unsigned char * )in->data, intermediate, + int r = RSA_private_decrypt(in->size, (unsigned char *) in->data, intermediate, s2n_unsafe_rsa_get_non_const(priv_key), RSA_NO_PADDING); S2N_ERROR_IF(r != expected_size, S2N_ERR_SIZE_MISMATCH); @@ -152,7 +152,7 @@ static int s2n_rsa_decrypt(const struct s2n_pkey *priv, struct s2n_blob *in, str static int s2n_rsa_keys_match(const struct s2n_pkey *pub, const struct s2n_pkey *priv) { - uint8_t plain_inpad[ 36 ] = { 1 }, plain_outpad[ 36 ] = { 0 }, encpad[ 8192 ]; + uint8_t plain_inpad[36] = { 1 }, plain_outpad[36] = { 0 }, encpad[8192]; struct s2n_blob plain_in = { 0 }, plain_out = { 0 }, enc = { 0 }; plain_in.data = plain_inpad; @@ -214,15 +214,14 @@ int s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *evp_ int s2n_rsa_pkey_init(struct s2n_pkey *pkey) { - pkey->size = &s2n_rsa_encrypted_size; - pkey->sign = &s2n_rsa_sign; - pkey->verify = &s2n_rsa_verify; - pkey->encrypt = &s2n_rsa_encrypt; - pkey->decrypt = &s2n_rsa_decrypt; - pkey->match = &s2n_rsa_keys_match; - pkey->free = &s2n_rsa_key_free; + pkey->size = &s2n_rsa_encrypted_size; + pkey->sign = &s2n_rsa_sign; + pkey->verify = &s2n_rsa_verify; + pkey->encrypt = &s2n_rsa_encrypt; + pkey->decrypt = &s2n_rsa_decrypt; + pkey->match = &s2n_rsa_keys_match; + pkey->free = &s2n_rsa_key_free; pkey->check_key = &s2n_rsa_check_key_exists; POSIX_GUARD_RESULT(s2n_evp_signing_set_pkey_overrides(pkey)); return 0; } - diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa.h b/contrib/restricted/aws/s2n/crypto/s2n_rsa.h index 52724530a1..d928ad03f5 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa.h @@ -15,13 +15,11 @@ #pragma once -#include <stdint.h> -#include "api/s2n.h" - #include <openssl/rsa.h> +#include <stdint.h> +#include "api/s2n.h" #include "crypto/s2n_hash.h" - #include "utils/s2n_blob.h" /* Forward declaration to avoid the circular dependency with s2n_pkey.h */ diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c index 70be214cf6..82f1a57a58 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.c @@ -13,25 +13,23 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_rsa_pss.h" + #include <openssl/evp.h> #include <openssl/rsa.h> #include <stdint.h> -#include "error/s2n_errno.h" -#include "stuffer/s2n_stuffer.h" - #include "crypto/s2n_evp_signing.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_openssl.h" +#include "crypto/s2n_pkey.h" #include "crypto/s2n_rsa.h" -#include "crypto/s2n_rsa_pss.h" #include "crypto/s2n_rsa_signing.h" -#include "crypto/s2n_pkey.h" - +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" #include "utils/s2n_blob.h" #include "utils/s2n_random.h" #include "utils/s2n_safety.h" -#include "utils/s2n_blob.h" /* Checks whether PSS Certs is supported */ int s2n_is_rsa_pss_certs_supported() @@ -98,8 +96,8 @@ static int s2n_rsa_pss_validate_sign_verify_match(const struct s2n_pkey *pub, co POSIX_GUARD_RESULT(s2n_get_private_random_data(&random_data)); /* Sign/Verify API's only accept Hashes, so hash our Random Data */ - DEFER_CLEANUP(struct s2n_hash_state sign_hash = {0}, s2n_hash_free); - DEFER_CLEANUP(struct s2n_hash_state verify_hash = {0}, s2n_hash_free); + DEFER_CLEANUP(struct s2n_hash_state sign_hash = { 0 }, s2n_hash_free); + DEFER_CLEANUP(struct s2n_hash_state verify_hash = { 0 }, s2n_hash_free); POSIX_GUARD(s2n_hash_new(&sign_hash)); POSIX_GUARD(s2n_hash_new(&verify_hash)); POSIX_GUARD(s2n_hash_init(&sign_hash, S2N_HASH_SHA256)); @@ -159,7 +157,6 @@ static int s2n_rsa_validate_params_match(const struct s2n_pkey *pub, const struc return 0; } - static int s2n_rsa_pss_keys_match(const struct s2n_pkey *pub, const struct s2n_pkey *priv) { POSIX_ENSURE_REF(pub); @@ -190,7 +187,8 @@ static int s2n_rsa_pss_key_free(struct s2n_pkey *pkey) return S2N_SUCCESS; } -int s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey) { +int s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey) +{ const RSA *pub_rsa_key = EVP_PKEY_get1_RSA(pkey); POSIX_ENSURE_REF(pub_rsa_key); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.h b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.h index 82431986f3..c76a8bf1b6 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_pss.h @@ -15,19 +15,19 @@ #pragma once -#include <stdint.h> -#include "api/s2n.h" #include <openssl/bn.h> +#include <stdint.h> +#include "api/s2n.h" #include "crypto/s2n_openssl.h" #include "crypto/s2n_rsa.h" #include "crypto/s2n_rsa_signing.h" -#define RSA_PSS_SIGN_VERIFY_RANDOM_BLOB_SIZE 32 -#define RSA_PSS_SIGN_VERIFY_SIGNATURE_SIZE 256 +#define RSA_PSS_SIGN_VERIFY_RANDOM_BLOB_SIZE 32 +#define RSA_PSS_SIGN_VERIFY_SIGNATURE_SIZE 256 #ifndef EVP_PKEY_RSA_PSS -#define EVP_PKEY_RSA_PSS EVP_PKEY_NONE + #define EVP_PKEY_RSA_PSS EVP_PKEY_NONE #endif /* OpenSSL 1.1.1d 10 Sep 2019 is broken, so disable on that version. For further info see: crypto/evp/p_lib.c:469 @@ -35,9 +35,9 @@ * This feature requires this Openssl commit for Openssl 1.1.x versions: openssl/openssl@4088b92 */ #if RSA_PSS_SIGNING_SUPPORTED && OPENSSL_VERSION_NUMBER > 0x1010104fL -#define RSA_PSS_CERTS_SUPPORTED 1 + #define RSA_PSS_CERTS_SUPPORTED 1 #else -#define RSA_PSS_CERTS_SUPPORTED 0 + #define RSA_PSS_CERTS_SUPPORTED 0 #endif int s2n_is_rsa_pss_certs_supported(); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c index fc74fa24d3..d4d3e51f19 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.c @@ -13,43 +13,41 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_rsa_signing.h" + #include <openssl/evp.h> #include <openssl/rsa.h> -#include "error/s2n_errno.h" - -#include "stuffer/s2n_stuffer.h" - #include "crypto/s2n_hash.h" -#include "crypto/s2n_rsa_pss.h" -#include "crypto/s2n_rsa_signing.h" #include "crypto/s2n_pkey.h" - +#include "crypto/s2n_rsa_pss.h" +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" static int s2n_hash_alg_to_NID[] = { [S2N_HASH_MD5_SHA1] = NID_md5_sha1, - [S2N_HASH_SHA1] = NID_sha1, - [S2N_HASH_SHA224] = NID_sha224, - [S2N_HASH_SHA256] = NID_sha256, - [S2N_HASH_SHA384] = NID_sha384, - [S2N_HASH_SHA512] = NID_sha512 + [S2N_HASH_SHA1] = NID_sha1, + [S2N_HASH_SHA224] = NID_sha224, + [S2N_HASH_SHA256] = NID_sha256, + [S2N_HASH_SHA384] = NID_sha384, + [S2N_HASH_SHA512] = NID_sha512 }; int s2n_hash_NID_type(s2n_hash_algorithm alg, int *out) { - switch(alg) { - case S2N_HASH_MD5_SHA1: - case S2N_HASH_SHA1: - case S2N_HASH_SHA224: - case S2N_HASH_SHA256: - case S2N_HASH_SHA384: - case S2N_HASH_SHA512: - *out = s2n_hash_alg_to_NID[alg]; - break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + switch (alg) { + case S2N_HASH_MD5_SHA1: + case S2N_HASH_SHA1: + case S2N_HASH_SHA224: + case S2N_HASH_SHA256: + case S2N_HASH_SHA384: + case S2N_HASH_SHA512: + *out = s2n_hash_alg_to_NID[alg]; + break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); } return 0; } @@ -70,7 +68,8 @@ int s2n_rsa_pkcs1v15_sign_digest(const struct s2n_pkey *priv, s2n_hash_algorithm /* Safety: RSA_sign does not mutate the key */ POSIX_GUARD_OSSL(RSA_sign(NID_type, digest->data, digest->size, signature->data, &signature_size, - s2n_unsafe_rsa_get_non_const(rsa_key)), S2N_ERR_SIGN); + s2n_unsafe_rsa_get_non_const(rsa_key)), + S2N_ERR_SIGN); POSIX_ENSURE(signature_size <= signature->size, S2N_ERR_SIZE_MISMATCH); signature->size = signature_size; @@ -110,7 +109,8 @@ int s2n_rsa_pkcs1v15_verify(const struct s2n_pkey *pub, struct s2n_hash_state *d /* Safety: RSA_verify does not mutate the key */ POSIX_GUARD_OSSL(RSA_verify(digest_NID_type, digest_out, digest_length, signature->data, signature->size, - s2n_unsafe_rsa_get_non_const(rsa_key)), S2N_ERR_VERIFY_SIGNATURE); + s2n_unsafe_rsa_get_non_const(rsa_key)), + S2N_ERR_VERIFY_SIGNATURE); return 0; } @@ -123,10 +123,10 @@ int s2n_is_rsa_pss_signing_supported() #if RSA_PSS_SIGNING_SUPPORTED -static int s2n_evp_pkey_ctx_set_rsa_signature_digest(EVP_PKEY_CTX *ctx, const EVP_MD* digest_alg) +static int s2n_evp_pkey_ctx_set_rsa_signature_digest(EVP_PKEY_CTX *ctx, const EVP_MD *digest_alg) { POSIX_GUARD_OSSL(S2N_EVP_PKEY_CTX_set_signature_md(ctx, digest_alg), S2N_ERR_INVALID_SIGNATURE_ALGORITHM); - POSIX_GUARD_OSSL(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, (EVP_MD*) (uintptr_t) digest_alg), S2N_ERR_INVALID_SIGNATURE_ALGORITHM); + POSIX_GUARD_OSSL(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, (EVP_MD *) (uintptr_t) digest_alg), S2N_ERR_INVALID_SIGNATURE_ALGORITHM); return 0; } @@ -142,11 +142,11 @@ int s2n_rsa_pss_sign_digest(const struct s2n_pkey *priv, s2n_hash_algorithm hash POSIX_ENSURE_REF(digest_in); POSIX_ENSURE_REF(signature_out); - const EVP_MD* digest_alg = s2n_hash_alg_to_evp_md(hash_alg); + const EVP_MD *digest_alg = s2n_hash_alg_to_evp_md(hash_alg); POSIX_ENSURE_REF(digest_alg); /* For more info see: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_sign.html */ - DEFER_CLEANUP(EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(priv->pkey, NULL), s2n_evp_pkey_ctx_free); + DEFER_CLEANUP(EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(priv->pkey, NULL), s2n_evp_pkey_ctx_free); POSIX_ENSURE_REF(ctx); size_t signature_len = signature_out->size; @@ -190,7 +190,7 @@ int s2n_rsa_pss_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest uint8_t digest_data[S2N_MAX_DIGEST_LEN]; POSIX_GUARD(s2n_hash_digest_size(digest->alg, &digest_length)); POSIX_GUARD(s2n_hash_digest(digest, digest_data, digest_length)); - const EVP_MD* digest_alg = s2n_hash_alg_to_evp_md(digest->alg); + const EVP_MD *digest_alg = s2n_hash_alg_to_evp_md(digest->alg); POSIX_ENSURE_REF(digest_alg); /* For more info see: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_verify.html */ @@ -203,7 +203,8 @@ int s2n_rsa_pss_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest POSIX_GUARD_OSSL(EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, RSA_PSS_SALTLEN_DIGEST), S2N_ERR_VERIFY_SIGNATURE); POSIX_GUARD_OSSL(EVP_PKEY_verify(ctx, signature_in->data, signature_in->size, - digest_data, digest_length), S2N_ERR_VERIFY_SIGNATURE); + digest_data, digest_length), + S2N_ERR_VERIFY_SIGNATURE); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.h b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.h index bf14928426..a1d859d22e 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa_signing.h @@ -16,16 +16,15 @@ #pragma once #include "api/s2n.h" - -#include "utils/s2n_blob.h" #include "crypto/s2n_openssl.h" #include "crypto/s2n_rsa.h" +#include "utils/s2n_blob.h" /* Check for libcrypto 1.1 for RSA PSS Signing and EV_Key usage */ #if (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 1) || defined(OPENSSL_IS_AWSLC)) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) -#define RSA_PSS_SIGNING_SUPPORTED 1 + #define RSA_PSS_SIGNING_SUPPORTED 1 #else -#define RSA_PSS_SIGNING_SUPPORTED 0 + #define RSA_PSS_SIGNING_SUPPORTED 0 #endif int s2n_rsa_pkcs1v15_sign(const struct s2n_pkey *priv, struct s2n_hash_state *digest, struct s2n_blob *signature); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_sequence.c b/contrib/restricted/aws/s2n/crypto/s2n_sequence.c index 611d7ac5b4..d7a8d95362 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_sequence.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_sequence.c @@ -15,10 +15,8 @@ #include "crypto/s2n_sequence.h" -#include "tls/s2n_crypto.h" - #include "error/s2n_errno.h" - +#include "tls/s2n_crypto.h" #include "utils/s2n_blob.h" #define SEQUENCE_NUMBER_POWER 8 @@ -52,7 +50,7 @@ int s2n_sequence_number_to_uint64(struct s2n_blob *sequence_number, uint64_t *ou *output = 0; for (uint32_t i = sequence_number->size; i > 0; i--) { - *output += ((uint64_t) sequence_number->data[i-1]) << shift; + *output += ((uint64_t) sequence_number->data[i - 1]) << shift; shift += SEQUENCE_NUMBER_POWER; } return S2N_SUCCESS; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_sequence.h b/contrib/restricted/aws/s2n/crypto/s2n_sequence.h index 6fd824458a..1ac58f38c3 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_sequence.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_sequence.h @@ -16,7 +16,6 @@ #pragma once #include "crypto/s2n_sequence.h" - #include "utils/s2n_blob.h" extern int s2n_increment_sequence_number(struct s2n_blob *sequence_number); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_signature.h b/contrib/restricted/aws/s2n/crypto/s2n_signature.h index b097e93afb..b6d64fbd39 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_signature.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_signature.h @@ -16,7 +16,12 @@ #include "tls/s2n_tls_parameters.h" -#define sig_alg_check(a, b) do { if ( (a) != (b) ) { POSIX_BAIL(S2N_ERR_INVALID_SIGNATURE_ALGORITHM); } } while(0) +#define sig_alg_check(a, b) \ + do { \ + if ((a) != (b)) { \ + POSIX_BAIL(S2N_ERR_INVALID_SIGNATURE_ALGORITHM); \ + } \ + } while (0) typedef enum { S2N_SIGNATURE_ANONYMOUS = S2N_TLS_SIGNATURE_ANONYMOUS, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c index 48b6f0dbf5..6550ed07cb 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c @@ -13,12 +13,10 @@ * permissions and limitations under the License. */ -#include "error/s2n_errno.h" - #include "crypto/s2n_cipher.h" - -#include "utils/s2n_safety.h" +#include "error/s2n_errno.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" static uint8_t s2n_stream_cipher_null_available() { @@ -54,8 +52,8 @@ const struct s2n_cipher s2n_null_cipher = { .type = S2N_STREAM, .key_material_size = 0, .io.stream = { - .decrypt = s2n_stream_cipher_null_endecrypt, - .encrypt = s2n_stream_cipher_null_endecrypt}, + .decrypt = s2n_stream_cipher_null_endecrypt, + .encrypt = s2n_stream_cipher_null_endecrypt }, .is_available = s2n_stream_cipher_null_available, .init = s2n_stream_cipher_null_init, .set_encryption_key = s2n_stream_cipher_null_get_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c index ccbfbceee5..569a11a2f9 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c @@ -18,9 +18,8 @@ #include "crypto/s2n_cipher.h" #include "crypto/s2n_fips.h" #include "crypto/s2n_openssl.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" static uint8_t s2n_stream_cipher_rc4_available() { @@ -129,8 +128,8 @@ const struct s2n_cipher s2n_rc4 = { .type = S2N_STREAM, .key_material_size = 16, .io.stream = { - .decrypt = s2n_stream_cipher_rc4_decrypt, - .encrypt = s2n_stream_cipher_rc4_encrypt}, + .decrypt = s2n_stream_cipher_rc4_decrypt, + .encrypt = s2n_stream_cipher_rc4_encrypt }, .is_available = s2n_stream_cipher_rc4_available, .init = s2n_stream_cipher_rc4_init, .set_decryption_key = s2n_stream_cipher_rc4_set_decryption_key, diff --git a/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.c b/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.c index 83d5e64951..3b5c284080 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.c @@ -13,18 +13,15 @@ * permissions and limitations under the License. */ +#include "crypto/s2n_tls13_keys.h" + #include <stdio.h> +#include "crypto/s2n_hkdf.h" +#include "crypto/s2n_hmac.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_hmac.h" -#include "crypto/s2n_hkdf.h" -#include "crypto/s2n_tls13_keys.h" - #include "utils/s2n_blob.h" -#include "utils/s2n_safety.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -114,7 +111,8 @@ int s2n_tls13_keys_init(struct s2n_tls13_keys *keys, s2n_hmac_algorithm alg) /* * Frees any allocation */ -int s2n_tls13_keys_free(struct s2n_tls13_keys *keys) { +int s2n_tls13_keys_free(struct s2n_tls13_keys *keys) +{ POSIX_ENSURE_REF(keys); POSIX_GUARD(s2n_hmac_free(&keys->hmac)); @@ -133,9 +131,9 @@ int s2n_tls13_derive_traffic_keys(struct s2n_tls13_keys *keys, struct s2n_blob * POSIX_ENSURE_REF(iv); POSIX_GUARD(s2n_hkdf_expand_label(&keys->hmac, keys->hmac_algorithm, secret, - &s2n_tls13_label_traffic_secret_key, &zero_length_blob, key)); + &s2n_tls13_label_traffic_secret_key, &zero_length_blob, key)); POSIX_GUARD(s2n_hkdf_expand_label(&keys->hmac, keys->hmac_algorithm, secret, - &s2n_tls13_label_traffic_secret_iv, &zero_length_blob, iv)); + &s2n_tls13_label_traffic_secret_iv, &zero_length_blob, iv)); return 0; } @@ -173,12 +171,12 @@ int s2n_tls13_update_application_traffic_secret(struct s2n_tls13_keys *keys, str POSIX_ENSURE_REF(new_secret); POSIX_GUARD(s2n_hkdf_expand_label(&keys->hmac, keys->hmac_algorithm, old_secret, - &s2n_tls13_label_application_traffic_secret_update, &zero_length_blob, new_secret)); + &s2n_tls13_label_application_traffic_secret_update, &zero_length_blob, new_secret)); return 0; } -S2N_RESULT s2n_tls13_derive_session_ticket_secret(struct s2n_tls13_keys *keys, struct s2n_blob *resumption_secret, +S2N_RESULT s2n_tls13_derive_session_ticket_secret(struct s2n_tls13_keys *keys, struct s2n_blob *resumption_secret, struct s2n_blob *ticket_nonce, struct s2n_blob *secret_blob) { RESULT_ENSURE_REF(keys); @@ -188,7 +186,7 @@ S2N_RESULT s2n_tls13_derive_session_ticket_secret(struct s2n_tls13_keys *keys, s /* Derive session ticket secret from master session resumption secret */ RESULT_GUARD_POSIX(s2n_hkdf_expand_label(&keys->hmac, keys->hmac_algorithm, resumption_secret, - &s2n_tls13_label_session_ticket_secret, ticket_nonce, secret_blob)); + &s2n_tls13_label_session_ticket_secret, ticket_nonce, secret_blob)); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.h b/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.h index 48ef1bf01a..5bd7455dc2 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_tls13_keys.h @@ -17,13 +17,12 @@ #include <stdint.h> -#include "crypto/s2n_hmac.h" #include "crypto/s2n_hkdf.h" +#include "crypto/s2n_hmac.h" #include "stuffer/s2n_stuffer.h" -#include "tls/s2n_tls_parameters.h" #include "tls/s2n_psk.h" +#include "tls/s2n_tls_parameters.h" #include "utils/s2n_blob.h" -#include "utils/s2n_safety.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_aead.c b/contrib/restricted/aws/s2n/tls/s2n_aead.c index 16bbee133b..61cbe78810 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_aead.c +++ b/contrib/restricted/aws/s2n/tls/s2n_aead.c @@ -14,16 +14,14 @@ */ #include "error/s2n_errno.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_mem.h" - #include "tls/s2n_connection.h" #include "tls/s2n_record.h" +#include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" /* Derive the AAD for an AEAD mode cipher suite from the connection state, per * RFC 5246 section 6.2.3.3 */ -S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad) +S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad) { RESULT_ENSURE_REF(ad); RESULT_ENSURE_GTE(ad->size, S2N_TLS_MAX_AAD_LEN); @@ -34,7 +32,7 @@ S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequen /* ad = seq_num || record_type || version || length */ size_t idx = 0; - for(; idx < S2N_TLS_SEQUENCE_NUM_LEN; idx++) { + for (; idx < S2N_TLS_SEQUENCE_NUM_LEN; idx++) { data[idx] = sequence_number[idx]; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_alerts.c b/contrib/restricted/aws/s2n/tls/s2n_alerts.c index 8431525276..49fa3ffbe3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_alerts.c +++ b/contrib/restricted/aws/s2n/tls/s2n_alerts.c @@ -13,37 +13,36 @@ * permissions and limitations under the License. */ +#include "tls/s2n_alerts.h" + #include <stdint.h> #include <sys/param.h> #include "error/s2n_errno.h" - -#include "tls/s2n_tls_parameters.h" #include "tls/s2n_connection.h" #include "tls/s2n_record.h" #include "tls/s2n_resume.h" -#include "tls/s2n_alerts.h" - -#include "utils/s2n_safety.h" +#include "tls/s2n_tls_parameters.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" -#define S2N_TLS_ALERT_LEVEL_WARNING 1 -#define S2N_TLS_ALERT_LEVEL_FATAL 2 +#define S2N_TLS_ALERT_LEVEL_WARNING 1 +#define S2N_TLS_ALERT_LEVEL_FATAL 2 #define S2N_ALERT_CASE(error, alert_code) \ - case (error): \ - *alert = (alert_code); \ + case (error): \ + *alert = (alert_code); \ return S2N_RESULT_OK #define S2N_NO_ALERT(error) \ - case (error): \ + case (error): \ RESULT_BAIL(S2N_ERR_NO_ALERT) static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t *alert) { RESULT_ENSURE_REF(alert); - switch(error_code) { + switch (error_code) { S2N_ALERT_CASE(S2N_ERR_MISSING_EXTENSION, S2N_TLS_ALERT_MISSING_EXTENSION); /* TODO: The ERR_BAD_MESSAGE -> ALERT_UNEXPECTED_MESSAGE mapping @@ -179,7 +178,7 @@ int s2n_error_get_alert(int error, uint8_t *alert) POSIX_ENSURE_REF(alert); - switch(error_type) { + switch (error_type) { case S2N_ERR_T_OK: case S2N_ERR_T_CLOSED: case S2N_ERR_T_BLOCKED: @@ -219,7 +218,6 @@ int s2n_process_alert_fragment(struct s2n_connection *conn) POSIX_GUARD(s2n_stuffer_copy(&conn->in, &conn->alert_in, bytes_to_read)); if (s2n_stuffer_data_available(&conn->alert_in) == 2) { - /* Close notifications are handled as shutdowns */ if (conn->alert_in_data[1] == S2N_TLS_ALERT_CLOSE_NOTIFY) { conn->closed = 1; @@ -255,7 +253,7 @@ int s2n_queue_writer_close_alert_warning(struct s2n_connection *conn) alert[0] = S2N_TLS_ALERT_LEVEL_WARNING; alert[1] = S2N_TLS_ALERT_CLOSE_NOTIFY; - struct s2n_blob out = {.data = alert,.size = sizeof(alert) }; + struct s2n_blob out = { .data = alert, .size = sizeof(alert) }; /* If there is an alert pending or we've already sent a close_notify, do nothing */ if (s2n_stuffer_data_available(&conn->writer_alert_out) || conn->close_notify_queued) { @@ -280,7 +278,7 @@ static int s2n_queue_reader_alert(struct s2n_connection *conn, uint8_t level, ui alert[0] = level; alert[1] = error_code; - struct s2n_blob out = {.data = alert,.size = sizeof(alert) }; + struct s2n_blob out = { .data = alert, .size = sizeof(alert) }; /* If there is an alert pending, do nothing */ if (s2n_stuffer_data_available(&conn->reader_alert_out)) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_async_pkey.c b/contrib/restricted/aws/s2n/tls/s2n_async_pkey.c index 1eb5611bd9..3010947086 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_async_pkey.c +++ b/contrib/restricted/aws/s2n/tls/s2n_async_pkey.c @@ -14,10 +14,10 @@ */ #include "tls/s2n_async_pkey.h" +#include "api/s2n.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_signature.h" #include "error/s2n_errno.h" -#include "api/s2n.h" #include "tls/s2n_connection.h" #include "tls/s2n_handshake.h" #include "utils/s2n_blob.h" @@ -27,27 +27,27 @@ struct s2n_async_pkey_decrypt_data { s2n_async_pkey_decrypt_complete on_complete; - struct s2n_blob encrypted; - struct s2n_blob decrypted; - unsigned rsa_failed : 1; + struct s2n_blob encrypted; + struct s2n_blob decrypted; + unsigned rsa_failed : 1; }; struct s2n_async_pkey_sign_data { s2n_async_pkey_sign_complete on_complete; - struct s2n_hash_state digest; - s2n_signature_algorithm sig_alg; - struct s2n_blob signature; + struct s2n_hash_state digest; + s2n_signature_algorithm sig_alg; + struct s2n_blob signature; }; struct s2n_async_pkey_op { s2n_async_pkey_op_type type; struct s2n_connection *conn; s2n_async_pkey_validation_mode validation_mode; - unsigned complete : 1; - unsigned applied : 1; + unsigned complete : 1; + unsigned applied : 1; union { struct s2n_async_pkey_decrypt_data decrypt; - struct s2n_async_pkey_sign_data sign; + struct s2n_async_pkey_sign_data sign; } op; }; @@ -65,16 +65,16 @@ static S2N_RESULT s2n_async_get_actions(s2n_async_pkey_op_type type, const struc static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op); static S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete); + struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete); static S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete); + struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete); static S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_blob *encrypted, - struct s2n_blob * init_decrypted, - s2n_async_pkey_decrypt_complete on_complete); + struct s2n_blob *init_decrypted, + s2n_async_pkey_decrypt_complete on_complete); static S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_blob *encrypted, - struct s2n_blob * init_decrypted, - s2n_async_pkey_decrypt_complete on_complete); + struct s2n_blob *init_decrypted, + s2n_async_pkey_decrypt_complete on_complete); static S2N_RESULT s2n_async_pkey_decrypt_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *pkey); static S2N_RESULT s2n_async_pkey_decrypt_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn); @@ -90,19 +90,23 @@ static S2N_RESULT s2n_async_pkey_get_input_sign(struct s2n_async_pkey_op *op, ui static S2N_RESULT s2n_async_pkey_op_set_output_sign(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len); static S2N_RESULT s2n_async_pkey_sign_free(struct s2n_async_pkey_op *op); -static const struct s2n_async_pkey_op_actions s2n_async_pkey_decrypt_op = { .perform = &s2n_async_pkey_decrypt_perform, - .apply = &s2n_async_pkey_decrypt_apply, - .get_input_size = &s2n_async_pkey_get_input_size_decrypt, - .get_input = &s2n_async_pkey_get_input_decrypt, - .set_output = &s2n_async_pkey_op_set_output_decrypt, - .free = &s2n_async_pkey_decrypt_free }; +static const struct s2n_async_pkey_op_actions s2n_async_pkey_decrypt_op = { + .perform = &s2n_async_pkey_decrypt_perform, + .apply = &s2n_async_pkey_decrypt_apply, + .get_input_size = &s2n_async_pkey_get_input_size_decrypt, + .get_input = &s2n_async_pkey_get_input_decrypt, + .set_output = &s2n_async_pkey_op_set_output_decrypt, + .free = &s2n_async_pkey_decrypt_free +}; -static const struct s2n_async_pkey_op_actions s2n_async_pkey_sign_op = { .perform = &s2n_async_pkey_sign_perform, - .apply = &s2n_async_pkey_sign_apply, - .get_input_size = &s2n_async_pkey_get_input_size_sign, - .get_input = &s2n_async_pkey_get_input_sign, - .set_output = &s2n_async_pkey_op_set_output_sign, - .free = &s2n_async_pkey_sign_free }; +static const struct s2n_async_pkey_op_actions s2n_async_pkey_sign_op = { + .perform = &s2n_async_pkey_sign_perform, + .apply = &s2n_async_pkey_sign_apply, + .get_input_size = &s2n_async_pkey_get_input_size_sign, + .get_input = &s2n_async_pkey_get_input_sign, + .set_output = &s2n_async_pkey_op_set_output_sign, + .free = &s2n_async_pkey_sign_free +}; DEFINE_POINTER_CLEANUP_FUNC(struct s2n_async_pkey_op *, s2n_async_pkey_op_free); @@ -129,7 +133,7 @@ static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op) RESULT_ENSURE(*op == NULL, S2N_ERR_SAFETY); /* allocate memory */ - DEFER_CLEANUP(struct s2n_blob mem = {0}, s2n_free); + DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); RESULT_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_async_pkey_op))); RESULT_GUARD_POSIX(s2n_blob_zero(&mem)); @@ -142,7 +146,7 @@ static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op) } S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted, - struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) + struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(encrypted); @@ -184,7 +188,7 @@ S2N_RESULT s2n_async_cb_execute(struct s2n_connection *conn, struct s2n_async_pk } S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_blob *encrypted, - struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) + struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(encrypted); @@ -199,7 +203,7 @@ S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_ op->validation_mode = conn->config->async_pkey_validation_mode; struct s2n_async_pkey_decrypt_data *decrypt = &op->op.decrypt; - decrypt->on_complete = on_complete; + decrypt->on_complete = on_complete; RESULT_GUARD_POSIX(s2n_dup(encrypted, &decrypt->encrypted)); RESULT_GUARD_POSIX(s2n_dup(init_decrypted, &decrypt->decrypted)); @@ -209,7 +213,7 @@ S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_ } S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_blob *encrypted, - struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) + struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(encrypted); @@ -225,7 +229,7 @@ S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_b } S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) + struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(digest); @@ -241,7 +245,7 @@ S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algori } S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) + struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(digest); @@ -258,8 +262,8 @@ S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_ } struct s2n_async_pkey_sign_data *sign = &op->op.sign; - sign->on_complete = on_complete; - sign->sig_alg = sig_alg; + sign->on_complete = on_complete; + sign->sig_alg = sig_alg; RESULT_GUARD_POSIX(s2n_hash_new(&sign->digest)); RESULT_GUARD_POSIX(s2n_hash_copy(&sign->digest, digest)); @@ -269,7 +273,7 @@ S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_ } S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) + struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(digest); @@ -334,7 +338,7 @@ int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection POSIX_GUARD_RESULT(actions->apply(op, conn)); - op->applied = true; + op->applied = true; conn->handshake.async_state = S2N_ASYNC_COMPLETE; /* Free up the decrypt/sign structs to avoid storing secrets for too long */ @@ -351,9 +355,11 @@ int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op) POSIX_ENSURE_REF(actions); /* If applied the decrypt/sign structs were released in apply call */ - if (!op->applied) { POSIX_GUARD_RESULT(actions->free(op)); } + if (!op->applied) { + POSIX_GUARD_RESULT(actions->free(op)); + } - POSIX_GUARD(s2n_free_object(( uint8_t ** )&op, sizeof(struct s2n_async_pkey_op))); + POSIX_GUARD(s2n_free_object((uint8_t **) &op, sizeof(struct s2n_async_pkey_op))); return S2N_SUCCESS; } @@ -442,17 +448,18 @@ S2N_RESULT s2n_async_pkey_sign_apply(struct s2n_async_pkey_op *op, struct s2n_co } S2N_RESULT s2n_async_pkey_verify_signature(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, struct s2n_blob *signature) { + struct s2n_hash_state *digest, struct s2n_blob *signature) +{ RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(conn->handshake_params.our_chain_and_key); RESULT_ENSURE_REF(digest); RESULT_ENSURE_REF(signature); /* Parse public key for the cert */ - DEFER_CLEANUP(struct s2n_pkey public_key = {0}, s2n_pkey_free); + DEFER_CLEANUP(struct s2n_pkey public_key = { 0 }, s2n_pkey_free); s2n_pkey_type pkey_type = S2N_PKEY_TYPE_UNKNOWN; RESULT_GUARD_POSIX(s2n_asn1der_to_public_key_and_type(&public_key, &pkey_type, - &conn->handshake_params.our_chain_and_key->cert_chain->head->raw)); + &conn->handshake_params.our_chain_and_key->cert_chain->head->raw)); RESULT_ENSURE(s2n_pkey_verify(&public_key, sig_alg, digest, signature) == S2N_SUCCESS, S2N_ERR_VERIFY_SIGNATURE); return S2N_RESULT_OK; @@ -474,7 +481,7 @@ int s2n_async_pkey_op_set_validation_mode(struct s2n_async_pkey_op *op, s2n_asyn { POSIX_ENSURE_REF(op); - switch(mode) { + switch (mode) { case S2N_ASYNC_PKEY_VALIDATION_FAST: case S2N_ASYNC_PKEY_VALIDATION_STRICT: op->validation_mode = mode; diff --git a/contrib/restricted/aws/s2n/tls/s2n_async_pkey.h b/contrib/restricted/aws/s2n/tls/s2n_async_pkey.h index 631a186a9a..509c39031b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_async_pkey.h +++ b/contrib/restricted/aws/s2n/tls/s2n_async_pkey.h @@ -70,8 +70,8 @@ int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *da int s2n_async_pkey_op_set_validation_mode(struct s2n_async_pkey_op *op, s2n_async_pkey_validation_mode mode); S2N_RESULT s2n_async_pkey_verify_signature(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, - struct s2n_hash_state *digest, struct s2n_blob *signature); + struct s2n_hash_state *digest, struct s2n_blob *signature); S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted, struct s2n_blob *init_decrypted, - s2n_async_pkey_decrypt_complete on_complete); + s2n_async_pkey_decrypt_complete on_complete); S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest, - s2n_async_pkey_sign_complete on_complete); + s2n_async_pkey_sign_complete on_complete); diff --git a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c index 7d9656d4d4..830f9e50d0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.c @@ -13,14 +13,13 @@ * permissions and limitations under the License. */ +#include "tls/s2n_auth_selection.h" + #include "crypto/s2n_certificate.h" #include "crypto/s2n_ecdsa.h" #include "crypto/s2n_signature.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_kex.h" -#include "tls/s2n_auth_selection.h" - #include "utils/s2n_safety.h" /* This module should contain any logic related to choosing a valid combination of @@ -42,7 +41,7 @@ int s2n_get_auth_method_for_cert_type(s2n_pkey_type cert_type, s2n_authentication_method *auth_method) { - switch(cert_type) { + switch (cert_type) { case S2N_PKEY_TYPE_RSA: case S2N_PKEY_TYPE_RSA_PSS: *auth_method = S2N_AUTHENTICATION_RSA; @@ -59,7 +58,7 @@ int s2n_get_auth_method_for_cert_type(s2n_pkey_type cert_type, s2n_authenticatio static int s2n_get_cert_type_for_sig_alg(s2n_signature_algorithm sig_alg, s2n_pkey_type *cert_type) { - switch(sig_alg) { + switch (sig_alg) { case S2N_SIGNATURE_RSA_PSS_RSAE: case S2N_SIGNATURE_RSA: *cert_type = S2N_PKEY_TYPE_RSA; diff --git a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.h b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.h index b52736d7f6..20426250dd 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_auth_selection.h +++ b/contrib/restricted/aws/s2n/tls/s2n_auth_selection.h @@ -15,14 +15,12 @@ #pragma once -#include "tls/s2n_cipher_suites.h" - #include "crypto/s2n_certificate.h" #include "crypto/s2n_signature.h" +#include "tls/s2n_cipher_suites.h" int s2n_get_auth_method_for_cert_type(s2n_pkey_type cert_type, s2n_authentication_method *auth_method); int s2n_is_cipher_suite_valid_for_auth(struct s2n_connection *conn, struct s2n_cipher_suite *cipher_suite); int s2n_is_sig_scheme_valid_for_auth(struct s2n_connection *conn, const struct s2n_signature_scheme *sig_scheme); int s2n_is_cert_type_valid_for_auth(struct s2n_connection *conn, s2n_pkey_type cert_type); int s2n_select_certs_for_server_auth(struct s2n_connection *conn, struct s2n_cert_chain_and_key **chosen_certs); - diff --git a/contrib/restricted/aws/s2n/tls/s2n_cbc.c b/contrib/restricted/aws/s2n/tls/s2n_cbc.c index 401ab76072..4022d31782 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cbc.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cbc.c @@ -13,18 +13,15 @@ * permissions and limitations under the License. */ -#include <sys/param.h> #include <stdint.h> - -#include "error/s2n_errno.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_mem.h" +#include <sys/param.h> #include "crypto/s2n_hmac.h" - +#include "error/s2n_errno.h" #include "tls/s2n_connection.h" #include "tls/s2n_record.h" +#include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" /* A TLS CBC record looks like .. * diff --git a/contrib/restricted/aws/s2n/tls/s2n_change_cipher_spec.c b/contrib/restricted/aws/s2n/tls/s2n_change_cipher_spec.c index 585be4ff54..d8ba233290 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_change_cipher_spec.c +++ b/contrib/restricted/aws/s2n/tls/s2n_change_cipher_spec.c @@ -16,17 +16,14 @@ #include <stdint.h> #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_safety.h" /* From RFC5246 7.1: https://tools.ietf.org/html/rfc5246#section-7.1 */ -#define CHANGE_CIPHER_SPEC_TYPE 1 +#define CHANGE_CIPHER_SPEC_TYPE 1 int s2n_basic_ccs_recv(struct s2n_connection *conn) { @@ -46,7 +43,7 @@ int s2n_client_ccs_recv(struct s2n_connection *conn) POSIX_GUARD(s2n_basic_ccs_recv(conn)); /* Zero the sequence number */ - struct s2n_blob seq = {.data = conn->secure->client_sequence_number,.size = sizeof(conn->secure->client_sequence_number) }; + struct s2n_blob seq = { .data = conn->secure->client_sequence_number, .size = sizeof(conn->secure->client_sequence_number) }; POSIX_GUARD(s2n_blob_zero(&seq)); /* Update the client to use the cipher-suite */ @@ -68,7 +65,7 @@ int s2n_server_ccs_recv(struct s2n_connection *conn) POSIX_GUARD(s2n_basic_ccs_recv(conn)); /* Zero the sequence number */ - struct s2n_blob seq = {.data = conn->secure->server_sequence_number,.size = sizeof(conn->secure->server_sequence_number) }; + struct s2n_blob seq = { .data = conn->secure->server_sequence_number, .size = sizeof(conn->secure->server_sequence_number) }; POSIX_GUARD(s2n_blob_zero(&seq)); /* Compute the finished message */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c index 62d5951e99..e77ca8cadb 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c @@ -14,14 +14,15 @@ */ #include "tls/s2n_cipher_preferences.h" -#include "api/s2n.h" + #include <stdint.h> #include <strings.h> + +#include "api/s2n.h" +#include "error/s2n_errno.h" #include "tls/s2n_config.h" #include "tls/s2n_kem.h" #include "tls/s2n_kex.h" - -#include "error/s2n_errno.h" #include "utils/s2n_safety.h" /* clang-format off */ @@ -1281,6 +1282,13 @@ const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021 = .allow_chacha20_boosting = false, }; +/* Duplicate of cipher_preferences_cloudfront_tls_1_2_2021 but with allow_chacha20_boosting enabled */ +const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021_chacha20_boosted = { + .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2021), + .suites = cipher_suites_cloudfront_tls_1_2_2021, + .allow_chacha20_boosting = true, +}; + /* Based on cipher_preferences_cloudfront_tls_1_0_2016, but with ordering changed and AES256-SHA256, DES-CBC3-SHA, and * RC4-MD5 added for compatibility. */ struct s2n_cipher_suite *cipher_suites_aws_crt_sdk_ssl_v3[] = { diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h index 6cfa6700a8..b52143623d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h @@ -16,6 +16,7 @@ #pragma once #include <stdint.h> + #include "tls/s2n_cipher_suites.h" #include "tls/s2n_kem.h" #include "tls/s2n_tls13.h" @@ -90,6 +91,7 @@ extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_1 extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2018; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2019; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021; +extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021_chacha20_boosted; /* CloudFront viewer facing legacy TLS 1.2 policies */ extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_ssl_v_3_legacy; diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c index f6f3cce710..c2a6e60440 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.c @@ -13,23 +13,20 @@ * permissions and limitations under the License. */ -#include <string.h> - #include <openssl/crypto.h> - -#include "error/s2n_errno.h" +#include <string.h> #include "crypto/s2n_cipher.h" #include "crypto/s2n_openssl.h" - +#include "error/s2n_errno.h" +#include "pq-crypto/s2n_pq.h" #include "tls/s2n_auth_selection.h" #include "tls/s2n_kex.h" +#include "tls/s2n_psk.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" #include "utils/s2n_safety.h" -#include "tls/s2n_psk.h" -#include "pq-crypto/s2n_pq.h" /************************* * S2n Record Algorithms * @@ -744,26 +741,26 @@ struct s2n_cipher_suite s2n_tls13_chacha20_poly1305_sha256 = { * properly initialized. */ static struct s2n_cipher_suite *s2n_all_cipher_suites[] = { - &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ - &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ - &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ - &s2n_dhe_rsa_with_3des_ede_cbc_sha, /* 0x00,0x16 */ - &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ - &s2n_dhe_rsa_with_aes_128_cbc_sha, /* 0x00,0x33 */ - &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ - &s2n_dhe_rsa_with_aes_256_cbc_sha, /* 0x00,0x39 */ - &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ - &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ - &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ - &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ - &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ - &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ - &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ - &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ - - &s2n_tls13_aes_128_gcm_sha256, /* 0x13,0x01 */ - &s2n_tls13_aes_256_gcm_sha384, /* 0x13,0x02 */ - &s2n_tls13_chacha20_poly1305_sha256, /* 0x13,0x03 */ + &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ + &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ + &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ + &s2n_dhe_rsa_with_3des_ede_cbc_sha, /* 0x00,0x16 */ + &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ + &s2n_dhe_rsa_with_aes_128_cbc_sha, /* 0x00,0x33 */ + &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ + &s2n_dhe_rsa_with_aes_256_cbc_sha, /* 0x00,0x39 */ + &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ + &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ + &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ + &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ + &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ + &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ + &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ + &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ + + &s2n_tls13_aes_128_gcm_sha256, /* 0x13,0x01 */ + &s2n_tls13_aes_256_gcm_sha384, /* 0x13,0x02 */ + &s2n_tls13_chacha20_poly1305_sha256, /* 0x13,0x03 */ &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, /* 0xC0,0x09 */ &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, /* 0xC0,0x0A */ @@ -794,22 +791,22 @@ const struct s2n_cipher_preferences cipher_preferences_test_all = { /* All TLS12 Cipher Suites */ static struct s2n_cipher_suite *s2n_all_tls12_cipher_suites[] = { - &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ - &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ - &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ - &s2n_dhe_rsa_with_3des_ede_cbc_sha, /* 0x00,0x16 */ - &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ - &s2n_dhe_rsa_with_aes_128_cbc_sha, /* 0x00,0x33 */ - &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ - &s2n_dhe_rsa_with_aes_256_cbc_sha, /* 0x00,0x39 */ - &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ - &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ - &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ - &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ - &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ - &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ - &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ - &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ + &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ + &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ + &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ + &s2n_dhe_rsa_with_3des_ede_cbc_sha, /* 0x00,0x16 */ + &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ + &s2n_dhe_rsa_with_aes_128_cbc_sha, /* 0x00,0x33 */ + &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ + &s2n_dhe_rsa_with_aes_256_cbc_sha, /* 0x00,0x39 */ + &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ + &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ + &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ + &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ + &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ + &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ + &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ + &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, /* 0xC0,0x09 */ &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, /* 0xC0,0x0A */ @@ -840,25 +837,25 @@ const struct s2n_cipher_preferences cipher_preferences_test_all_tls12 = { * in order of IANA value. Exposed for the "test_all_fips" cipher preference list. */ static struct s2n_cipher_suite *s2n_all_fips_cipher_suites[] = { - &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ - &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ - &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ - &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ - &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ - &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ - &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ - &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ - &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ - &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ - &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ - &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, /* 0xC0,0x23 */ - &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, /* 0xC0,0x24 */ - &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, /* 0xC0,0x27 */ - &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, /* 0xC0,0x28 */ - &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, /* 0xC0,0x2B */ - &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, /* 0xC0,0x2C */ - &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, /* 0xC0,0x2F */ - &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, /* 0xC0,0x30 */ + &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ + &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ + &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ + &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ + &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ + &s2n_dhe_rsa_with_aes_128_cbc_sha256, /* 0x00,0x67 */ + &s2n_dhe_rsa_with_aes_256_cbc_sha256, /* 0x00,0x6B */ + &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ + &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ + &s2n_dhe_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9E */ + &s2n_dhe_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9F */ + &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, /* 0xC0,0x23 */ + &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, /* 0xC0,0x24 */ + &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, /* 0xC0,0x27 */ + &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, /* 0xC0,0x28 */ + &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, /* 0xC0,0x2B */ + &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, /* 0xC0,0x2C */ + &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, /* 0xC0,0x2F */ + &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, /* 0xC0,0x30 */ }; /* All supported FIPS ciphers. Exposed for integration testing. */ @@ -888,16 +885,16 @@ const struct s2n_cipher_preferences cipher_preferences_test_all_ecdsa = { /* All cipher suites that uses RSA key exchange. Exposed for unit or integration tests. */ static struct s2n_cipher_suite *s2n_all_rsa_kex_cipher_suites[] = { - &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ - &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ - &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ - &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ - &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ - &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ - &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ - &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ - &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ - &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ + &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ + &s2n_rsa_with_rc4_128_md5, /* 0x00,0x04 */ + &s2n_rsa_with_rc4_128_sha, /* 0x00,0x05 */ + &s2n_rsa_with_3des_ede_cbc_sha, /* 0x00,0x0A */ + &s2n_rsa_with_aes_128_cbc_sha, /* 0x00,0x2F */ + &s2n_rsa_with_aes_256_cbc_sha, /* 0x00,0x35 */ + &s2n_rsa_with_aes_128_cbc_sha256, /* 0x00,0x3C */ + &s2n_rsa_with_aes_256_cbc_sha256, /* 0x00,0x3D */ + &s2n_rsa_with_aes_128_gcm_sha256, /* 0x00,0x9C */ + &s2n_rsa_with_aes_256_gcm_sha384, /* 0x00,0x9D */ }; /* Cipher preferences with rsa key exchange. Exposed for unit and integration tests. */ @@ -952,9 +949,9 @@ const struct s2n_cipher_preferences cipher_preferences_test_ecdsa_priority = { }; static struct s2n_cipher_suite *s2n_all_tls13_cipher_suites[] = { - &s2n_tls13_aes_128_gcm_sha256, /* 0x13,0x01 */ - &s2n_tls13_aes_256_gcm_sha384, /* 0x13,0x02 */ - &s2n_tls13_chacha20_poly1305_sha256, /* 0x13,0x03 */ + &s2n_tls13_aes_128_gcm_sha256, /* 0x13,0x01 */ + &s2n_tls13_aes_256_gcm_sha384, /* 0x13,0x02 */ + &s2n_tls13_chacha20_poly1305_sha256, /* 0x13,0x03 */ }; const struct s2n_cipher_preferences cipher_preferences_test_all_tls13 = { @@ -964,7 +961,8 @@ const struct s2n_cipher_preferences cipher_preferences_test_all_tls13 = { static bool should_init_crypto = true; static bool crypto_initialized = false; -int s2n_crypto_disable_init(void) { +int s2n_crypto_disable_init(void) +{ POSIX_ENSURE(!crypto_initialized, S2N_ERR_INITIALIZED); should_init_crypto = false; return S2N_SUCCESS; @@ -1004,7 +1002,7 @@ int s2n_cipher_suites_init(void) struct s2n_blob new_suite_mem = { 0 }; POSIX_GUARD(s2n_dup(&cur_suite_mem, &new_suite_mem)); - struct s2n_cipher_suite *new_suite = (struct s2n_cipher_suite *)(void *)new_suite_mem.data; + struct s2n_cipher_suite *new_suite = (struct s2n_cipher_suite *) (void *) new_suite_mem.data; new_suite->available = 1; new_suite->record_alg = cur_suite->sslv3_record_alg; cur_suite->sslv3_cipher_suite = new_suite; @@ -1038,7 +1036,7 @@ S2N_RESULT s2n_cipher_suites_cleanup(void) /* Release custom SSLv3 cipher suites */ if (cur_suite->sslv3_cipher_suite != cur_suite) { - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&cur_suite->sslv3_cipher_suite, sizeof(struct s2n_cipher_suite))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &cur_suite->sslv3_cipher_suite, sizeof(struct s2n_cipher_suite))); } cur_suite->sslv3_cipher_suite = NULL; } @@ -1130,7 +1128,7 @@ int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_C **/ if (conn->psk_params.chosen_psk) { POSIX_ENSURE(cipher_suite->prf_alg == conn->psk_params.chosen_psk->hmac_alg, - S2N_ERR_CIPHER_NOT_SUPPORTED); + S2N_ERR_CIPHER_NOT_SUPPORTED); } /** @@ -1169,7 +1167,8 @@ static int s2n_wire_ciphers_contain(const uint8_t *match, const uint8_t *wire, u return 0; } -bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite) { +bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite) +{ return cipher_suite && cipher_suite->record_alg && cipher_suite->record_alg->cipher == &s2n_chacha20_poly1305; } @@ -1177,7 +1176,8 @@ bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite) { * preferred cipher suite, then we have mutual chacha20 boosting support. */ static S2N_RESULT s2n_validate_chacha20_boosting(const struct s2n_cipher_preferences *cipher_preferences, const uint8_t *wire, - uint32_t cipher_suite_len) { + uint32_t cipher_suite_len) +{ RESULT_ENSURE_REF(cipher_preferences); RESULT_ENSURE_REF(wire); @@ -1324,7 +1324,7 @@ static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, } continue; } - + conn->secure->cipher_suite = match; return S2N_SUCCESS; } @@ -1356,7 +1356,7 @@ int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uin bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher) { - if(!cipher) { + if (!cipher) { return false; } @@ -1375,7 +1375,7 @@ bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher) bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher) { - if(!cipher) { + if (!cipher) { return false; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h index f00fa19a14..0d51eefb33 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h @@ -15,25 +15,24 @@ #pragma once -#include "tls/s2n_tls_parameters.h" -#include "tls/s2n_connection.h" -#include "tls/s2n_crypto.h" +#include <stdint.h> #include "crypto/s2n_certificate.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - -#include <stdint.h> +#include "tls/s2n_connection.h" +#include "tls/s2n_crypto.h" +#include "tls/s2n_tls_parameters.h" /* Key exchange flags that can be OR'ed */ -#define S2N_KEY_EXCHANGE_DH 0x01 /* Diffie-Hellman key exchange, including ephemeral */ -#define S2N_KEY_EXCHANGE_EPH 0x02 /* Ephemeral key exchange */ -#define S2N_KEY_EXCHANGE_ECC 0x04 /* Elliptic curve cryptography */ +#define S2N_KEY_EXCHANGE_DH 0x01 /* Diffie-Hellman key exchange, including ephemeral */ +#define S2N_KEY_EXCHANGE_EPH 0x02 /* Ephemeral key exchange */ +#define S2N_KEY_EXCHANGE_ECC 0x04 /* Elliptic curve cryptography */ -#define S2N_MAX_POSSIBLE_RECORD_ALGS 2 +#define S2N_MAX_POSSIBLE_RECORD_ALGS 2 /* Kept up-to-date by s2n_cipher_suite_test */ -#define S2N_CIPHER_SUITE_COUNT 37 +#define S2N_CIPHER_SUITE_COUNT 37 /* Record algorithm flags that can be OR'ed */ #define S2N_TLS12_AES_GCM_AEAD_NONCE 0x01 @@ -88,7 +87,7 @@ extern const struct s2n_record_algorithm s2n_tls13_record_alg_chacha20_poly1305; struct s2n_cipher_suite { /* Is there an implementation available? Set in s2n_cipher_suites_init() */ - unsigned int available:1; + unsigned int available : 1; /* Cipher name in Openssl format */ const char *name; @@ -163,7 +162,7 @@ S2N_RESULT s2n_cipher_suites_cleanup(void); S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t *iana, size_t iana_len, struct s2n_cipher_suite **cipher_suite); bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite); extern int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_CIPHER_SUITE_LEN]); -extern int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t * wire, uint16_t count); -extern int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t * wire, uint16_t count); +extern int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); +extern int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher); bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_cert.c b/contrib/restricted/aws/s2n/tls/s2n_client_cert.c index 6795ea8626..d541537c54 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_cert.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_cert.c @@ -14,16 +14,13 @@ */ #include "api/s2n.h" - #include "crypto/s2n_certificate.h" #include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_cipher_suites.h" -#include "tls/s2n_connection.h" #include "tls/s2n_config.h" +#include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" @@ -74,7 +71,7 @@ static S2N_RESULT s2n_client_cert_chain_store(struct s2n_connection *conn, struc uint32_t cert_size = 0; uint16_t extensions_size = 0; - while(s2n_stuffer_data_available(&cert_chain_in)) { + while (s2n_stuffer_data_available(&cert_chain_in)) { RESULT_GUARD_POSIX(s2n_stuffer_read_uint24(&cert_chain_in, &cert_size)); RESULT_GUARD_POSIX(s2n_stuffer_write_uint24(&cert_chain_out, cert_size)); RESULT_GUARD_POSIX(s2n_stuffer_copy(&cert_chain_in, &cert_chain_out, cert_size)); @@ -98,11 +95,11 @@ int s2n_client_cert_recv(struct s2n_connection *conn) if (conn->actual_protocol_version == S2N_TLS13) { uint8_t certificate_request_context_len; POSIX_GUARD(s2n_stuffer_read_uint8(&conn->handshake.io, &certificate_request_context_len)); - S2N_ERROR_IF(certificate_request_context_len != 0,S2N_ERR_BAD_MESSAGE); + S2N_ERROR_IF(certificate_request_context_len != 0, S2N_ERR_BAD_MESSAGE); } struct s2n_stuffer *in = &conn->handshake.io; - struct s2n_blob client_cert_chain = {0}; + struct s2n_blob client_cert_chain = { 0 }; POSIX_GUARD(s2n_stuffer_read_uint24(in, &client_cert_chain.size)); @@ -127,7 +124,7 @@ int s2n_client_cert_recv(struct s2n_connection *conn) conn->handshake_params.client_cert_pkey_type = pkey_type; POSIX_GUARD(s2n_pkey_setup_for_type(&public_key, pkey_type)); - + POSIX_GUARD(s2n_pkey_check_key_exists(&public_key)); POSIX_GUARD_RESULT(s2n_client_cert_chain_store(conn, &client_cert_chain)); conn->handshake_params.client_public_key = public_key; @@ -135,7 +132,6 @@ int s2n_client_cert_recv(struct s2n_connection *conn) return S2N_SUCCESS; } - int s2n_client_cert_send(struct s2n_connection *conn) { struct s2n_cert_chain_and_key *chain_and_key = conn->handshake_params.our_chain_and_key; diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c b/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c index 5327b5bc7e..d15b4d9f53 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_cert_verify.c @@ -14,18 +14,14 @@ */ #include "api/s2n.h" - #include "error/s2n_errno.h" - -#include "tls/s2n_connection.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_async_pkey.h" #include "tls/s2n_config.h" +#include "tls/s2n_connection.h" #include "tls/s2n_signature_algorithms.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_safety.h" -#include "tls/s2n_async_pkey.h" static int s2n_client_cert_verify_send_complete(struct s2n_connection *conn, struct s2n_blob *signature); @@ -46,7 +42,7 @@ int s2n_client_cert_verify_recv(struct s2n_connection *conn) } uint16_t signature_size; - struct s2n_blob signature = {0}; + struct s2n_blob signature = { 0 }; POSIX_GUARD(s2n_stuffer_read_uint16(in, &signature_size)); signature.size = signature_size; signature.data = s2n_stuffer_raw_read(in, signature.size); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_finished.c b/contrib/restricted/aws/s2n/tls/s2n_client_finished.c index 306f9b9ad7..b805a186a6 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_finished.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_finished.c @@ -16,13 +16,10 @@ #include <stdint.h> #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13_handshake.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_safety.h" S2N_RESULT s2n_finished_recv(struct s2n_connection *conn, uint8_t *our_version); @@ -51,14 +48,15 @@ int s2n_client_finished_send(struct s2n_connection *conn) return S2N_SUCCESS; } -int s2n_tls13_client_finished_recv(struct s2n_connection *conn) { +int s2n_tls13_client_finished_recv(struct s2n_connection *conn) +{ POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13); uint8_t length = s2n_stuffer_data_available(&conn->handshake.io); S2N_ERROR_IF(length == 0, S2N_ERR_BAD_MESSAGE); /* read finished mac from handshake */ - struct s2n_blob wire_finished_mac = {0}; + struct s2n_blob wire_finished_mac = { 0 }; s2n_blob_init(&wire_finished_mac, s2n_stuffer_raw_read(&conn->handshake.io, length), length); /* get tls13 keys */ @@ -69,7 +67,7 @@ int s2n_tls13_client_finished_recv(struct s2n_connection *conn) { struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace; POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state)); - struct s2n_blob finished_key = {0}; + struct s2n_blob finished_key = { 0 }; POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.client_finished, keys.size)); s2n_tls13_key_blob(client_finished_mac, keys.size); @@ -80,7 +78,8 @@ int s2n_tls13_client_finished_recv(struct s2n_connection *conn) { return 0; } -int s2n_tls13_client_finished_send(struct s2n_connection *conn) { +int s2n_tls13_client_finished_send(struct s2n_connection *conn) +{ POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13); /* get tls13 keys */ @@ -92,7 +91,7 @@ int s2n_tls13_client_finished_send(struct s2n_connection *conn) { POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state)); /* look up finished secret key */ - struct s2n_blob finished_key = {0}; + struct s2n_blob finished_key = { 0 }; POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.client_finished, keys.size)); /* generate the hashed message authenticated code */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c index e9d5bb6adf..c4b67f85eb 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.c @@ -13,38 +13,35 @@ * permissions and limitations under the License. */ -#include <sys/param.h> -#include <time.h> +#include "tls/s2n_client_hello.h" + #include <stdint.h> #include <stdlib.h> +#include <sys/param.h> +#include <time.h> #include "crypto/s2n_fips.h" - -#include "error/s2n_errno.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_rsa_signing.h" - +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_list.h" #include "tls/extensions/s2n_server_key_share.h" +#include "tls/s2n_alerts.h" #include "tls/s2n_auth_selection.h" #include "tls/s2n_cipher_preferences.h" -#include "tls/s2n_security_policies.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_client_hello.h" -#include "tls/s2n_alerts.h" #include "tls/s2n_handshake_type.h" +#include "tls/s2n_security_policies.h" #include "tls/s2n_signature_algorithms.h" #include "tls/s2n_tls.h" -#include "tls/s2n_security_policies.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_bitmap.h" #include "utils/s2n_random.h" #include "utils/s2n_safety.h" -struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn) { +struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn) +{ if (conn->client_hello.callback_invoked != 1) { return NULL; } @@ -52,7 +49,8 @@ struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection * return &conn->client_hello; } -static uint32_t min_size(struct s2n_blob *blob, uint32_t max_length) { +static uint32_t min_size(struct s2n_blob *blob, uint32_t max_length) +{ return blob->size < max_length ? blob->size : max_length; } @@ -76,7 +74,7 @@ static S2N_RESULT s2n_generate_client_session_id(struct s2n_connection *conn) return S2N_RESULT_OK; } - struct s2n_blob session_id = {0}; + struct s2n_blob session_id = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&session_id, conn->session_id, S2N_TLS_SESSION_ID_MAX_LEN)); RESULT_GUARD(s2n_get_public_random_data(&session_id)); conn->session_id_len = S2N_TLS_SESSION_ID_MAX_LEN; @@ -84,7 +82,8 @@ static S2N_RESULT s2n_generate_client_session_id(struct s2n_connection *conn) return S2N_RESULT_OK; } -ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch) { +ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch) +{ POSIX_ENSURE_REF(ch); return ch->raw_message.size; @@ -100,7 +99,8 @@ ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *o return len; } -ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch) { +ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch) +{ POSIX_ENSURE_REF(ch); return ch->cipher_suites.size; @@ -110,8 +110,7 @@ int s2n_client_hello_cb_done(struct s2n_connection *conn) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->config); - POSIX_ENSURE(conn->config->client_hello_cb_mode == - S2N_CLIENT_HELLO_CB_NONBLOCKING, S2N_ERR_INVALID_STATE); + POSIX_ENSURE(conn->config->client_hello_cb_mode == S2N_CLIENT_HELLO_CB_NONBLOCKING, S2N_ERR_INVALID_STATE); POSIX_ENSURE(conn->client_hello.callback_invoked == 1, S2N_ERR_ASYNC_NOT_PERFORMED); POSIX_ENSURE(conn->client_hello.parsed == 1, S2N_ERR_INVALID_STATE); @@ -134,7 +133,8 @@ ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t return len; } -ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch) { +ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch) +{ POSIX_ENSURE_REF(ch); return ch->extensions.raw.size; @@ -183,7 +183,6 @@ int s2n_collect_client_hello(struct s2n_connection *conn, struct s2n_stuffer *so return 0; } - static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn, struct s2n_client_hello *old_ch, struct s2n_client_hello *new_ch, uint8_t *previous_client_random) @@ -214,10 +213,10 @@ static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn, size_t verify_len = old_msg_len - old_extensions_len; RESULT_ENSURE_LTE(verify_len, new_ch->raw_message.size); RESULT_ENSURE(s2n_constant_time_equals( - old_ch->raw_message.data, - new_ch->raw_message.data, - verify_len - ), S2N_ERR_BAD_MESSAGE); + old_ch->raw_message.data, + new_ch->raw_message.data, + verify_len), + S2N_ERR_BAD_MESSAGE); /* * We need to verify the client random separately @@ -225,10 +224,10 @@ static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn, * Compare the old value to the current value. */ RESULT_ENSURE(s2n_constant_time_equals( - previous_client_random, - conn->handshake_params.client_random, - S2N_TLS_RANDOM_DATA_LEN - ), S2N_ERR_BAD_MESSAGE); + previous_client_random, + conn->handshake_params.client_random, + S2N_TLS_RANDOM_DATA_LEN), + S2N_ERR_BAD_MESSAGE); /* * Now enforce that the extensions also exactly match, @@ -252,7 +251,7 @@ static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn, continue; } - switch(extension_type) { + switch (extension_type) { /* *= https://tools.ietf.org/rfc/rfc8446#section-4.1.2 *# - If a "key_share" extension was supplied in the HelloRetryRequest, @@ -295,10 +294,10 @@ static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn, default: RESULT_ENSURE(old_size == new_size, S2N_ERR_BAD_MESSAGE); RESULT_ENSURE(s2n_constant_time_equals( - new_extension->extension.data, - old_extension->extension.data, - old_size - ), S2N_ERR_BAD_MESSAGE); + new_extension->extension.data, + old_extension->extension.data, + old_size), + S2N_ERR_BAD_MESSAGE); } } @@ -444,9 +443,7 @@ int s2n_process_client_hello(struct s2n_connection *conn) POSIX_GUARD(s2n_set_cipher_as_tls_server(conn, client_hello->cipher_suites.data, client_hello->cipher_suites.size / 2)); /* Check if this is the second client hello in a hello retry handshake */ - if (s2n_is_hello_retry_handshake(conn) && - conn->handshake.message_number > 0) { - + if (s2n_is_hello_retry_handshake(conn) && conn->handshake.message_number > 0) { /** *= https://tools.ietf.org/rfc/rfc8446#4.1.4 *# Servers MUST ensure that they negotiate the @@ -455,7 +452,8 @@ int s2n_process_client_hello(struct s2n_connection *conn) *# negotiation, then this will happen automatically). **/ POSIX_ENSURE(s2n_constant_time_equals(previous_cipher_suite_iana, conn->secure->cipher_suite->iana_value, - S2N_TLS_CIPHER_SUITE_LEN),S2N_ERR_BAD_MESSAGE); + S2N_TLS_CIPHER_SUITE_LEN), + S2N_ERR_BAD_MESSAGE); } /* If we're using a PSK, we don't need to choose a signature algorithm or certificate, @@ -466,8 +464,8 @@ int s2n_process_client_hello(struct s2n_connection *conn) /* And set the signature and hash algorithm used for key exchange signatures */ POSIX_GUARD(s2n_choose_sig_scheme_from_peer_preference_list(conn, - &conn->handshake_params.client_sig_hash_algs, - &conn->handshake_params.conn_sig_scheme)); + &conn->handshake_params.client_sig_hash_algs, + &conn->handshake_params.conn_sig_scheme)); /* And finally, set the certs specified by the final auth + sig_alg combo. */ POSIX_GUARD(s2n_select_certs_for_server_auth(conn, &conn->handshake_params.our_chain_and_key)); @@ -480,14 +478,14 @@ static S2N_RESULT s2n_client_hello_process_cb_response(struct s2n_connection *co if (rc < 0) { goto fail; } - switch(conn->config->client_hello_cb_mode) { - case S2N_CLIENT_HELLO_CB_BLOCKING : { - if(rc) { + switch (conn->config->client_hello_cb_mode) { + case S2N_CLIENT_HELLO_CB_BLOCKING: { + if (rc) { conn->server_name_used = 1; } return S2N_RESULT_OK; } - case S2N_CLIENT_HELLO_CB_NONBLOCKING : { + case S2N_CLIENT_HELLO_CB_NONBLOCKING: { if (conn->client_hello.callback_async_done) { return S2N_RESULT_OK; } @@ -501,7 +499,8 @@ fail: RESULT_BAIL(S2N_ERR_CANCELLED); } -bool s2n_client_hello_invoke_callback(struct s2n_connection *conn) { +bool s2n_client_hello_invoke_callback(struct s2n_connection *conn) +{ /* Invoke only if the callback has not been called or if polling mode is enabled */ bool invoke = !conn->client_hello.callback_invoked || conn->config->client_hello_cb_enable_poll; /* @@ -568,7 +567,7 @@ int s2n_client_hello_send(struct s2n_connection *conn) } struct s2n_stuffer *out = &conn->handshake.io; - uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = {0}; + uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = { 0 }; uint8_t reported_protocol_version = MIN(conn->client_protocol_version, S2N_TLS12); client_protocol_version[0] = reported_protocol_version / 10; @@ -703,7 +702,7 @@ int s2n_sslv2_client_hello_recv(struct s2n_connection *conn) conn->session_id_len = (uint8_t) session_id_length; } - struct s2n_blob b = {0}; + struct s2n_blob b = { 0 }; POSIX_GUARD(s2n_blob_init(&b, conn->handshake_params.client_random, S2N_TLS_RANDOM_DATA_LEN)); b.data += S2N_TLS_RANDOM_DATA_LEN - challenge_length; @@ -785,7 +784,7 @@ static S2N_RESULT s2n_client_hello_get_raw_extension(uint16_t extension_iana, RESULT_ENSURE_REF(raw_extensions); RESULT_ENSURE_REF(extension); - *extension = (struct s2n_blob) { 0 }; + *extension = (struct s2n_blob){ 0 }; struct s2n_stuffer raw_extensions_stuffer = { 0 }; RESULT_GUARD_POSIX(s2n_stuffer_init(&raw_extensions_stuffer, raw_extensions)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.h b/contrib/restricted/aws/s2n/tls/s2n_client_hello.h index 1d6afd95d5..07a0cbf478 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.h +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.h @@ -16,11 +16,10 @@ #pragma once #include <stdint.h> -#include "api/s2n.h" +#include "api/s2n.h" #include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_list.h" - #include "utils/s2n_array.h" /* * the 'data' pointers in the below blobs @@ -33,9 +32,9 @@ struct s2n_client_hello { struct s2n_blob cipher_suites; struct s2n_blob session_id; - unsigned int callback_invoked:1; - unsigned int callback_async_blocked:1; - unsigned int callback_async_done:1; + unsigned int callback_invoked : 1; + unsigned int callback_async_blocked : 1; + unsigned int callback_async_done : 1; /* * Marks if the client hello has been parsed. * @@ -43,7 +42,7 @@ struct s2n_client_hello { * two different client_hello during a single handshake if the server * issues a hello retry. */ - unsigned int parsed:1; + unsigned int parsed : 1; }; int s2n_client_hello_free(struct s2n_client_hello *client_hello); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello_request.c b/contrib/restricted/aws/s2n/tls/s2n_client_hello_request.c index 188f9440cc..699018f575 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello_request.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello_request.c @@ -14,7 +14,6 @@ */ #include "api/s2n.h" - #include "tls/s2n_alerts.h" #include "tls/s2n_connection.h" #include "utils/s2n_safety.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c index 16704d1726..bfd22667f9 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.c @@ -14,27 +14,23 @@ */ #include <sys/param.h> -#include "api/s2n.h" +#include "api/s2n.h" +#include "crypto/s2n_dhe.h" +#include "crypto/s2n_pkey.h" +#include "crypto/s2n_rsa.h" #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_async_pkey.h" -#include "tls/s2n_handshake.h" -#include "tls/s2n_kem.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" +#include "tls/s2n_handshake.h" +#include "tls/s2n_kem.h" #include "tls/s2n_kex.h" #include "tls/s2n_key_log.h" #include "tls/s2n_resume.h" - -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_dhe.h" -#include "crypto/s2n_rsa.h" -#include "crypto/s2n_pkey.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_random.h" +#include "utils/s2n_safety.h" #define get_client_hello_protocol_version(conn) (conn->client_hello_version == S2N_SSLv2 ? conn->client_protocol_version : conn->client_hello_version) @@ -61,7 +57,7 @@ static int s2n_hybrid_client_action(struct s2n_connection *conn, struct s2n_blob POSIX_ENSURE_REF(client_key_exchange_message->data); const uint32_t start_cursor = *cursor; - DEFER_CLEANUP(struct s2n_blob shared_key_0 = {0}, s2n_free); + DEFER_CLEANUP(struct s2n_blob shared_key_0 = { 0 }, s2n_free); POSIX_GUARD_RESULT(kex_method(hybrid_kex_0, conn, &shared_key_0)); struct s2n_blob *shared_key_1 = &(conn->kex_params.kem_params.shared_secret); @@ -72,7 +68,7 @@ static int s2n_hybrid_client_action(struct s2n_connection *conn, struct s2n_blob client_key_exchange_message->size = end_cursor - start_cursor; POSIX_GUARD(s2n_alloc(combined_shared_key, shared_key_0.size + shared_key_1->size)); - struct s2n_stuffer stuffer_combiner = {0}; + struct s2n_stuffer stuffer_combiner = { 0 }; POSIX_GUARD(s2n_stuffer_init(&stuffer_combiner, combined_shared_key)); POSIX_GUARD(s2n_stuffer_write(&stuffer_combiner, &shared_key_0)); POSIX_GUARD(s2n_stuffer_write(&stuffer_combiner, shared_key_1)); @@ -134,7 +130,7 @@ int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared client_hello_protocol_version[1] = legacy_client_hello_protocol_version % 10; /* Decrypt the pre-master secret */ - struct s2n_blob encrypted = {.size = length, .data = s2n_stuffer_raw_read(in, length)}; + struct s2n_blob encrypted = { .size = length, .data = s2n_stuffer_raw_read(in, length) }; POSIX_ENSURE_REF(encrypted.data); POSIX_ENSURE_GT(encrypted.size, 0); @@ -279,7 +275,7 @@ int s2n_rsa_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared POSIX_GUARD(s2n_stuffer_write_uint16(&conn->handshake.io, encrypted_size)); } - struct s2n_blob encrypted = {0}; + struct s2n_blob encrypted = { 0 }; encrypted.data = s2n_stuffer_raw_write(&conn->handshake.io, encrypted_size); encrypted.size = encrypted_size; POSIX_ENSURE_REF(encrypted.data); @@ -315,7 +311,7 @@ int s2n_kem_client_key_send(struct s2n_connection *conn, struct s2n_blob *shared int s2n_hybrid_client_key_send(struct s2n_connection *conn, struct s2n_blob *combined_shared_key) { return s2n_hybrid_client_action(conn, combined_shared_key, &s2n_kex_client_key_send, &conn->handshake.io.write_cursor, - s2n_stuffer_raw_write); + s2n_stuffer_raw_write); } int s2n_client_key_send(struct s2n_connection *conn) diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.h b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.h index 5389988dcc..4b1f91f8f5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.h +++ b/contrib/restricted/aws/s2n/tls/s2n_client_key_exchange.h @@ -30,6 +30,6 @@ int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared int s2n_kem_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_hybrid_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key); -int s2n_dhe_client_key_external(struct s2n_connection * conn, struct s2n_blob* shared_key); -int s2n_ecdhe_client_key_external(struct s2n_connection * conn, struct s2n_blob* shared_key); +int s2n_dhe_client_key_external(struct s2n_connection *conn, struct s2n_blob *shared_key); +int s2n_ecdhe_client_key_external(struct s2n_connection *conn, struct s2n_blob *shared_key); int s2n_rsa_client_key_external(struct s2n_connection *conn, struct s2n_blob *shared_key); diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c index 48fb0f0ece..6d6d2c1b4f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.c +++ b/contrib/restricted/aws/s2n/tls/s2n_config.c @@ -16,35 +16,33 @@ #include <strings.h> #include <time.h> -#include "error/s2n_errno.h" - #include "crypto/s2n_certificate.h" #include "crypto/s2n_fips.h" - +#include "crypto/s2n_hkdf.h" +#include "error/s2n_errno.h" #include "tls/s2n_cipher_preferences.h" #include "tls/s2n_internal.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls13.h" -#include "utils/s2n_safety.h" -#include "crypto/s2n_hkdf.h" -#include "utils/s2n_map.h" #include "utils/s2n_blob.h" +#include "utils/s2n_map.h" +#include "utils/s2n_safety.h" #if defined(CLOCK_MONOTONIC_RAW) -#define S2N_CLOCK_HW CLOCK_MONOTONIC_RAW + #define S2N_CLOCK_HW CLOCK_MONOTONIC_RAW #else -#define S2N_CLOCK_HW CLOCK_MONOTONIC + #define S2N_CLOCK_HW CLOCK_MONOTONIC #endif #define S2N_CLOCK_SYS CLOCK_REALTIME static int monotonic_clock(void *data, uint64_t *nanoseconds) { - struct timespec current_time = {0}; + struct timespec current_time = { 0 }; POSIX_GUARD(clock_gettime(S2N_CLOCK_HW, ¤t_time)); - *nanoseconds = (uint64_t)current_time.tv_sec * 1000000000ull; + *nanoseconds = (uint64_t) current_time.tv_sec * 1000000000ull; *nanoseconds += current_time.tv_nsec; return 0; @@ -52,19 +50,19 @@ static int monotonic_clock(void *data, uint64_t *nanoseconds) static int wall_clock(void *data, uint64_t *nanoseconds) { - struct timespec current_time = {0}; + struct timespec current_time = { 0 }; POSIX_GUARD(clock_gettime(S2N_CLOCK_SYS, ¤t_time)); - *nanoseconds = (uint64_t)current_time.tv_sec * 1000000000ull; + *nanoseconds = (uint64_t) current_time.tv_sec * 1000000000ull; *nanoseconds += current_time.tv_nsec; return 0; } -static struct s2n_config s2n_default_config = {0}; -static struct s2n_config s2n_default_fips_config = {0}; -static struct s2n_config s2n_default_tls13_config = {0}; +static struct s2n_config s2n_default_config = { 0 }; +static struct s2n_config s2n_default_fips_config = { 0 }; +static struct s2n_config s2n_default_tls13_config = { 0 }; static int s2n_config_setup_default(struct s2n_config *config) { @@ -135,8 +133,8 @@ static int s2n_config_cleanup(struct s2n_config *config) } static int s2n_config_update_domain_name_to_cert_map(struct s2n_config *config, - struct s2n_blob *name, - struct s2n_cert_chain_and_key *cert_key_pair) + struct s2n_blob *name, + struct s2n_cert_chain_and_key *cert_key_pair) { POSIX_ENSURE_REF(config); POSIX_ENSURE_REF(name); @@ -151,7 +149,7 @@ static int s2n_config_update_domain_name_to_cert_map(struct s2n_config *config, bool key_found = false; POSIX_GUARD_RESULT(s2n_map_lookup(domain_name_to_cert_map, name, &s2n_map_value, &key_found)); if (!key_found) { - struct certs_by_type value = {{ 0 }}; + struct certs_by_type value = { { 0 } }; value.certs[cert_type] = cert_key_pair; s2n_map_value.data = (uint8_t *) &value; s2n_map_value.size = sizeof(struct certs_by_type); @@ -185,7 +183,6 @@ static int s2n_config_update_domain_name_to_cert_map(struct s2n_config *config, static int s2n_config_build_domain_name_to_cert_map(struct s2n_config *config, struct s2n_cert_chain_and_key *cert_key_pair) { - uint32_t cn_len = 0; POSIX_GUARD_RESULT(s2n_array_num_elements(cert_key_pair->cn_names, &cn_len)); uint32_t san_len = 0; @@ -194,13 +191,13 @@ static int s2n_config_build_domain_name_to_cert_map(struct s2n_config *config, s if (san_len == 0) { for (uint32_t i = 0; i < cn_len; i++) { struct s2n_blob *cn_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(cert_key_pair->cn_names, i, (void **)&cn_name)); + POSIX_GUARD_RESULT(s2n_array_get(cert_key_pair->cn_names, i, (void **) &cn_name)); POSIX_GUARD(s2n_config_update_domain_name_to_cert_map(config, cn_name, cert_key_pair)); } } else { for (uint32_t i = 0; i < san_len; i++) { struct s2n_blob *san_name = NULL; - POSIX_GUARD_RESULT(s2n_array_get(cert_key_pair->san_names, i, (void **)&san_name)); + POSIX_GUARD_RESULT(s2n_array_get(cert_key_pair->san_names, i, (void **) &san_name)); POSIX_GUARD(s2n_config_update_domain_name_to_cert_map(config, san_name, cert_key_pair)); } } @@ -257,13 +254,13 @@ void s2n_wipe_static_configs(void) struct s2n_config *s2n_config_new(void) { - struct s2n_blob allocator = {0}; + struct s2n_blob allocator = { 0 }; struct s2n_config *new_config; PTR_GUARD_POSIX(s2n_alloc(&allocator, sizeof(struct s2n_config))); PTR_GUARD_POSIX(s2n_blob_zero(&allocator)); - new_config = (struct s2n_config *)(void *)allocator.data; + new_config = (struct s2n_config *) (void *) allocator.data; if (s2n_config_init(new_config) != S2N_SUCCESS) { s2n_free(&allocator); return NULL; @@ -289,11 +286,11 @@ static int s2n_verify_unique_ticket_key_comparator(const void *a, const void *b) int s2n_config_init_session_ticket_keys(struct s2n_config *config) { if (config->ticket_keys == NULL) { - POSIX_ENSURE_REF(config->ticket_keys = s2n_set_new(sizeof(struct s2n_ticket_key), s2n_config_store_ticket_key_comparator)); + POSIX_ENSURE_REF(config->ticket_keys = s2n_set_new(sizeof(struct s2n_ticket_key), s2n_config_store_ticket_key_comparator)); } if (config->ticket_key_hashes == NULL) { - POSIX_ENSURE_REF(config->ticket_key_hashes = s2n_set_new(SHA_DIGEST_LENGTH, s2n_verify_unique_ticket_key_comparator)); + POSIX_ENSURE_REF(config->ticket_key_hashes = s2n_set_new(SHA_DIGEST_LENGTH, s2n_verify_unique_ticket_key_comparator)); } return 0; @@ -343,7 +340,7 @@ int s2n_config_free_dhparams(struct s2n_config *config) POSIX_GUARD(s2n_dh_params_free(config->dhparams)); } - POSIX_GUARD(s2n_free_object((uint8_t **)&config->dhparams, sizeof(struct s2n_dh_params))); + POSIX_GUARD(s2n_free_object((uint8_t **) &config->dhparams, sizeof(struct s2n_dh_params))); return 0; } @@ -359,7 +356,7 @@ int s2n_config_free(struct s2n_config *config) { s2n_config_cleanup(config); - POSIX_GUARD(s2n_free_object((uint8_t **)&config, sizeof(struct s2n_config))); + POSIX_GUARD(s2n_free_object((uint8_t **) &config, sizeof(struct s2n_config))); return 0; } @@ -436,7 +433,6 @@ int s2n_config_set_max_cert_chain_depth(struct s2n_config *config, uint16_t max_ return 0; } - int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type) { S2N_ERROR_IF(type == S2N_STATUS_REQUEST_OCSP && !s2n_x509_ocsp_stapling_supported(), S2N_ERR_OCSP_NOT_SUPPORTED); @@ -563,8 +559,8 @@ static int s2n_config_clear_default_certificates(struct s2n_config *config) } int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, - struct s2n_cert_chain_and_key **cert_key_pairs, - uint32_t num_cert_key_pairs) + struct s2n_cert_chain_and_key **cert_key_pairs, + uint32_t num_cert_key_pairs) { POSIX_ENSURE_REF(config); POSIX_ENSURE_REF(cert_key_pairs); @@ -577,7 +573,7 @@ int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, POSIX_ENSURE(config->cert_ownership != S2N_LIB_OWNED, S2N_ERR_CERT_OWNERSHIP); /* Validate certs being set before clearing auto-chosen defaults or previously set defaults */ - struct certs_by_type new_defaults = {{ 0 }}; + struct certs_by_type new_defaults = { { 0 } }; for (uint32_t i = 0; i < num_cert_key_pairs; i++) { POSIX_ENSURE_REF(cert_key_pairs[i]); s2n_pkey_type cert_type = s2n_cert_chain_and_key_get_pkey_type(cert_key_pairs[i]); @@ -599,14 +595,14 @@ int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, int s2n_config_add_dhparams(struct s2n_config *config, const char *dhparams_pem) { - DEFER_CLEANUP(struct s2n_stuffer dhparams_in_stuffer = {0}, s2n_stuffer_free); - DEFER_CLEANUP(struct s2n_stuffer dhparams_out_stuffer = {0}, s2n_stuffer_free); - struct s2n_blob dhparams_blob = {0}; - struct s2n_blob mem = {0}; + DEFER_CLEANUP(struct s2n_stuffer dhparams_in_stuffer = { 0 }, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer dhparams_out_stuffer = { 0 }, s2n_stuffer_free); + struct s2n_blob dhparams_blob = { 0 }; + struct s2n_blob mem = { 0 }; /* Allocate the memory for the chain and key struct */ POSIX_GUARD(s2n_alloc(&mem, sizeof(struct s2n_dh_params))); - config->dhparams = (struct s2n_dh_params *)(void *)mem.data; + config->dhparams = (struct s2n_dh_params *) (void *) mem.data; if (s2n_stuffer_alloc_ro_from_string(&dhparams_in_stuffer, dhparams_pem) != S2N_SUCCESS) { s2n_free(&mem); @@ -716,8 +712,7 @@ int s2n_config_set_client_hello_cb(struct s2n_config *config, s2n_client_hello_f int s2n_config_set_client_hello_cb_mode(struct s2n_config *config, s2n_client_hello_cb_mode cb_mode) { POSIX_ENSURE_REF(config); - POSIX_ENSURE(cb_mode == S2N_CLIENT_HELLO_CB_BLOCKING || - cb_mode == S2N_CLIENT_HELLO_CB_NONBLOCKING, S2N_ERR_INVALID_STATE); + POSIX_ENSURE(cb_mode == S2N_CLIENT_HELLO_CB_BLOCKING || cb_mode == S2N_CLIENT_HELLO_CB_NONBLOCKING, S2N_ERR_INVALID_STATE); config->client_hello_cb_mode = cb_mode; return S2N_SUCCESS; @@ -744,7 +739,7 @@ int s2n_config_accept_max_fragment_length(struct s2n_config *config) } int s2n_config_set_session_state_lifetime(struct s2n_config *config, - uint64_t lifetime_in_secs) + uint64_t lifetime_in_secs) { POSIX_ENSURE_REF(config); @@ -785,8 +780,7 @@ int s2n_config_set_session_cache_onoff(struct s2n_config *config, uint8_t enable if (enabled && config->cache_store && config->cache_retrieve && config->cache_delete) { POSIX_GUARD(s2n_config_init_session_ticket_keys(config)); config->use_session_cache = 1; - } - else { + } else { if (!config->use_tickets) { POSIX_GUARD(s2n_config_free_session_ticket_keys(config)); } @@ -796,7 +790,7 @@ int s2n_config_set_session_cache_onoff(struct s2n_config *config, uint8_t enable } int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config *config, - uint64_t lifetime_in_secs) + uint64_t lifetime_in_secs) { POSIX_ENSURE_REF(config); @@ -805,7 +799,7 @@ int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config *config } int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, - uint64_t lifetime_in_secs) + uint64_t lifetime_in_secs) { POSIX_ENSURE_REF(config); @@ -814,9 +808,9 @@ int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, } int s2n_config_add_ticket_crypto_key(struct s2n_config *config, - const uint8_t *name, uint32_t name_len, - uint8_t *key, uint32_t key_len, - uint64_t intro_time_in_seconds_from_epoch) + const uint8_t *name, uint32_t name_len, + uint8_t *key, uint32_t key_len, + uint64_t intro_time_in_seconds_from_epoch) { POSIX_ENSURE_REF(config); POSIX_ENSURE_REF(name); @@ -944,7 +938,8 @@ int s2n_config_set_psk_selection_callback(struct s2n_config *config, s2n_psk_sel return S2N_SUCCESS; } -int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback, void *ctx) { +int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback, void *ctx) +{ POSIX_ENSURE_MUT(config); config->key_log_cb = callback; @@ -953,10 +948,11 @@ int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback return S2N_SUCCESS; } -int s2n_config_set_async_pkey_validation_mode(struct s2n_config *config, s2n_async_pkey_validation_mode mode) { +int s2n_config_set_async_pkey_validation_mode(struct s2n_config *config, s2n_async_pkey_validation_mode mode) +{ POSIX_ENSURE_REF(config); - switch(mode) { + switch (mode) { case S2N_ASYNC_PKEY_VALIDATION_FAST: case S2N_ASYNC_PKEY_VALIDATION_STRICT: config->async_pkey_validation_mode = mode; @@ -966,7 +962,8 @@ int s2n_config_set_async_pkey_validation_mode(struct s2n_config *config, s2n_asy POSIX_BAIL(S2N_ERR_INVALID_ARGUMENT); } -int s2n_config_set_ctx(struct s2n_config *config, void *ctx) { +int s2n_config_set_ctx(struct s2n_config *config, void *ctx) +{ POSIX_ENSURE_REF(config); config->context = ctx; @@ -974,7 +971,8 @@ int s2n_config_set_ctx(struct s2n_config *config, void *ctx) { return S2N_SUCCESS; } -int s2n_config_get_ctx(struct s2n_config *config, void **ctx) { +int s2n_config_get_ctx(struct s2n_config *config, void **ctx) +{ POSIX_ENSURE_REF(config); POSIX_ENSURE_REF(ctx); @@ -988,7 +986,8 @@ int s2n_config_get_ctx(struct s2n_config *config, void **ctx) { * * Polling means that the callback function can be called multiple times. */ -int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) { +int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) +{ POSIX_ENSURE_REF(config); config->client_hello_cb_enable_poll = 1; @@ -996,7 +995,8 @@ int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) { return S2N_SUCCESS; } -int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size) { +int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size) +{ POSIX_ENSURE_REF(config); POSIX_ENSURE(size >= S2N_TLS_MAX_RECORD_LEN_FOR(S2N_MAX_FRAGMENT_LENGTH_MIN), S2N_ERR_INVALID_ARGUMENT); config->send_buffer_size_override = size; @@ -1058,3 +1058,12 @@ int s2n_config_set_crl_lookup_cb(struct s2n_config *config, s2n_crl_lookup_callb config->crl_lookup_ctx = ctx; return S2N_SUCCESS; } + +int s2n_config_set_recv_multi_record(struct s2n_config *config, bool enabled) +{ + POSIX_ENSURE_REF(config); + + config->recv_multi_record = enabled; + + return S2N_SUCCESS; +} diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.h b/contrib/restricted/aws/s2n/tls/s2n_config.h index bd7254e325..96969be971 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.h +++ b/contrib/restricted/aws/s2n/tls/s2n_config.h @@ -18,15 +18,15 @@ #include "api/s2n.h" #include "crypto/s2n_certificate.h" #include "crypto/s2n_dhe.h" +#include "tls/s2n_crl.h" #include "tls/s2n_psk.h" #include "tls/s2n_renegotiate.h" #include "tls/s2n_resume.h" #include "tls/s2n_x509_validator.h" #include "utils/s2n_blob.h" #include "utils/s2n_set.h" -#include "tls/s2n_crl.h" -#define S2N_MAX_TICKET_KEYS 48 +#define S2N_MAX_TICKET_KEYS 48 #define S2N_MAX_TICKET_KEY_HASHES 500 /* 10KB */ struct s2n_cipher_preferences; @@ -38,44 +38,51 @@ typedef enum { } s2n_cert_ownership; struct s2n_config { - unsigned use_tickets:1; + unsigned use_tickets : 1; /* Whether a connection can be used by a QUIC implementation. * See s2n_quic_support.h */ - unsigned quic_enabled:1; + unsigned quic_enabled : 1; - unsigned default_certs_are_explicit:1; - unsigned use_session_cache:1; + unsigned default_certs_are_explicit : 1; + unsigned use_session_cache : 1; /* if this is FALSE, server will ignore client's Maximum Fragment Length request */ - unsigned accept_mfl:1; - unsigned check_ocsp:1; - unsigned disable_x509_validation:1; - unsigned max_verify_cert_chain_depth_set:1; + unsigned accept_mfl : 1; + unsigned check_ocsp : 1; + unsigned disable_x509_validation : 1; + unsigned max_verify_cert_chain_depth_set : 1; /* Whether to add dss cert type during a server certificate request. * See https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md */ - unsigned cert_req_dss_legacy_compat_enabled:1; + unsigned cert_req_dss_legacy_compat_enabled : 1; /* Whether any RSA certificates have been configured server-side to send to clients. This is needed so that the * server knows whether or not to self-downgrade to TLS 1.2 if the server is compiled with Openssl 1.0.2 and does * not support RSA PSS signing (which is required for TLS 1.3). */ - unsigned is_rsa_cert_configured:1; + unsigned is_rsa_cert_configured : 1; /* It's possible to use a certificate without loading the private key, * but async signing must be enabled. Use this flag to enforce that restriction. */ - unsigned no_signing_key:1; + unsigned no_signing_key : 1; /* * This option exists to allow for polling the client_hello callback. * * Note: This defaults to false to ensure backwards compatibility. */ - unsigned client_hello_cb_enable_poll:1; + unsigned client_hello_cb_enable_poll : 1; /* * Whether to verify signatures locally before sending them over the wire. * See s2n_config_set_verify_after_sign. */ - unsigned verify_after_sign:1; + unsigned verify_after_sign : 1; /* Indicates support for the npn extension */ - unsigned npn_supported:1; + unsigned npn_supported : 1; + + /* Indicates s2n_recv should read as much as it can into the output buffer + * + * Note: This defaults to false to ensure backwards compatability with + * applications which relied on s2n_recv returning a single record. + */ + unsigned recv_multi_record : 1; struct s2n_dh_params *dhparams; /* Needed until we can deprecate s2n_config_add_cert_chain_and_key. This is diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.c b/contrib/restricted/aws/s2n/tls/s2n_connection.c index c7b5e69951..d599be8659 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.c +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.c @@ -13,40 +13,36 @@ * permissions and limitations under the License. */ +#include "tls/s2n_connection.h" + +#include <stdbool.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <strings.h> +#include <sys/param.h> #include <time.h> #include <unistd.h> -#include <sys/param.h> #include "api/s2n.h" -#include <stdbool.h> - +#include "crypto/s2n_certificate.h" +#include "crypto/s2n_cipher.h" +#include "crypto/s2n_crypto.h" #include "crypto/s2n_fips.h" - +#include "crypto/s2n_openssl_x509.h" #include "error/s2n_errno.h" - #include "tls/extensions/s2n_client_server_name.h" #include "tls/s2n_alerts.h" #include "tls/s2n_cipher_suites.h" -#include "tls/s2n_connection.h" #include "tls/s2n_handshake.h" -#include "tls/s2n_kem.h" #include "tls/s2n_internal.h" +#include "tls/s2n_kem.h" #include "tls/s2n_prf.h" #include "tls/s2n_record.h" #include "tls/s2n_resume.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - -#include "crypto/s2n_certificate.h" -#include "crypto/s2n_cipher.h" -#include "crypto/s2n_crypto.h" -#include "crypto/s2n_openssl_x509.h" - #include "utils/s2n_blob.h" #include "utils/s2n_compiler.h" #include "utils/s2n_mem.h" @@ -56,7 +52,7 @@ #include "utils/s2n_timer.h" #define S2N_SET_KEY_SHARE_LIST_EMPTY(keyshares) (keyshares |= 1) -#define S2N_SET_KEY_SHARE_REQUEST(keyshares, i) (keyshares |= ( 1 << ( i + 1 ))) +#define S2N_SET_KEY_SHARE_REQUEST(keyshares, i) (keyshares |= (1 << (i + 1))) /* Allocates and initializes memory for a new connection. * @@ -64,14 +60,14 @@ * initialized in `s2n_connection_wipe` where possible. */ struct s2n_connection *s2n_connection_new(s2n_mode mode) { - struct s2n_blob blob = {0}; + struct s2n_blob blob = { 0 }; PTR_GUARD_POSIX(s2n_alloc(&blob, sizeof(struct s2n_connection))); PTR_GUARD_POSIX(s2n_blob_zero(&blob)); /* Cast 'through' void to acknowledge that we are changing alignment, * which is ok, as blob.data is always aligned. */ - struct s2n_connection* conn = (struct s2n_connection *)(void *)blob.data; + struct s2n_connection *conn = (struct s2n_connection *) (void *) blob.data; PTR_GUARD_POSIX(s2n_connection_set_config(conn, s2n_fetch_default_config())); @@ -79,19 +75,19 @@ struct s2n_connection *s2n_connection_new(s2n_mode mode) conn->mode = mode; /* Allocate the fixed-size stuffers */ - blob = (struct s2n_blob) {0}; + blob = (struct s2n_blob){ 0 }; PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->alert_in_data, S2N_ALERT_LENGTH)); PTR_GUARD_POSIX(s2n_stuffer_init(&conn->alert_in, &blob)); - blob = (struct s2n_blob) {0}; + blob = (struct s2n_blob){ 0 }; PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->reader_alert_out_data, S2N_ALERT_LENGTH)); PTR_GUARD_POSIX(s2n_stuffer_init(&conn->reader_alert_out, &blob)); - blob = (struct s2n_blob) {0}; + blob = (struct s2n_blob){ 0 }; PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->writer_alert_out_data, S2N_ALERT_LENGTH)); PTR_GUARD_POSIX(s2n_stuffer_init(&conn->writer_alert_out, &blob)); - blob = (struct s2n_blob) {0}; + blob = (struct s2n_blob){ 0 }; PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->ticket_ext_data, S2N_TLS12_TICKET_SIZE_IN_BYTES)); PTR_GUARD_POSIX(s2n_stuffer_init(&conn->client_ticket_to_decrypt, &blob)); @@ -102,7 +98,7 @@ struct s2n_connection *s2n_connection_new(s2n_mode mode) /* Initialize the growable stuffers. Zero length at first, but the resize * in _wipe will fix that */ - blob = (struct s2n_blob) {0}; + blob = (struct s2n_blob){ 0 }; PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->header_in_data, S2N_TLS_RECORD_HEADER_LENGTH)); PTR_GUARD_POSIX(s2n_stuffer_init(&conn->header_in, &blob)); PTR_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->out, 0)); @@ -169,7 +165,7 @@ static int s2n_connection_free_managed_recv_io(struct s2n_connection *conn) POSIX_ENSURE_REF(conn); if (conn->managed_recv_io) { - POSIX_GUARD(s2n_free_object((uint8_t **)&conn->recv_io_context, sizeof(struct s2n_socket_read_io_context))); + POSIX_GUARD(s2n_free_object((uint8_t **) &conn->recv_io_context, sizeof(struct s2n_socket_read_io_context))); conn->managed_recv_io = false; conn->recv = NULL; } @@ -181,7 +177,7 @@ static int s2n_connection_free_managed_send_io(struct s2n_connection *conn) POSIX_ENSURE_REF(conn); if (conn->managed_send_io) { - POSIX_GUARD(s2n_free_object((uint8_t **)&conn->send_io_context, sizeof(struct s2n_socket_write_io_context))); + POSIX_GUARD(s2n_free_object((uint8_t **) &conn->send_io_context, sizeof(struct s2n_socket_write_io_context))); conn->managed_send_io = false; conn->send = NULL; } @@ -197,10 +193,10 @@ static int s2n_connection_free_managed_io(struct s2n_connection *conn) static int s2n_connection_wipe_io(struct s2n_connection *conn) { - if (s2n_connection_is_managed_corked(conn) && conn->recv){ + if (s2n_connection_is_managed_corked(conn) && conn->recv) { POSIX_GUARD(s2n_socket_read_restore(conn)); } - if (s2n_connection_is_managed_corked(conn) && conn->send){ + if (s2n_connection_is_managed_corked(conn) && conn->send) { POSIX_GUARD(s2n_socket_write_restore(conn)); } @@ -222,8 +218,7 @@ static uint8_t s2n_default_verify_host(const char *host_name, size_t len, void * } /* complete match */ - if (strlen(conn->server_name) == len && - strncasecmp(conn->server_name, host_name, len) == 0) { + if (strlen(conn->server_name) == len && strncasecmp(conn->server_name, host_name, len) == 0) { return 1; } @@ -235,8 +230,7 @@ static uint8_t s2n_default_verify_host(const char *host_name, size_t len, void * return 0; } - if (strlen(suffix) == len - 1 && - strncasecmp(suffix, host_name + 1, len - 1) == 0) { + if (strlen(suffix) == len - 1 && strncasecmp(suffix, host_name + 1, len - 1) == 0) { return 1; } } @@ -278,7 +272,7 @@ int s2n_connection_free(struct s2n_connection *conn) POSIX_GUARD(s2n_free(&conn->cookie)); POSIX_GUARD_RESULT(s2n_crypto_parameters_free(&conn->initial)); POSIX_GUARD_RESULT(s2n_crypto_parameters_free(&conn->secure)); - POSIX_GUARD(s2n_free_object((uint8_t **)&conn, sizeof(struct s2n_connection))); + POSIX_GUARD(s2n_free_object((uint8_t **) &conn, sizeof(struct s2n_connection))); return 0; } @@ -309,8 +303,7 @@ int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *co if (config->disable_x509_validation || dont_need_x509_validation) { POSIX_GUARD(s2n_x509_validator_init_no_x509_validation(&conn->x509_validator)); - } - else { + } else { POSIX_GUARD(s2n_x509_validator_init(&conn->x509_validator, &config->trust_store, config->check_ocsp)); if (!conn->verify_host_fn_overridden) { if (config->verify_host != NULL) { @@ -449,14 +442,14 @@ int s2n_connection_wipe(struct s2n_connection *conn) /* First make a copy of everything we'd like to save, which isn't very much. */ int mode = conn->mode; struct s2n_config *config = conn->config; - struct s2n_stuffer alert_in = {0}; - struct s2n_stuffer reader_alert_out = {0}; - struct s2n_stuffer writer_alert_out = {0}; - struct s2n_stuffer client_ticket_to_decrypt = {0}; - struct s2n_stuffer handshake_io = {0}; - struct s2n_stuffer header_in = {0}; - struct s2n_stuffer in = {0}; - struct s2n_stuffer out = {0}; + struct s2n_stuffer alert_in = { 0 }; + struct s2n_stuffer reader_alert_out = { 0 }; + struct s2n_stuffer writer_alert_out = { 0 }; + struct s2n_stuffer client_ticket_to_decrypt = { 0 }; + struct s2n_stuffer handshake_io = { 0 }; + struct s2n_stuffer header_in = { 0 }; + struct s2n_stuffer in = { 0 }; + struct s2n_stuffer out = { 0 }; /* Some required structures might have been freed to conserve memory between handshakes. * Restore them. @@ -531,9 +524,9 @@ int s2n_connection_wipe(struct s2n_connection *conn) /* Clone the stuffers */ /* ignore gcc 4.7 address warnings because dest is allocated on the stack */ /* pragma gcc diagnostic was added in gcc 4.6 */ -#if S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Waddress" +#if S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Waddress" #endif POSIX_CHECKED_MEMCPY(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer)); POSIX_CHECKED_MEMCPY(&reader_alert_out, &conn->reader_alert_out, sizeof(struct s2n_stuffer)); @@ -543,8 +536,8 @@ int s2n_connection_wipe(struct s2n_connection *conn) POSIX_CHECKED_MEMCPY(&header_in, &conn->header_in, sizeof(struct s2n_stuffer)); POSIX_CHECKED_MEMCPY(&in, &conn->in, sizeof(struct s2n_stuffer)); POSIX_CHECKED_MEMCPY(&out, &conn->out, sizeof(struct s2n_stuffer)); -#if S2N_GCC_VERSION_AT_LEAST(4,6,0) -#pragma GCC diagnostic pop +#if S2N_GCC_VERSION_AT_LEAST(4, 6, 0) + #pragma GCC diagnostic pop #endif POSIX_GUARD(s2n_connection_zero(conn, mode, config)); @@ -577,8 +570,7 @@ int s2n_connection_wipe(struct s2n_connection *conn) conn->server_protocol_version = s2n_highest_protocol_version; conn->client_protocol_version = s2n_unknown_protocol_version; conn->actual_protocol_version = s2n_unknown_protocol_version; - } - else { + } else { /* For clients, also set actual_protocol_version. Record generation uses that value for the initial */ /* ClientHello record version. Not all servers ignore the record version in ClientHello. */ conn->server_protocol_version = s2n_unknown_protocol_version; @@ -708,7 +700,6 @@ int s2n_connection_get_signature_preferences(struct s2n_connection *conn, const POSIX_ENSURE_REF(*signature_preferences); return 0; - } int s2n_connection_get_ecc_preferences(struct s2n_connection *conn, const struct s2n_ecc_preferences **ecc_preferences) @@ -727,7 +718,6 @@ int s2n_connection_get_ecc_preferences(struct s2n_connection *conn, const struct POSIX_ENSURE_REF(*ecc_preferences); return 0; - } int s2n_connection_get_protocol_preferences(struct s2n_connection *conn, struct s2n_blob **protocol_preferences) @@ -771,14 +761,14 @@ int s2n_connection_set_client_auth_type(struct s2n_connection *conn, s2n_cert_au int s2n_connection_set_read_fd(struct s2n_connection *conn, int rfd) { - struct s2n_blob ctx_mem = {0}; + struct s2n_blob ctx_mem = { 0 }; struct s2n_socket_read_io_context *peer_socket_ctx; POSIX_ENSURE_REF(conn); POSIX_GUARD(s2n_alloc(&ctx_mem, sizeof(struct s2n_socket_read_io_context))); POSIX_GUARD(s2n_blob_zero(&ctx_mem)); - peer_socket_ctx = (struct s2n_socket_read_io_context *)(void *)ctx_mem.data; + peer_socket_ctx = (struct s2n_socket_read_io_context *) (void *) ctx_mem.data; peer_socket_ctx->fd = rfd; POSIX_GUARD(s2n_connection_set_recv_cb(conn, s2n_socket_read)); @@ -806,13 +796,13 @@ int s2n_connection_get_read_fd(struct s2n_connection *conn, int *readfd) int s2n_connection_set_write_fd(struct s2n_connection *conn, int wfd) { - struct s2n_blob ctx_mem = {0}; + struct s2n_blob ctx_mem = { 0 }; struct s2n_socket_write_io_context *peer_socket_ctx; POSIX_ENSURE_REF(conn); POSIX_GUARD(s2n_alloc(&ctx_mem, sizeof(struct s2n_socket_write_io_context))); - peer_socket_ctx = (struct s2n_socket_write_io_context *)(void *)ctx_mem.data; + peer_socket_ctx = (struct s2n_socket_write_io_context *) (void *) ctx_mem.data; peer_socket_ctx->fd = wfd; POSIX_GUARD(s2n_connection_set_send_cb(conn, s2n_socket_write)); @@ -890,14 +880,10 @@ int s2n_connection_get_cipher_iana_value(struct s2n_connection *conn, uint8_t *f POSIX_ENSURE_MUT(second); /* ensure we've negotiated a cipher suite */ - POSIX_ENSURE( - memcmp( - conn->secure->cipher_suite->iana_value, - s2n_null_cipher_suite.iana_value, - sizeof(s2n_null_cipher_suite.iana_value) - ) != 0, - S2N_ERR_INVALID_STATE - ); + POSIX_ENSURE(memcmp(conn->secure->cipher_suite->iana_value, + s2n_null_cipher_suite.iana_value, sizeof(s2n_null_cipher_suite.iana_value)) + != 0, + S2N_ERR_INVALID_STATE); const uint8_t *iana_value = conn->secure->cipher_suite->iana_value; *first = iana_value[0]; @@ -1073,8 +1059,8 @@ int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blindi return 0; } -#define ONE_S INT64_C(1000000000) -#define TEN_S INT64_C(10000000000) +#define ONE_S INT64_C(1000000000) +#define TEN_S INT64_C(10000000000) uint64_t s2n_connection_get_delay(struct s2n_connection *conn) { @@ -1103,7 +1089,7 @@ S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **c int error_code = s2n_errno; int error_type = s2n_error_get_type(error_code); - switch(error_type) { + switch (error_type) { case S2N_ERR_T_OK: /* Ignore no error */ return S2N_RESULT_OK; @@ -1114,7 +1100,7 @@ S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **c break; } - switch(error_code) { + switch (error_code) { /* Don't invoke blinding on some of the common errors. * * Be careful adding new errors here. Disabling blinding for an @@ -1156,19 +1142,18 @@ int s2n_connection_kill(struct s2n_connection *conn) POSIX_GUARD_RESULT(s2n_timer_start(conn->config, &conn->write_timer)); if (conn->blinding == S2N_BUILT_IN_BLINDING) { - struct timespec sleep_time = {.tv_sec = conn->delay / ONE_S,.tv_nsec = conn->delay % ONE_S }; + struct timespec sleep_time = { .tv_sec = conn->delay / ONE_S, .tv_nsec = conn->delay % ONE_S }; int r; do { r = nanosleep(&sleep_time, &sleep_time); - } - while (r != 0); + } while (r != 0); } return 0; } -const uint8_t *s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t * length) +const uint8_t *s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t *length) { PTR_ENSURE_REF(conn); PTR_ENSURE_REF(length); @@ -1234,7 +1219,8 @@ int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uin return 0; } -int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn verify_host_fn, void *data) { +int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn verify_host_fn, void *data) +{ POSIX_ENSURE_REF(conn); conn->verify_host_fn = verify_host_fn; @@ -1354,7 +1340,7 @@ int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct * https://www.openssl.org/docs/man1.0.2/man3/X509_STORE_CTX_get1_chain.html */ DEFER_CLEANUP(STACK_OF(X509) *cert_chain_validated = X509_STORE_CTX_get1_chain(validator->store_ctx), - s2n_openssl_x509_stack_pop_free); + s2n_openssl_x509_stack_pop_free); POSIX_ENSURE_REF(cert_chain_validated); for (size_t cert_idx = 0; cert_idx < sk_X509_num(cert_chain_validated); cert_idx++) { @@ -1367,7 +1353,7 @@ int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct struct s2n_blob mem = { 0 }; POSIX_GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert))); - struct s2n_cert *new_node = (struct s2n_cert *)(void *)mem.data; + struct s2n_cert *new_node = (struct s2n_cert *) (void *) mem.data; POSIX_ENSURE_REF(new_node); new_node->next = NULL; @@ -1486,7 +1472,8 @@ int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_conne /* * Gets the config set on the connection. */ -int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config) { +int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.h b/contrib/restricted/aws/s2n/tls/s2n_connection.h index aed7d56314..555efe0af5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.h +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.h @@ -16,12 +16,13 @@ #pragma once #include <errno.h> -#include "api/s2n.h" #include <signal.h> #include <stdint.h> +#include "api/s2n.h" +#include "crypto/s2n_hash.h" +#include "crypto/s2n_hmac.h" #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_client_hello.h" #include "tls/s2n_config.h" #include "tls/s2n_crypto.h" @@ -37,14 +38,10 @@ #include "tls/s2n_security_policies.h" #include "tls/s2n_tls_parameters.h" #include "tls/s2n_x509_validator.h" - -#include "crypto/s2n_hash.h" -#include "crypto/s2n_hmac.h" - #include "utils/s2n_mem.h" #include "utils/s2n_timer.h" -#define S2N_TLS_PROTOCOL_VERSION_LEN 2 +#define S2N_TLS_PROTOCOL_VERSION_LEN 2 #define S2N_PEER_MODE(our_mode) ((our_mode + 1) % 2) @@ -60,16 +57,16 @@ struct s2n_connection { /* Is this connection using CORK/SO_RCVLOWAT optimizations? Only valid when the connection is using * managed_send_io */ - unsigned corked_io:1; + unsigned corked_io : 1; /* Session resumption indicator on client side */ - unsigned client_session_resumed:1; + unsigned client_session_resumed : 1; /* Connection can be used by a QUIC implementation */ - unsigned quic_enabled:1; + unsigned quic_enabled : 1; /* Determines if we're currently sending or receiving in s2n_shutdown */ - unsigned close_notify_queued:1; + unsigned close_notify_queued : 1; /* s2n does not support renegotiation. * RFC5746 Section 4.3 suggests servers implement a minimal version of the @@ -77,64 +74,64 @@ struct s2n_connection { * Some clients may fail the handshake if a corresponding renegotiation_info * extension is not sent back by the server. */ - unsigned secure_renegotiation:1; + unsigned secure_renegotiation : 1; /* Was the EC point formats sent by the client */ - unsigned ec_point_formats:1; + unsigned ec_point_formats : 1; /* whether the connection address is ipv6 or not */ - unsigned ipv6:1; + unsigned ipv6 : 1; /* Whether server_name extension was used to make a decision on cert selection. * RFC6066 Section 3 states that server which used server_name to make a decision * on certificate or security settings has to send an empty server_name. */ - unsigned server_name_used:1; + unsigned server_name_used : 1; /* If write fd is broken */ - unsigned write_fd_broken:1; + unsigned write_fd_broken : 1; /* Has the user set their own I/O callbacks or is this connection using the * default socket-based I/O set by s2n */ - unsigned managed_send_io:1; - unsigned managed_recv_io:1; + unsigned managed_send_io : 1; + unsigned managed_recv_io : 1; /* Key update data */ - unsigned key_update_pending:1; + unsigned key_update_pending : 1; /* Early data supported by caller. * If a caller does not use any APIs that support early data, * do not negotiate early data. */ - unsigned early_data_expected:1; + unsigned early_data_expected : 1; /* Connection overrides server_max_early_data_size */ - unsigned server_max_early_data_size_overridden:1; + unsigned server_max_early_data_size_overridden : 1; /* Connection overrides psk_mode. * This means that the connection will keep the existing value of psk_params->type, * even when setting a new config. */ - unsigned psk_mode_overridden:1; + unsigned psk_mode_overridden : 1; /* Have we received a close notify alert from the peer. */ - unsigned close_notify_received:1; + unsigned close_notify_received : 1; /* Connection negotiated an EMS */ - unsigned ems_negotiated:1; + unsigned ems_negotiated : 1; /* Connection successfully set a ticket on the connection */ - unsigned set_session:1; + unsigned set_session : 1; /* Buffer multiple records before flushing them. * This allows multiple records to be written with one socket send. */ - unsigned multirecord_send:1; + unsigned multirecord_send : 1; /* If enabled, this connection will free each of its IO buffers after all data * has been flushed */ - unsigned dynamic_buffers:1; + unsigned dynamic_buffers : 1; /* Indicates protocol negotiation will be done through the NPN extension * instead of the ALPN extension */ - unsigned npn_negotiated:1; + unsigned npn_negotiated : 1; /* The configuration (cert, key .. etc ) */ struct s2n_config *config; @@ -240,7 +237,10 @@ struct s2n_connection { struct s2n_stuffer header_in; struct s2n_stuffer in; struct s2n_stuffer out; - enum { ENCRYPTED, PLAINTEXT } in_status; + enum { + ENCRYPTED, + PLAINTEXT + } in_status; /* How much of the current user buffer have we already * encrypted and sent or have pending for the wire but have @@ -375,7 +375,7 @@ struct s2n_connection { bool send_in_use; bool recv_in_use; bool negotiate_in_use; - + uint16_t tickets_to_send; uint16_t tickets_sent; diff --git a/contrib/restricted/aws/s2n/tls/s2n_crl.c b/contrib/restricted/aws/s2n/tls/s2n_crl.c index a2b75fcbdd..f99cfc0896 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crl.c +++ b/contrib/restricted/aws/s2n/tls/s2n_crl.c @@ -14,6 +14,7 @@ */ #include "s2n_crl.h" + #include "tls/s2n_connection.h" struct s2n_crl *s2n_crl_new(void) @@ -22,7 +23,7 @@ struct s2n_crl *s2n_crl_new(void) PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_crl))); PTR_GUARD_POSIX(s2n_blob_zero(&mem)); - struct s2n_crl *crl = (struct s2n_crl *)(void*) mem.data; + struct s2n_crl *crl = (struct s2n_crl *) (void *) mem.data; ZERO_TO_DISABLE_DEFER_CLEANUP(mem); return crl; @@ -40,7 +41,7 @@ int s2n_crl_load_pem(struct s2n_crl *crl, uint8_t *pem, size_t len) POSIX_GUARD(s2n_stuffer_init(&pem_stuffer, &pem_blob)); POSIX_GUARD(s2n_stuffer_skip_write(&pem_stuffer, pem_blob.size)); - DEFER_CLEANUP(struct s2n_stuffer der_out_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer der_out_stuffer = { 0 }, s2n_stuffer_free); POSIX_GUARD(s2n_stuffer_growable_alloc(&der_out_stuffer, len)); POSIX_GUARD(s2n_stuffer_crl_from_pem(&pem_stuffer, &der_out_stuffer)); @@ -198,13 +199,13 @@ S2N_RESULT s2n_crl_invoke_lookup_callbacks(struct s2n_connection *conn, struct s RESULT_ENSURE_REF(validator->cert_chain_from_wire); int cert_count = sk_X509_num(validator->cert_chain_from_wire); - DEFER_CLEANUP(struct s2n_array *crl_lookup_list = s2n_array_new_with_capacity(sizeof(struct s2n_crl_lookup), - cert_count), s2n_array_free_p); + DEFER_CLEANUP(struct s2n_array *crl_lookup_list = s2n_array_new_with_capacity(sizeof(struct s2n_crl_lookup), cert_count), + s2n_array_free_p); RESULT_ENSURE_REF(crl_lookup_list); for (int i = 0; i < cert_count; ++i) { - struct s2n_crl_lookup * lookup = NULL; - RESULT_GUARD(s2n_array_pushback(crl_lookup_list, (void**) &lookup)); + struct s2n_crl_lookup *lookup = NULL; + RESULT_GUARD(s2n_array_pushback(crl_lookup_list, (void **) &lookup)); X509 *cert = sk_X509_value(validator->cert_chain_from_wire, i); RESULT_ENSURE_REF(cert); @@ -221,7 +222,7 @@ S2N_RESULT s2n_crl_invoke_lookup_callbacks(struct s2n_connection *conn, struct s RESULT_GUARD(s2n_array_num_elements(validator->crl_lookup_list, &num_lookups)); for (uint32_t i = 0; i < num_lookups; i++) { struct s2n_crl_lookup *lookup = NULL; - RESULT_GUARD(s2n_array_get(validator->crl_lookup_list, i, (void**) &lookup)); + RESULT_GUARD(s2n_array_get(validator->crl_lookup_list, i, (void **) &lookup)); RESULT_ENSURE_REF(lookup); int result = conn->config->crl_lookup_cb(lookup, conn->config->crl_lookup_ctx); @@ -231,7 +232,8 @@ S2N_RESULT s2n_crl_invoke_lookup_callbacks(struct s2n_connection *conn, struct s return S2N_RESULT_OK; } -int s2n_crl_ossl_verify_callback(int default_ossl_ret, X509_STORE_CTX *ctx) { +int s2n_crl_ossl_verify_callback(int default_ossl_ret, X509_STORE_CTX *ctx) +{ int err = X509_STORE_CTX_get_error(ctx); switch (err) { case X509_V_ERR_CRL_NOT_YET_VALID: diff --git a/contrib/restricted/aws/s2n/tls/s2n_crl.h b/contrib/restricted/aws/s2n/tls/s2n_crl.h index b974ee1506..994e3109c8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crl.h +++ b/contrib/restricted/aws/s2n/tls/s2n_crl.h @@ -15,11 +15,11 @@ #pragma once +#include <openssl/x509v3.h> + #include "api/s2n.h" -#include "utils/s2n_result.h" #include "api/unstable/crl.h" - -#include <openssl/x509v3.h> +#include "utils/s2n_result.h" struct s2n_x509_validator; diff --git a/contrib/restricted/aws/s2n/tls/s2n_crypto.c b/contrib/restricted/aws/s2n/tls/s2n_crypto.c index 79712dded0..2e29b290a8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crypto.c +++ b/contrib/restricted/aws/s2n/tls/s2n_crypto.c @@ -13,9 +13,9 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" #include "tls/s2n_crypto.h" +#include "api/s2n.h" #include "tls/s2n_cipher_suites.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" @@ -29,7 +29,7 @@ S2N_RESULT s2n_crypto_parameters_new(struct s2n_crypto_parameters **new_params) RESULT_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_crypto_parameters))); RESULT_GUARD_POSIX(s2n_blob_zero(&mem)); - DEFER_CLEANUP(struct s2n_crypto_parameters *params = (struct s2n_crypto_parameters*)(void*) mem.data, + DEFER_CLEANUP(struct s2n_crypto_parameters *params = (struct s2n_crypto_parameters *) (void *) mem.data, s2n_crypto_parameters_free); ZERO_TO_DISABLE_DEFER_CLEANUP(mem); @@ -62,13 +62,15 @@ S2N_RESULT s2n_crypto_parameters_wipe(struct s2n_crypto_parameters *params) /* Wipe the keys for reuse */ struct s2n_session_key client_key = params->client_key; struct s2n_session_key server_key = params->server_key; - if (params->cipher_suite && params->cipher_suite->record_alg && - params->cipher_suite->record_alg->cipher && params->cipher_suite->record_alg->cipher->destroy_key) { + if (params->cipher_suite + && params->cipher_suite->record_alg + && params->cipher_suite->record_alg->cipher + && params->cipher_suite->record_alg->cipher->destroy_key) { RESULT_GUARD_POSIX(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->client_key)); RESULT_GUARD_POSIX(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->server_key)); } - *params = (struct s2n_crypto_parameters) { 0 }; + *params = (struct s2n_crypto_parameters){ 0 }; params->client_record_mac = client_state; params->server_record_mac = server_state; diff --git a/contrib/restricted/aws/s2n/tls/s2n_crypto.h b/contrib/restricted/aws/s2n/tls/s2n_crypto.h index 7c13afe692..ac2e268e9b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crypto.h +++ b/contrib/restricted/aws/s2n/tls/s2n_crypto.h @@ -15,21 +15,20 @@ #pragma once -#include "tls/s2n_config.h" -#include "tls/s2n_signature_scheme.h" -#include "tls/s2n_crypto_constants.h" -#include "tls/s2n_kem.h" -#include "tls/s2n_tls13_secrets.h" - #include "crypto/s2n_certificate.h" #include "crypto/s2n_cipher.h" -#include "crypto/s2n_hmac.h" +#include "crypto/s2n_dhe.h" +#include "crypto/s2n_ecc_evp.h" #include "crypto/s2n_hash.h" +#include "crypto/s2n_hmac.h" #include "crypto/s2n_pkey.h" #include "crypto/s2n_signature.h" #include "crypto/s2n_tls13_keys.h" -#include "crypto/s2n_dhe.h" -#include "crypto/s2n_ecc_evp.h" +#include "tls/s2n_config.h" +#include "tls/s2n_crypto_constants.h" +#include "tls/s2n_kem.h" +#include "tls/s2n_signature_scheme.h" +#include "tls/s2n_tls13_secrets.h" struct s2n_kex_parameters { struct s2n_dh_params server_dh_params; diff --git a/contrib/restricted/aws/s2n/tls/s2n_crypto_constants.h b/contrib/restricted/aws/s2n/tls/s2n_crypto_constants.h index 52316e256e..c58df93826 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crypto_constants.h +++ b/contrib/restricted/aws/s2n/tls/s2n_crypto_constants.h @@ -15,36 +15,36 @@ #pragma once -#define S2N_TLS_SECRET_LEN 48 -#define S2N_TLS_RANDOM_DATA_LEN 32 -#define S2N_TLS_SEQUENCE_NUM_LEN 8 -#define S2N_TLS_CIPHER_SUITE_LEN 2 -#define S2N_SSLv2_CIPHER_SUITE_LEN 3 -#define S2N_TLS_FINISHED_LEN 12 -#define S2N_SSL_FINISHED_LEN 36 -#define S2N_TLS_MAX_IV_LEN 16 +#define S2N_TLS_SECRET_LEN 48 +#define S2N_TLS_RANDOM_DATA_LEN 32 +#define S2N_TLS_SEQUENCE_NUM_LEN 8 +#define S2N_TLS_CIPHER_SUITE_LEN 2 +#define S2N_SSLv2_CIPHER_SUITE_LEN 3 +#define S2N_TLS_FINISHED_LEN 12 +#define S2N_SSL_FINISHED_LEN 36 +#define S2N_TLS_MAX_IV_LEN 16 /* From RFC 5246 6.2.3.3 */ -#define S2N_TLS12_AAD_LEN 13 -#define S2N_TLS_MAX_AAD_LEN S2N_TLS12_AAD_LEN -#define S2N_TLS_GCM_FIXED_IV_LEN 4 -#define S2N_TLS_GCM_EXPLICIT_IV_LEN 8 -#define S2N_TLS_GCM_IV_LEN (S2N_TLS_GCM_FIXED_IV_LEN + S2N_TLS_GCM_EXPLICIT_IV_LEN) -#define S2N_TLS_GCM_TAG_LEN 16 -#define S2N_TLS_AES_128_GCM_KEY_LEN 16 -#define S2N_TLS_AES_256_GCM_KEY_LEN 32 +#define S2N_TLS12_AAD_LEN 13 +#define S2N_TLS_MAX_AAD_LEN S2N_TLS12_AAD_LEN +#define S2N_TLS_GCM_FIXED_IV_LEN 4 +#define S2N_TLS_GCM_EXPLICIT_IV_LEN 8 +#define S2N_TLS_GCM_IV_LEN (S2N_TLS_GCM_FIXED_IV_LEN + S2N_TLS_GCM_EXPLICIT_IV_LEN) +#define S2N_TLS_GCM_TAG_LEN 16 +#define S2N_TLS_AES_128_GCM_KEY_LEN 16 +#define S2N_TLS_AES_256_GCM_KEY_LEN 32 /* TLS 1.3 uses only implicit IVs - RFC 8446 5.3 */ -#define S2N_TLS13_AAD_LEN 5 -#define S2N_TLS13_RECORD_IV_LEN 0 -#define S2N_TLS13_FIXED_IV_LEN 12 +#define S2N_TLS13_AAD_LEN 5 +#define S2N_TLS13_RECORD_IV_LEN 0 +#define S2N_TLS13_FIXED_IV_LEN 12 /* From RFC 7905 */ #define S2N_TLS_CHACHA20_POLY1305_FIXED_IV_LEN 12 -#define S2N_TLS_CHACHA20_POLY1305_EXPLICIT_IV_LEN 0 +#define S2N_TLS_CHACHA20_POLY1305_EXPLICIT_IV_LEN 0 #define S2N_TLS_CHACHA20_POLY1305_IV_LEN 12 #define S2N_TLS_CHACHA20_POLY1305_KEY_LEN 32 #define S2N_TLS_CHACHA20_POLY1305_TAG_LEN 16 /* RFC 5246 7.4.1.2 */ -#define S2N_TLS_SESSION_ID_MAX_LEN 32 +#define S2N_TLS_SESSION_ID_MAX_LEN 32 diff --git a/contrib/restricted/aws/s2n/tls/s2n_early_data.c b/contrib/restricted/aws/s2n/tls/s2n_early_data.c index 84ba90f9b9..51083975d9 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_early_data.c +++ b/contrib/restricted/aws/s2n/tls/s2n_early_data.c @@ -13,22 +13,22 @@ * permissions and limitations under the License. */ -#include <sys/param.h> - #include "tls/s2n_early_data.h" -#include "tls/s2n_connection.h" +#include <sys/param.h> + #include "tls/s2n_cipher_suites.h" +#include "tls/s2n_connection.h" #include "tls/s2n_psk.h" -#include "utils/s2n_safety.h" #include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" const s2n_early_data_state valid_previous_states[] = { - [S2N_EARLY_DATA_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE, - [S2N_EARLY_DATA_NOT_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE, - [S2N_EARLY_DATA_REJECTED] = S2N_EARLY_DATA_REQUESTED, - [S2N_EARLY_DATA_ACCEPTED] = S2N_EARLY_DATA_REQUESTED, - [S2N_END_OF_EARLY_DATA] = S2N_EARLY_DATA_ACCEPTED, + [S2N_EARLY_DATA_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE, + [S2N_EARLY_DATA_NOT_REQUESTED] = S2N_UNKNOWN_EARLY_DATA_STATE, + [S2N_EARLY_DATA_REJECTED] = S2N_EARLY_DATA_REQUESTED, + [S2N_EARLY_DATA_ACCEPTED] = S2N_EARLY_DATA_REQUESTED, + [S2N_END_OF_EARLY_DATA] = S2N_EARLY_DATA_ACCEPTED, }; S2N_RESULT s2n_connection_set_early_data_state(struct s2n_connection *conn, s2n_early_data_state next_state) @@ -150,7 +150,7 @@ S2N_RESULT s2n_early_data_accept_or_reject(struct s2n_connection *conn) if (conn->config->early_data_cb) { conn->handshake.early_data_async_state.conn = conn; RESULT_ENSURE(conn->config->early_data_cb(conn, &conn->handshake.early_data_async_state) >= S2N_SUCCESS, - S2N_ERR_CANCELLED); + S2N_ERR_CANCELLED); if (conn->early_data_state == S2N_EARLY_DATA_REQUESTED) { RESULT_BAIL(S2N_ERR_ASYNC_BLOCKED); } @@ -277,7 +277,7 @@ int s2n_connection_get_early_data_status(struct s2n_connection *conn, s2n_early_ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(status); - switch(conn->early_data_state) { + switch (conn->early_data_state) { case S2N_EARLY_DATA_STATES_COUNT: break; case S2N_EARLY_DATA_NOT_REQUESTED: @@ -319,7 +319,7 @@ int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, ui POSIX_ENSURE_REF(allowed_early_data_size); *allowed_early_data_size = 0; - switch(conn->early_data_state) { + switch (conn->early_data_state) { case S2N_EARLY_DATA_STATES_COUNT: case S2N_EARLY_DATA_NOT_REQUESTED: case S2N_EARLY_DATA_REJECTED: @@ -360,7 +360,7 @@ int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t } struct s2n_psk *first_psk = NULL; - POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &first_psk)); + POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk)); POSIX_ENSURE_REF(first_psk); *max_early_data_size = first_psk->early_data_config.max_early_data_size; diff --git a/contrib/restricted/aws/s2n/tls/s2n_early_data.h b/contrib/restricted/aws/s2n/tls/s2n_early_data.h index eae7f84367..829e8c6fc0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_early_data.h +++ b/contrib/restricted/aws/s2n/tls/s2n_early_data.h @@ -16,7 +16,6 @@ #pragma once #include "api/s2n.h" - #include "tls/s2n_crypto_constants.h" #include "utils/s2n_blob.h" #include "utils/s2n_result.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c b/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c index 2af36c5a2f..be2caaff4c 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c +++ b/contrib/restricted/aws/s2n/tls/s2n_early_data_io.c @@ -15,11 +15,10 @@ #include <sys/param.h> -#include "tls/s2n_early_data.h" - #include "tls/s2n_connection.h" -#include "utils/s2n_safety.h" +#include "tls/s2n_early_data.h" #include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" int s2n_end_of_early_data_send(struct s2n_connection *conn) { @@ -116,7 +115,8 @@ S2N_RESULT s2n_early_data_validate_send(struct s2n_connection *conn, uint32_t by RESULT_ENSURE(conn->early_data_expected, S2N_ERR_EARLY_DATA_NOT_ALLOWED); RESULT_ENSURE(conn->mode == S2N_CLIENT, S2N_ERR_EARLY_DATA_NOT_ALLOWED); RESULT_ENSURE(conn->early_data_state == S2N_EARLY_DATA_REQUESTED - || conn->early_data_state == S2N_EARLY_DATA_ACCEPTED, S2N_ERR_EARLY_DATA_NOT_ALLOWED); + || conn->early_data_state == S2N_EARLY_DATA_ACCEPTED, + S2N_ERR_EARLY_DATA_NOT_ALLOWED); uint32_t allowed_early_data_size = 0; RESULT_GUARD_POSIX(s2n_connection_get_remaining_early_data_size(conn, &allowed_early_data_size)); @@ -237,7 +237,7 @@ S2N_RESULT s2n_recv_early_data_impl(struct s2n_connection *conn, uint8_t *data, return S2N_RESULT_OK; } - while(s2n_negotiate(conn, blocked) < S2N_SUCCESS) { + while (s2n_negotiate(conn, blocked) < S2N_SUCCESS) { if (s2n_error_get_type(s2n_errno) != S2N_ERR_T_BLOCKED) { return S2N_RESULT_ERROR; } else if (max_data_len <= *data_received) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.c index 53b9e95a13..8781afcc55 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.c @@ -13,11 +13,11 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" - #include "tls/s2n_ecc_preferences.h" -#include "tls/s2n_connection.h" + +#include "api/s2n.h" #include "crypto/s2n_ecc_evp.h" +#include "tls/s2n_connection.h" #include "utils/s2n_safety.h" const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_20140601[] = { @@ -62,43 +62,44 @@ const struct s2n_ecc_named_curve *const s2n_ecc_pref_list_test_all[] = { }; const struct s2n_ecc_preferences s2n_ecc_preferences_20140601 = { - .count = s2n_array_len(s2n_ecc_pref_list_20140601), - .ecc_curves = s2n_ecc_pref_list_20140601, + .count = s2n_array_len(s2n_ecc_pref_list_20140601), + .ecc_curves = s2n_ecc_pref_list_20140601, }; const struct s2n_ecc_preferences s2n_ecc_preferences_20200310 = { - .count = s2n_array_len(s2n_ecc_pref_list_20200310), - .ecc_curves = s2n_ecc_pref_list_20200310, + .count = s2n_array_len(s2n_ecc_pref_list_20200310), + .ecc_curves = s2n_ecc_pref_list_20200310, }; const struct s2n_ecc_preferences s2n_ecc_preferences_default_fips = { - .count = s2n_array_len(s2n_ecc_pref_list_default_fips), - .ecc_curves = s2n_ecc_pref_list_default_fips, + .count = s2n_array_len(s2n_ecc_pref_list_default_fips), + .ecc_curves = s2n_ecc_pref_list_default_fips, }; const struct s2n_ecc_preferences s2n_ecc_preferences_20201021 = { - .count = s2n_array_len(s2n_ecc_pref_list_20201021), - .ecc_curves = s2n_ecc_pref_list_20201021, + .count = s2n_array_len(s2n_ecc_pref_list_20201021), + .ecc_curves = s2n_ecc_pref_list_20201021, }; const struct s2n_ecc_preferences s2n_ecc_preferences_20210816 = { - .count = s2n_array_len(s2n_ecc_pref_list_20210816), - .ecc_curves = s2n_ecc_pref_list_20210816, + .count = s2n_array_len(s2n_ecc_pref_list_20210816), + .ecc_curves = s2n_ecc_pref_list_20210816, }; const struct s2n_ecc_preferences s2n_ecc_preferences_test_all = { - .count = s2n_array_len(s2n_ecc_pref_list_test_all), - .ecc_curves = s2n_ecc_pref_list_test_all, + .count = s2n_array_len(s2n_ecc_pref_list_test_all), + .ecc_curves = s2n_ecc_pref_list_test_all, }; const struct s2n_ecc_preferences s2n_ecc_preferences_null = { - .count = 0, - .ecc_curves = NULL, + .count = 0, + .ecc_curves = NULL, }; /* Checks if the ecc_curves present in s2n_ecc_preferences list is a subset of s2n_all_supported_curves_list * maintained in s2n_ecc_evp.c */ -int s2n_check_ecc_preferences_curves_list(const struct s2n_ecc_preferences *ecc_preferences) { +int s2n_check_ecc_preferences_curves_list(const struct s2n_ecc_preferences *ecc_preferences) +{ int check = 1; for (int i = 0; i < ecc_preferences->count; i++) { const struct s2n_ecc_named_curve *named_curve = ecc_preferences->ecc_curves[i]; @@ -118,7 +119,8 @@ int s2n_check_ecc_preferences_curves_list(const struct s2n_ecc_preferences *ecc_ } /* Determines if query_iana_id corresponds to a curve for these ECC preferences. */ -bool s2n_ecc_preferences_includes_curve(const struct s2n_ecc_preferences *ecc_preferences, uint16_t query_iana_id) { +bool s2n_ecc_preferences_includes_curve(const struct s2n_ecc_preferences *ecc_preferences, uint16_t query_iana_id) +{ if (ecc_preferences == NULL) { return false; } @@ -131,4 +133,3 @@ bool s2n_ecc_preferences_includes_curve(const struct s2n_ecc_preferences *ecc_pr return false; } - diff --git a/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.h index 3d4a168264..988991755a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_ecc_preferences.h @@ -15,10 +15,10 @@ #pragma once -#include "api/s2n.h" -#include <strings.h> #include <stdbool.h> +#include <strings.h> +#include "api/s2n.h" #include "crypto/s2n_ecc_evp.h" struct s2n_ecc_preferences { diff --git a/contrib/restricted/aws/s2n/tls/s2n_encrypted_extensions.c b/contrib/restricted/aws/s2n/tls/s2n_encrypted_extensions.c index 9f47acd8fd..7c27c0b10d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_encrypted_extensions.c +++ b/contrib/restricted/aws/s2n/tls/s2n_encrypted_extensions.c @@ -14,13 +14,11 @@ */ #include "error/s2n_errno.h" -#include "utils/s2n_safety.h" #include "stuffer/s2n_stuffer.h" - +#include "tls/extensions/s2n_extension_list.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" - -#include "tls/extensions/s2n_extension_list.h" +#include "utils/s2n_safety.h" /** * Specified in https://tools.ietf.org/html/rfc8446#section-4.3.1 diff --git a/contrib/restricted/aws/s2n/tls/s2n_establish_session.c b/contrib/restricted/aws/s2n/tls/s2n_establish_session.c index 18c4fcc8bf..ebb3245dc5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_establish_session.c +++ b/contrib/restricted/aws/s2n/tls/s2n_establish_session.c @@ -14,18 +14,14 @@ */ #include <stdint.h> -#include "api/s2n.h" +#include "api/s2n.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - #include "utils/s2n_array.h" - /* Establishing a session requires reading the CLIENT_HELLO message and then generating security parameters. * * S2N supports resuming sessions under TLS1.2 if the client sends a session ID. The server can lookup a @@ -41,12 +37,10 @@ int s2n_establish_session(struct s2n_connection *conn) POSIX_GUARD_RESULT(s2n_early_data_accept_or_reject(conn)); POSIX_GUARD(s2n_conn_set_handshake_type(conn)); - if (conn->client_hello_version != S2N_SSLv2) - { + if (conn->client_hello_version != S2N_SSLv2) { /* We've selected the parameters for the handshake, update the required hashes for this connection */ POSIX_GUARD(s2n_conn_update_required_handshake_hashes(conn)); } return 0; } - diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_handshake.c index e622fb8f51..0168a758f0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake.c @@ -16,16 +16,13 @@ #include <stdint.h> #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_record.h" -#include "tls/s2n_cipher_suites.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_map.h" +#include "utils/s2n_safety.h" int s2n_handshake_write_header(struct s2n_stuffer *out, uint8_t message_type) { @@ -57,7 +54,7 @@ int s2n_handshake_finish_header(struct s2n_stuffer *out) return S2N_SUCCESS; } -S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t * message_type, uint32_t * length) +S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t *message_type, uint32_t *length) { RESULT_ENSURE(s2n_stuffer_data_available(io) >= TLS_HANDSHAKE_HEADER_LENGTH, S2N_ERR_SIZE_MISMATCH); @@ -74,30 +71,30 @@ static int s2n_handshake_get_hash_state_ptr(struct s2n_connection *conn, s2n_has POSIX_ENSURE_REF(conn->handshake.hashes); switch (hash_alg) { - case S2N_HASH_MD5: - *hash_state = &conn->handshake.hashes->md5; - break; - case S2N_HASH_SHA1: - *hash_state = &conn->handshake.hashes->sha1; - break; - case S2N_HASH_SHA224: - *hash_state = &conn->handshake.hashes->sha224; - break; - case S2N_HASH_SHA256: - *hash_state = &conn->handshake.hashes->sha256; - break; - case S2N_HASH_SHA384: - *hash_state = &conn->handshake.hashes->sha384; - break; - case S2N_HASH_SHA512: - *hash_state = &conn->handshake.hashes->sha512; - break; - case S2N_HASH_MD5_SHA1: - *hash_state = &conn->handshake.hashes->md5_sha1; - break; - default: - POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); - break; + case S2N_HASH_MD5: + *hash_state = &conn->handshake.hashes->md5; + break; + case S2N_HASH_SHA1: + *hash_state = &conn->handshake.hashes->sha1; + break; + case S2N_HASH_SHA224: + *hash_state = &conn->handshake.hashes->sha224; + break; + case S2N_HASH_SHA256: + *hash_state = &conn->handshake.hashes->sha256; + break; + case S2N_HASH_SHA384: + *hash_state = &conn->handshake.hashes->sha384; + break; + case S2N_HASH_SHA512: + *hash_state = &conn->handshake.hashes->sha512; + break; + case S2N_HASH_MD5_SHA1: + *hash_state = &conn->handshake.hashes->md5_sha1; + break; + default: + POSIX_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM); + break; } return S2N_SUCCESS; @@ -162,23 +159,22 @@ int s2n_conn_update_required_handshake_hashes(struct s2n_connection *conn) /* We don't need all of the hashes. Set the hash alg(s) required for the PRF */ switch (conn->actual_protocol_version) { - case S2N_SSLv3: - case S2N_TLS10: - case S2N_TLS11: - POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, S2N_HASH_MD5)); - POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, S2N_HASH_SHA1)); - break; - case S2N_TLS12: - /* fall through */ - case S2N_TLS13: - { - /* For TLS 1.2 and TLS 1.3, the cipher suite defines the PRF hash alg */ - s2n_hmac_algorithm prf_alg = conn->secure->cipher_suite->prf_alg; - s2n_hash_algorithm hash_alg; - POSIX_GUARD(s2n_hmac_hash_alg(prf_alg, &hash_alg)); - POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, hash_alg)); - break; - } + case S2N_SSLv3: + case S2N_TLS10: + case S2N_TLS11: + POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, S2N_HASH_MD5)); + POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, S2N_HASH_SHA1)); + break; + case S2N_TLS12: + /* fall through */ + case S2N_TLS13: { + /* For TLS 1.2 and TLS 1.3, the cipher suite defines the PRF hash alg */ + s2n_hmac_algorithm prf_alg = conn->secure->cipher_suite->prf_alg; + s2n_hash_algorithm hash_alg; + POSIX_GUARD(s2n_hmac_hash_alg(prf_alg, &hash_alg)); + POSIX_GUARD(s2n_handshake_require_hash(&conn->handshake, hash_alg)); + break; + } } return S2N_SUCCESS; @@ -267,9 +263,9 @@ int s2n_conn_find_name_matching_certs(struct s2n_connection *conn) /* Find the exact matches for the ServerName */ POSIX_GUARD(s2n_find_cert_matches(conn->config->domain_name_to_cert_map, - &normalized_name, - conn->handshake_params.exact_sni_matches, - &(conn->handshake_params.exact_sni_match_exists))); + &normalized_name, + conn->handshake_params.exact_sni_matches, + &(conn->handshake_params.exact_sni_match_exists))); if (!conn->handshake_params.exact_sni_match_exists) { /* We have not yet found an exact domain match. Try to find wildcard matches. */ @@ -288,17 +284,17 @@ int s2n_conn_find_name_matching_certs(struct s2n_connection *conn) /* The client's SNI is wildcardified, do an exact match against the set of server certs. */ wildcard_blob.size = wildcard_len; POSIX_GUARD(s2n_find_cert_matches(conn->config->domain_name_to_cert_map, - &wildcard_blob, - conn->handshake_params.wc_sni_matches, - &(conn->handshake_params.wc_sni_match_exists))); + &wildcard_blob, + conn->handshake_params.wc_sni_matches, + &(conn->handshake_params.wc_sni_match_exists))); } /* If we found a suitable cert, we should send back the ServerName extension. * Note that this may have already been set by the client hello callback, so we won't override its value */ conn->server_name_used = conn->server_name_used - || conn->handshake_params.exact_sni_match_exists - || conn->handshake_params.wc_sni_match_exists; + || conn->handshake_params.exact_sni_match_exists + || conn->handshake_params.wc_sni_match_exists; return S2N_SUCCESS; } @@ -313,7 +309,8 @@ struct s2n_cert_chain_and_key *s2n_get_compatible_cert_chain_and_key(struct s2n_ if (conn->handshake_params.exact_sni_match_exists) { /* This may return NULL if there was an SNI match, but not a match the cipher_suite's authentication type. */ return conn->handshake_params.exact_sni_matches[cert_type]; - } if (conn->handshake_params.wc_sni_match_exists) { + } + if (conn->handshake_params.wc_sni_match_exists) { return conn->handshake_params.wc_sni_matches[cert_type]; } else { /* We don't have any name matches. Use the default certificate that works with the key type. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_handshake.h index c417bcb2fd..5831afd9ac 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake.h @@ -16,26 +16,24 @@ #pragma once #include <stdint.h> -#include "api/s2n.h" +#include "api/s2n.h" +#include "crypto/s2n_certificate.h" +#include "crypto/s2n_hash.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_crypto.h" #include "tls/s2n_handshake_hashes.h" #include "tls/s2n_handshake_type.h" #include "tls/s2n_signature_algorithms.h" #include "tls/s2n_tls_parameters.h" -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_certificate.h" -#include "crypto/s2n_hash.h" - /* From RFC 8446: https://tools.ietf.org/html/rfc8446#appendix-B.3 */ -#define TLS_HELLO_REQUEST 0 -#define TLS_CLIENT_HELLO 1 -#define TLS_SERVER_HELLO 2 -#define TLS_SERVER_NEW_SESSION_TICKET 4 -#define TLS_END_OF_EARLY_DATA 5 -#define TLS_ENCRYPTED_EXTENSIONS 8 +#define TLS_HELLO_REQUEST 0 +#define TLS_CLIENT_HELLO 1 +#define TLS_SERVER_HELLO 2 +#define TLS_SERVER_NEW_SESSION_TICKET 4 +#define TLS_END_OF_EARLY_DATA 5 +#define TLS_ENCRYPTED_EXTENSIONS 8 #define TLS_CERTIFICATE 11 #define TLS_SERVER_KEY 12 #define TLS_CERT_REQ 13 @@ -47,11 +45,11 @@ #define TLS_SERVER_SESSION_LOOKUP 23 #define TLS_KEY_UPDATE 24 #define TLS_NPN 67 -#define TLS_MESSAGE_HASH 254 +#define TLS_MESSAGE_HASH 254 /* This is the list of message types that we support */ typedef enum { - CLIENT_HELLO=0, + CLIENT_HELLO = 0, SERVER_HELLO, SERVER_CERT, SERVER_NEW_SESSION_TICKET, @@ -176,16 +174,16 @@ struct s2n_handshake { struct s2n_offered_early_data early_data_async_state; /* Indicates the CLIENT_HELLO message has been completely received */ - unsigned client_hello_received:1; + unsigned client_hello_received : 1; /* Indicates the handshake blocked while trying to read or write data, and has been paused */ - unsigned paused:1; + unsigned paused : 1; /* Set to 1 if the RSA verification failed */ - unsigned rsa_failed:1; + unsigned rsa_failed : 1; /* Indicates that this is a renegotiation handshake */ - unsigned renegotiation:1; + unsigned renegotiation : 1; }; /* Only used in our test cases. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.c index 538c742215..591e2251f4 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.c @@ -101,7 +101,7 @@ S2N_RESULT s2n_handshake_hashes_new(struct s2n_handshake_hashes **hashes) DEFER_CLEANUP(struct s2n_blob data = { 0 }, s2n_free); RESULT_GUARD_POSIX(s2n_realloc(&data, sizeof(struct s2n_handshake_hashes))); RESULT_GUARD_POSIX(s2n_blob_zero(&data)); - *hashes = (struct s2n_handshake_hashes*)(void*) data.data; + *hashes = (struct s2n_handshake_hashes *) (void *) data.data; ZERO_TO_DISABLE_DEFER_CLEANUP(data); RESULT_GUARD(s2n_handshake_hashes_new_hashes(*hashes)); @@ -120,6 +120,6 @@ S2N_CLEANUP_RESULT s2n_handshake_hashes_free(struct s2n_handshake_hashes **hashe { RESULT_ENSURE_REF(hashes); RESULT_GUARD(s2n_handshake_hashes_free_hashes(*hashes)); - RESULT_GUARD_POSIX(s2n_free_object((uint8_t**) hashes, sizeof(struct s2n_handshake_hashes))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) hashes, sizeof(struct s2n_handshake_hashes))); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.h b/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.h index 22d157deb4..3011c6ef20 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.h +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_hashes.h @@ -16,7 +16,6 @@ #pragma once #include "api/s2n.h" - #include "crypto/s2n_hash.h" #include "crypto/s2n_tls13_keys.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c index fb7de64ae8..08656c98b1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c @@ -13,34 +13,29 @@ * permissions and limitations under the License. */ +#include <errno.h> #include <sys/param.h> -#include <errno.h> #include "api/s2n.h" - -#include "error/s2n_errno.h" - #include "crypto/s2n_fips.h" - +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_alerts.h" #include "tls/s2n_async_pkey.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" +#include "tls/s2n_kex.h" +#include "tls/s2n_post_handshake.h" #include "tls/s2n_record.h" #include "tls/s2n_resume.h" -#include "tls/s2n_alerts.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" #include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls13_key_schedule.h" -#include "tls/s2n_kex.h" -#include "tls/s2n_post_handshake.h" - -#include "stuffer/s2n_stuffer.h" - +#include "utils/s2n_bitmap.h" +#include "utils/s2n_random.h" #include "utils/s2n_safety.h" #include "utils/s2n_socket.h" -#include "utils/s2n_random.h" -#include "utils/s2n_bitmap.h" /* clang-format off */ struct s2n_handshake_action { @@ -805,9 +800,9 @@ static message_type_t tls13_handshakes[S2N_HANDSHAKES_COUNT][S2N_MAX_HANDSHAKE_L /* clang-format on */ #define MAX_HANDSHAKE_TYPE_LEN 142 -static char handshake_type_str[S2N_HANDSHAKES_COUNT][MAX_HANDSHAKE_TYPE_LEN] = {0}; +static char handshake_type_str[S2N_HANDSHAKES_COUNT][MAX_HANDSHAKE_TYPE_LEN] = { 0 }; -static const char* tls12_handshake_type_names[] = { +static const char *tls12_handshake_type_names[] = { "NEGOTIATED|", "FULL_HANDSHAKE|", "CLIENT_AUTH|", @@ -818,7 +813,7 @@ static const char* tls12_handshake_type_names[] = { "WITH_NPN|", }; -static const char* tls13_handshake_type_names[] = { +static const char *tls13_handshake_type_names[] = { "NEGOTIATED|", "FULL_HANDSHAKE|", "CLIENT_AUTH|", @@ -829,22 +824,24 @@ static const char* tls13_handshake_type_names[] = { "EARLY_CLIENT_CCS|", }; -#define IS_TLS13_HANDSHAKE( conn ) ((conn)->actual_protocol_version == S2N_TLS13) +#define IS_TLS13_HANDSHAKE(conn) ((conn)->actual_protocol_version == S2N_TLS13) -#define ACTIVE_STATE_MACHINE( conn ) (IS_TLS13_HANDSHAKE(conn) ? tls13_state_machine : state_machine) -#define ACTIVE_HANDSHAKES( conn ) (IS_TLS13_HANDSHAKE(conn) ? tls13_handshakes : handshakes) +#define ACTIVE_STATE_MACHINE(conn) (IS_TLS13_HANDSHAKE(conn) ? tls13_state_machine : state_machine) +#define ACTIVE_HANDSHAKES(conn) (IS_TLS13_HANDSHAKE(conn) ? tls13_handshakes : handshakes) -#define ACTIVE_MESSAGE( conn ) ACTIVE_HANDSHAKES(conn)[ (conn)->handshake.handshake_type ][ (conn)->handshake.message_number ] +#define ACTIVE_MESSAGE(conn) ACTIVE_HANDSHAKES(conn)[(conn)->handshake.handshake_type][(conn)->handshake.message_number] -#define ACTIVE_STATE( conn ) ACTIVE_STATE_MACHINE(conn)[ ACTIVE_MESSAGE( (conn) ) ] -#define CCS_STATE( conn ) (((conn)->mode == S2N_CLIENT) ? ACTIVE_STATE_MACHINE(conn)[SERVER_CHANGE_CIPHER_SPEC] \ - : ACTIVE_STATE_MACHINE(conn)[CLIENT_CHANGE_CIPHER_SPEC] ) +#define ACTIVE_STATE(conn) ACTIVE_STATE_MACHINE(conn)[ACTIVE_MESSAGE((conn))] -#define EXPECTED_RECORD_TYPE( conn ) ACTIVE_STATE( conn ).record_type -#define EXPECTED_MESSAGE_TYPE( conn ) ACTIVE_STATE( conn ).message_type +#define CCS_STATE(conn) (((conn)->mode == S2N_CLIENT) ? \ + ACTIVE_STATE_MACHINE(conn)[SERVER_CHANGE_CIPHER_SPEC] : \ + ACTIVE_STATE_MACHINE(conn)[CLIENT_CHANGE_CIPHER_SPEC]) -#define CONNECTION_WRITER( conn ) (conn->mode == S2N_CLIENT ? 'C' : 'S') -#define CONNECTION_IS_WRITER( conn ) (ACTIVE_STATE(conn).writer == CONNECTION_WRITER(conn)) +#define EXPECTED_RECORD_TYPE(conn) ACTIVE_STATE(conn).record_type +#define EXPECTED_MESSAGE_TYPE(conn) ACTIVE_STATE(conn).message_type + +#define CONNECTION_WRITER(conn) (conn->mode == S2N_CLIENT ? 'C' : 'S') +#define CONNECTION_IS_WRITER(conn) (ACTIVE_STATE(conn).writer == CONNECTION_WRITER(conn)) /* Only used in our test cases. */ message_type_t s2n_conn_get_current_message_type(struct s2n_connection *conn) @@ -862,9 +859,7 @@ static int s2n_advance_message(struct s2n_connection *conn) conn->handshake.message_number++; /* When reading and using TLS1.3, skip optional change_cipher_spec states. */ - if (ACTIVE_STATE(conn).writer != this_mode && - EXPECTED_RECORD_TYPE(conn) == TLS_CHANGE_CIPHER_SPEC && - IS_TLS13_HANDSHAKE(conn)) { + if (ACTIVE_STATE(conn).writer != this_mode && EXPECTED_RECORD_TYPE(conn) == TLS_CHANGE_CIPHER_SPEC && IS_TLS13_HANDSHAKE(conn)) { conn->handshake.message_number++; } @@ -942,9 +937,7 @@ int s2n_set_hello_retry_required(struct s2n_connection *conn) bool s2n_is_hello_retry_message(struct s2n_connection *conn) { - return (conn != NULL && - s2n_result_is_ok(s2n_handshake_validate(&(conn->handshake))) && - ACTIVE_MESSAGE(conn) == HELLO_RETRY_MSG); + return (conn != NULL && s2n_result_is_ok(s2n_handshake_validate(&(conn->handshake))) && ACTIVE_MESSAGE(conn) == HELLO_RETRY_MSG); } bool s2n_is_hello_retry_handshake(struct s2n_connection *conn) @@ -952,7 +945,8 @@ bool s2n_is_hello_retry_handshake(struct s2n_connection *conn) return IS_HELLO_RETRY_HANDSHAKE(conn); } -static S2N_RESULT s2n_conn_set_tls13_handshake_type(struct s2n_connection *conn) { +static S2N_RESULT s2n_conn_set_tls13_handshake_type(struct s2n_connection *conn) +{ RESULT_ENSURE_REF(conn); /* Most handshake type flags should be reset before we calculate the handshake type, @@ -1132,7 +1126,7 @@ const char *s2n_connection_get_handshake_type_name(struct s2n_connection *conn) return "INITIAL"; } - const char** handshake_type_names = tls13_handshake_type_names; + const char **handshake_type_names = tls13_handshake_type_names; size_t handshake_type_names_len = s2n_array_len(tls13_handshake_type_names); if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) { handshake_type_names = tls12_handshake_type_names; @@ -1190,14 +1184,14 @@ static int s2n_handshake_write_io(struct s2n_connection *conn) if (record_type == TLS_HANDSHAKE) { POSIX_GUARD(s2n_handshake_write_header(&conn->handshake.io, ACTIVE_STATE(conn).message_type)); } - POSIX_GUARD(ACTIVE_STATE(conn).handler[conn->mode] (conn)); + POSIX_GUARD(ACTIVE_STATE(conn).handler[conn->mode](conn)); if (record_type == TLS_HANDSHAKE) { POSIX_GUARD(s2n_handshake_finish_header(&conn->handshake.io)); } } /* Write the handshake data to records in fragment sized chunks */ - struct s2n_blob out = {0}; + struct s2n_blob out = { 0 }; while (s2n_stuffer_data_available(&conn->handshake.io) > 0) { uint16_t max_payload_size = 0; POSIX_GUARD_RESULT(s2n_record_max_write_payload_size(conn, &max_payload_size)); @@ -1287,7 +1281,7 @@ static int s2n_handshake_conn_update_hashes(struct s2n_connection *conn) POSIX_GUARD(s2n_stuffer_reread(&conn->handshake.io)); POSIX_GUARD_RESULT(s2n_handshake_parse_header(&conn->handshake.io, &message_type, &handshake_message_length)); - struct s2n_blob handshake_record = {0}; + struct s2n_blob handshake_record = { 0 }; handshake_record.data = conn->handshake.io.blob.data; handshake_record.size = TLS_HANDSHAKE_HEADER_LENGTH + handshake_message_length; POSIX_ENSURE_REF(handshake_record.data); @@ -1303,7 +1297,7 @@ static int s2n_handshake_handle_sslv2(struct s2n_connection *conn) S2N_ERROR_IF(ACTIVE_MESSAGE(conn) != CLIENT_HELLO, S2N_ERR_BAD_MESSAGE); /* Add the message to our handshake hashes */ - struct s2n_blob hashed = {.data = conn->header_in.blob.data + 2,.size = 3 }; + struct s2n_blob hashed = { .data = conn->header_in.blob.data + 2, .size = 3 }; POSIX_GUARD(s2n_conn_update_handshake_hashes(conn, &hashed)); hashed.data = conn->in.blob.data; @@ -1452,7 +1446,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn) S2N_ERROR_IF(s2n_stuffer_data_available(&conn->in) != 1, S2N_ERR_BAD_MESSAGE); POSIX_GUARD(s2n_stuffer_copy(&conn->in, &conn->handshake.io, s2n_stuffer_data_available(&conn->in))); - POSIX_GUARD(CCS_STATE(conn).handler[conn->mode] (conn)); + POSIX_GUARD(CCS_STATE(conn).handler[conn->mode](conn)); POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io)); /* We're done with the record, wipe it */ @@ -1531,7 +1525,7 @@ static int s2n_handshake_read_io(struct s2n_connection *conn) POSIX_ENSURE(!CONNECTION_IS_WRITER(conn), S2N_ERR_BAD_MESSAGE); /* Call the relevant handler */ - WITH_ERROR_BLINDING(conn, POSIX_GUARD(ACTIVE_STATE(conn).handler[conn->mode] (conn))); + WITH_ERROR_BLINDING(conn, POSIX_GUARD(ACTIVE_STATE(conn).handler[conn->mode](conn))); /* Advance the state machine */ POSIX_GUARD_RESULT(s2n_finish_read(conn)); @@ -1549,7 +1543,7 @@ static int s2n_handle_retry_state(struct s2n_connection *conn) * handler right away. We aren't going to read more handshake data yet or proceed * to the next handler because the current message has not finished processing. */ s2n_errno = S2N_ERR_OK; - const int r = ACTIVE_STATE(conn).handler[conn->mode] (conn); + const int r = ACTIVE_STATE(conn).handler[conn->mode](conn); if (r < S2N_SUCCESS && S2N_ERROR_IS_BLOCKING(s2n_errno)) { /* If the handler is still waiting for data, return control to the caller. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_transcript.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_transcript.c index d0eb448f41..5475a10ca6 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_transcript.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_transcript.c @@ -13,16 +13,14 @@ * permissions and limitations under the License. */ +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13_handshake.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_blob.h" /* Length of the synthetic message header */ -#define MESSAGE_HASH_HEADER_LENGTH 4 +#define MESSAGE_HASH_HEADER_LENGTH 4 int s2n_conn_update_handshake_hashes(struct s2n_connection *conn, struct s2n_blob *data) { @@ -45,8 +43,9 @@ int s2n_conn_update_handshake_hashes(struct s2n_connection *conn, struct s2n_blo POSIX_GUARD(s2n_hash_update(&hashes->sha1, data->data, data->size)); } - const uint8_t md5_sha1_required = (s2n_handshake_is_hash_required(&conn->handshake, S2N_HASH_MD5) && - s2n_handshake_is_hash_required(&conn->handshake, S2N_HASH_SHA1)); + const uint8_t md5_sha1_required = + (s2n_handshake_is_hash_required(&conn->handshake, S2N_HASH_MD5) + && s2n_handshake_is_hash_required(&conn->handshake, S2N_HASH_SHA1)); if (md5_sha1_required) { /* The MD5_SHA1 hash can still be used for TLS 1.0 and 1.1 in FIPS mode for @@ -91,7 +90,7 @@ int s2n_server_hello_retry_recreate_transcript(struct s2n_connection *conn) uint8_t hash_digest_length = keys.size; /* Create the MessageHash (our synthetic message) */ - uint8_t msghdr[MESSAGE_HASH_HEADER_LENGTH] = {0}; + uint8_t msghdr[MESSAGE_HASH_HEADER_LENGTH] = { 0 }; msghdr[0] = TLS_MESSAGE_HASH; msghdr[MESSAGE_HASH_HEADER_LENGTH - 1] = hash_digest_length; @@ -105,7 +104,7 @@ int s2n_server_hello_retry_recreate_transcript(struct s2n_connection *conn) POSIX_GUARD_RESULT(s2n_handshake_reset_hash_state(conn, keys.hash_algorithm)); /* Step 2: Update the transcript with the synthetic message */ - struct s2n_blob msg_blob = {0}; + struct s2n_blob msg_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&msg_blob, msghdr, MESSAGE_HASH_HEADER_LENGTH)); POSIX_GUARD(s2n_conn_update_handshake_hashes(conn, &msg_blob)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_type.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_type.c index 1ba27a3684..46d24ddaf3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_type.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_type.c @@ -13,8 +13,9 @@ * permissions and limitations under the License. */ -#include "tls/s2n_connection.h" #include "tls/s2n_handshake_type.h" + +#include "tls/s2n_connection.h" #include "utils/s2n_safety.h" S2N_RESULT s2n_handshake_type_set_flag(struct s2n_connection *conn, s2n_handshake_type_flag flag) diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_type.h b/contrib/restricted/aws/s2n/tls/s2n_handshake_type.h index 28199f8ef8..12cdc6810a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_type.h +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_type.h @@ -18,63 +18,63 @@ #include "utils/s2n_result.h" /* Maximum number of valid handshakes */ -#define S2N_HANDSHAKES_COUNT 256 +#define S2N_HANDSHAKES_COUNT 256 -#define IS_NEGOTIATED(conn) \ - ( s2n_handshake_type_check_flag(conn, NEGOTIATED) ) +#define IS_NEGOTIATED(conn) \ + (s2n_handshake_type_check_flag(conn, NEGOTIATED)) -#define IS_FULL_HANDSHAKE(conn) \ - ( s2n_handshake_type_check_flag(conn, FULL_HANDSHAKE) ) +#define IS_FULL_HANDSHAKE(conn) \ + (s2n_handshake_type_check_flag(conn, FULL_HANDSHAKE)) -#define IS_RESUMPTION_HANDSHAKE(conn) \ - ( !IS_FULL_HANDSHAKE(conn) && IS_NEGOTIATED(conn) ) +#define IS_RESUMPTION_HANDSHAKE(conn) \ + (!IS_FULL_HANDSHAKE(conn) && IS_NEGOTIATED(conn)) -#define IS_CLIENT_AUTH_HANDSHAKE(conn) \ - ( s2n_handshake_type_check_flag(conn, CLIENT_AUTH) ) +#define IS_CLIENT_AUTH_HANDSHAKE(conn) \ + (s2n_handshake_type_check_flag(conn, CLIENT_AUTH)) -#define IS_CLIENT_AUTH_NO_CERT(conn) \ - ( IS_CLIENT_AUTH_HANDSHAKE(conn) && s2n_handshake_type_check_flag(conn, NO_CLIENT_CERT) ) +#define IS_CLIENT_AUTH_NO_CERT(conn) \ + (IS_CLIENT_AUTH_HANDSHAKE(conn) && s2n_handshake_type_check_flag(conn, NO_CLIENT_CERT)) #define IS_TLS12_PERFECT_FORWARD_SECRECY_HANDSHAKE(conn) \ - ( s2n_handshake_type_check_tls12_flag(conn, TLS12_PERFECT_FORWARD_SECRECY) ) + (s2n_handshake_type_check_tls12_flag(conn, TLS12_PERFECT_FORWARD_SECRECY)) -#define IS_OCSP_STAPLED(conn) \ - ( s2n_handshake_type_check_tls12_flag(conn, OCSP_STATUS) ) +#define IS_OCSP_STAPLED(conn) \ + (s2n_handshake_type_check_tls12_flag(conn, OCSP_STATUS)) #define IS_ISSUING_NEW_SESSION_TICKET(conn) \ - ( s2n_handshake_type_check_tls12_flag(conn, WITH_SESSION_TICKET) ) + (s2n_handshake_type_check_tls12_flag(conn, WITH_SESSION_TICKET)) -#define IS_NPN_HANDSHAKE(conn) \ - ( s2n_handshake_type_check_tls12_flag(conn, WITH_NPN) ) +#define IS_NPN_HANDSHAKE(conn) \ + (s2n_handshake_type_check_tls12_flag(conn, WITH_NPN)) -#define IS_HELLO_RETRY_HANDSHAKE(conn) \ - ( s2n_handshake_type_check_tls13_flag(conn, HELLO_RETRY_REQUEST) ) +#define IS_HELLO_RETRY_HANDSHAKE(conn) \ + (s2n_handshake_type_check_tls13_flag(conn, HELLO_RETRY_REQUEST)) -#define IS_MIDDLEBOX_COMPAT_MODE(conn) \ - ( s2n_handshake_type_check_tls13_flag(conn, MIDDLEBOX_COMPAT) ) +#define IS_MIDDLEBOX_COMPAT_MODE(conn) \ + (s2n_handshake_type_check_tls13_flag(conn, MIDDLEBOX_COMPAT)) -#define WITH_EARLY_DATA(conn) \ - ( s2n_handshake_type_check_tls13_flag(conn, WITH_EARLY_DATA) ) +#define WITH_EARLY_DATA(conn) \ + (s2n_handshake_type_check_tls13_flag(conn, WITH_EARLY_DATA)) -#define WITH_EARLY_CLIENT_CCS(conn) \ - ( s2n_handshake_type_check_tls13_flag(conn, EARLY_CLIENT_CCS) ) +#define WITH_EARLY_CLIENT_CCS(conn) \ + (s2n_handshake_type_check_tls13_flag(conn, EARLY_CLIENT_CCS)) typedef enum { - INITIAL = 0, - NEGOTIATED = 1, - FULL_HANDSHAKE = 2, - CLIENT_AUTH = 4, - NO_CLIENT_CERT = 8, + INITIAL = 0, + NEGOTIATED = 1, + FULL_HANDSHAKE = 2, + CLIENT_AUTH = 4, + NO_CLIENT_CERT = 8, } s2n_handshake_type_flag; S2N_RESULT s2n_handshake_type_set_flag(struct s2n_connection *conn, s2n_handshake_type_flag flag); bool s2n_handshake_type_check_flag(struct s2n_connection *conn, s2n_handshake_type_flag flag); typedef enum { - TLS12_PERFECT_FORWARD_SECRECY = 16, - OCSP_STATUS = 32, - WITH_SESSION_TICKET = 64, - WITH_NPN = 128, + TLS12_PERFECT_FORWARD_SECRECY = 16, + OCSP_STATUS = 32, + WITH_SESSION_TICKET = 64, + WITH_NPN = 128, } s2n_tls12_handshake_type_flag; S2N_RESULT s2n_handshake_type_set_tls12_flag(struct s2n_connection *conn, s2n_tls12_handshake_type_flag flag); @@ -82,10 +82,10 @@ S2N_RESULT s2n_handshake_type_unset_tls12_flag(struct s2n_connection *conn, s2n_ bool s2n_handshake_type_check_tls12_flag(struct s2n_connection *conn, s2n_tls12_handshake_type_flag flag); typedef enum { - HELLO_RETRY_REQUEST = 16, - MIDDLEBOX_COMPAT = 32, - WITH_EARLY_DATA = 64, - EARLY_CLIENT_CCS = 128, + HELLO_RETRY_REQUEST = 16, + MIDDLEBOX_COMPAT = 32, + WITH_EARLY_DATA = 64, + EARLY_CLIENT_CCS = 128, } s2n_tls13_handshake_type_flag; S2N_RESULT s2n_handshake_type_set_tls13_flag(struct s2n_connection *conn, s2n_tls13_handshake_type_flag flag); diff --git a/contrib/restricted/aws/s2n/tls/s2n_internal.h b/contrib/restricted/aws/s2n/tls/s2n_internal.h index 5728188f30..111231397d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_internal.h +++ b/contrib/restricted/aws/s2n/tls/s2n_internal.h @@ -16,12 +16,11 @@ #pragma once #if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS) -# define S2N_PRIVATE_API __attribute__((visibility("default"))) + #define S2N_PRIVATE_API __attribute__((visibility("default"))) #else -# define S2N_PRIVATE_API + #define S2N_PRIVATE_API #endif /* __GNUC__ >= 4 || defined(__clang__) */ - #include <stdint.h> /* @@ -44,8 +43,7 @@ struct s2n_connection; * Caution: A config can be associated with multiple connections and should not be * modified after it has been built. Doing so is undefined behavior. */ -S2N_PRIVATE_API -extern int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); +S2N_PRIVATE_API extern int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); /* * Enable polling the async client_hello callback to make progress. @@ -53,5 +51,4 @@ extern int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_con * `s2n_negotiate` must be called multiple times to poll the callback function * and make progress. */ -S2N_PRIVATE_API -extern int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config); +S2N_PRIVATE_API extern int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.c b/contrib/restricted/aws/s2n/tls/s2n_kem.c index affe9e02c4..d1411baea2 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.c @@ -26,33 +26,33 @@ /* The KEM IDs and names come from https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ const struct s2n_kem s2n_kyber_512_r3 = { - .name = "kyber512r3", - .kem_extension_id = TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3, - .public_key_length = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES, - .private_key_length = S2N_KYBER_512_R3_SECRET_KEY_BYTES, - .shared_secret_key_length = S2N_KYBER_512_R3_SHARED_SECRET_BYTES, - .ciphertext_length = S2N_KYBER_512_R3_CIPHERTEXT_BYTES, -#if defined (S2N_LIBCRYPTO_SUPPORTS_KYBER512) - .generate_keypair = &s2n_kyber_512_evp_generate_keypair, - .encapsulate = &s2n_kyber_512_evp_encapsulate, - .decapsulate = &s2n_kyber_512_evp_decapsulate, + .name = "kyber512r3", + .kem_extension_id = TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3, + .public_key_length = S2N_KYBER_512_R3_PUBLIC_KEY_BYTES, + .private_key_length = S2N_KYBER_512_R3_SECRET_KEY_BYTES, + .shared_secret_key_length = S2N_KYBER_512_R3_SHARED_SECRET_BYTES, + .ciphertext_length = S2N_KYBER_512_R3_CIPHERTEXT_BYTES, +#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER512) + .generate_keypair = &s2n_kyber_512_evp_generate_keypair, + .encapsulate = &s2n_kyber_512_evp_encapsulate, + .decapsulate = &s2n_kyber_512_evp_decapsulate, #else - .generate_keypair = &s2n_kyber_512_r3_crypto_kem_keypair, - .encapsulate = &s2n_kyber_512_r3_crypto_kem_enc, - .decapsulate = &s2n_kyber_512_r3_crypto_kem_dec, + .generate_keypair = &s2n_kyber_512_r3_crypto_kem_keypair, + .encapsulate = &s2n_kyber_512_r3_crypto_kem_enc, + .decapsulate = &s2n_kyber_512_r3_crypto_kem_dec, #endif }; const struct s2n_kem *kyber_kems[] = { - &s2n_kyber_512_r3, + &s2n_kyber_512_r3, }; const struct s2n_iana_to_kem kem_mapping[3] = { - { + { .iana_value = { TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 }, .kems = kyber_kems, .kem_count = s2n_array_len(kyber_kems), - } + } }; /* Specific assignments of KEM group IDs and names have not yet been @@ -68,42 +68,38 @@ const struct s2n_iana_to_kem kem_mapping[3] = { * || size of PQ key share (2 bytes) * || PQ key share (variable bytes) */ const struct s2n_kem_group s2n_secp256r1_kyber_512_r3 = { - .name = "secp256r1_kyber-512-r3", - .iana_id = TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3, - .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + - (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), - .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + - (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), - .curve = &s2n_ecc_curve_secp256r1, - .kem = &s2n_kyber_512_r3, + .name = "secp256r1_kyber-512-r3", + .iana_id = TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3, + .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), + .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + SECP256R1_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), + .curve = &s2n_ecc_curve_secp256r1, + .kem = &s2n_kyber_512_r3, }; #if EVP_APIS_SUPPORTED const struct s2n_kem_group s2n_x25519_kyber_512_r3 = { - .name = "x25519_kyber-512-r3", - .iana_id = TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3, - .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + - (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), - .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + - (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), - .curve = &s2n_ecc_curve_x25519, - .kem = &s2n_kyber_512_r3, + .name = "x25519_kyber-512-r3", + .iana_id = TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3, + .client_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_PUBLIC_KEY_BYTES), + .server_share_size = (S2N_SIZE_OF_KEY_SHARE_SIZE + X25519_SHARE_SIZE) + (S2N_SIZE_OF_KEY_SHARE_SIZE + S2N_KYBER_512_R3_CIPHERTEXT_BYTES), + .curve = &s2n_ecc_curve_x25519, + .kem = &s2n_kyber_512_r3, }; #else const struct s2n_kem_group s2n_x25519_kyber_512_r3 = { 0 }; #endif -const struct s2n_kem_group* ALL_SUPPORTED_KEM_GROUPS[S2N_SUPPORTED_KEM_GROUPS_COUNT] = { - &s2n_secp256r1_kyber_512_r3, +const struct s2n_kem_group *ALL_SUPPORTED_KEM_GROUPS[S2N_SUPPORTED_KEM_GROUPS_COUNT] = { + &s2n_secp256r1_kyber_512_r3, /* x25519 based tls13_kem_groups require EVP_APIS_SUPPORTED */ #if EVP_APIS_SUPPORTED - &s2n_x25519_kyber_512_r3, + &s2n_x25519_kyber_512_r3, #endif }; /* Helper safety macro to call the NIST PQ KEM functions. The NIST * functions may return any non-zero value to indicate failure. */ -#define GUARD_PQ_AS_RESULT(x) RESULT_ENSURE((x) == 0, S2N_ERR_PQ_CRYPTO) +#define GUARD_PQ_AS_RESULT(x) RESULT_ENSURE((x) == 0, S2N_ERR_PQ_CRYPTO) S2N_RESULT s2n_kem_generate_keypair(struct s2n_kem_params *kem_params) { @@ -165,7 +161,8 @@ S2N_RESULT s2n_kem_decapsulate(struct s2n_kem_params *kem_params, const struct s } static int s2n_kem_check_kem_compatibility(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_kem *candidate_kem, - uint8_t *kem_is_compatible) { + uint8_t *kem_is_compatible) +{ const struct s2n_iana_to_kem *compatible_kems = NULL; POSIX_GUARD(s2n_cipher_suite_to_kem(iana_value, &compatible_kems)); @@ -181,8 +178,9 @@ static int s2n_kem_check_kem_compatibility(const uint8_t iana_value[S2N_TLS_CIPH } int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], struct s2n_blob *client_kem_ids, - const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) { - struct s2n_stuffer client_kem_ids_stuffer = {0}; + const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) +{ + struct s2n_stuffer client_kem_ids_stuffer = { 0 }; POSIX_GUARD(s2n_stuffer_init(&client_kem_ids_stuffer, client_kem_ids)); POSIX_GUARD(s2n_stuffer_write(&client_kem_ids_stuffer, client_kem_ids)); @@ -216,7 +214,8 @@ int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_S } int s2n_choose_kem_without_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_kem *server_kem_pref_list[], - const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) { + const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem) +{ for (uint8_t i = 0; i < num_server_supported_kems; i++) { uint8_t kem_is_compatible = 0; POSIX_GUARD(s2n_kem_check_kem_compatibility(iana_value, server_kem_pref_list[i], &kem_is_compatible)); @@ -240,7 +239,8 @@ int s2n_kem_free(struct s2n_kem_params *kem_params) return S2N_SUCCESS; } -int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params) { +int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params) +{ if (kem_group_params != NULL) { POSIX_GUARD(s2n_kem_free(&kem_group_params->kem_params)); POSIX_GUARD(s2n_ecc_evp_params_free(&kem_group_params->ecc_params)); @@ -248,7 +248,8 @@ int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params) { return S2N_SUCCESS; } -int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_iana_to_kem **compatible_params) { +int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_iana_to_kem **compatible_params) +{ for (int i = 0; i < s2n_array_len(kem_mapping); i++) { const struct s2n_iana_to_kem *candidate = &kem_mapping[i]; if (memcmp(iana_value, candidate->iana_value, S2N_TLS_CIPHER_SUITE_LEN) == 0) { @@ -259,7 +260,8 @@ int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); } -int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem) { +int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem) +{ for (int i = 0; i < s2n_array_len(kem_mapping); i++) { const struct s2n_iana_to_kem *iana_to_kem = &kem_mapping[i]; @@ -275,7 +277,8 @@ int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_ke POSIX_BAIL(S2N_ERR_KEM_UNSUPPORTED_PARAMS); } -int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params) { +int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params) +{ POSIX_ENSURE_REF(out); POSIX_ENSURE_REF(kem_params); POSIX_ENSURE_REF(kem_params->kem); @@ -303,7 +306,8 @@ int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_ return S2N_SUCCESS; } -int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params) { +int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params) +{ POSIX_ENSURE_REF(in); POSIX_ENSURE_REF(kem_params); POSIX_ENSURE_REF(kem_params->kem); @@ -322,7 +326,8 @@ int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_p return S2N_SUCCESS; } -int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params) { +int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params) +{ POSIX_ENSURE_REF(out); POSIX_ENSURE_REF(kem_params); POSIX_ENSURE_REF(kem_params->kem); @@ -333,7 +338,7 @@ int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_ POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->ciphertext_length)); /* Ciphertext will get written to *out */ - struct s2n_blob ciphertext = {.data = s2n_stuffer_raw_write(out, kem->ciphertext_length), .size = kem->ciphertext_length}; + struct s2n_blob ciphertext = { .data = s2n_stuffer_raw_write(out, kem->ciphertext_length), .size = kem->ciphertext_length }; POSIX_ENSURE_REF(ciphertext.data); /* Saves the shared secret in kem_params */ @@ -342,7 +347,8 @@ int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_ return S2N_SUCCESS; } -int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_params) { +int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_params) +{ POSIX_ENSURE_REF(in); POSIX_ENSURE_REF(kem_params); POSIX_ENSURE_REF(kem_params->kem); @@ -354,7 +360,7 @@ int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_p POSIX_GUARD(s2n_stuffer_read_uint16(in, &ciphertext_length)); S2N_ERROR_IF(ciphertext_length != kem->ciphertext_length, S2N_ERR_BAD_MESSAGE); - const struct s2n_blob ciphertext = {.data = s2n_stuffer_raw_read(in, ciphertext_length), .size = ciphertext_length}; + const struct s2n_blob ciphertext = { .data = s2n_stuffer_raw_read(in, ciphertext_length), .size = ciphertext_length }; POSIX_ENSURE_REF(ciphertext.data); /* Saves the shared secret in kem_params */ @@ -367,7 +373,16 @@ int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_p /* If S2N_NO_PQ was defined at compile time, the PQ KEM code will have been entirely excluded * from compilation. We define stubs of these functions here to error if they are called. */ /* kyber512r3 */ -int s2n_kyber_512_r3_crypto_kem_keypair(OUT uint8_t *pk, OUT uint8_t *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } -int s2n_kyber_512_r3_crypto_kem_enc(OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } -int s2n_kyber_512_r3_crypto_kem_dec(OUT uint8_t *ss, IN const uint8_t *ct, IN const uint8_t *sk) { POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); } +int s2n_kyber_512_r3_crypto_kem_keypair(OUT uint8_t *pk, OUT uint8_t *sk) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} +int s2n_kyber_512_r3_crypto_kem_enc(OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} +int s2n_kyber_512_r3_crypto_kem_dec(OUT uint8_t *ss, IN const uint8_t *ct, IN const uint8_t *sk) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} #endif diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.h b/contrib/restricted/aws/s2n/tls/s2n_kem.h index 44f16ecc72..17ec8fe105 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.h @@ -16,10 +16,11 @@ #pragma once #include <stdint.h> + +#include "crypto/s2n_ecc_evp.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_crypto_constants.h" #include "utils/s2n_blob.h" -#include "stuffer/s2n_stuffer.h" -#include "crypto/s2n_ecc_evp.h" typedef uint16_t kem_extension_size; typedef uint16_t kem_public_key_size; @@ -27,7 +28,7 @@ typedef uint16_t kem_private_key_size; typedef uint16_t kem_shared_secret_size; typedef uint16_t kem_ciphertext_key_size; -#define IN /* Indicates a necessary function input */ +#define IN /* Indicates a necessary function input */ #define OUT /* Indicates a function output */ struct s2n_kem { @@ -75,12 +76,12 @@ extern const struct s2n_kem s2n_kyber_512_r3; /* x25519 based tls13_kem_groups require EVP_APIS_SUPPORTED */ #if EVP_APIS_SUPPORTED -#define S2N_SUPPORTED_KEM_GROUPS_COUNT 2 + #define S2N_SUPPORTED_KEM_GROUPS_COUNT 2 #else -#define S2N_SUPPORTED_KEM_GROUPS_COUNT 1 + #define S2N_SUPPORTED_KEM_GROUPS_COUNT 1 #endif -extern const struct s2n_kem_group* ALL_SUPPORTED_KEM_GROUPS[S2N_SUPPORTED_KEM_GROUPS_COUNT]; +extern const struct s2n_kem_group *ALL_SUPPORTED_KEM_GROUPS[S2N_SUPPORTED_KEM_GROUPS_COUNT]; /* secp256r1 KEM Groups */ extern const struct s2n_kem_group s2n_secp256r1_kyber_512_r3; @@ -131,9 +132,9 @@ extern int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params /* sikep503r1 */ /* kyber512r3 */ -#define S2N_KYBER_512_R3_PUBLIC_KEY_BYTES 800 -#define S2N_KYBER_512_R3_SECRET_KEY_BYTES 1632 -#define S2N_KYBER_512_R3_CIPHERTEXT_BYTES 768 +#define S2N_KYBER_512_R3_PUBLIC_KEY_BYTES 800 +#define S2N_KYBER_512_R3_SECRET_KEY_BYTES 1632 +#define S2N_KYBER_512_R3_CIPHERTEXT_BYTES 768 #define S2N_KYBER_512_R3_SHARED_SECRET_BYTES 32 int s2n_kyber_512_r3_crypto_kem_keypair(OUT uint8_t *pk, OUT uint8_t *sk); int s2n_kyber_512_r3_crypto_kem_enc(OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk); diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c index 735b6f3cc6..e217fd4373 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.c @@ -22,9 +22,9 @@ const struct s2n_kem *pq_kems_r3_2021_05[1] = { const struct s2n_kem_group *pq_kem_groups_r3[] = { #if EVP_APIS_SUPPORTED - &s2n_x25519_kyber_512_r3, + &s2n_x25519_kyber_512_r3, #endif - &s2n_secp256r1_kyber_512_r3, + &s2n_secp256r1_kyber_512_r3, }; const struct s2n_kem_preferences kem_preferences_pq_tls_1_0_2021_05 = { @@ -43,7 +43,8 @@ const struct s2n_kem_preferences kem_preferences_null = { /* Determines if query_iana_id corresponds to a tls13_kem_group for these KEM preferences. */ bool s2n_kem_preferences_includes_tls13_kem_group(const struct s2n_kem_preferences *kem_preferences, - uint16_t query_iana_id) { + uint16_t query_iana_id) +{ if (kem_preferences == NULL) { return false; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h index 1f994789d5..8bafa6d246 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem_preferences.h @@ -16,6 +16,7 @@ #pragma once #include <stdbool.h> + #include "tls/s2n_kem.h" #include "tls/s2n_kex.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_kex.c b/contrib/restricted/aws/s2n/tls/s2n_kex.c index d4429ad2f8..0e5a80d8bf 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kex.c +++ b/contrib/restricted/aws/s2n/tls/s2n_kex.c @@ -14,6 +14,7 @@ */ #include "tls/s2n_kex.h" + #include "pq-crypto/s2n_pq.h" #include "tls/s2n_cipher_preferences.h" #include "tls/s2n_cipher_suites.h" @@ -89,14 +90,16 @@ static S2N_RESULT s2n_check_kem(const struct s2n_cipher_suite *cipher_suite, str const struct s2n_kem *chosen_kem = NULL; if (client_kem_pref_list == NULL || client_kem_pref_list->data == NULL) { /* If the client did not send a PQ KEM extension, then the server can pick its preferred parameter */ - if (s2n_choose_kem_without_peer_pref_list(cipher_suite->iana_value, kem_preferences->kems, - kem_preferences->kem_count, &chosen_kem) != S2N_SUCCESS) { + if (s2n_choose_kem_without_peer_pref_list( + cipher_suite->iana_value, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem) + != S2N_SUCCESS) { return S2N_RESULT_OK; } } else { /* If the client did send a PQ KEM extension, then the server must find a mutually supported parameter. */ - if (s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, client_kem_pref_list, kem_preferences->kems, - kem_preferences->kem_count, &chosen_kem) != S2N_SUCCESS) { + if (s2n_choose_kem_with_peer_pref_list( + cipher_suite->iana_value, client_kem_pref_list, kem_preferences->kems, kem_preferences->kem_count, &chosen_kem) + != S2N_SUCCESS) { return S2N_RESULT_OK; } } diff --git a/contrib/restricted/aws/s2n/tls/s2n_kex.h b/contrib/restricted/aws/s2n/tls/s2n_kex.h index e65392cce7..436123964c 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kex.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kex.h @@ -16,6 +16,7 @@ #pragma once #include <stdint.h> + #include "tls/s2n_connection.h" #include "tls/s2n_kex_data.h" #include "utils/s2n_result.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_log.c b/contrib/restricted/aws/s2n/tls/s2n_key_log.c index d8eb3dd465..ec2ea3cb6c 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_key_log.c +++ b/contrib/restricted/aws/s2n/tls/s2n_key_log.c @@ -114,11 +114,10 @@ S2N_RESULT s2n_key_log_tls13_secret(struct s2n_connection *conn, const struct s2 return S2N_RESULT_OK; } - const uint8_t len - = label_size - + S2N_TLS_RANDOM_DATA_LEN * HEX_ENCODING_SIZE - + 1 /* SPACE */ - + secret->size * HEX_ENCODING_SIZE; + const uint8_t len = label_size + + S2N_TLS_RANDOM_DATA_LEN * HEX_ENCODING_SIZE + + 1 /* SPACE */ + + secret->size * HEX_ENCODING_SIZE; DEFER_CLEANUP(struct s2n_stuffer output, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_alloc(&output, len)); @@ -150,11 +149,10 @@ S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn) const uint8_t label[] = "CLIENT_RANDOM "; const uint8_t label_size = sizeof(label) - 1; - const uint8_t len - = label_size - + S2N_TLS_RANDOM_DATA_LEN * HEX_ENCODING_SIZE - + 1 /* SPACE */ - + S2N_TLS_SECRET_LEN * HEX_ENCODING_SIZE; + const uint8_t len = label_size + + S2N_TLS_RANDOM_DATA_LEN * HEX_ENCODING_SIZE + + 1 /* SPACE */ + + S2N_TLS_SECRET_LEN * HEX_ENCODING_SIZE; DEFER_CLEANUP(struct s2n_stuffer output, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_alloc(&output, len)); @@ -171,4 +169,3 @@ S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn) return S2N_RESULT_OK; } - diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_log.h b/contrib/restricted/aws/s2n/tls/s2n_key_log.h index d804d21c4c..02d39a8e70 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_key_log.h +++ b/contrib/restricted/aws/s2n/tls/s2n_key_log.h @@ -24,4 +24,3 @@ S2N_RESULT s2n_key_log_hex_encode(struct s2n_stuffer *output, uint8_t *bytes, size_t len); S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn); S2N_RESULT s2n_key_log_tls13_secret(struct s2n_connection *conn, const struct s2n_blob *secret, s2n_secret_type_t secret_type); - diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_update.c b/contrib/restricted/aws/s2n/tls/s2n_key_update.c index 92d5509788..355f908c36 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_key_update.c +++ b/contrib/restricted/aws/s2n/tls/s2n_key_update.c @@ -13,21 +13,18 @@ * permissions and limitations under the License. */ -#include "error/s2n_errno.h" +#include "tls/s2n_key_update.h" +#include "crypto/s2n_sequence.h" +#include "error/s2n_errno.h" #include "tls/s2n_connection.h" -#include "tls/s2n_key_update.h" -#include "tls/s2n_tls13_handshake.h" #include "tls/s2n_record.h" #include "tls/s2n_tls.h" - -#include "crypto/s2n_sequence.h" - +#include "tls/s2n_tls13_handshake.h" #include "utils/s2n_safety.h" int s2n_key_update_write(struct s2n_blob *out); -int s2n_check_record_limit(struct s2n_connection *conn, struct s2n_blob *sequence_number); - +int s2n_check_record_limit(struct s2n_connection *conn, struct s2n_blob *sequence_number); int s2n_key_update_recv(struct s2n_connection *conn, struct s2n_stuffer *request) { @@ -42,7 +39,7 @@ int s2n_key_update_recv(struct s2n_connection *conn, struct s2n_stuffer *request conn->key_update_pending = key_update_request; /* Update peer's key since a key_update was received */ - if (conn->mode == S2N_CLIENT){ + if (conn->mode == S2N_CLIENT) { POSIX_GUARD(s2n_update_application_traffic_keys(conn, S2N_SERVER, RECEIVING)); } else { POSIX_GUARD(s2n_update_application_traffic_keys(conn, S2N_CLIENT, RECEIVING)); @@ -51,12 +48,12 @@ int s2n_key_update_recv(struct s2n_connection *conn, struct s2n_stuffer *request return S2N_SUCCESS; } -int s2n_key_update_send(struct s2n_connection *conn, s2n_blocked_status *blocked) +int s2n_key_update_send(struct s2n_connection *conn, s2n_blocked_status *blocked) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); - struct s2n_blob sequence_number = {0}; + struct s2n_blob sequence_number = { 0 }; if (conn->mode == S2N_CLIENT) { POSIX_GUARD(s2n_blob_init(&sequence_number, conn->secure->client_sequence_number, S2N_TLS_SEQUENCE_NUM_LEN)); } else { @@ -76,14 +73,14 @@ int s2n_key_update_send(struct s2n_connection *conn, s2n_blocked_status *blocked POSIX_GUARD(s2n_flush(conn, blocked)); uint8_t key_update_data[S2N_KEY_UPDATE_MESSAGE_SIZE]; - struct s2n_blob key_update_blob = {0}; + struct s2n_blob key_update_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&key_update_blob, key_update_data, sizeof(key_update_data))); /* Write key update message */ POSIX_GUARD(s2n_key_update_write(&key_update_blob)); /* Encrypt the message */ - POSIX_GUARD(s2n_record_write(conn, TLS_HANDSHAKE, &key_update_blob)); + POSIX_GUARD(s2n_record_write(conn, TLS_HANDSHAKE, &key_update_blob)); /* Update encryption key */ POSIX_GUARD(s2n_update_application_traffic_keys(conn, conn->mode, SENDING)); @@ -99,7 +96,7 @@ int s2n_key_update_write(struct s2n_blob *out) { POSIX_ENSURE_REF(out); - struct s2n_stuffer key_update_stuffer = {0}; + struct s2n_stuffer key_update_stuffer = { 0 }; POSIX_GUARD(s2n_stuffer_init(&key_update_stuffer, out)); POSIX_GUARD(s2n_stuffer_write_uint8(&key_update_stuffer, TLS_KEY_UPDATE)); POSIX_GUARD(s2n_stuffer_write_uint24(&key_update_stuffer, S2N_KEY_UPDATE_LENGTH)); @@ -137,4 +134,3 @@ int s2n_check_record_limit(struct s2n_connection *conn, struct s2n_blob *sequenc return S2N_SUCCESS; } - diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_update.h b/contrib/restricted/aws/s2n/tls/s2n_key_update.h index 859cd11506..2b787f0848 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_key_update.h +++ b/contrib/restricted/aws/s2n/tls/s2n_key_update.h @@ -17,16 +17,16 @@ #include "tls/s2n_connection.h" -#define S2N_KEY_UPDATE_MESSAGE_SIZE 5 -#define S2N_KEY_UPDATE_LENGTH 1 +#define S2N_KEY_UPDATE_MESSAGE_SIZE 5 +#define S2N_KEY_UPDATE_LENGTH 1 typedef enum { - SENDING=0, + SENDING = 0, RECEIVING } keyupdate_status; typedef enum { - S2N_KEY_UPDATE_NOT_REQUESTED=0, + S2N_KEY_UPDATE_NOT_REQUESTED = 0, S2N_KEY_UPDATE_REQUESTED } keyupdate_request; diff --git a/contrib/restricted/aws/s2n/tls/s2n_next_protocol.c b/contrib/restricted/aws/s2n/tls/s2n_next_protocol.c index bfe3ee4043..5b2ccfb0e8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_next_protocol.c +++ b/contrib/restricted/aws/s2n/tls/s2n_next_protocol.c @@ -14,9 +14,9 @@ */ #include "error/s2n_errno.h" -#include "utils/s2n_safety.h" #include "stuffer/s2n_stuffer.h" #include "tls/s2n_tls.h" +#include "utils/s2n_safety.h" S2N_RESULT s2n_calculate_padding(uint8_t protocol_len, uint8_t *padding_len) { @@ -26,18 +26,18 @@ S2N_RESULT s2n_calculate_padding(uint8_t protocol_len, uint8_t *padding_len) *= https://datatracker.ietf.org/doc/id/draft-agl-tls-nextprotoneg-03#section-3 *# The length of "padding" SHOULD be 32 - ((len(selected_protocol) + 2) % 32). */ - *padding_len = 32 - (((uint16_t)protocol_len + 2) % 32); + *padding_len = 32 - (((uint16_t) protocol_len + 2) % 32); return S2N_RESULT_OK; } S2N_RESULT s2n_write_npn_protocol(struct s2n_connection *conn, struct s2n_stuffer *out) -{ +{ RESULT_ENSURE_REF(conn); - + uint8_t protocol_len = strlen(conn->application_protocol); RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(out, protocol_len)); - RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(out, (uint8_t*) conn->application_protocol, protocol_len)); - + RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(out, (uint8_t *) conn->application_protocol, protocol_len)); + uint8_t padding_len = 0; RESULT_GUARD(s2n_calculate_padding(protocol_len, &padding_len)); RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(out, padding_len)); @@ -49,7 +49,7 @@ S2N_RESULT s2n_write_npn_protocol(struct s2n_connection *conn, struct s2n_stuffe } S2N_RESULT s2n_read_npn_protocol(struct s2n_connection *conn, struct s2n_stuffer *in) -{ +{ RESULT_ENSURE_REF(conn); uint8_t protocol_len = 0; diff --git a/contrib/restricted/aws/s2n/tls/s2n_ocsp_stapling.c b/contrib/restricted/aws/s2n/tls/s2n_ocsp_stapling.c index 441fdff27e..aef15748eb 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_ocsp_stapling.c +++ b/contrib/restricted/aws/s2n/tls/s2n_ocsp_stapling.c @@ -16,13 +16,12 @@ #include <strings.h> #include "error/s2n_errno.h" - +#include "tls/extensions/s2n_server_certificate_status.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_config.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_x509_validator.h" -#include "tls/extensions/s2n_server_certificate_status.h" #include "utils/s2n_safety.h" int s2n_server_status_send(struct s2n_connection *conn) diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c index 52ba7ca389..5b78e129c1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.c @@ -16,7 +16,6 @@ #include <sys/param.h> #include "error/s2n_errno.h" - #include "tls/s2n_connection.h" #include "tls/s2n_key_update.h" #include "tls/s2n_tls.h" @@ -161,7 +160,7 @@ S2N_RESULT s2n_post_handshake_message_recv(struct s2n_connection *conn) S2N_RESULT s2n_post_handshake_recv(struct s2n_connection *conn) { RESULT_ENSURE_REF(conn); - while(s2n_stuffer_data_available(&conn->in)) { + while (s2n_stuffer_data_available(&conn->in)) { RESULT_GUARD(s2n_post_handshake_message_recv(conn)); RESULT_GUARD_POSIX(s2n_stuffer_wipe(&conn->post_handshake.in)); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_prf.c b/contrib/restricted/aws/s2n/tls/s2n_prf.c index df33d330cf..9f7e7b3aef 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_prf.c +++ b/contrib/restricted/aws/s2n/tls/s2n_prf.c @@ -13,29 +13,26 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/s2n_prf.h" + #include <openssl/hmac.h> #include <openssl/md5.h> #include <openssl/sha.h> #include <string.h> +#include <sys/param.h> +#include "crypto/s2n_fips.h" +#include "crypto/s2n_hash.h" +#include "crypto/s2n_hmac.h" +#include "crypto/s2n_openssl.h" #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_prf.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_hmac.h" -#include "crypto/s2n_hash.h" -#include "crypto/s2n_openssl.h" -#include "crypto/s2n_fips.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" #include "utils/s2n_mem.h" +#include "utils/s2n_safety.h" static int s2n_sslv3_prf(struct s2n_connection *conn, struct s2n_blob *secret, struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c, struct s2n_blob *out) @@ -99,7 +96,8 @@ static int s2n_sslv3_prf(struct s2n_connection *conn, struct s2n_blob *secret, s return 0; } -static int s2n_init_md_from_hmac_alg(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg){ +static int s2n_init_md_from_hmac_alg(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg) +{ switch (alg) { case S2N_HMAC_SSLv3_MD5: case S2N_HMAC_MD5: @@ -139,14 +137,14 @@ static int s2n_evp_pkey_p_hash_digest_init(struct s2n_prf_working_space *ws) POSIX_ENSURE_REF(ws->p_hash.evp_hmac.evp_digest.md); POSIX_ENSURE_REF(ws->p_hash.evp_hmac.evp_digest.ctx); POSIX_ENSURE_REF(ws->p_hash.evp_hmac.ctx.evp_pkey); - + /* Ignore the MD5 check when in FIPS mode to comply with the TLS 1.0 RFC */ if (s2n_is_in_fips_mode()) { POSIX_GUARD(s2n_digest_allow_md5_for_fips(&ws->p_hash.evp_hmac.evp_digest)); } POSIX_GUARD_OSSL(EVP_DigestSignInit(ws->p_hash.evp_hmac.evp_digest.ctx, NULL, ws->p_hash.evp_hmac.evp_digest.md, NULL, ws->p_hash.evp_hmac.ctx.evp_pkey), - S2N_ERR_P_HASH_INIT_FAILED); + S2N_ERR_P_HASH_INIT_FAILED); return 0; } @@ -165,7 +163,7 @@ static int s2n_evp_pkey_p_hash_init(struct s2n_prf_working_space *ws, s2n_hmac_a static int s2n_evp_pkey_p_hash_update(struct s2n_prf_working_space *ws, const void *data, uint32_t size) { - POSIX_GUARD_OSSL(EVP_DigestSignUpdate(ws->p_hash.evp_hmac.evp_digest.ctx, data, (size_t)size), S2N_ERR_P_HASH_UPDATE_FAILED); + POSIX_GUARD_OSSL(EVP_DigestSignUpdate(ws->p_hash.evp_hmac.evp_digest.ctx, data, (size_t) size), S2N_ERR_P_HASH_UPDATE_FAILED); return 0; } @@ -175,7 +173,7 @@ static int s2n_evp_pkey_p_hash_final(struct s2n_prf_working_space *ws, void *dig /* EVP_DigestSign API's require size_t data structures */ size_t digest_size = size; - POSIX_GUARD_OSSL(EVP_DigestSignFinal(ws->p_hash.evp_hmac.evp_digest.ctx, (unsigned char *)digest, &digest_size), S2N_ERR_P_HASH_FINAL_FAILED); + POSIX_GUARD_OSSL(EVP_DigestSignFinal(ws->p_hash.evp_hmac.evp_digest.ctx, (unsigned char *) digest, &digest_size), S2N_ERR_P_HASH_FINAL_FAILED); return 0; } @@ -251,7 +249,7 @@ static int s2n_evp_hmac_p_hash_init(struct s2n_prf_working_space *ws, s2n_hmac_a static int s2n_evp_hmac_p_hash_update(struct s2n_prf_working_space *ws, const void *data, uint32_t size) { - POSIX_GUARD_OSSL(HMAC_Update(ws->p_hash.evp_hmac.ctx.hmac_ctx, data, (size_t)size), S2N_ERR_P_HASH_UPDATE_FAILED); + POSIX_GUARD_OSSL(HMAC_Update(ws->p_hash.evp_hmac.ctx.hmac_ctx, data, (size_t) size), S2N_ERR_P_HASH_UPDATE_FAILED); return S2N_SUCCESS; } @@ -259,7 +257,7 @@ static int s2n_evp_hmac_p_hash_final(struct s2n_prf_working_space *ws, void *dig { /* HMAC_Final API's require size_t data structures */ unsigned int digest_size = size; - POSIX_GUARD_OSSL(HMAC_Final(ws->p_hash.evp_hmac.ctx.hmac_ctx, (unsigned char *)digest, &digest_size), S2N_ERR_P_HASH_FINAL_FAILED); + POSIX_GUARD_OSSL(HMAC_Final(ws->p_hash.evp_hmac.ctx.hmac_ctx, (unsigned char *) digest, &digest_size), S2N_ERR_P_HASH_FINAL_FAILED); return S2N_SUCCESS; } @@ -350,7 +348,8 @@ static const struct s2n_p_hash_hmac s2n_internal_p_hash_hmac = { .free = &s2n_hmac_p_hash_free, }; -const struct s2n_p_hash_hmac *s2n_get_hmac_implementation() { +const struct s2n_p_hash_hmac *s2n_get_hmac_implementation() +{ #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) return s2n_is_in_fips_mode() ? &s2n_evp_hmac_p_hash_hmac : &s2n_internal_p_hash_hmac; #else @@ -359,7 +358,7 @@ const struct s2n_p_hash_hmac *s2n_get_hmac_implementation() { } static int s2n_p_hash(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret, struct s2n_blob *label, - struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c, struct s2n_blob *out) + struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c, struct s2n_blob *out) { uint8_t digest_size; POSIX_GUARD(s2n_hmac_digest_size(alg, &digest_size)); @@ -426,7 +425,7 @@ S2N_RESULT s2n_prf_new(struct s2n_connection *conn) DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); RESULT_GUARD_POSIX(s2n_realloc(&mem, sizeof(struct s2n_prf_working_space))); RESULT_GUARD_POSIX(s2n_blob_zero(&mem)); - conn->prf_space = (struct s2n_prf_working_space*)(void*) mem.data; + conn->prf_space = (struct s2n_prf_working_space *) (void *) mem.data; ZERO_TO_DISABLE_DEFER_CLEANUP(mem); /* Allocate the hmac state */ @@ -461,7 +460,7 @@ S2N_RESULT s2n_prf_free(struct s2n_connection *conn) } static int s2n_prf(struct s2n_connection *conn, struct s2n_blob *secret, struct s2n_blob *label, struct s2n_blob *seed_a, - struct s2n_blob *seed_b, struct s2n_blob *seed_c, struct s2n_blob *out) + struct s2n_blob *seed_b, struct s2n_blob *seed_c, struct s2n_blob *out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(secret); @@ -483,13 +482,13 @@ static int s2n_prf(struct s2n_connection *conn, struct s2n_blob *secret, struct * outputs will be XORd just ass the TLS 1.0 and 1.1 RFCs require. */ POSIX_GUARD(s2n_blob_zero(out)); - + if (conn->actual_protocol_version == S2N_TLS12) { return s2n_p_hash(conn->prf_space, conn->secure->cipher_suite->prf_alg, secret, label, seed_a, seed_b, - seed_c, out); + seed_c, out); } - struct s2n_blob half_secret = {.data = secret->data,.size = (secret->size + 1) / 2 }; + struct s2n_blob half_secret = { .data = secret->data, .size = (secret->size + 1) / 2 }; POSIX_GUARD(s2n_p_hash(conn->prf_space, S2N_HMAC_MD5, &half_secret, label, seed_a, seed_b, seed_c, out)); half_secret.data += secret->size - half_secret.size; @@ -502,12 +501,12 @@ int s2n_tls_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *prem { POSIX_ENSURE_REF(conn); - struct s2n_blob client_random = {.size = sizeof(conn->handshake_params.client_random), .data = conn->handshake_params.client_random}; - struct s2n_blob server_random = {.size = sizeof(conn->handshake_params.server_random), .data = conn->handshake_params.server_random}; - struct s2n_blob master_secret = {.size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret}; + struct s2n_blob client_random = { .size = sizeof(conn->handshake_params.client_random), .data = conn->handshake_params.client_random }; + struct s2n_blob server_random = { .size = sizeof(conn->handshake_params.server_random), .data = conn->handshake_params.server_random }; + struct s2n_blob master_secret = { .size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret }; uint8_t master_secret_label[] = "master secret"; - struct s2n_blob label = {.size = sizeof(master_secret_label) - 1, .data = master_secret_label}; + struct s2n_blob label = { .size = sizeof(master_secret_label) - 1, .data = master_secret_label }; return s2n_prf(conn, premaster_secret, &label, &client_random, &server_random, NULL, &master_secret); } @@ -516,12 +515,12 @@ int s2n_hybrid_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *p { POSIX_ENSURE_REF(conn); - struct s2n_blob client_random = {.size = sizeof(conn->handshake_params.client_random), .data = conn->handshake_params.client_random}; - struct s2n_blob server_random = {.size = sizeof(conn->handshake_params.server_random), .data = conn->handshake_params.server_random}; - struct s2n_blob master_secret = {.size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret}; + struct s2n_blob client_random = { .size = sizeof(conn->handshake_params.client_random), .data = conn->handshake_params.client_random }; + struct s2n_blob server_random = { .size = sizeof(conn->handshake_params.server_random), .data = conn->handshake_params.server_random }; + struct s2n_blob master_secret = { .size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret }; uint8_t master_secret_label[] = "hybrid master secret"; - struct s2n_blob label = {.size = sizeof(master_secret_label) - 1, .data = master_secret_label}; + struct s2n_blob label = { .size = sizeof(master_secret_label) - 1, .data = master_secret_label }; return s2n_prf(conn, premaster_secret, &label, &client_random, &server_random, &conn->kex_params.client_key_exchange_message, &master_secret); } @@ -533,7 +532,7 @@ int s2n_prf_calculate_master_secret(struct s2n_connection *conn, struct s2n_blob POSIX_ENSURE_EQ(s2n_conn_get_current_message_type(conn), CLIENT_KEY); - if(!conn->ems_negotiated) { + if (!conn->ems_negotiated) { POSIX_GUARD(s2n_tls_prf_master_secret(conn, premaster_secret)); return S2N_SUCCESS; } @@ -581,11 +580,11 @@ S2N_RESULT s2n_tls_prf_extended_master_secret(struct s2n_connection *conn, struc { RESULT_ENSURE_REF(conn); - struct s2n_blob extended_master_secret = {.size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret}; + struct s2n_blob extended_master_secret = { .size = sizeof(conn->secrets.tls12.master_secret), .data = conn->secrets.tls12.master_secret }; uint8_t extended_master_secret_label[] = "extended master secret"; /* Subtract one from the label size to remove the "\0" */ - struct s2n_blob label = {.size = sizeof(extended_master_secret_label) - 1, .data = extended_master_secret_label}; + struct s2n_blob label = { .size = sizeof(extended_master_secret_label) - 1, .data = extended_master_secret_label }; RESULT_GUARD_POSIX(s2n_prf(conn, premaster_secret, &label, session_hash, sha1_hash, NULL, &extended_master_secret)); @@ -612,19 +611,15 @@ S2N_RESULT s2n_prf_get_digest_for_ems(struct s2n_connection *conn, struct s2n_bl return S2N_RESULT_OK; } -static int s2n_sslv3_finished(struct s2n_connection *conn, uint8_t prefix[4], struct s2n_hash_state *hash_workspace, uint8_t * out) +static int s2n_sslv3_finished(struct s2n_connection *conn, uint8_t prefix[4], struct s2n_hash_state *hash_workspace, uint8_t *out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->handshake.hashes); - uint8_t xorpad1[48] = - { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 - }; - uint8_t xorpad2[48] = - { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c - }; + uint8_t xorpad1[48] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 }; + uint8_t xorpad2[48] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c }; uint8_t *md5_digest = out; uint8_t *sha_digest = out + MD5_DIGEST_LENGTH; @@ -689,8 +684,8 @@ int s2n_prf_client_finished(struct s2n_connection *conn) uint8_t md5_digest[MD5_DIGEST_LENGTH]; uint8_t sha_digest[SHA384_DIGEST_LENGTH]; uint8_t client_finished_label[] = "client finished"; - struct s2n_blob client_finished = {0}; - struct s2n_blob label = {0}; + struct s2n_blob client_finished = { 0 }; + struct s2n_blob label = { 0 }; if (conn->actual_protocol_version == S2N_SSLv3) { return s2n_sslv3_client_finished(conn); @@ -706,18 +701,18 @@ int s2n_prf_client_finished(struct s2n_connection *conn) master_secret.size = sizeof(conn->secrets.tls12.master_secret); if (conn->actual_protocol_version == S2N_TLS12) { switch (conn->secure->cipher_suite->prf_alg) { - case S2N_HMAC_SHA256: - POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha256)); - POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA256_DIGEST_LENGTH)); - sha.size = SHA256_DIGEST_LENGTH; - break; - case S2N_HMAC_SHA384: - POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha384)); - POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA384_DIGEST_LENGTH)); - sha.size = SHA384_DIGEST_LENGTH; - break; - default: - POSIX_BAIL(S2N_ERR_PRF_INVALID_ALGORITHM); + case S2N_HMAC_SHA256: + POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha256)); + POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA256_DIGEST_LENGTH)); + sha.size = SHA256_DIGEST_LENGTH; + break; + case S2N_HMAC_SHA384: + POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha384)); + POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA384_DIGEST_LENGTH)); + sha.size = SHA384_DIGEST_LENGTH; + break; + default: + POSIX_BAIL(S2N_ERR_PRF_INVALID_ALGORITHM); } sha.data = sha_digest; @@ -747,8 +742,8 @@ int s2n_prf_server_finished(struct s2n_connection *conn) uint8_t md5_digest[MD5_DIGEST_LENGTH]; uint8_t sha_digest[SHA384_DIGEST_LENGTH]; uint8_t server_finished_label[] = "server finished"; - struct s2n_blob server_finished = {0}; - struct s2n_blob label = {0}; + struct s2n_blob server_finished = { 0 }; + struct s2n_blob label = { 0 }; if (conn->actual_protocol_version == S2N_SSLv3) { return s2n_sslv3_server_finished(conn); @@ -764,18 +759,18 @@ int s2n_prf_server_finished(struct s2n_connection *conn) master_secret.size = sizeof(conn->secrets.tls12.master_secret); if (conn->actual_protocol_version == S2N_TLS12) { switch (conn->secure->cipher_suite->prf_alg) { - case S2N_HMAC_SHA256: - POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha256)); - POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA256_DIGEST_LENGTH)); - sha.size = SHA256_DIGEST_LENGTH; - break; - case S2N_HMAC_SHA384: - POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha384)); - POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA384_DIGEST_LENGTH)); - sha.size = SHA384_DIGEST_LENGTH; - break; - default: - POSIX_BAIL(S2N_ERR_PRF_INVALID_ALGORITHM); + case S2N_HMAC_SHA256: + POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha256)); + POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA256_DIGEST_LENGTH)); + sha.size = SHA256_DIGEST_LENGTH; + break; + case S2N_HMAC_SHA384: + POSIX_GUARD(s2n_hash_copy(&conn->handshake.hashes->hash_workspace, &conn->handshake.hashes->sha384)); + POSIX_GUARD(s2n_hash_digest(&conn->handshake.hashes->hash_workspace, sha_digest, SHA384_DIGEST_LENGTH)); + sha.size = SHA384_DIGEST_LENGTH; + break; + default: + POSIX_BAIL(S2N_ERR_PRF_INVALID_ALGORITHM); } sha.data = sha_digest; @@ -800,7 +795,7 @@ static int s2n_prf_make_client_key(struct s2n_connection *conn, struct s2n_stuff POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); - struct s2n_blob client_key = {0}; + struct s2n_blob client_key = { 0 }; client_key.size = conn->secure->cipher_suite->record_alg->cipher->key_material_size; client_key.data = s2n_stuffer_raw_read(key_material, client_key.size); POSIX_ENSURE_REF(client_key.data); @@ -819,7 +814,7 @@ static int s2n_prf_make_server_key(struct s2n_connection *conn, struct s2n_stuff POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); - struct s2n_blob server_key = {0}; + struct s2n_blob server_key = { 0 }; server_key.size = conn->secure->cipher_suite->record_alg->cipher->key_material_size; server_key.data = s2n_stuffer_raw_read(key_material, server_key.size); POSIX_ENSURE_REF(server_key.data); @@ -838,9 +833,9 @@ int s2n_prf_key_expansion(struct s2n_connection *conn) POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); - struct s2n_blob client_random = {.data = conn->handshake_params.client_random,.size = sizeof(conn->handshake_params.client_random) }; - struct s2n_blob server_random = {.data = conn->handshake_params.server_random,.size = sizeof(conn->handshake_params.server_random) }; - struct s2n_blob master_secret = {.data = conn->secrets.tls12.master_secret,.size = sizeof(conn->secrets.tls12.master_secret) }; + struct s2n_blob client_random = { .data = conn->handshake_params.client_random, .size = sizeof(conn->handshake_params.client_random) }; + struct s2n_blob server_random = { .data = conn->handshake_params.server_random, .size = sizeof(conn->handshake_params.server_random) }; + struct s2n_blob master_secret = { .data = conn->secrets.tls12.master_secret, .size = sizeof(conn->secrets.tls12.master_secret) }; struct s2n_blob label, out; uint8_t key_expansion_label[] = "key expansion"; uint8_t key_block[S2N_MAX_KEY_BLOCK_LEN]; @@ -849,7 +844,7 @@ int s2n_prf_key_expansion(struct s2n_connection *conn) label.size = sizeof(key_expansion_label) - 1; POSIX_GUARD(s2n_blob_init(&out, key_block, sizeof(key_block))); - struct s2n_stuffer key_material = {0}; + struct s2n_stuffer key_material = { 0 }; POSIX_GUARD(s2n_prf(conn, &master_secret, &label, &server_random, &client_random, NULL, &out)); POSIX_GUARD(s2n_stuffer_init(&key_material, &out)); POSIX_GUARD(s2n_stuffer_write(&key_material, &out)); @@ -899,22 +894,22 @@ int s2n_prf_key_expansion(struct s2n_connection *conn) uint32_t implicit_iv_size = 0; switch (conn->secure->cipher_suite->record_alg->cipher->type) { - case S2N_AEAD: - implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.aead.fixed_iv_size; - break; - case S2N_CBC: - implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.cbc.block_size; - break; - case S2N_COMPOSITE: - implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.comp.block_size; - break; - /* No-op for stream ciphers */ - default: - break; + case S2N_AEAD: + implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.aead.fixed_iv_size; + break; + case S2N_CBC: + implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.cbc.block_size; + break; + case S2N_COMPOSITE: + implicit_iv_size = conn->secure->cipher_suite->record_alg->cipher->io.comp.block_size; + break; + /* No-op for stream ciphers */ + default: + break; } - struct s2n_blob client_implicit_iv = {.data = conn->secure->client_implicit_iv,.size = implicit_iv_size }; - struct s2n_blob server_implicit_iv = {.data = conn->secure->server_implicit_iv,.size = implicit_iv_size }; + struct s2n_blob client_implicit_iv = { .data = conn->secure->client_implicit_iv, .size = implicit_iv_size }; + struct s2n_blob server_implicit_iv = { .data = conn->secure->server_implicit_iv, .size = implicit_iv_size }; POSIX_GUARD(s2n_stuffer_read(&key_material, &client_implicit_iv)); POSIX_GUARD(s2n_stuffer_read(&key_material, &server_implicit_iv)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_prf.h b/contrib/restricted/aws/s2n/tls/s2n_prf.h index cdf8414328..ea23d20cf6 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_prf.h +++ b/contrib/restricted/aws/s2n/tls/s2n_prf.h @@ -20,7 +20,6 @@ #include "crypto/s2n_hash.h" #include "crypto/s2n_hmac.h" #include "crypto/s2n_openssl.h" - #include "utils/s2n_blob.h" /* Enough to support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 2*SHA384_DIGEST_LEN + 2*AES256_KEY_SIZE */ @@ -40,13 +39,13 @@ struct s2n_prf_working_space { /* The s2n p_hash implementation is abstracted to allow for separate implementations, using * either s2n's formally verified HMAC or OpenSSL's EVP HMAC, for use by the TLS PRF. */ struct s2n_p_hash_hmac { - int (*alloc) (struct s2n_prf_working_space *ws); - int (*init) (struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret); - int (*update) (struct s2n_prf_working_space *ws, const void *data, uint32_t size); - int (*final) (struct s2n_prf_working_space *ws, void *digest, uint32_t size); - int (*reset) (struct s2n_prf_working_space *ws); - int (*cleanup) (struct s2n_prf_working_space *ws); - int (*free) (struct s2n_prf_working_space *ws); + int (*alloc)(struct s2n_prf_working_space *ws); + int (*init)(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret); + int (*update)(struct s2n_prf_working_space *ws, const void *data, uint32_t size); + int (*final)(struct s2n_prf_working_space *ws, void *digest, uint32_t size); + int (*reset)(struct s2n_prf_working_space *ws); + int (*cleanup)(struct s2n_prf_working_space *ws); + int (*free)(struct s2n_prf_working_space *ws); }; #include "tls/s2n_connection.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c index 3ec66e84b6..2a4ea614a5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.c @@ -13,8 +13,8 @@ * permissions and limitations under the License. */ -#include "tls/s2n_connection.h" #include "error/s2n_errno.h" +#include "tls/s2n_connection.h" #include "utils/s2n_safety.h" S2N_RESULT s2n_protocol_preferences_read(struct s2n_stuffer *protocol_preferences, struct s2n_blob *protocol) @@ -109,7 +109,7 @@ S2N_RESULT s2n_protocol_preferences_set(struct s2n_blob *application_protocols, RESULT_GUARD_POSIX(s2n_realloc(&new_protocols, 0)); for (size_t i = 0; i < protocol_count; i++) { - const uint8_t * protocol = (const uint8_t *)protocols[i]; + const uint8_t *protocol = (const uint8_t *) protocols[i]; size_t length = strlen(protocols[i]); /** @@ -119,7 +119,7 @@ S2N_RESULT s2n_protocol_preferences_set(struct s2n_blob *application_protocols, */ RESULT_ENSURE(length < 256, S2N_ERR_INVALID_APPLICATION_PROTOCOL); - RESULT_GUARD(s2n_protocol_preferences_append(&new_protocols, protocol, (uint8_t)length)); + RESULT_GUARD(s2n_protocol_preferences_append(&new_protocols, protocol, (uint8_t) length)); } /* now we can free the previous list since we've validated all new input */ @@ -138,28 +138,28 @@ S2N_RESULT s2n_protocol_preferences_set(struct s2n_blob *application_protocols, } S2N_RESULT s2n_select_server_preference_protocol(struct s2n_connection *conn, struct s2n_stuffer *server_list, - struct s2n_blob *client_list) + struct s2n_blob *client_list) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(server_list); RESULT_ENSURE_REF(client_list); - while(s2n_stuffer_data_available(server_list) > 0) { + while (s2n_stuffer_data_available(server_list) > 0) { struct s2n_blob protocol = { 0 }; RESULT_ENSURE_OK(s2n_protocol_preferences_read(server_list, &protocol), S2N_ERR_BAD_MESSAGE); - + bool match_found = false; RESULT_ENSURE_OK(s2n_protocol_preferences_contain(client_list, &protocol, &match_found), S2N_ERR_BAD_MESSAGE); - + if (match_found) { RESULT_ENSURE_LT(protocol.size, sizeof(conn->application_protocol)); RESULT_CHECKED_MEMCPY(conn->application_protocol, protocol.data, protocol.size); conn->application_protocol[protocol.size] = '\0'; return S2N_RESULT_OK; - } + } } - return S2N_RESULT_OK; + return S2N_RESULT_OK; } int s2n_config_set_protocol_preferences(struct s2n_config *config, const char *const *protocols, int protocol_count) @@ -174,7 +174,7 @@ int s2n_config_append_protocol_preference(struct s2n_config *config, const uint8 return S2N_SUCCESS; } -int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char * const *protocols, int protocol_count) +int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char *const *protocols, int protocol_count) { POSIX_GUARD_RESULT(s2n_protocol_preferences_set(&conn->application_protocols_overridden, protocols, protocol_count)); return S2N_SUCCESS; diff --git a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h index 259d4ed8ae..4bfd5e8349 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_protocol_preferences.h @@ -16,12 +16,11 @@ #pragma once #include "api/s2n.h" - #include "stuffer/s2n_stuffer.h" -#include "utils/s2n_result.h" #include "utils/s2n_blob.h" +#include "utils/s2n_result.h" S2N_RESULT s2n_protocol_preferences_read(struct s2n_stuffer *protocol_preferences, struct s2n_blob *protocol); S2N_RESULT s2n_protocol_preferences_contain(struct s2n_blob *protocol_preferences, struct s2n_blob *protocol, bool *contains); S2N_RESULT s2n_select_server_preference_protocol(struct s2n_connection *conn, struct s2n_stuffer *server_list, - struct s2n_blob *client_list); + struct s2n_blob *client_list); diff --git a/contrib/restricted/aws/s2n/tls/s2n_psk.c b/contrib/restricted/aws/s2n/tls/s2n_psk.c index 7a1c4a295d..ebefe6c7bd 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_psk.c +++ b/contrib/restricted/aws/s2n/tls/s2n_psk.c @@ -16,13 +16,11 @@ #include <sys/param.h> #include "crypto/s2n_tls13_keys.h" - +#include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_handshake.h" -#include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_extension_type.h" +#include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls13_secrets.h" - #include "utils/s2n_array.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -40,12 +38,12 @@ S2N_RESULT s2n_psk_init(struct s2n_psk *psk, s2n_psk_type type) return S2N_RESULT_OK; } -struct s2n_psk* s2n_external_psk_new() +struct s2n_psk *s2n_external_psk_new() { DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_psk))); - struct s2n_psk *psk = (struct s2n_psk*)(void*) mem.data; + struct s2n_psk *psk = (struct s2n_psk *) (void *) mem.data; PTR_GUARD_RESULT(s2n_psk_init(psk, S2N_PSK_TYPE_EXTERNAL)); ZERO_TO_DISABLE_DEFER_CLEANUP(mem); @@ -135,9 +133,9 @@ S2N_RESULT s2n_psk_parameters_init(struct s2n_psk_parameters *params) static S2N_RESULT s2n_psk_offered_psk_size(struct s2n_psk *psk, uint32_t *size) { - *size = sizeof(uint16_t) /* identity size */ - + sizeof(uint32_t) /* obfuscated ticket age */ - + sizeof(uint8_t) /* binder size */; + *size = sizeof(uint16_t) /* identity size */ + + sizeof(uint32_t) /* obfuscated ticket age */ + + sizeof(uint8_t); /* binder size */ RESULT_GUARD_POSIX(s2n_add_overflow(*size, psk->identity.size, size)); @@ -153,12 +151,12 @@ S2N_RESULT s2n_psk_parameters_offered_psks_size(struct s2n_psk_parameters *param RESULT_ENSURE_REF(params); RESULT_ENSURE_REF(size); - *size = sizeof(uint16_t) /* identity list size */ - + sizeof(uint16_t) /* binder list size */; + *size = sizeof(uint16_t) /* identity list size */ + + sizeof(uint16_t) /* binder list size */; for (uint32_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); uint32_t psk_size = 0; @@ -174,7 +172,7 @@ S2N_CLEANUP_RESULT s2n_psk_parameters_wipe(struct s2n_psk_parameters *params) for (size_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_GUARD(s2n_psk_wipe(psk)); } RESULT_GUARD_POSIX(s2n_free(¶ms->psk_list.mem)); @@ -189,7 +187,7 @@ S2N_CLEANUP_RESULT s2n_psk_parameters_wipe_secrets(struct s2n_psk_parameters *pa for (size_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); RESULT_GUARD_POSIX(s2n_free(&psk->early_secret)); RESULT_GUARD_POSIX(s2n_free(&psk->secret)); @@ -273,13 +271,13 @@ static S2N_RESULT s2n_match_psk_identity(struct s2n_array *known_psks, const str *match = NULL; for (size_t i = 0; i < known_psks->len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(known_psks, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(known_psks, i, (void **) &psk)); RESULT_ENSURE_REF(psk); RESULT_ENSURE_REF(psk->identity.data); RESULT_ENSURE_REF(wire_identity->data); uint32_t compare_size = MIN(wire_identity->size, psk->identity.size); if (s2n_constant_time_equals(psk->identity.data, wire_identity->data, compare_size) - & (psk->identity.size == wire_identity->size) & (!*match)) { + & (psk->identity.size == wire_identity->size) & (!*match)) { *match = psk; } } @@ -294,7 +292,7 @@ static S2N_RESULT s2n_match_psk_identity(struct s2n_array *known_psks, const str *# modulo 2^32) is within a small tolerance of the time since the ticket *# was issued (see Section 8). **/ -static S2N_RESULT s2n_validate_ticket_lifetime(struct s2n_connection *conn, uint32_t obfuscated_ticket_age, uint32_t ticket_age_add) +static S2N_RESULT s2n_validate_ticket_lifetime(struct s2n_connection *conn, uint32_t obfuscated_ticket_age, uint32_t ticket_age_add) { RESULT_ENSURE_REF(conn); @@ -342,13 +340,13 @@ int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_list, struc return S2N_SUCCESS; } -struct s2n_offered_psk* s2n_offered_psk_new() +struct s2n_offered_psk *s2n_offered_psk_new() { DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_offered_psk))); PTR_GUARD_POSIX(s2n_blob_zero(&mem)); - struct s2n_offered_psk *psk = (struct s2n_offered_psk*)(void*) mem.data; + struct s2n_offered_psk *psk = (struct s2n_offered_psk *) (void *) mem.data; ZERO_TO_DISABLE_DEFER_CLEANUP(mem); return psk; @@ -362,7 +360,7 @@ int s2n_offered_psk_free(struct s2n_offered_psk **psk) return s2n_free_object((uint8_t **) psk, sizeof(struct s2n_offered_psk)); } -int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t** identity, uint16_t *size) +int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size) { POSIX_ENSURE_REF(psk); POSIX_ENSURE_REF(identity); @@ -494,7 +492,7 @@ static S2N_RESULT s2n_psk_write_binder_list(struct s2n_connection *conn, const s /* Write binder for every psk */ for (size_t i = 0; i < psk_list->len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(psk_list, i, (void**) &psk)); + RESULT_GUARD(s2n_array_get(psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); /** @@ -562,9 +560,13 @@ S2N_RESULT s2n_finish_psk_extension(struct s2n_connection *conn) int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac) { POSIX_ENSURE_REF(psk); - switch(hmac) { - case S2N_PSK_HMAC_SHA256: psk->hmac_alg = S2N_HMAC_SHA256; break; - case S2N_PSK_HMAC_SHA384: psk->hmac_alg = S2N_HMAC_SHA384; break; + switch (hmac) { + case S2N_PSK_HMAC_SHA256: + psk->hmac_alg = S2N_HMAC_SHA256; + break; + case S2N_PSK_HMAC_SHA384: + psk->hmac_alg = S2N_HMAC_SHA384; + break; default: POSIX_BAIL(S2N_ERR_HMAC_INVALID_ALGORITHM); } @@ -588,11 +590,11 @@ int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *input POSIX_GUARD_RESULT(s2n_connection_set_psk_type(conn, input_psk->type)); struct s2n_array *psk_list = &conn->psk_params.psk_list; - + /* Check for duplicate identities */ for (uint32_t j = 0; j < psk_list->len; j++) { struct s2n_psk *existing_psk = NULL; - POSIX_GUARD_RESULT(s2n_array_get(psk_list, j, (void**) &existing_psk)); + POSIX_GUARD_RESULT(s2n_array_get(psk_list, j, (void **) &existing_psk)); POSIX_ENSURE_REF(existing_psk); bool duplicate = existing_psk->identity.size == input_psk->identity.size @@ -630,7 +632,7 @@ int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode) { POSIX_ENSURE_REF(conn); s2n_psk_type type = 0; - switch(mode) { + switch (mode) { case S2N_PSK_MODE_RESUMPTION: type = S2N_PSK_TYPE_RESUMPTION; break; @@ -663,7 +665,7 @@ int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *con } int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, - uint16_t max_identity_length) + uint16_t max_identity_length) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(identity); diff --git a/contrib/restricted/aws/s2n/tls/s2n_psk.h b/contrib/restricted/aws/s2n/tls/s2n_psk.h index 38ac65f3ac..f085da4760 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_psk.h +++ b/contrib/restricted/aws/s2n/tls/s2n_psk.h @@ -16,7 +16,6 @@ #pragma once #include "api/s2n.h" - #include "crypto/s2n_hmac.h" #include "stuffer/s2n_stuffer.h" #include "tls/s2n_early_data.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c index c1da75bf6c..66c6c3fdc0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_quic_support.c +++ b/contrib/restricted/aws/s2n/tls/s2n_quic_support.c @@ -16,9 +16,8 @@ #include "tls/s2n_quic_support.h" #include "tls/s2n_connection.h" -#include "tls/s2n_tls13.h" #include "tls/s2n_tls.h" - +#include "tls/s2n_tls13.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -52,8 +51,7 @@ int s2n_connection_enable_quic(struct s2n_connection *conn) bool s2n_connection_is_quic_enabled(struct s2n_connection *conn) { - return (conn && conn->quic_enabled) || - (conn && conn->config && conn->config->quic_enabled); + return (conn && conn->quic_enabled) || (conn && conn->config && conn->config->quic_enabled); } int s2n_connection_set_quic_transport_parameters(struct s2n_connection *conn, diff --git a/contrib/restricted/aws/s2n/tls/s2n_quic_support.h b/contrib/restricted/aws/s2n/tls/s2n_quic_support.h index c64583589a..a6ffe68235 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_quic_support.h +++ b/contrib/restricted/aws/s2n/tls/s2n_quic_support.h @@ -65,9 +65,8 @@ typedef enum { * the application if necessary. The application should also be very careful managing the memory and * lifespan of the secret: if the secret is compromised, TLS is compromised. */ -typedef int (*s2n_secret_cb) (void* context, struct s2n_connection *conn, - s2n_secret_type_t secret_type, - uint8_t *secret, uint8_t secret_size); +typedef int (*s2n_secret_cb)(void *context, struct s2n_connection *conn, + s2n_secret_type_t secret_type, uint8_t *secret, uint8_t secret_size); /* * Set the function to be called when S2N begins using a new key. diff --git a/contrib/restricted/aws/s2n/tls/s2n_record.h b/contrib/restricted/aws/s2n/tls/s2n_record.h index 7e147f36b2..6b8762915a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record.h +++ b/contrib/restricted/aws/s2n/tls/s2n_record.h @@ -16,15 +16,16 @@ #pragma once #include <stdint.h> + #include "crypto/s2n_hmac.h" #include "stuffer/s2n_stuffer.h" -#define S2N_TLS_CONTENT_TYPE_LENGTH 1 +#define S2N_TLS_CONTENT_TYPE_LENGTH 1 /* All versions of TLS define the record header the same: * ContentType + ProtocolVersion + length */ -#define S2N_TLS_RECORD_HEADER_LENGTH (S2N_TLS_CONTENT_TYPE_LENGTH + S2N_TLS_PROTOCOL_VERSION_LEN + 2) +#define S2N_TLS_RECORD_HEADER_LENGTH (S2N_TLS_CONTENT_TYPE_LENGTH + S2N_TLS_PROTOCOL_VERSION_LEN + 2) /* * All versions of TLS limit the data fragment to 2^14 bytes. @@ -37,7 +38,7 @@ *# The record layer fragments information blocks into TLSPlaintext *# records carrying data in chunks of 2^14 bytes or less. */ -#define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14) +#define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14) /* * The minimum amount of space we need to reserve for a message @@ -55,27 +56,27 @@ * 1024 bytes of encryption expansion and padding. * Since S2N does not support compression, we can ignore the compression overhead. */ -#define S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE 1024 -#define S2N_TLS12_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE \ - + S2N_TLS_RECORD_HEADER_LENGTH) -#define S2N_TLS12_MAXIMUM_RECORD_LENGTH S2N_TLS12_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) +#define S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE 1024 +#define S2N_TLS12_MAX_RECORD_LEN_FOR(frag) \ + ((frag) + S2N_TLS12_ENCRYPTION_OVERHEAD_SIZE + S2N_TLS_RECORD_HEADER_LENGTH) +#define S2N_TLS12_MAXIMUM_RECORD_LENGTH S2N_TLS12_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) /* *= https://tools.ietf.org/rfc/rfc8446#section-5.2 *# An AEAD algorithm used in TLS 1.3 MUST NOT produce an expansion *# greater than 255 octets. */ -#define S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE 255 -#define S2N_TLS13_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS_CONTENT_TYPE_LENGTH \ - + S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE \ - + S2N_TLS_RECORD_HEADER_LENGTH) -#define S2N_TLS13_MAXIMUM_RECORD_LENGTH S2N_TLS13_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) +#define S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE 255 +#define S2N_TLS13_MAX_RECORD_LEN_FOR(frag) ((frag) + S2N_TLS_CONTENT_TYPE_LENGTH \ + + S2N_TLS13_ENCRYPTION_OVERHEAD_SIZE \ + + S2N_TLS_RECORD_HEADER_LENGTH) +#define S2N_TLS13_MAXIMUM_RECORD_LENGTH S2N_TLS13_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) /* Currently, TLS1.2 records may be larger than TLS1.3 records. * If the protocol is unknown, assume TLS1.2. */ -#define S2N_TLS_MAX_RECORD_LEN_FOR(frag) S2N_TLS12_MAX_RECORD_LEN_FOR(frag) -#define S2N_TLS_MAXIMUM_RECORD_LENGTH S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) +#define S2N_TLS_MAX_RECORD_LEN_FOR(frag) S2N_TLS12_MAX_RECORD_LEN_FOR(frag) +#define S2N_TLS_MAXIMUM_RECORD_LENGTH S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_fragment_size, uint16_t *max_record_size); extern S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size); @@ -83,9 +84,9 @@ extern S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, extern int s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in); extern int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write); extern int s2n_record_parse(struct s2n_connection *conn); -extern int s2n_record_header_parse(struct s2n_connection *conn, uint8_t * content_type, uint16_t * fragment_length); -extern int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t * record_type); -extern int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t * record_type, uint8_t * client_protocol_version, uint16_t * fragment_length); +extern int s2n_record_header_parse(struct s2n_connection *conn, uint8_t *content_type, uint16_t *fragment_length); +extern int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t *record_type); +extern int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t *record_type, uint8_t *client_protocol_version, uint16_t *fragment_length); extern int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted); -extern S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad); +extern S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad); extern S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad); diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read.c b/contrib/restricted/aws/s2n/tls/s2n_record_read.c index 42e8bd4603..ef5811847f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read.c @@ -13,29 +13,26 @@ * permissions and limitations under the License. */ +#include "tls/s2n_record_read.h" + #include <sys/param.h> -#include "crypto/s2n_sequence.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_crypto.h" -#include "tls/s2n_record_read.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" int s2n_sslv2_record_header_parse( - struct s2n_connection *conn, - uint8_t * record_type, - uint8_t * client_protocol_version, - uint16_t * fragment_length) + struct s2n_connection *conn, + uint8_t *record_type, + uint8_t *client_protocol_version, + uint16_t *fragment_length) { struct s2n_stuffer *in = &conn->header_in; @@ -58,9 +55,9 @@ int s2n_sslv2_record_header_parse( } int s2n_record_header_parse( - struct s2n_connection *conn, - uint8_t *content_type, - uint16_t *fragment_length) + struct s2n_connection *conn, + uint8_t *content_type, + uint16_t *fragment_length) { struct s2n_stuffer *in = &conn->header_in; @@ -80,9 +77,9 @@ int s2n_record_header_parse( * match the negotiated version. */ - S2N_ERROR_IF(conn->actual_protocol_version_established && - MIN(conn->actual_protocol_version, S2N_TLS12) /* check against legacy record version (1.2) in tls 1.3 */ - != version, S2N_ERR_BAD_MESSAGE); + S2N_ERROR_IF(conn->actual_protocol_version_established && MIN(conn->actual_protocol_version, S2N_TLS12) /* check against legacy record version (1.2) in tls 1.3 */ + != version, + S2N_ERR_BAD_MESSAGE); POSIX_GUARD(s2n_stuffer_read_uint16(in, fragment_length)); /* Some servers send fragments that are above the maximum length. (e.g. @@ -152,21 +149,21 @@ int s2n_record_parse(struct s2n_connection *conn) } switch (cipher_suite->record_alg->cipher->type) { - case S2N_AEAD: - POSIX_GUARD(s2n_record_parse_aead(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); - break; - case S2N_CBC: - POSIX_GUARD(s2n_record_parse_cbc(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); - break; - case S2N_COMPOSITE: - POSIX_GUARD(s2n_record_parse_composite(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); - break; - case S2N_STREAM: - POSIX_GUARD(s2n_record_parse_stream(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); - break; - default: - POSIX_BAIL(S2N_ERR_CIPHER_TYPE); - break; + case S2N_AEAD: + POSIX_GUARD(s2n_record_parse_aead(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); + break; + case S2N_CBC: + POSIX_GUARD(s2n_record_parse_cbc(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); + break; + case S2N_COMPOSITE: + POSIX_GUARD(s2n_record_parse_composite(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); + break; + case S2N_STREAM: + POSIX_GUARD(s2n_record_parse_stream(cipher_suite, conn, content_type, encrypted_length, implicit_iv, mac, sequence_number, session_key)); + break; + default: + POSIX_BAIL(S2N_ERR_CIPHER_TYPE); + break; } return 0; diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read.h b/contrib/restricted/aws/s2n/tls/s2n_record_read.h index dd54f3d1fe..64df7020a1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read.h +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read.h @@ -18,38 +18,38 @@ #include "tls/s2n_connection.h" int s2n_record_parse_aead( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key); + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key); int s2n_record_parse_cbc( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key); + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key); int s2n_record_parse_composite( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key); + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key); int s2n_record_parse_stream( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key); + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key); diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read_aead.c b/contrib/restricted/aws/s2n/tls/s2n_record_read_aead.c index ba1d460d82..10a85887b8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read_aead.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read_aead.c @@ -13,46 +13,42 @@ * permissions and limitations under the License. */ -#include "crypto/s2n_sequence.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_crypto.h" #include "tls/s2n_record.h" #include "tls/s2n_record_read.h" - #include "utils/s2n_annotations.h" #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" int s2n_record_parse_aead( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key) + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key) { const int is_tls13_record = cipher_suite->record_alg->flags & S2N_TLS13_RECORD_AEAD_NONCE; /* TLS 1.3 record protection uses a different 5 byte associated data than TLS 1.2's */ s2n_stack_blob(aad, is_tls13_record ? S2N_TLS13_AAD_LEN : S2N_TLS_MAX_AAD_LEN, S2N_TLS_MAX_AAD_LEN); - struct s2n_blob en = {.size = encrypted_length,.data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; + struct s2n_blob en = { .size = encrypted_length, .data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; POSIX_ENSURE_REF(en.data); /* In AEAD mode, the explicit IV is in the record */ POSIX_ENSURE_GTE(en.size, cipher_suite->record_alg->cipher->io.aead.record_iv_size); uint8_t aad_iv[S2N_TLS_MAX_IV_LEN] = { 0 }; - struct s2n_blob iv = {.data = aad_iv,.size = sizeof(aad_iv) }; - struct s2n_stuffer iv_stuffer = {0}; + struct s2n_blob iv = { .data = aad_iv, .size = sizeof(aad_iv) }; + struct s2n_stuffer iv_stuffer = { 0 }; POSIX_GUARD(s2n_stuffer_init(&iv_stuffer, &iv)); if (cipher_suite->record_alg->flags & S2N_TLS12_AES_GCM_AEAD_NONCE) { @@ -102,7 +98,7 @@ int s2n_record_parse_aead( POSIX_ENSURE_NE(en.size, 0); POSIX_GUARD(cipher_suite->record_alg->cipher->io.aead.decrypt(session_key, &iv, &aad, &en, &en)); - struct s2n_blob seq = {.data = sequence_number,.size = S2N_TLS_SEQUENCE_NUM_LEN }; + struct s2n_blob seq = { .data = sequence_number, .size = S2N_TLS_SEQUENCE_NUM_LEN }; POSIX_GUARD(s2n_increment_sequence_number(&seq)); /* O.k., we've successfully read and decrypted the record, now we need to align the stuffer diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read_cbc.c b/contrib/restricted/aws/s2n/tls/s2n_record_read_cbc.c index f72f090915..77dd499a57 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read_cbc.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read_cbc.c @@ -13,34 +13,30 @@ * permissions and limitations under the License. */ -#include "crypto/s2n_sequence.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_crypto.h" #include "tls/s2n_record.h" #include "tls/s2n_record_read.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" int s2n_record_parse_cbc( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key) + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key) { - struct s2n_blob iv = {.data = implicit_iv,.size = cipher_suite->record_alg->cipher->io.cbc.record_iv_size }; + struct s2n_blob iv = { .data = implicit_iv, .size = cipher_suite->record_alg->cipher->io.cbc.record_iv_size }; uint8_t ivpad[S2N_TLS_MAX_IV_LEN]; /* Add the header to the HMAC */ @@ -56,7 +52,7 @@ int s2n_record_parse_cbc( encrypted_length -= iv.size; } - struct s2n_blob en = {.size = encrypted_length,.data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; + struct s2n_blob en = { .size = encrypted_length, .data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; POSIX_ENSURE_REF(en.data); uint16_t payload_length = encrypted_length; @@ -102,7 +98,7 @@ int s2n_record_parse_cbc( POSIX_GUARD(s2n_hmac_update(mac, header, S2N_TLS_RECORD_HEADER_LENGTH)); } - struct s2n_blob seq = {.data = sequence_number,.size = S2N_TLS_SEQUENCE_NUM_LEN }; + struct s2n_blob seq = { .data = sequence_number, .size = S2N_TLS_SEQUENCE_NUM_LEN }; POSIX_GUARD(s2n_increment_sequence_number(&seq)); /* Padding. This finalizes the provided HMAC. */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read_composite.c b/contrib/restricted/aws/s2n/tls/s2n_record_read_composite.c index 62b082f576..ef4ef5ba64 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read_composite.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read_composite.c @@ -13,41 +13,37 @@ * permissions and limitations under the License. */ -#include "crypto/s2n_sequence.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_crypto.h" #include "tls/s2n_record_read.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" int s2n_record_parse_composite( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key) + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key) { /* Don't reduce encrypted length for explicit IV, composite decrypt expects it */ - struct s2n_blob iv = {.data = implicit_iv,.size = cipher_suite->record_alg->cipher->io.comp.record_iv_size }; + struct s2n_blob iv = { .data = implicit_iv, .size = cipher_suite->record_alg->cipher->io.comp.record_iv_size }; uint8_t ivpad[S2N_TLS_MAX_IV_LEN]; /* Add the header to the HMAC */ uint8_t *header = s2n_stuffer_raw_read(&conn->header_in, S2N_TLS_RECORD_HEADER_LENGTH); POSIX_ENSURE_REF(header); - struct s2n_blob en = {.size = encrypted_length,.data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; + struct s2n_blob en = { .size = encrypted_length, .data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; POSIX_ENSURE_REF(en.data); uint16_t payload_length = encrypted_length; @@ -92,7 +88,7 @@ int s2n_record_parse_composite( POSIX_GUARD(s2n_sub_overflow(payload_length, en.data[en.size - 1] + 1, &out)); payload_length = out; - struct s2n_blob seq = {.data = sequence_number,.size = S2N_TLS_SEQUENCE_NUM_LEN }; + struct s2n_blob seq = { .data = sequence_number, .size = S2N_TLS_SEQUENCE_NUM_LEN }; POSIX_GUARD(s2n_increment_sequence_number(&seq)); /* O.k., we've successfully read and decrypted the record, now we need to align the stuffer diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_read_stream.c b/contrib/restricted/aws/s2n/tls/s2n_record_read_stream.c index 8145d74d6a..bef04a830b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_read_stream.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_read_stream.c @@ -13,37 +13,33 @@ * permissions and limitations under the License. */ -#include "crypto/s2n_sequence.h" #include "crypto/s2n_cipher.h" #include "crypto/s2n_hmac.h" - +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_crypto.h" #include "tls/s2n_record_read.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" int s2n_record_parse_stream( - const struct s2n_cipher_suite *cipher_suite, - struct s2n_connection *conn, - uint8_t content_type, - uint16_t encrypted_length, - uint8_t * implicit_iv, - struct s2n_hmac_state *mac, - uint8_t * sequence_number, - struct s2n_session_key *session_key) + const struct s2n_cipher_suite *cipher_suite, + struct s2n_connection *conn, + uint8_t content_type, + uint16_t encrypted_length, + uint8_t *implicit_iv, + struct s2n_hmac_state *mac, + uint8_t *sequence_number, + struct s2n_session_key *session_key) { /* Add the header to the HMAC */ uint8_t *header = s2n_stuffer_raw_read(&conn->header_in, S2N_TLS_RECORD_HEADER_LENGTH); POSIX_ENSURE_REF(header); - struct s2n_blob en = {.size = encrypted_length,.data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; + struct s2n_blob en = { .size = encrypted_length, .data = s2n_stuffer_raw_read(&conn->in, encrypted_length) }; POSIX_ENSURE_REF(en.data); uint16_t payload_length = encrypted_length; @@ -69,7 +65,7 @@ int s2n_record_parse_stream( POSIX_GUARD(s2n_hmac_update(mac, header, S2N_TLS_RECORD_HEADER_LENGTH)); } - struct s2n_blob seq = {.data = sequence_number,.size = S2N_TLS_SEQUENCE_NUM_LEN }; + struct s2n_blob seq = { .data = sequence_number, .size = S2N_TLS_SEQUENCE_NUM_LEN }; POSIX_GUARD(s2n_increment_sequence_number(&seq)); /* MAC check for streaming ciphers - no padding */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_write.c b/contrib/restricted/aws/s2n/tls/s2n_record_write.c index 41f6399793..e1cea42cd6 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_write.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_write.c @@ -16,22 +16,18 @@ #include <stdint.h> #include <sys/param.h> +#include "crypto/s2n_cipher.h" +#include "crypto/s2n_hmac.h" +#include "crypto/s2n_sequence.h" #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_record.h" #include "tls/s2n_crypto.h" - -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_sequence.h" -#include "crypto/s2n_cipher.h" -#include "crypto/s2n_hmac.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_random.h" +#include "tls/s2n_record.h" #include "utils/s2n_blob.h" +#include "utils/s2n_random.h" +#include "utils/s2n_safety.h" extern uint8_t s2n_unknown_protocol_version; @@ -104,7 +100,7 @@ S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_f RESULT_ENSURE_REF(conn); RESULT_ENSURE_MUT(max_record_size); - if(!IS_NEGOTIATED(conn)) { + if (!IS_NEGOTIATED(conn)) { *max_record_size = S2N_TLS_MAX_RECORD_LEN_FOR(max_fragment_size); } else if (conn->actual_protocol_version < S2N_TLS13) { *max_record_size = S2N_TLS12_MAX_RECORD_LEN_FOR(max_fragment_size); @@ -122,7 +118,7 @@ S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16 /* remove ethernet, TCP/IP and TLS header overheads */ const uint16_t min_outgoing_fragment_length = ETH_MTU - (conn->ipv6 ? IP_V6_HEADER_LENGTH : IP_V4_HEADER_LENGTH) - - TCP_HEADER_LENGTH - TCP_OPTIONS_LENGTH - S2N_TLS_RECORD_HEADER_LENGTH; + - TCP_HEADER_LENGTH - TCP_OPTIONS_LENGTH - S2N_TLS_RECORD_HEADER_LENGTH; RESULT_ENSURE(min_outgoing_fragment_length <= S2N_TLS_MAXIMUM_FRAGMENT_LENGTH, S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE); uint16_t size = min_outgoing_fragment_length; @@ -187,43 +183,43 @@ int s2n_record_write_protocol_version(struct s2n_connection *conn, struct s2n_st } static inline int s2n_record_encrypt( - struct s2n_connection *conn, - const struct s2n_cipher_suite *cipher_suite, - struct s2n_session_key *session_key, - struct s2n_blob *iv, - struct s2n_blob *aad, - struct s2n_blob *en, - uint8_t *implicit_iv, uint16_t block_size) + struct s2n_connection *conn, + const struct s2n_cipher_suite *cipher_suite, + struct s2n_session_key *session_key, + struct s2n_blob *iv, + struct s2n_blob *aad, + struct s2n_blob *en, + uint8_t *implicit_iv, uint16_t block_size) { POSIX_ENSURE_REF(en->data); switch (cipher_suite->record_alg->cipher->type) { - case S2N_STREAM: - POSIX_GUARD(cipher_suite->record_alg->cipher->io.stream.encrypt(session_key, en, en)); - break; - case S2N_CBC: - POSIX_GUARD(cipher_suite->record_alg->cipher->io.cbc.encrypt(session_key, iv, en, en)); - - /* Copy the last encrypted block to be the next IV */ - if (conn->actual_protocol_version < S2N_TLS11) { + case S2N_STREAM: + POSIX_GUARD(cipher_suite->record_alg->cipher->io.stream.encrypt(session_key, en, en)); + break; + case S2N_CBC: + POSIX_GUARD(cipher_suite->record_alg->cipher->io.cbc.encrypt(session_key, iv, en, en)); + + /* Copy the last encrypted block to be the next IV */ + if (conn->actual_protocol_version < S2N_TLS11) { + POSIX_ENSURE_GTE(en->size, block_size); + POSIX_CHECKED_MEMCPY(implicit_iv, en->data + en->size - block_size, block_size); + } + break; + case S2N_AEAD: + POSIX_GUARD(cipher_suite->record_alg->cipher->io.aead.encrypt(session_key, iv, aad, en, en)); + break; + case S2N_COMPOSITE: + /* This will: compute mac, append padding, append padding length, and encrypt */ + POSIX_GUARD(cipher_suite->record_alg->cipher->io.comp.encrypt(session_key, iv, en, en)); + + /* Copy the last encrypted block to be the next IV */ POSIX_ENSURE_GTE(en->size, block_size); POSIX_CHECKED_MEMCPY(implicit_iv, en->data + en->size - block_size, block_size); - } - break; - case S2N_AEAD: - POSIX_GUARD(cipher_suite->record_alg->cipher->io.aead.encrypt(session_key, iv, aad, en, en)); - break; - case S2N_COMPOSITE: - /* This will: compute mac, append padding, append padding length, and encrypt */ - POSIX_GUARD(cipher_suite->record_alg->cipher->io.comp.encrypt(session_key, iv, en, en)); - - /* Copy the last encrypted block to be the next IV */ - POSIX_ENSURE_GTE(en->size, block_size); - POSIX_CHECKED_MEMCPY(implicit_iv, en->data + en->size - block_size, block_size); - break; - default: - POSIX_BAIL(S2N_ERR_CIPHER_TYPE); - break; + break; + default: + POSIX_BAIL(S2N_ERR_CIPHER_TYPE); + break; } return 0; @@ -332,8 +328,8 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s /* Now that we know the length, start writing the record */ POSIX_GUARD(s2n_stuffer_write_uint8(&record_stuffer, is_tls13_record ? - /* tls 1.3 opaque type */ TLS_APPLICATION_DATA : - /* actual content_type */ content_type )); + /* tls 1.3 opaque type */ TLS_APPLICATION_DATA : + /* actual content_type */ content_type)); POSIX_GUARD(s2n_record_write_protocol_version(conn, &record_stuffer)); /* First write a header that has the payload length, this is for the MAC */ @@ -360,7 +356,7 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s /* Outputs number of extra bytes required for MAC and padding */ int pad_and_mac_len; POSIX_GUARD(cipher_suite->record_alg->cipher->io.comp.initial_hmac(session_key, sequence_number, content_type, conn->actual_protocol_version, - payload_and_eiv_len, &pad_and_mac_len)); + payload_and_eiv_len, &pad_and_mac_len)); extra += pad_and_mac_len; } @@ -379,7 +375,7 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s /* If we're AEAD, write the sequence number as an IV, and generate the AAD */ if (cipher_suite->record_alg->cipher->type == S2N_AEAD) { - struct s2n_stuffer iv_stuffer = {0}; + struct s2n_stuffer iv_stuffer = { 0 }; s2n_blob_init(&iv, aad_iv, sizeof(aad_iv)); POSIX_GUARD(s2n_stuffer_init(&iv_stuffer, &iv)); @@ -393,7 +389,7 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s uint8_t four_zeroes[4] = { 0 }; POSIX_GUARD(s2n_stuffer_write_bytes(&iv_stuffer, four_zeroes, 4)); POSIX_GUARD(s2n_stuffer_write_bytes(&iv_stuffer, sequence_number, S2N_TLS_SEQUENCE_NUM_LEN)); - for(int i = 0; i < cipher_suite->record_alg->cipher->io.aead.fixed_iv_size; i++) { + for (int i = 0; i < cipher_suite->record_alg->cipher->io.aead.fixed_iv_size; i++) { aad_iv[i] = aad_iv[i] ^ implicit_iv[i]; } } else { @@ -442,7 +438,7 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s } /* We are done with this sequence number, so we can increment it */ - struct s2n_blob seq = {.data = sequence_number,.size = S2N_TLS_SEQUENCE_NUM_LEN }; + struct s2n_blob seq = { .data = sequence_number, .size = S2N_TLS_SEQUENCE_NUM_LEN }; POSIX_GUARD(s2n_increment_sequence_number(&seq)); /* Write the plaintext data */ @@ -479,30 +475,30 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s uint16_t encrypted_length = data_bytes_to_take + mac_digest_size; switch (cipher_suite->record_alg->cipher->type) { - case S2N_AEAD: - POSIX_GUARD(s2n_stuffer_skip_write(&record_stuffer, cipher_suite->record_alg->cipher->io.aead.record_iv_size)); - encrypted_length += cipher_suite->record_alg->cipher->io.aead.tag_size; - if (is_tls13_record) { - /* one extra byte for content type */ - encrypted_length += S2N_TLS_CONTENT_TYPE_LENGTH; - } - break; - case S2N_CBC: - if (conn->actual_protocol_version > S2N_TLS10) { - /* Leave the IV alone and unencrypted */ - POSIX_GUARD(s2n_stuffer_skip_write(&record_stuffer, iv.size)); - } - /* Encrypt the padding and the padding length byte too */ - encrypted_length += padding + 1; - break; - case S2N_COMPOSITE: - /* Composite CBC expects a pointer starting at explicit IV: [Explicit IV | fragment | MAC | padding | padding len ] + case S2N_AEAD: + POSIX_GUARD(s2n_stuffer_skip_write(&record_stuffer, cipher_suite->record_alg->cipher->io.aead.record_iv_size)); + encrypted_length += cipher_suite->record_alg->cipher->io.aead.tag_size; + if (is_tls13_record) { + /* one extra byte for content type */ + encrypted_length += S2N_TLS_CONTENT_TYPE_LENGTH; + } + break; + case S2N_CBC: + if (conn->actual_protocol_version > S2N_TLS10) { + /* Leave the IV alone and unencrypted */ + POSIX_GUARD(s2n_stuffer_skip_write(&record_stuffer, iv.size)); + } + /* Encrypt the padding and the padding length byte too */ + encrypted_length += padding + 1; + break; + case S2N_COMPOSITE: + /* Composite CBC expects a pointer starting at explicit IV: [Explicit IV | fragment | MAC | padding | padding len ] * extra will account for the explicit IV len(if applicable), MAC digest len, padding len + padding byte. */ - encrypted_length += extra; - break; - default: - break; + encrypted_length += extra; + break; + default: + break; } /* Check that stuffer have enough space to write encrypted record, because raw_write cannot expand tainted stuffer */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_recv.c b/contrib/restricted/aws/s2n/tls/s2n_recv.c index 84b87e433f..2255fd4e90 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_recv.c +++ b/contrib/restricted/aws/s2n/tls/s2n_recv.c @@ -17,26 +17,22 @@ /* Use usleep */ #define _XOPEN_SOURCE 500 +#include <errno.h> #include <unistd.h> -#include <errno.h> #include "api/s2n.h" - #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_alerts.h" #include "tls/s2n_connection.h" #include "tls/s2n_handshake.h" +#include "tls/s2n_post_handshake.h" #include "tls/s2n_record.h" #include "tls/s2n_resume.h" -#include "tls/s2n_alerts.h" #include "tls/s2n_tls.h" -#include "tls/s2n_post_handshake.h" - -#include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_socket.h" -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" +#include "utils/s2n_socket.h" S2N_RESULT s2n_read_in_bytes(struct s2n_connection *conn, struct s2n_stuffer *output, uint32_t length) { @@ -60,7 +56,7 @@ S2N_RESULT s2n_read_in_bytes(struct s2n_connection *conn, struct s2n_stuffer *ou return S2N_RESULT_OK; } -int s2n_read_full_record(struct s2n_connection *conn, uint8_t * record_type, int *isSSLv2) +int s2n_read_full_record(struct s2n_connection *conn, uint8_t *record_type, int *isSSLv2) { *isSSLv2 = 0; @@ -82,11 +78,9 @@ int s2n_read_full_record(struct s2n_connection *conn, uint8_t * record_type, int conn->header_in.blob.data[0] &= 0x7f; *isSSLv2 = 1; - WITH_ERROR_BLINDING(conn, POSIX_GUARD( - s2n_sslv2_record_header_parse(conn, record_type, &conn->client_protocol_version, &fragment_length))); + WITH_ERROR_BLINDING(conn, POSIX_GUARD(s2n_sslv2_record_header_parse(conn, record_type, &conn->client_protocol_version, &fragment_length))); } else { - WITH_ERROR_BLINDING(conn, POSIX_GUARD( - s2n_record_header_parse(conn, record_type, &fragment_length))); + WITH_ERROR_BLINDING(conn, POSIX_GUARD(s2n_record_header_parse(conn, record_type, &fragment_length))); } /* Read enough to have the whole record */ @@ -114,10 +108,10 @@ int s2n_read_full_record(struct s2n_connection *conn, uint8_t * record_type, int return 0; } -ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n_blocked_status * blocked) +ssize_t s2n_recv_impl(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked) { ssize_t bytes_read = 0; - struct s2n_blob out = {.data = (uint8_t *) buf }; + struct s2n_blob out = { .data = (uint8_t *) buf }; if (conn->closed) { return 0; @@ -176,8 +170,7 @@ ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n } if (record_type != TLS_APPLICATION_DATA) { - switch (record_type) - { + switch (record_type) { case TLS_ALERT: POSIX_GUARD(s2n_process_alert_fragment(conn)); POSIX_GUARD(s2n_flush(conn, blocked)); @@ -214,8 +207,8 @@ ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n conn->in_status = ENCRYPTED; } - /* If we've read some data, return it */ - if (bytes_read) { + /* If we've read some data, return it in legacy mode */ + if (bytes_read && !conn->config->recv_multi_record) { break; } } @@ -227,7 +220,7 @@ ssize_t s2n_recv_impl(struct s2n_connection * conn, void *buf, ssize_t size, s2n return bytes_read; } -ssize_t s2n_recv(struct s2n_connection * conn, void *buf, ssize_t size, s2n_blocked_status * blocked) +ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked) { POSIX_ENSURE(!conn->recv_in_use, S2N_ERR_REENTRANCY); conn->recv_in_use = true; @@ -242,7 +235,8 @@ ssize_t s2n_recv(struct s2n_connection * conn, void *buf, ssize_t size, s2n_bloc return result; } -uint32_t s2n_peek(struct s2n_connection *conn) { +uint32_t s2n_peek(struct s2n_connection *conn) +{ if (conn == NULL) { return 0; } @@ -257,7 +251,7 @@ uint32_t s2n_peek(struct s2n_connection *conn) { return s2n_stuffer_data_available(&conn->in); } -int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status * blocked) +int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status *blocked) { uint8_t record_type; int isSSLv2; @@ -275,4 +269,3 @@ int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status * bloc *blocked = S2N_NOT_BLOCKED; return 0; } - diff --git a/contrib/restricted/aws/s2n/tls/s2n_resume.c b/contrib/restricted/aws/s2n/tls/s2n_resume.c index 356bd772e6..48b3d52024 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_resume.c +++ b/contrib/restricted/aws/s2n/tls/s2n_resume.c @@ -12,23 +12,22 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ +#include "tls/s2n_resume.h" + #include <math.h> #include <sys/param.h> #include "api/s2n.h" - #include "error/s2n_errno.h" #include "stuffer/s2n_stuffer.h" -#include "utils/s2n_safety.h" -#include "utils/s2n_blob.h" -#include "utils/s2n_random.h" -#include "utils/s2n_set.h" - #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_resume.h" #include "tls/s2n_crypto.h" #include "tls/s2n_tls.h" +#include "utils/s2n_blob.h" +#include "utils/s2n_random.h" +#include "utils/s2n_safety.h" +#include "utils/s2n_set.h" int s2n_allowed_to_cache_connection(struct s2n_connection *conn) { @@ -127,7 +126,7 @@ static S2N_RESULT s2n_tls13_serialize_resumption_state(struct s2n_connection *co static S2N_RESULT s2n_serialize_resumption_state(struct s2n_connection *conn, struct s2n_stuffer *out) { - if(conn->actual_protocol_version < S2N_TLS13) { + if (conn->actual_protocol_version < S2N_TLS13) { RESULT_GUARD_POSIX(s2n_tls12_serialize_resumption_state(conn, out)); } else { RESULT_GUARD(s2n_tls13_serialize_resumption_state(conn, out)); @@ -194,17 +193,17 @@ static int s2n_tls12_deserialize_resumption_state(struct s2n_connection *conn, s static int s2n_client_serialize_resumption_state(struct s2n_connection *conn, struct s2n_stuffer *to) { /* Serialize session ticket */ - if (conn->config->use_tickets && conn->client_ticket.size > 0) { - POSIX_GUARD(s2n_stuffer_write_uint8(to, S2N_STATE_WITH_SESSION_TICKET)); - POSIX_GUARD(s2n_stuffer_write_uint16(to, conn->client_ticket.size)); - POSIX_GUARD(s2n_stuffer_write(to, &conn->client_ticket)); - } else { - /* Serialize session id */ - POSIX_ENSURE_LT(conn->actual_protocol_version, S2N_TLS13); - POSIX_GUARD(s2n_stuffer_write_uint8(to, S2N_STATE_WITH_SESSION_ID)); - POSIX_GUARD(s2n_stuffer_write_uint8(to, conn->session_id_len)); - POSIX_GUARD(s2n_stuffer_write_bytes(to, conn->session_id, conn->session_id_len)); - } + if (conn->config->use_tickets && conn->client_ticket.size > 0) { + POSIX_GUARD(s2n_stuffer_write_uint8(to, S2N_STATE_WITH_SESSION_TICKET)); + POSIX_GUARD(s2n_stuffer_write_uint16(to, conn->client_ticket.size)); + POSIX_GUARD(s2n_stuffer_write(to, &conn->client_ticket)); + } else { + /* Serialize session id */ + POSIX_ENSURE_LT(conn->actual_protocol_version, S2N_TLS13); + POSIX_GUARD(s2n_stuffer_write_uint8(to, S2N_STATE_WITH_SESSION_ID)); + POSIX_GUARD(s2n_stuffer_write_uint8(to, conn->session_id_len)); + POSIX_GUARD(s2n_stuffer_write_bytes(to, conn->session_id, conn->session_id_len)); + } /* Serialize session state */ POSIX_GUARD_RESULT(s2n_serialize_resumption_state(conn, to)); @@ -356,7 +355,7 @@ static int s2n_client_deserialize_with_session_id(struct s2n_connection *conn, s POSIX_GUARD(s2n_stuffer_read_uint8(from, &session_id_len)); if (session_id_len == 0 || session_id_len > S2N_TLS_SESSION_ID_MAX_LEN - || session_id_len > s2n_stuffer_data_available(from)) { + || session_id_len > s2n_stuffer_data_available(from)) { POSIX_BAIL(S2N_ERR_INVALID_SERIALIZED_SESSION_STATE); } @@ -391,14 +390,14 @@ static int s2n_client_deserialize_resumption_state(struct s2n_connection *conn, POSIX_GUARD(s2n_stuffer_read_uint8(from, &format)); switch (format) { - case S2N_STATE_WITH_SESSION_ID: - POSIX_GUARD(s2n_client_deserialize_with_session_id(conn, from)); - break; - case S2N_STATE_WITH_SESSION_TICKET: - POSIX_GUARD(s2n_client_deserialize_with_session_ticket(conn, from)); - break; - default: - POSIX_BAIL(S2N_ERR_INVALID_SERIALIZED_SESSION_STATE); + case S2N_STATE_WITH_SESSION_ID: + POSIX_GUARD(s2n_client_deserialize_with_session_id(conn, from)); + break; + case S2N_STATE_WITH_SESSION_TICKET: + POSIX_GUARD(s2n_client_deserialize_with_session_ticket(conn, from)); + break; + default: + POSIX_BAIL(S2N_ERR_INVALID_SERIALIZED_SESSION_STATE); } return 0; @@ -410,7 +409,7 @@ int s2n_resume_from_cache(struct s2n_connection *conn) S2N_ERROR_IF(conn->session_id_len > S2N_TLS_SESSION_ID_MAX_LEN, S2N_ERR_SESSION_ID_TOO_LONG); uint8_t data[S2N_TLS12_TICKET_SIZE_IN_BYTES] = { 0 }; - struct s2n_blob entry = {0}; + struct s2n_blob entry = { 0 }; POSIX_GUARD(s2n_blob_init(&entry, data, S2N_TLS12_TICKET_SIZE_IN_BYTES)); uint64_t size = entry.size; int result = conn->config->cache_retrieve(conn, conn->config->cache_retrieve_data, conn->session_id, conn->session_id_len, entry.data, &size); @@ -421,7 +420,7 @@ int s2n_resume_from_cache(struct s2n_connection *conn) S2N_ERROR_IF(size != entry.size, S2N_ERR_SIZE_MISMATCH); - struct s2n_stuffer from = {0}; + struct s2n_stuffer from = { 0 }; POSIX_GUARD(s2n_stuffer_init(&from, &entry)); POSIX_GUARD(s2n_stuffer_write(&from, &entry)); POSIX_GUARD(s2n_decrypt_session_cache(conn, &from)); @@ -432,9 +431,9 @@ int s2n_resume_from_cache(struct s2n_connection *conn) S2N_RESULT s2n_store_to_cache(struct s2n_connection *conn) { uint8_t data[S2N_TLS12_TICKET_SIZE_IN_BYTES] = { 0 }; - struct s2n_blob entry = {0}; + struct s2n_blob entry = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&entry, data, S2N_TLS12_TICKET_SIZE_IN_BYTES)); - struct s2n_stuffer to = {0}; + struct s2n_stuffer to = { 0 }; /* session_id_len should always be >0 since either the Client provided a SessionId or the Server generated a new * one for the Client */ @@ -455,11 +454,11 @@ int s2n_connection_set_session(struct s2n_connection *conn, const uint8_t *sessi POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(session); - DEFER_CLEANUP(struct s2n_blob session_data = {0}, s2n_free); + DEFER_CLEANUP(struct s2n_blob session_data = { 0 }, s2n_free); POSIX_GUARD(s2n_alloc(&session_data, length)); POSIX_CHECKED_MEMCPY(session_data.data, session, length); - struct s2n_stuffer from = {0}; + struct s2n_stuffer from = { 0 }; POSIX_GUARD(s2n_stuffer_init(&from, &session_data)); POSIX_GUARD(s2n_stuffer_write(&from, &session_data)); POSIX_GUARD(s2n_client_deserialize_resumption_state(conn, &from)); @@ -479,11 +478,11 @@ int s2n_connection_get_session(struct s2n_connection *conn, uint8_t *session, si S2N_ERROR_IF(len > max_length, S2N_ERR_SERIALIZED_SESSION_STATE_TOO_LONG); - struct s2n_blob serialized_data = {0}; + struct s2n_blob serialized_data = { 0 }; POSIX_GUARD(s2n_blob_init(&serialized_data, session, len)); POSIX_GUARD(s2n_blob_zero(&serialized_data)); - struct s2n_stuffer to = {0}; + struct s2n_stuffer to = { 0 }; POSIX_GUARD(s2n_stuffer_init(&to, &serialized_data)); POSIX_GUARD(s2n_client_serialize_resumption_state(conn, &to)); @@ -557,7 +556,7 @@ int s2n_connection_get_session_length(struct s2n_connection *conn) int s2n_connection_is_session_resumed(struct s2n_connection *conn) { return conn && IS_RESUMPTION_HANDSHAKE(conn) - && (conn->actual_protocol_version < S2N_TLS13 || conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION); + && (conn->actual_protocol_version < S2N_TLS13 || conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION); } int s2n_connection_is_ocsp_stapled(struct s2n_connection *conn) @@ -583,7 +582,7 @@ int s2n_config_is_encrypt_decrypt_key_available(struct s2n_config *config) for (uint32_t i = ticket_keys_len; i > 0; i--) { uint32_t idx = i - 1; - POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **)&ticket_key)); + POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **) &ticket_key)); uint64_t key_intro_time = ticket_key->intro_timestamp; if (key_intro_time < now @@ -600,9 +599,9 @@ int s2n_config_is_encrypt_decrypt_key_available(struct s2n_config *config) * Higher the weight of the key, higher the probability of being picked. */ int s2n_compute_weight_of_encrypt_decrypt_keys(struct s2n_config *config, - uint8_t *encrypt_decrypt_keys_index, - uint8_t num_encrypt_decrypt_keys, - uint64_t now) + uint8_t *encrypt_decrypt_keys_index, + uint8_t num_encrypt_decrypt_keys, + uint64_t now) { double total_weight = 0; struct s2n_ticket_key_weight ticket_keys_weight[S2N_MAX_TICKET_KEYS]; @@ -610,7 +609,7 @@ int s2n_compute_weight_of_encrypt_decrypt_keys(struct s2n_config *config, /* Compute weight of encrypt-decrypt keys */ for (int i = 0; i < num_encrypt_decrypt_keys; i++) { - POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, encrypt_decrypt_keys_index[i], (void **)&ticket_key)); + POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, encrypt_decrypt_keys_index[i], (void **) &ticket_key)); uint64_t key_intro_time = ticket_key->intro_timestamp; uint64_t key_encryption_peak_time = key_intro_time + (config->encrypt_decrypt_key_lifetime_in_nanos / 2); @@ -630,7 +629,7 @@ int s2n_compute_weight_of_encrypt_decrypt_keys(struct s2n_config *config, /* Pick a random number in [0, 1). Using 53 bits (IEEE 754 double-precision floats). */ uint64_t random_int = 0; POSIX_GUARD_RESULT(s2n_public_random(pow(2, 53), &random_int)); - double random = (double)random_int / (double)pow(2, 53); + double random = (double) random_int / (double) pow(2, 53); /* Compute cumulative weight of encrypt-decrypt keys */ for (int i = 0; i < num_encrypt_decrypt_keys; i++) { @@ -666,7 +665,7 @@ struct s2n_ticket_key *s2n_get_ticket_encrypt_decrypt_key(struct s2n_config *con for (uint32_t i = ticket_keys_len; i > 0; i--) { uint32_t idx = i - 1; - PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **)&ticket_key)); + PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **) &ticket_key)); uint64_t key_intro_time = ticket_key->intro_timestamp; if (key_intro_time < now @@ -681,14 +680,14 @@ struct s2n_ticket_key *s2n_get_ticket_encrypt_decrypt_key(struct s2n_config *con } if (num_encrypt_decrypt_keys == 1) { - PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, encrypt_decrypt_keys_index[0], (void **)&ticket_key)); + PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, encrypt_decrypt_keys_index[0], (void **) &ticket_key)); return ticket_key; } int8_t idx; PTR_GUARD_POSIX(idx = s2n_compute_weight_of_encrypt_decrypt_keys(config, encrypt_decrypt_keys_index, num_encrypt_decrypt_keys, now)); - PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **)&ticket_key)); + PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, idx, (void **) &ticket_key)); return ticket_key; } @@ -706,13 +705,13 @@ struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint PTR_GUARD_RESULT(s2n_set_len(config->ticket_keys, &ticket_keys_len)); for (uint32_t i = 0; i < ticket_keys_len; i++) { - PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, i, (void **)&ticket_key)); + PTR_GUARD_RESULT(s2n_set_get(config->ticket_keys, i, (void **) &ticket_key)); if (memcmp(ticket_key->key_name, name, S2N_TICKET_KEY_NAME_LEN) == 0) { - /* Check to see if the key has expired */ - if (now >= ticket_key->intro_timestamp + - config->encrypt_decrypt_key_lifetime_in_nanos + config->decrypt_key_lifetime_in_nanos) { + if (now >= ticket_key->intro_timestamp + + config->encrypt_decrypt_key_lifetime_in_nanos + + config->decrypt_key_lifetime_in_nanos) { s2n_config_wipe_expired_ticket_crypto_keys(config, i); return NULL; @@ -728,17 +727,17 @@ struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *to) { struct s2n_ticket_key *key; - struct s2n_session_key aes_ticket_key = {0}; - struct s2n_blob aes_key_blob = {0}; + struct s2n_session_key aes_ticket_key = { 0 }; + struct s2n_blob aes_key_blob = { 0 }; uint8_t iv_data[S2N_TLS_GCM_IV_LEN] = { 0 }; - struct s2n_blob iv = {0}; + struct s2n_blob iv = { 0 }; POSIX_GUARD(s2n_blob_init(&iv, iv_data, sizeof(iv_data))); uint8_t aad_data[S2N_TICKET_AAD_LEN] = { 0 }; - struct s2n_blob aad_blob = {0}; + struct s2n_blob aad_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&aad_blob, aad_data, sizeof(aad_data))); - struct s2n_stuffer aad = {0}; + struct s2n_stuffer aad = { 0 }; key = s2n_get_ticket_encrypt_decrypt_key(conn->config); @@ -782,8 +781,8 @@ int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *from) { struct s2n_ticket_key *key; - DEFER_CLEANUP(struct s2n_session_key aes_ticket_key = {0}, s2n_session_key_free); - struct s2n_blob aes_key_blob = {0}; + DEFER_CLEANUP(struct s2n_session_key aes_ticket_key = { 0 }, s2n_session_key_free); + struct s2n_blob aes_key_blob = { 0 }; uint8_t key_name[S2N_TICKET_KEY_NAME_LEN] = { 0 }; @@ -792,9 +791,9 @@ int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_blob_init(&iv, iv_data, sizeof(iv_data))); uint8_t aad_data[S2N_TICKET_AAD_LEN] = { 0 }; - struct s2n_blob aad_blob = {0}; + struct s2n_blob aad_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&aad_blob, aad_data, sizeof(aad_data))); - struct s2n_stuffer aad = {0}; + struct s2n_stuffer aad = { 0 }; POSIX_GUARD(s2n_stuffer_read_bytes(from, key_name, s2n_array_len(key_name))); @@ -854,27 +853,27 @@ int s2n_encrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *t int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *from) { struct s2n_ticket_key *key; - struct s2n_session_key aes_ticket_key = {0}; - struct s2n_blob aes_key_blob = {0}; + struct s2n_session_key aes_ticket_key = { 0 }; + struct s2n_blob aes_key_blob = { 0 }; uint8_t key_name[S2N_TICKET_KEY_NAME_LEN] = { 0 }; uint8_t iv_data[S2N_TLS_GCM_IV_LEN] = { 0 }; - struct s2n_blob iv = {0}; + struct s2n_blob iv = { 0 }; POSIX_GUARD(s2n_blob_init(&iv, iv_data, sizeof(iv_data))); uint8_t aad_data[S2N_TICKET_AAD_LEN] = { 0 }; - struct s2n_blob aad_blob = {0}; + struct s2n_blob aad_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&aad_blob, aad_data, sizeof(aad_data))); - struct s2n_stuffer aad = {0}; + struct s2n_stuffer aad = { 0 }; uint8_t s_data[S2N_TLS12_STATE_SIZE_IN_BYTES] = { 0 }; - struct s2n_blob state_blob = {0}; + struct s2n_blob state_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&state_blob, s_data, sizeof(s_data))); - struct s2n_stuffer state = {0}; + struct s2n_stuffer state = { 0 }; - uint8_t en_data[S2N_TLS12_STATE_SIZE_IN_BYTES + S2N_TLS_GCM_TAG_LEN] = {0}; - struct s2n_blob en_blob = {0}; + uint8_t en_data[S2N_TLS12_STATE_SIZE_IN_BYTES + S2N_TLS_GCM_TAG_LEN] = { 0 }; + struct s2n_blob en_blob = { 0 }; POSIX_GUARD(s2n_blob_init(&en_blob, en_data, sizeof(en_data))); POSIX_GUARD(s2n_stuffer_read_bytes(from, key_name, s2n_array_len(key_name))); @@ -931,9 +930,10 @@ int s2n_config_wipe_expired_ticket_crypto_keys(struct s2n_config *config, int8_t POSIX_GUARD_RESULT(s2n_set_len(config->ticket_keys, &ticket_keys_len)); for (uint32_t i = 0; i < ticket_keys_len; i++) { - POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, i, (void **)&ticket_key)); - if (now >= ticket_key->intro_timestamp + - config->encrypt_decrypt_key_lifetime_in_nanos + config->decrypt_key_lifetime_in_nanos) { + POSIX_GUARD_RESULT(s2n_set_get(config->ticket_keys, i, (void **) &ticket_key)); + if (now >= ticket_key->intro_timestamp + + config->encrypt_decrypt_key_lifetime_in_nanos + + config->decrypt_key_lifetime_in_nanos) { expired_keys_index[num_of_expired_keys] = i; num_of_expired_keys++; } @@ -947,7 +947,6 @@ end: return 0; } - int s2n_config_store_ticket_key(struct s2n_config *config, struct s2n_ticket_key *key) { /* Keys are stored from oldest to newest */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_resume.h b/contrib/restricted/aws/s2n/tls/s2n_resume.h index 55e70705eb..2d3f9b6b36 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_resume.h +++ b/contrib/restricted/aws/s2n/tls/s2n_resume.h @@ -15,38 +15,35 @@ #pragma once -#include "utils/s2n_blob.h" - #include "stuffer/s2n_stuffer.h" +#include "utils/s2n_blob.h" -#define S2N_STATE_LIFETIME_IN_NANOS 54000000000000 /* 15 hours */ -#define S2N_TLS12_STATE_SIZE_IN_BYTES (1 + 8 + 1 + S2N_TLS_CIPHER_SUITE_LEN + S2N_TLS_SECRET_LEN + 1) -#define S2N_TLS13_FIXED_STATE_SIZE 21 -#define S2N_TLS13_FIXED_EARLY_DATA_STATE_SIZE 3 - -#define S2N_TLS_SESSION_CACHE_TTL (6 * 60 * 60) -#define S2N_TICKET_KEY_NAME_LEN 16 -#define S2N_TICKET_AAD_IMPLICIT_LEN 12 -#define S2N_TICKET_AAD_LEN (S2N_TICKET_AAD_IMPLICIT_LEN + S2N_TICKET_KEY_NAME_LEN) -#define S2N_AES256_KEY_LEN 32 -#define ONE_SEC_IN_NANOS 1000000000 -#define ONE_MILLISEC_IN_NANOS 1000000 -#define ONE_WEEK_IN_SEC 604800 -#define S2N_TLS12_TICKET_SIZE_IN_BYTES (S2N_TICKET_KEY_NAME_LEN + S2N_TLS_GCM_IV_LEN + \ - S2N_TLS12_STATE_SIZE_IN_BYTES + S2N_TLS_GCM_TAG_LEN) - -#define S2N_TICKET_ENCRYPT_DECRYPT_KEY_LIFETIME_IN_NANOS 7200000000000 /* 2 hours */ -#define S2N_TICKET_DECRYPT_KEY_LIFETIME_IN_NANOS 46800000000000 /* 13 hours */ -#define S2N_STATE_FORMAT_LEN 1 -#define S2N_TICKET_LIFETIME_HINT_LEN 4 -#define S2N_SESSION_TICKET_SIZE_LEN 2 -#define S2N_GREATER_OR_EQUAL 1 -#define S2N_LESS_THAN -1 - -#define S2N_TLS12_SESSION_SIZE S2N_STATE_FORMAT_LEN + \ - S2N_SESSION_TICKET_SIZE_LEN + \ - S2N_TLS12_TICKET_SIZE_IN_BYTES + \ - S2N_TLS12_STATE_SIZE_IN_BYTES +#define S2N_STATE_LIFETIME_IN_NANOS 54000000000000 /* 15 hours */ +#define S2N_TLS12_STATE_SIZE_IN_BYTES (1 + 8 + 1 + S2N_TLS_CIPHER_SUITE_LEN + S2N_TLS_SECRET_LEN + 1) +#define S2N_TLS13_FIXED_STATE_SIZE 21 +#define S2N_TLS13_FIXED_EARLY_DATA_STATE_SIZE 3 + +#define S2N_TLS_SESSION_CACHE_TTL (6 * 60 * 60) +#define S2N_TICKET_KEY_NAME_LEN 16 +#define S2N_TICKET_AAD_IMPLICIT_LEN 12 +#define S2N_TICKET_AAD_LEN (S2N_TICKET_AAD_IMPLICIT_LEN + S2N_TICKET_KEY_NAME_LEN) +#define S2N_AES256_KEY_LEN 32 +#define ONE_SEC_IN_NANOS 1000000000 +#define ONE_MILLISEC_IN_NANOS 1000000 +#define ONE_WEEK_IN_SEC 604800 +#define S2N_TLS12_TICKET_SIZE_IN_BYTES (S2N_TICKET_KEY_NAME_LEN + S2N_TLS_GCM_IV_LEN \ + + S2N_TLS12_STATE_SIZE_IN_BYTES + S2N_TLS_GCM_TAG_LEN) + +#define S2N_TICKET_ENCRYPT_DECRYPT_KEY_LIFETIME_IN_NANOS 7200000000000 /* 2 hours */ +#define S2N_TICKET_DECRYPT_KEY_LIFETIME_IN_NANOS 46800000000000 /* 13 hours */ +#define S2N_STATE_FORMAT_LEN 1 +#define S2N_TICKET_LIFETIME_HINT_LEN 4 +#define S2N_SESSION_TICKET_SIZE_LEN 2 +#define S2N_GREATER_OR_EQUAL 1 +#define S2N_LESS_THAN -1 + +#define S2N_TLS12_SESSION_SIZE S2N_STATE_FORMAT_LEN + S2N_SESSION_TICKET_SIZE_LEN \ + + S2N_TLS12_TICKET_SIZE_IN_BYTES + S2N_TLS12_STATE_SIZE_IN_BYTES struct s2n_connection; struct s2n_config; @@ -76,8 +73,8 @@ struct s2n_session_ticket { extern struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint8_t name[S2N_TICKET_KEY_NAME_LEN]); extern int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *to); extern int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *from); -extern int s2n_encrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *to); -extern int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *from); +extern int s2n_encrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *to); +extern int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *from); extern int s2n_config_is_encrypt_decrypt_key_available(struct s2n_config *config); extern int s2n_verify_unique_ticket_key(struct s2n_config *config, uint8_t *hash, uint16_t *insert_index); extern int s2n_config_wipe_expired_ticket_crypto_keys(struct s2n_config *config, int8_t expired_key_index); @@ -100,5 +97,4 @@ extern int s2n_resume_from_cache(struct s2n_connection *conn); S2N_RESULT s2n_store_to_cache(struct s2n_connection *conn); S2N_RESULT s2n_connection_get_session_state_size(struct s2n_connection *conn, size_t *state_size); S2N_RESULT s2n_deserialize_resumption_state(struct s2n_connection *conn, struct s2n_blob *psk_identity, - struct s2n_stuffer *from); - + struct s2n_stuffer *from); diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c index aad1a07828..56eeec09bf 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c @@ -13,9 +13,9 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" - #include "tls/s2n_security_policies.h" + +#include "api/s2n.h" #include "tls/s2n_connection.h" #include "utils/s2n_safety.h" @@ -255,6 +255,14 @@ const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021 = { .ecc_preferences = &s2n_ecc_preferences_20200310, }; +const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021_chacha20_boosted = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_cloudfront_tls_1_2_2021_chacha20_boosted, + .kem_preferences = &kem_preferences_null, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + /* CloudFront viewer facing legacy TLS 1.2 policies */ const struct s2n_security_policy security_policy_cloudfront_ssl_v_3_legacy = { .minimum_protocol_version = S2N_SSLv3, @@ -760,103 +768,104 @@ const struct s2n_security_policy security_policy_null = { }; struct s2n_security_policy_selection security_policy_selection[] = { - { .version="default", .security_policy=&security_policy_20170210, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="default_tls13", .security_policy=&security_policy_default_tls13, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="default_fips", .security_policy=&security_policy_default_fips, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-TLS-1-0-2015-04", .security_policy=&security_policy_elb_2015_04, .ecc_extension_required=0, .pq_kem_extension_required=0 }, + { .version = "default", .security_policy = &security_policy_20170210, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "default_tls13", .security_policy = &security_policy_default_tls13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "default_fips", .security_policy = &security_policy_default_fips, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-0-2015-04", .security_policy = &security_policy_elb_2015_04, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, /* Not a mistake. TLS-1-0-2015-05 and 2016-08 are equivalent */ - { .version="ELBSecurityPolicy-TLS-1-0-2015-05", .security_policy=&security_policy_elb_2016_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-2016-08", .security_policy=&security_policy_elb_2016_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-TLS-1-1-2017-01", .security_policy=&security_policy_elb_tls_1_1_2017_01, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-TLS-1-2-2017-01", .security_policy=&security_policy_elb_tls_1_2_2017_01, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-TLS-1-2-Ext-2018-06", .security_policy=&security_policy_elb_tls_1_2_ext_2018_06, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-FS-2018-06", .security_policy=&security_policy_elb_fs_2018_06, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-FS-1-2-2019-08", .security_policy=&security_policy_elb_fs_1_2_2019_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-FS-1-1-2019-08", .security_policy=&security_policy_elb_fs_1_1_2019_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="ELBSecurityPolicy-FS-1-2-Res-2019-08", .security_policy=&security_policy_elb_fs_1_2_Res_2019_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-Upstream", .security_policy=&security_policy_cloudfront_upstream, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-Upstream-TLS-1-0", .security_policy=&security_policy_cloudfront_upstream_tls10, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-Upstream-TLS-1-1", .security_policy=&security_policy_cloudfront_upstream_tls11, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-Upstream-TLS-1-2", .security_policy=&security_policy_cloudfront_upstream_tls12, .ecc_extension_required=0, .pq_kem_extension_required=0 }, + { .version = "ELBSecurityPolicy-TLS-1-0-2015-05", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-2016-08", .security_policy = &security_policy_elb_2016_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-1-2017-01", .security_policy = &security_policy_elb_tls_1_1_2017_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-2-2017-01", .security_policy = &security_policy_elb_tls_1_2_2017_01, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", .security_policy = &security_policy_elb_tls_1_2_ext_2018_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-2018-06", .security_policy = &security_policy_elb_fs_2018_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-2-2019-08", .security_policy = &security_policy_elb_fs_1_2_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-1-2019-08", .security_policy = &security_policy_elb_fs_1_1_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "ELBSecurityPolicy-FS-1-2-Res-2019-08", .security_policy = &security_policy_elb_fs_1_2_Res_2019_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-Upstream", .security_policy = &security_policy_cloudfront_upstream, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-0", .security_policy = &security_policy_cloudfront_upstream_tls10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-1", .security_policy = &security_policy_cloudfront_upstream_tls11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-Upstream-TLS-1-2", .security_policy = &security_policy_cloudfront_upstream_tls12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, /* CloudFront Viewer Facing */ - { .version="CloudFront-SSL-v-3", .security_policy=&security_policy_cloudfront_ssl_v_3, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-0-2014", .security_policy=&security_policy_cloudfront_tls_1_0_2014, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-0-2016", .security_policy=&security_policy_cloudfront_tls_1_0_2016, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-1-2016", .security_policy=&security_policy_cloudfront_tls_1_1_2016, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-2-2018", .security_policy=&security_policy_cloudfront_tls_1_2_2018, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-2-2019", .security_policy=&security_policy_cloudfront_tls_1_2_2019, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-2-2021", .security_policy=&security_policy_cloudfront_tls_1_2_2021, .ecc_extension_required=0, .pq_kem_extension_required=0 }, + { .version = "CloudFront-SSL-v-3", .security_policy = &security_policy_cloudfront_ssl_v_3, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2014", .security_policy = &security_policy_cloudfront_tls_1_0_2014, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2016", .security_policy = &security_policy_cloudfront_tls_1_0_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-1-2016", .security_policy = &security_policy_cloudfront_tls_1_1_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2018", .security_policy = &security_policy_cloudfront_tls_1_2_2018, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2019", .security_policy = &security_policy_cloudfront_tls_1_2_2019, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2021", .security_policy = &security_policy_cloudfront_tls_1_2_2021, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2021-Chacha20-Boosted", .security_policy = &security_policy_cloudfront_tls_1_2_2021_chacha20_boosted, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, /* CloudFront Legacy (TLS 1.2) policies */ - { .version="CloudFront-SSL-v-3-Legacy", .security_policy=&security_policy_cloudfront_ssl_v_3_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-0-2014-Legacy", .security_policy=&security_policy_cloudfront_tls_1_0_2014_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-0-2016-Legacy", .security_policy=&security_policy_cloudfront_tls_1_0_2016_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-1-2016-Legacy", .security_policy=&security_policy_cloudfront_tls_1_1_2016_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-2-2018-Legacy", .security_policy=&security_policy_cloudfront_tls_1_2_2018_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="CloudFront-TLS-1-2-2019-Legacy", .security_policy=&security_policy_cloudfront_tls_1_2_2019_legacy, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="AWS-CRT-SDK-SSLv3.0", .security_policy=&security_policy_aws_crt_sdk_ssl_v3, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="AWS-CRT-SDK-TLSv1.0", .security_policy=&security_policy_aws_crt_sdk_tls_10, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="AWS-CRT-SDK-TLSv1.1", .security_policy=&security_policy_aws_crt_sdk_tls_11, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="AWS-CRT-SDK-TLSv1.2", .security_policy=&security_policy_aws_crt_sdk_tls_12, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="AWS-CRT-SDK-TLSv1.3", .security_policy=&security_policy_aws_crt_sdk_tls_13, .ecc_extension_required=0, .pq_kem_extension_required=0 }, + { .version = "CloudFront-SSL-v-3-Legacy", .security_policy = &security_policy_cloudfront_ssl_v_3_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2014-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2014_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-0-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_0_2016_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-1-2016-Legacy", .security_policy = &security_policy_cloudfront_tls_1_1_2016_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2018-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2018_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2019-Legacy", .security_policy = &security_policy_cloudfront_tls_1_2_2019_legacy, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-SSLv3.0", .security_policy = &security_policy_aws_crt_sdk_ssl_v3, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.0", .security_policy = &security_policy_aws_crt_sdk_tls_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.1", .security_policy = &security_policy_aws_crt_sdk_tls_11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.2", .security_policy = &security_policy_aws_crt_sdk_tls_12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "AWS-CRT-SDK-TLSv1.3", .security_policy = &security_policy_aws_crt_sdk_tls_13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, /* KMS TLS Policies*/ - { .version="KMS-TLS-1-0-2018-10", .security_policy=&security_policy_kms_tls_1_0_2018_10, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-TLS-1-0-2021-08", .security_policy=&security_policy_kms_tls_1_0_2021_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-FIPS-TLS-1-2-2018-10", .security_policy=&security_policy_kms_fips_tls_1_2_2018_10, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-FIPS-TLS-1-2-2021-08", .security_policy=&security_policy_kms_fips_tls_1_2_2021_08, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-PQ-TLS-1-0-2019-06", .security_policy=&security_policy_kms_pq_tls_1_0_2019_06, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-PQ-TLS-1-0-2020-02", .security_policy=&security_policy_kms_pq_tls_1_0_2020_02, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="KMS-PQ-TLS-1-0-2020-07", .security_policy=&security_policy_kms_pq_tls_1_0_2020_07, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-SIKE-TEST-TLS-1-0-2019-11", .security_policy=&security_policy_pq_sike_test_tls_1_0_2019_11, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-SIKE-TEST-TLS-1-0-2020-02", .security_policy=&security_policy_pq_sike_test_tls_1_0_2020_02, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2020-12", .security_policy=&security_policy_pq_tls_1_0_2020_12, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-1-2021-05-17", .security_policy=&security_policy_pq_tls_1_1_2021_05_17, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-18", .security_policy=&security_policy_pq_tls_1_0_2021_05_18, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-19", .security_policy=&security_policy_pq_tls_1_0_2021_05_19, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-20", .security_policy=&security_policy_pq_tls_1_0_2021_05_20, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-1-2021-05-21", .security_policy=&security_policy_pq_tls_1_1_2021_05_21, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-22", .security_policy=&security_policy_pq_tls_1_0_2021_05_22, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-23", .security_policy=&security_policy_pq_tls_1_0_2021_05_23, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-24", .security_policy=&security_policy_pq_tls_1_0_2021_05_24, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-25", .security_policy=&security_policy_pq_tls_1_0_2021_05_25, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="PQ-TLS-1-0-2021-05-26", .security_policy=&security_policy_pq_tls_1_0_2021_05_26, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20140601", .security_policy=&security_policy_20140601, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20141001", .security_policy=&security_policy_20141001, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20150202", .security_policy=&security_policy_20150202, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20150214", .security_policy=&security_policy_20150214, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20150306", .security_policy=&security_policy_20150306, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20160411", .security_policy=&security_policy_20160411, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20160804", .security_policy=&security_policy_20160804, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20160824", .security_policy=&security_policy_20160824, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170210", .security_policy=&security_policy_20170210, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170328", .security_policy=&security_policy_20170328, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170328_gcm", .security_policy=&security_policy_20170328_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190214", .security_policy=&security_policy_20190214, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190214_gcm", .security_policy=&security_policy_20190214_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20210825", .security_policy=&security_policy_20210825, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20210825_gcm", .security_policy=&security_policy_20210825_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170405", .security_policy=&security_policy_20170405, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170405_gcm", .security_policy=&security_policy_20170405_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170718", .security_policy=&security_policy_20170718, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20170718_gcm", .security_policy=&security_policy_20170718_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190120", .security_policy=&security_policy_20190120, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190121", .security_policy=&security_policy_20190121, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190122", .security_policy=&security_policy_20190122, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190801", .security_policy=&security_policy_20190801, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20190802", .security_policy=&security_policy_20190802, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20200207", .security_policy=&security_policy_test_all_tls13, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20201021", .security_policy=&security_policy_20201021, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20210816", .security_policy=&security_policy_20210816, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="20210816_GCM", .security_policy=&security_policy_20210816_gcm, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="rfc9151", .security_policy=&security_policy_rfc9151, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all", .security_policy=&security_policy_test_all, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all_fips", .security_policy=&security_policy_test_all_fips, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all_ecdsa", .security_policy=&security_policy_test_all_ecdsa, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all_rsa_kex", .security_policy=&security_policy_test_all_rsa_kex, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_ecdsa_priority", .security_policy=&security_policy_test_ecdsa_priority, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all_tls12", .security_policy=&security_policy_test_all_tls12, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="test_all_tls13", .security_policy=&security_policy_test_all_tls13, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version="null", .security_policy=&security_policy_null, .ecc_extension_required=0, .pq_kem_extension_required=0 }, - { .version=NULL, .security_policy=NULL, .ecc_extension_required=0, .pq_kem_extension_required=0 } + { .version = "KMS-TLS-1-0-2018-10", .security_policy = &security_policy_kms_tls_1_0_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-TLS-1-0-2021-08", .security_policy = &security_policy_kms_tls_1_0_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-FIPS-TLS-1-2-2018-10", .security_policy = &security_policy_kms_fips_tls_1_2_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-FIPS-TLS-1-2-2021-08", .security_policy = &security_policy_kms_fips_tls_1_2_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-PQ-TLS-1-0-2019-06", .security_policy = &security_policy_kms_pq_tls_1_0_2019_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-PQ-TLS-1-0-2020-02", .security_policy = &security_policy_kms_pq_tls_1_0_2020_02, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "KMS-PQ-TLS-1-0-2020-07", .security_policy = &security_policy_kms_pq_tls_1_0_2020_07, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-SIKE-TEST-TLS-1-0-2019-11", .security_policy = &security_policy_pq_sike_test_tls_1_0_2019_11, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-SIKE-TEST-TLS-1-0-2020-02", .security_policy = &security_policy_pq_sike_test_tls_1_0_2020_02, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2020-12", .security_policy = &security_policy_pq_tls_1_0_2020_12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-1-2021-05-17", .security_policy = &security_policy_pq_tls_1_1_2021_05_17, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-18", .security_policy = &security_policy_pq_tls_1_0_2021_05_18, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-19", .security_policy = &security_policy_pq_tls_1_0_2021_05_19, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-20", .security_policy = &security_policy_pq_tls_1_0_2021_05_20, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-1-2021-05-21", .security_policy = &security_policy_pq_tls_1_1_2021_05_21, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-22", .security_policy = &security_policy_pq_tls_1_0_2021_05_22, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-23", .security_policy = &security_policy_pq_tls_1_0_2021_05_23, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-24", .security_policy = &security_policy_pq_tls_1_0_2021_05_24, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-25", .security_policy = &security_policy_pq_tls_1_0_2021_05_25, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "PQ-TLS-1-0-2021-05-26", .security_policy = &security_policy_pq_tls_1_0_2021_05_26, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20140601", .security_policy = &security_policy_20140601, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20141001", .security_policy = &security_policy_20141001, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20150202", .security_policy = &security_policy_20150202, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20150214", .security_policy = &security_policy_20150214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20150306", .security_policy = &security_policy_20150306, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20160411", .security_policy = &security_policy_20160411, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20160804", .security_policy = &security_policy_20160804, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20160824", .security_policy = &security_policy_20160824, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170210", .security_policy = &security_policy_20170210, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170328", .security_policy = &security_policy_20170328, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170328_gcm", .security_policy = &security_policy_20170328_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190214", .security_policy = &security_policy_20190214, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190214_gcm", .security_policy = &security_policy_20190214_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20210825", .security_policy = &security_policy_20210825, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20210825_gcm", .security_policy = &security_policy_20210825_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170405", .security_policy = &security_policy_20170405, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170405_gcm", .security_policy = &security_policy_20170405_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170718", .security_policy = &security_policy_20170718, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20170718_gcm", .security_policy = &security_policy_20170718_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190120", .security_policy = &security_policy_20190120, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190121", .security_policy = &security_policy_20190121, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190122", .security_policy = &security_policy_20190122, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190801", .security_policy = &security_policy_20190801, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20190802", .security_policy = &security_policy_20190802, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20200207", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20201021", .security_policy = &security_policy_20201021, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20210816", .security_policy = &security_policy_20210816, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20210816_GCM", .security_policy = &security_policy_20210816_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "rfc9151", .security_policy = &security_policy_rfc9151, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all", .security_policy = &security_policy_test_all, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all_fips", .security_policy = &security_policy_test_all_fips, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all_ecdsa", .security_policy = &security_policy_test_all_ecdsa, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all_rsa_kex", .security_policy = &security_policy_test_all_rsa_kex, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_ecdsa_priority", .security_policy = &security_policy_test_ecdsa_priority, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all_tls12", .security_policy = &security_policy_test_all_tls12, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "test_all_tls13", .security_policy = &security_policy_test_all_tls13, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "null", .security_policy = &security_policy_null, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = NULL, .security_policy = NULL, .ecc_extension_required = 0, .pq_kem_extension_required = 0 } }; int s2n_find_security_policy_from_version(const char *version, const struct s2n_security_policy **security_policy) @@ -921,8 +930,6 @@ int s2n_security_policies_init() POSIX_ENSURE_REF(ecc_preference); POSIX_GUARD(s2n_check_ecc_preferences_curves_list(ecc_preference)); - bool cipher_preferences_has_chacha20_cipher_suite = false; - const struct s2n_signature_preferences *certificate_signature_preference = security_policy->certificate_signature_preferences; if (certificate_signature_preference != NULL) { POSIX_GUARD_RESULT(s2n_validate_certificate_signature_preferences(certificate_signature_preference)); @@ -944,8 +951,8 @@ int s2n_security_policies_init() } /* Sanity check that valid tls13 has minimum tls version set correctly */ - S2N_ERROR_IF(s2n_is_valid_tls13_cipher(iana) ^ - (cipher->minimum_required_tls_version >= S2N_TLS13), S2N_ERR_INVALID_SECURITY_POLICY); + S2N_ERROR_IF(s2n_is_valid_tls13_cipher(iana) ^ (cipher->minimum_required_tls_version >= S2N_TLS13), + S2N_ERR_INVALID_SECURITY_POLICY); if (s2n_cipher_suite_requires_ecc_extension(cipher)) { security_policy_selection[i].ecc_extension_required = 1; @@ -954,15 +961,6 @@ int s2n_security_policies_init() if (s2n_cipher_suite_requires_pq_extension(cipher)) { security_policy_selection[i].pq_kem_extension_required = 1; } - - if (s2n_cipher_suite_uses_chacha20_alg(cipher)) { - cipher_preferences_has_chacha20_cipher_suite = true; - } - } - - if (cipher_preference->allow_chacha20_boosting) { - /* If chacha20 boosting support is enabled, then the cipher preference must have at least one chacha20 cipher suite */ - POSIX_ENSURE(cipher_preferences_has_chacha20_cipher_suite, S2N_ERR_INVALID_SECURITY_POLICY); } POSIX_GUARD(s2n_validate_kem_preferences(kem_preference, security_policy_selection[i].pq_kem_extension_required)); @@ -1078,14 +1076,15 @@ int s2n_connection_is_valid_for_cipher_preferences(struct s2n_connection *conn, return 0; } -int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences, bool pq_kem_extension_required) { +int s2n_validate_kem_preferences(const struct s2n_kem_preferences *kem_preferences, bool pq_kem_extension_required) +{ POSIX_ENSURE_REF(kem_preferences); /* Basic sanity checks to assert that the count is 0 if and only if the associated list is NULL */ POSIX_ENSURE(S2N_IFF(kem_preferences->tls13_kem_group_count == 0, kem_preferences->tls13_kem_groups == NULL), - S2N_ERR_INVALID_SECURITY_POLICY); + S2N_ERR_INVALID_SECURITY_POLICY); POSIX_ENSURE(S2N_IFF(kem_preferences->kem_count == 0, kem_preferences->kems == NULL), - S2N_ERR_INVALID_SECURITY_POLICY); + S2N_ERR_INVALID_SECURITY_POLICY); POSIX_ENSURE(kem_preferences->tls13_kem_group_count <= S2N_SUPPORTED_KEM_GROUPS_COUNT, S2N_ERR_ARRAY_INDEX_OOB); /* The PQ KEM extension is applicable only to TLS 1.2 */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h index e4fec2c492..901259ca14 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h @@ -16,10 +16,11 @@ #pragma once #include <stdint.h> + #include "tls/s2n_cipher_preferences.h" +#include "tls/s2n_ecc_preferences.h" #include "tls/s2n_kem_preferences.h" #include "tls/s2n_signature_scheme.h" -#include "tls/s2n_ecc_preferences.h" /* Kept up-to-date by s2n_security_policies_test */ #define NUM_RSA_PSS_SCHEMES 6 @@ -36,9 +37,9 @@ struct s2n_security_policy { struct s2n_security_policy_selection { const char *version; const struct s2n_security_policy *security_policy; - unsigned ecc_extension_required:1; - unsigned pq_kem_extension_required:1; - unsigned supports_tls13:1; + unsigned ecc_extension_required : 1; + unsigned pq_kem_extension_required : 1; + unsigned supports_tls13 : 1; }; extern struct s2n_security_policy_selection security_policy_selection[]; @@ -117,6 +118,7 @@ extern const struct s2n_security_policy security_policy_cloudfront_tls_1_1_2016; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2018; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2019; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021; +extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021_chacha20_boosted; extern const struct s2n_security_policy security_policy_kms_tls_1_0_2018_10; extern const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10; diff --git a/contrib/restricted/aws/s2n/tls/s2n_send.c b/contrib/restricted/aws/s2n/tls/s2n_send.c index e0f51683c3..0b49330bed 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_send.c +++ b/contrib/restricted/aws/s2n/tls/s2n_send.c @@ -13,25 +13,21 @@ * permissions and limitations under the License. */ -#include <sys/param.h> #include <errno.h> -#include "api/s2n.h" +#include <sys/param.h> +#include "api/s2n.h" +#include "crypto/s2n_cipher.h" #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_alerts.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" #include "tls/s2n_handshake.h" #include "tls/s2n_post_handshake.h" #include "tls/s2n_record.h" - -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_cipher.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" bool s2n_should_flush(struct s2n_connection *conn, ssize_t total_message_size) { @@ -79,7 +75,7 @@ int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked) *blocked = S2N_BLOCKED_ON_WRITE; /* Write any data that's already pending */ - WRITE: +WRITE: while (s2n_stuffer_data_available(&conn->out)) { errno = 0; w = s2n_connection_send_stuffer(&conn->out, conn, s2n_stuffer_data_available(&conn->out)); @@ -99,7 +95,7 @@ int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked) /* If there's an alert pending out, send that */ if (s2n_stuffer_data_available(&conn->reader_alert_out) == 2) { - struct s2n_blob alert = {0}; + struct s2n_blob alert = { 0 }; alert.data = conn->reader_alert_out.blob.data; alert.size = 2; POSIX_GUARD(s2n_record_write(conn, TLS_ALERT, &alert)); @@ -112,7 +108,7 @@ int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked) /* Do the same for writer driven alerts */ if (s2n_stuffer_data_available(&conn->writer_alert_out) == 2) { - struct s2n_blob alert = {0}; + struct s2n_blob alert = { 0 }; alert.data = conn->writer_alert_out.blob.data; alert.size = 2; POSIX_GUARD(s2n_record_write(conn, TLS_ALERT, &alert)); @@ -128,7 +124,8 @@ int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked) return 0; } -ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked) +ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iovec *bufs, + ssize_t count, ssize_t offs, s2n_blocked_status *blocked) { ssize_t user_data_sent, total_size = 0; @@ -159,7 +156,7 @@ ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iov /* Defensive check against an invalid retry */ if (offs) { - const struct iovec* _bufs = bufs; + const struct iovec *_bufs = bufs; ssize_t _count = count; while (offs >= _bufs->iov_len && _count > 0) { offs -= _bufs->iov_len; @@ -202,7 +199,8 @@ ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iov /* Don't split messages in server mode for interoperability with naive clients. * Some clients may have expectations based on the amount of content in the first record. */ - if (conn->actual_protocol_version < S2N_TLS11 && writer->cipher_suite->record_alg->cipher->type == S2N_CBC && conn->mode != S2N_SERVER) { + if (conn->actual_protocol_version < S2N_TLS11 + && writer->cipher_suite->record_alg->cipher->type == S2N_CBC && conn->mode != S2N_SERVER) { if (to_write > 1 && cbcHackUsed == 0) { to_write = 1; cbcHackUsed = 1; @@ -213,7 +211,7 @@ ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iov /* Write and encrypt the record */ int written_to_record = s2n_record_writev(conn, TLS_APPLICATION_DATA, bufs, count, - conn->current_user_data_consumed + offs, to_write); + conn->current_user_data_consumed + offs, to_write); POSIX_GUARD(written_to_record); conn->current_user_data_consumed += written_to_record; conn->active_application_bytes_consumed += written_to_record; @@ -244,7 +242,8 @@ ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iov return total_size; } -ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked) +ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, + ssize_t offs, s2n_blocked_status *blocked) { POSIX_ENSURE(!conn->send_in_use, S2N_ERR_REENTRANCY); conn->send_in_use = true; @@ -266,7 +265,7 @@ ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked) { struct iovec iov; - iov.iov_base = (void*)(uintptr_t)buf; + iov.iov_base = (void *) (uintptr_t) buf; iov.iov_len = size; return s2n_sendv_with_offset(conn, &iov, 1, 0, blocked); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_cert.c b/contrib/restricted/aws/s2n/tls/s2n_server_cert.c index 1328f59286..608af52745 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_cert.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_cert.c @@ -14,13 +14,10 @@ */ #include "api/s2n.h" - #include "error/s2n_errno.h" - #include "tls/s2n_auth_selection.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_tls.h" - #include "utils/s2n_safety.h" int s2n_server_cert_recv(struct s2n_connection *conn) @@ -34,13 +31,14 @@ int s2n_server_cert_recv(struct s2n_connection *conn) uint32_t size_of_all_certificates; POSIX_GUARD(s2n_stuffer_read_uint24(&conn->handshake.io, &size_of_all_certificates)); - S2N_ERROR_IF(size_of_all_certificates > s2n_stuffer_data_available(&conn->handshake.io) || size_of_all_certificates < 3, S2N_ERR_BAD_MESSAGE); + S2N_ERROR_IF(size_of_all_certificates > s2n_stuffer_data_available(&conn->handshake.io) || size_of_all_certificates < 3, + S2N_ERR_BAD_MESSAGE); s2n_cert_public_key public_key; POSIX_GUARD(s2n_pkey_zero_init(&public_key)); s2n_pkey_type actual_cert_pkey_type; - struct s2n_blob cert_chain = {0}; + struct s2n_blob cert_chain = { 0 }; cert_chain.size = size_of_all_certificates; cert_chain.data = s2n_stuffer_raw_read(&conn->handshake.io, size_of_all_certificates); POSIX_ENSURE_REF(cert_chain.data); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c b/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c index 45790f0645..68016373fa 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_cert_request.c @@ -14,19 +14,18 @@ */ #include "api/s2n.h" - #include "crypto/s2n_certificate.h" #include "error/s2n_errno.h" #include "extensions/s2n_extension_list.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_cipher_suites.h" -#include "tls/s2n_connection.h" #include "tls/s2n_config.h" +#include "tls/s2n_connection.h" #include "tls/s2n_signature_algorithms.h" #include "tls/s2n_signature_scheme.h" #include "tls/s2n_tls.h" -#include "stuffer/s2n_stuffer.h" -#include "utils/s2n_safety.h" #include "utils/s2n_array.h" +#include "utils/s2n_safety.h" /* RFC's that define below values: * - https://tools.ietf.org/html/rfc5246#section-7.4.4 @@ -52,7 +51,8 @@ static uint8_t s2n_cert_type_preference_list[] = { /* * Include DSS sign certificate type in server certificate request. - * Only will be used if cert_req_dss_legacy_compat_enabled is set by calling s2n_config_enable_cert_req_dss_legacy_compat. + * Only will be used if cert_req_dss_legacy_compat_enabled is set by calling + * s2n_config_enable_cert_req_dss_legacy_compat. */ static uint8_t s2n_cert_type_preference_list_legacy_dss[] = { S2N_CERT_TYPE_RSA_SIGN, @@ -85,7 +85,7 @@ static int s2n_set_cert_chain_as_client(struct s2n_connection *conn) { if (s2n_config_get_num_default_certs(conn->config) > 0) { POSIX_GUARD(s2n_choose_sig_scheme_from_peer_preference_list(conn, &conn->handshake_params.server_sig_hash_algs, - &conn->handshake_params.client_cert_sig_scheme)); + &conn->handshake_params.client_cert_sig_scheme)); struct s2n_cert_chain_and_key *cert = s2n_config_get_single_default_cert(conn->config); POSIX_ENSURE_REF(cert); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_done.c b/contrib/restricted/aws/s2n/tls/s2n_server_done.c index 6ddc123140..be534999b0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_done.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_done.c @@ -16,12 +16,10 @@ #include <stdint.h> #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" -#include "stuffer/s2n_stuffer.h" - int s2n_server_done_recv(struct s2n_connection *conn) { S2N_ERROR_IF(s2n_stuffer_data_available(&conn->handshake.io), S2N_ERR_BAD_MESSAGE); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_extensions.c b/contrib/restricted/aws/s2n/tls/s2n_server_extensions.c index f0cb6d6d39..90d4a088fc 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_extensions.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_extensions.c @@ -15,13 +15,12 @@ #include "tls/s2n_server_extensions.h" +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_list.h" #include "tls/extensions/s2n_server_supported_versions.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" #include "utils/s2n_safety.h" - /* An empty list will just contain the uint16_t list size */ #define S2N_EMPTY_EXTENSION_LIST_SIZE sizeof(uint16_t) @@ -46,7 +45,7 @@ int s2n_server_extensions_send(struct s2n_connection *conn, struct s2n_stuffer * * This behavior does not affect TLS1.3, which always requires at least the supported_version extension * so will never produce an empty list. */ - if(s2n_stuffer_data_available(out) - data_available_before_extensions == S2N_EMPTY_EXTENSION_LIST_SIZE) { + if (s2n_stuffer_data_available(out) - data_available_before_extensions == S2N_EMPTY_EXTENSION_LIST_SIZE) { POSIX_GUARD(s2n_stuffer_wipe_n(out, S2N_EMPTY_EXTENSION_LIST_SIZE)); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_extensions.h b/contrib/restricted/aws/s2n/tls/s2n_server_extensions.h index 57b720395c..60759a6a88 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_extensions.h +++ b/contrib/restricted/aws/s2n/tls/s2n_server_extensions.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" int s2n_server_extensions_send(struct s2n_connection *conn, struct s2n_stuffer *out); int s2n_server_extensions_recv(struct s2n_connection *conn, struct s2n_stuffer *in); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_finished.c b/contrib/restricted/aws/s2n/tls/s2n_server_finished.c index 3c105657ed..671abab938 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_finished.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_finished.c @@ -16,14 +16,11 @@ #include <stdint.h> #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_resume.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13_handshake.h" - -#include "stuffer/s2n_stuffer.h" - #include "utils/s2n_safety.h" S2N_RESULT s2n_finished_recv(struct s2n_connection *conn, uint8_t *local_verify_data) @@ -80,14 +77,15 @@ int s2n_server_finished_send(struct s2n_connection *conn) return S2N_SUCCESS; } -int s2n_tls13_server_finished_recv(struct s2n_connection *conn) { +int s2n_tls13_server_finished_recv(struct s2n_connection *conn) +{ POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13); uint8_t length = s2n_stuffer_data_available(&conn->handshake.io); S2N_ERROR_IF(length == 0, S2N_ERR_BAD_MESSAGE); /* read finished mac from handshake */ - struct s2n_blob wire_finished_mac = {0}; + struct s2n_blob wire_finished_mac = { 0 }; s2n_blob_init(&wire_finished_mac, s2n_stuffer_raw_read(&conn->handshake.io, length), length); /* get tls13 keys */ @@ -99,7 +97,7 @@ int s2n_tls13_server_finished_recv(struct s2n_connection *conn) { POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state)); /* look up finished secret key */ - struct s2n_blob finished_key = {0}; + struct s2n_blob finished_key = { 0 }; POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.server_finished, keys.size)); /* generate the hashed message authenticated code */ @@ -112,7 +110,8 @@ int s2n_tls13_server_finished_recv(struct s2n_connection *conn) { return 0; } -int s2n_tls13_server_finished_send(struct s2n_connection *conn) { +int s2n_tls13_server_finished_send(struct s2n_connection *conn) +{ POSIX_ENSURE_EQ(conn->actual_protocol_version, S2N_TLS13); /* get tls13 keys */ @@ -124,7 +123,7 @@ int s2n_tls13_server_finished_send(struct s2n_connection *conn) { POSIX_GUARD_RESULT(s2n_handshake_copy_hash_state(conn, keys.hash_algorithm, hash_state)); /* look up finished secret key */ - struct s2n_blob finished_key = {0}; + struct s2n_blob finished_key = { 0 }; POSIX_GUARD(s2n_blob_init(&finished_key, conn->handshake.server_finished, keys.size)); /* generate the hashed message authenticated code */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c index b500a718a1..708346f1cb 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_hello.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_hello.c @@ -14,36 +14,31 @@ */ #include <sys/param.h> - -#include "api/s2n.h" #include <time.h> +#include "api/s2n.h" #include "crypto/s2n_fips.h" - #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_alerts.h" #include "tls/s2n_cipher_preferences.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_alerts.h" +#include "tls/s2n_security_policies.h" #include "tls/s2n_server_extensions.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" -#include "tls/s2n_security_policies.h" #include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls13_key_schedule.h" - -#include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_random.h" #include "utils/s2n_bitmap.h" +#include "utils/s2n_random.h" +#include "utils/s2n_safety.h" /* From RFC5246 7.4.1.2. */ #define S2N_TLS_COMPRESSION_METHOD_NULL 0 /* From RFC8446 4.1.3. */ -#define S2N_DOWNGRADE_PROTECTION_SIZE 8 +#define S2N_DOWNGRADE_PROTECTION_SIZE 8 const uint8_t tls12_downgrade_protection_bytes[] = { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44, 0x01 }; @@ -52,16 +47,18 @@ const uint8_t tls11_downgrade_protection_bytes[] = { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44, 0x00 }; -static int s2n_random_value_is_hello_retry(struct s2n_connection *conn) { +static int s2n_random_value_is_hello_retry(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE(memcmp(hello_retry_req_random, conn->handshake_params.server_random, S2N_TLS_RANDOM_DATA_LEN) == 0, - S2N_ERR_INVALID_HELLO_RETRY); + S2N_ERR_INVALID_HELLO_RETRY); return S2N_SUCCESS; } -static int s2n_client_detect_downgrade_mechanism(struct s2n_connection *conn) { +static int s2n_client_detect_downgrade_mechanism(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); uint8_t *downgrade_bytes = &conn->handshake_params.server_random[S2N_TLS_RANDOM_DATA_LEN - S2N_DOWNGRADE_PROTECTION_SIZE]; @@ -79,7 +76,8 @@ static int s2n_client_detect_downgrade_mechanism(struct s2n_connection *conn) { return 0; } -static int s2n_server_add_downgrade_mechanism(struct s2n_connection *conn) { +static int s2n_server_add_downgrade_mechanism(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); uint8_t *downgrade_bytes = &conn->handshake_params.server_random[S2N_TLS_RANDOM_DATA_LEN - S2N_DOWNGRADE_PROTECTION_SIZE]; @@ -109,7 +107,7 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) POSIX_GUARD(s2n_stuffer_read_bytes(in, protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN)); POSIX_GUARD(s2n_stuffer_read_bytes(in, conn->handshake_params.server_random, S2N_TLS_RANDOM_DATA_LEN)); - uint8_t legacy_version = (uint8_t)(protocol_version[0] * 10) + protocol_version[1]; + uint8_t legacy_version = (uint8_t) (protocol_version[0] * 10) + protocol_version[1]; /** *= https://tools.ietf.org/rfc/rfc8446#4.1.3 @@ -118,7 +116,6 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) *# it as described in Section 4.1.4). **/ if (s2n_random_value_is_hello_retry(conn) == S2N_SUCCESS) { - /** *= https://tools.ietf.org/rfc/rfc8446#4.1.4 *# If a client receives a second @@ -160,7 +157,7 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) S2N_ERROR_IF(compression_method != S2N_TLS_COMPRESSION_METHOD_NULL, S2N_ERR_BAD_MESSAGE); bool session_ids_match = session_id_len != 0 && session_id_len == conn->session_id_len - && memcmp(session_id, conn->session_id, session_id_len) == 0; + && memcmp(session_id, conn->session_id, session_id_len) == 0; if (!session_ids_match) { conn->ems_negotiated = false; } @@ -175,7 +172,7 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) s2n_extension_type_id supported_versions_id = s2n_unsupported_extension; POSIX_GUARD(s2n_extension_supported_iana_value_to_id(TLS_EXTENSION_SUPPORTED_VERSIONS, &supported_versions_id)); POSIX_ENSURE(S2N_CBIT_TEST(conn->extension_responses_received, supported_versions_id), - S2N_ERR_MISSING_EXTENSION); + S2N_ERR_MISSING_EXTENSION); } if (conn->server_protocol_version >= S2N_TLS13) { @@ -234,7 +231,8 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) if (session_ids_match) { /* check if the resumed session state is valid */ S2N_ERROR_IF(conn->actual_protocol_version != actual_protocol_version, S2N_ERR_BAD_MESSAGE); - S2N_ERROR_IF(memcmp(conn->secure->cipher_suite->iana_value, cipher_suite_wire, S2N_TLS_CIPHER_SUITE_LEN) != 0, S2N_ERR_BAD_MESSAGE); + S2N_ERROR_IF(memcmp(conn->secure->cipher_suite->iana_value, cipher_suite_wire, S2N_TLS_CIPHER_SUITE_LEN) != 0, + S2N_ERR_BAD_MESSAGE); /* Session is resumed */ conn->client_session_resumed = 1; @@ -244,7 +242,7 @@ static int s2n_server_hello_parse(struct s2n_connection *conn) conn->actual_protocol_version = actual_protocol_version; POSIX_GUARD(s2n_set_cipher_as_client(conn, cipher_suite_wire)); /* Erase master secret which might have been set for session resumption */ - POSIX_CHECKED_MEMSET((uint8_t *)conn->secrets.tls12.master_secret, 0, S2N_TLS_SECRET_LEN); + POSIX_CHECKED_MEMSET((uint8_t *) conn->secrets.tls12.master_secret, 0, S2N_TLS_SECRET_LEN); /* Erase client session ticket which might have been set for session resumption */ POSIX_GUARD(s2n_free(&conn->client_ticket)); @@ -305,8 +303,8 @@ int s2n_server_hello_write_message(struct s2n_connection *conn) * https://tools.ietf.org/html/rfc8446#section-4.1.3 */ const uint16_t legacy_protocol_version = MIN(conn->actual_protocol_version, S2N_TLS12); uint8_t protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN]; - protocol_version[0] = (uint8_t)(legacy_protocol_version / 10); - protocol_version[1] = (uint8_t)(legacy_protocol_version % 10); + protocol_version[0] = (uint8_t) (legacy_protocol_version / 10); + protocol_version[1] = (uint8_t) (legacy_protocol_version % 10); POSIX_GUARD(s2n_stuffer_write_bytes(&conn->handshake.io, protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN)); POSIX_GUARD(s2n_stuffer_write_bytes(&conn->handshake.io, conn->handshake_params.server_random, S2N_TLS_RANDOM_DATA_LEN)); @@ -322,14 +320,14 @@ int s2n_server_hello_send(struct s2n_connection *conn) { POSIX_ENSURE_REF(conn); - struct s2n_stuffer server_random = {0}; - struct s2n_blob b = {0}; + struct s2n_stuffer server_random = { 0 }; + struct s2n_blob b = { 0 }; POSIX_GUARD(s2n_blob_init(&b, conn->handshake_params.server_random, S2N_TLS_RANDOM_DATA_LEN)); /* Create the server random data */ POSIX_GUARD(s2n_stuffer_init(&server_random, &b)); - struct s2n_blob rand_data = {0}; + struct s2n_blob rand_data = { 0 }; POSIX_GUARD(s2n_blob_init(&rand_data, s2n_stuffer_raw_write(&server_random, S2N_TLS_RANDOM_DATA_LEN), S2N_TLS_RANDOM_DATA_LEN)); POSIX_ENSURE_REF(rand_data.data); POSIX_GUARD_RESULT(s2n_get_public_random_data(&rand_data)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_hello_retry.c b/contrib/restricted/aws/s2n/tls/s2n_server_hello_retry.c index 4fbf2ca6a6..25bb2d9039 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_hello_retry.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_hello_retry.c @@ -15,14 +15,14 @@ #include <stdbool.h> #include "error/s2n_errno.h" -#include "utils/s2n_blob.h" +#include "pq-crypto/s2n_pq.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_server_extensions.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" #include "tls/s2n_tls13_handshake.h" +#include "utils/s2n_blob.h" #include "utils/s2n_safety.h" -#include "pq-crypto/s2n_pq.h" /* From RFC5246 7.4.1.2. */ #define S2N_TLS_COMPRESSION_METHOD_NULL 0 @@ -50,7 +50,7 @@ int s2n_server_hello_retry_send(struct s2n_connection *conn) /* Reset handshake values */ conn->handshake.client_hello_received = 0; conn->client_hello.parsed = 0; - POSIX_CHECKED_MEMSET((uint8_t*) conn->extension_requests_received, 0, sizeof(s2n_extension_bitfield)); + POSIX_CHECKED_MEMSET((uint8_t *) conn->extension_requests_received, 0, sizeof(s2n_extension_bitfield)); return 0; } @@ -72,7 +72,7 @@ int s2n_server_hello_retry_recv(struct s2n_connection *conn) const struct s2n_kem_group *kem_group = conn->kex_params.server_kem_group_params.kem_group; /* Boolean XOR check: exactly one of {named_curve, kem_group} should be non-null. */ - POSIX_ENSURE( (named_curve != NULL) != (kem_group != NULL), S2N_ERR_INVALID_HELLO_RETRY); + POSIX_ENSURE((named_curve != NULL) != (kem_group != NULL), S2N_ERR_INVALID_HELLO_RETRY); /** *= https://tools.ietf.org/rfc/rfc8446#4.2.8 @@ -124,7 +124,7 @@ int s2n_server_hello_retry_recv(struct s2n_connection *conn) POSIX_GUARD(s2n_server_hello_retry_recreate_transcript(conn)); /* Reset handshake values */ - POSIX_CHECKED_MEMSET((uint8_t*) conn->extension_requests_sent, 0, sizeof(s2n_extension_bitfield)); + POSIX_CHECKED_MEMSET((uint8_t *) conn->extension_requests_sent, 0, sizeof(s2n_extension_bitfield)); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c index dc87d4184e..dd7c811678 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c @@ -14,25 +14,20 @@ */ #include "api/s2n.h" - +#include "crypto/s2n_dhe.h" +#include "crypto/s2n_fips.h" #include "error/s2n_errno.h" - +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_async_pkey.h" -#include "tls/s2n_kem.h" -#include "tls/s2n_kex.h" +#include "tls/s2n_cipher_preferences.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_connection.h" -#include "tls/s2n_signature_algorithms.h" -#include "tls/s2n_cipher_preferences.h" +#include "tls/s2n_kem.h" +#include "tls/s2n_kex.h" #include "tls/s2n_security_policies.h" - -#include "stuffer/s2n_stuffer.h" - -#include "crypto/s2n_dhe.h" -#include "crypto/s2n_fips.h" - -#include "utils/s2n_safety.h" +#include "tls/s2n_signature_algorithms.h" #include "utils/s2n_random.h" +#include "utils/s2n_safety.h" static int s2n_server_key_send_write_signature(struct s2n_connection *conn, struct s2n_blob *signature); @@ -47,10 +42,10 @@ int s2n_server_key_recv(struct s2n_connection *conn) struct s2n_hash_state *signature_hash = &conn->handshake.hashes->hash_workspace; const struct s2n_kex *key_exchange = conn->secure->cipher_suite->key_exchange_alg; struct s2n_stuffer *in = &conn->handshake.io; - struct s2n_blob data_to_verify = {0}; + struct s2n_blob data_to_verify = { 0 }; /* Read the KEX data */ - struct s2n_kex_raw_server_data kex_data = {0}; + struct s2n_kex_raw_server_data kex_data = { 0 }; POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(key_exchange, conn, &data_to_verify, &kex_data)); /* Add common signature data */ @@ -76,7 +71,7 @@ int s2n_server_key_recv(struct s2n_connection *conn) uint16_t signature_length; POSIX_GUARD(s2n_stuffer_read_uint16(in, &signature_length)); - struct s2n_blob signature = {.size = signature_length, .data = s2n_stuffer_raw_read(in, signature_length)}; + struct s2n_blob signature = { .size = signature_length, .data = s2n_stuffer_raw_read(in, signature_length) }; POSIX_ENSURE_REF(signature.data); POSIX_ENSURE_GT(signature_length, 0); @@ -91,7 +86,8 @@ int s2n_server_key_recv(struct s2n_connection *conn) return 0; } -int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data) +int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data) { struct s2n_stuffer *in = &conn->handshake.io; @@ -106,7 +102,8 @@ int s2n_ecdhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n return 0; } -int s2n_dhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data) +int s2n_dhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data) { struct s2n_stuffer *in = &conn->handshake.io; struct s2n_dhe_raw_server_points *dhe_data = &raw_server_data->dhe_data; @@ -149,7 +146,8 @@ int s2n_dhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_k return 0; } -int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data) +int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data) { struct s2n_kem_raw_server_params *kem_data = &raw_server_data->kem_data; struct s2n_stuffer *in = &conn->handshake.io; @@ -196,16 +194,20 @@ int s2n_kem_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_k const struct s2n_cipher_suite *cipher_suite = conn->secure->cipher_suite; const struct s2n_kem *match = NULL; - S2N_ERROR_IF(s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, &kem_data->kem_name, kem_preferences->kems, - kem_preferences->kem_count, &match) != 0, S2N_ERR_KEM_UNSUPPORTED_PARAMS); + S2N_ERROR_IF(s2n_choose_kem_with_peer_pref_list(cipher_suite->iana_value, &kem_data->kem_name, + kem_preferences->kems, kem_preferences->kem_count, &match) + != 0, + S2N_ERR_KEM_UNSUPPORTED_PARAMS); conn->kex_params.kem_params.kem = match; - S2N_ERROR_IF(kem_data->raw_public_key.size != conn->kex_params.kem_params.kem->public_key_length, S2N_ERR_BAD_MESSAGE); + S2N_ERROR_IF(kem_data->raw_public_key.size != conn->kex_params.kem_params.kem->public_key_length, + S2N_ERR_BAD_MESSAGE); return 0; } -int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, struct s2n_kex_raw_server_data *raw_server_data) +int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); @@ -218,10 +220,10 @@ int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n total_data_to_verify->data = s2n_stuffer_raw_read(&conn->handshake.io, 0); POSIX_ENSURE_REF(total_data_to_verify->data); - struct s2n_blob data_to_verify_0 = {0}; + struct s2n_blob data_to_verify_0 = { 0 }; POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(hybrid_kex_0, conn, &data_to_verify_0, raw_server_data)); - struct s2n_blob data_to_verify_1 = {0}; + struct s2n_blob data_to_verify_1 = { 0 }; POSIX_GUARD_RESULT(s2n_kex_server_key_recv_read_data(hybrid_kex_1, conn, &data_to_verify_1, raw_server_data)); total_data_to_verify->size = data_to_verify_0.size + data_to_verify_1.size; @@ -252,7 +254,7 @@ int s2n_server_key_send(struct s2n_connection *conn) struct s2n_hash_state *signature_hash = &conn->handshake.hashes->hash_workspace; const struct s2n_kex *key_exchange = conn->secure->cipher_suite->key_exchange_alg; struct s2n_stuffer *out = &conn->handshake.io; - struct s2n_blob data_to_sign = {0}; + struct s2n_blob data_to_sign = { 0 }; /* Call the negotiated key exchange method to send it's data */ POSIX_GUARD_RESULT(s2n_kex_server_key_send(key_exchange, conn, &data_to_sign)); @@ -275,7 +277,8 @@ int s2n_server_key_send(struct s2n_connection *conn) /* Add KEX specific data to the hash */ POSIX_GUARD(s2n_hash_update(signature_hash, data_to_sign.data, data_to_sign.size)); - S2N_ASYNC_PKEY_SIGN(conn, conn->handshake_params.conn_sig_scheme.sig_alg, signature_hash, s2n_server_key_send_write_signature); + S2N_ASYNC_PKEY_SIGN(conn, conn->handshake_params.conn_sig_scheme.sig_alg, signature_hash, + s2n_server_key_send_write_signature); } int s2n_ecdhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign) @@ -316,7 +319,7 @@ int s2n_kem_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_t POSIX_GUARD(s2n_stuffer_write_uint16(out, kem->kem_extension_id)); POSIX_GUARD(s2n_kem_send_public_key(out, &(conn->kex_params.kem_params))); - data_to_sign->size = sizeof(kem_extension_size) + sizeof(kem_public_key_size) + kem->public_key_length; + data_to_sign->size = sizeof(kem_extension_size) + sizeof(kem_public_key_size) + kem->public_key_length; return 0; } @@ -334,10 +337,10 @@ int s2n_hybrid_server_key_send(struct s2n_connection *conn, struct s2n_blob *tot total_data_to_sign->data = s2n_stuffer_raw_write(&conn->handshake.io, 0); POSIX_ENSURE_REF(total_data_to_sign->data); - struct s2n_blob data_to_verify_0 = {0}; + struct s2n_blob data_to_verify_0 = { 0 }; POSIX_GUARD_RESULT(s2n_kex_server_key_send(hybrid_kex_0, conn, &data_to_verify_0)); - struct s2n_blob data_to_verify_1 = {0}; + struct s2n_blob data_to_verify_1 = { 0 }; POSIX_GUARD_RESULT(s2n_kex_server_key_send(hybrid_kex_1, conn, &data_to_verify_1)); total_data_to_sign->size = data_to_verify_0.size + data_to_verify_1.size; diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.h b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.h index 2402bd3281..82fe855abd 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.h +++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.h @@ -19,10 +19,14 @@ #include "tls/s2n_kex.h" #include "utils/s2n_blob.h" -int s2n_dhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); -int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); +int s2n_dhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data); +int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data); +int s2n_kem_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data); +int s2n_hybrid_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_blob *total_data_to_verify, + struct s2n_kex_raw_server_data *raw_server_data); int s2n_dhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); int s2n_ecdhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c index 74392aa969..484f2782bd 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c @@ -14,23 +14,19 @@ */ #include <sys/param.h> - -#include "api/s2n.h" #include <time.h> +#include "api/s2n.h" #include "error/s2n_errno.h" - -#include "tls/s2n_connection.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_alerts.h" -#include "tls/s2n_tls.h" +#include "tls/s2n_connection.h" +#include "tls/s2n_record.h" #include "tls/s2n_resume.h" +#include "tls/s2n_tls.h" #include "tls/s2n_tls13_handshake.h" -#include "tls/s2n_record.h" - -#include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_random.h" +#include "utils/s2n_safety.h" /* * The maximum size of the NewSessionTicket message, not taking into account the @@ -43,7 +39,8 @@ */ #define S2N_TLS13_MAX_FIXED_NEW_SESSION_TICKET_SIZE 79 -int s2n_server_nst_recv(struct s2n_connection *conn) { +int s2n_server_nst_recv(struct s2n_connection *conn) +{ POSIX_GUARD(s2n_stuffer_read_uint32(&conn->handshake.io, &conn->ticket_lifetime_hint)); uint16_t session_ticket_len; @@ -59,8 +56,8 @@ int s2n_server_nst_recv(struct s2n_connection *conn) { /* Alloc some memory for the serialized session ticket */ DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); - POSIX_GUARD(s2n_alloc(&mem, S2N_STATE_FORMAT_LEN + S2N_SESSION_TICKET_SIZE_LEN + \ - conn->client_ticket.size + S2N_TLS12_STATE_SIZE_IN_BYTES)); + POSIX_GUARD(s2n_alloc(&mem, + S2N_STATE_FORMAT_LEN + S2N_SESSION_TICKET_SIZE_LEN + conn->client_ticket.size + S2N_TLS12_STATE_SIZE_IN_BYTES)); POSIX_GUARD(s2n_connection_get_session(conn, mem.data, session_len)); uint32_t session_lifetime = s2n_connection_get_session_ticket_lifetime_hint(conn); @@ -68,7 +65,7 @@ int s2n_server_nst_recv(struct s2n_connection *conn) { struct s2n_session_ticket ticket = { .ticket_data = mem, .session_lifetime = session_lifetime }; POSIX_ENSURE(conn->config->session_ticket_cb(conn, conn->config->session_ticket_ctx, &ticket) >= S2N_SUCCESS, - S2N_ERR_CANCELLED); + S2N_ERR_CANCELLED); } } @@ -81,7 +78,8 @@ int s2n_server_nst_send(struct s2n_connection *conn) uint8_t data[S2N_TLS12_TICKET_SIZE_IN_BYTES] = { 0 }; struct s2n_blob entry = { .data = data, .size = sizeof(data) }; struct s2n_stuffer to; - uint32_t lifetime_hint_in_secs = (conn->config->encrypt_decrypt_key_lifetime_in_nanos + conn->config->decrypt_key_lifetime_in_nanos) / ONE_SEC_IN_NANOS; + uint32_t lifetime_hint_in_secs = + (conn->config->encrypt_decrypt_key_lifetime_in_nanos + conn->config->decrypt_key_lifetime_in_nanos) / ONE_SEC_IN_NANOS; /* When server changes it's mind mid handshake send lifetime hint and session ticket length as zero */ if (!conn->config->use_tickets) { @@ -199,7 +197,7 @@ S2N_RESULT s2n_tls13_server_nst_send(struct s2n_connection *conn, s2n_blocked_st *# unsigned integer in network byte order from the time of ticket *# issuance. **/ -static S2N_RESULT s2n_generate_ticket_lifetime(struct s2n_connection *conn, uint32_t *ticket_lifetime) +static S2N_RESULT s2n_generate_ticket_lifetime(struct s2n_connection *conn, uint32_t *ticket_lifetime) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_MUT(ticket_lifetime); @@ -405,11 +403,11 @@ S2N_RESULT s2n_tls13_server_nst_recv(struct s2n_connection *conn, struct s2n_stu RESULT_GUARD_POSIX(s2n_connection_get_session(conn, session_state.data, session_state.size)); struct s2n_session_ticket ticket = { - .ticket_data = session_state, - .session_lifetime = ticket_lifetime + .ticket_data = session_state, + .session_lifetime = ticket_lifetime }; RESULT_ENSURE(conn->config->session_ticket_cb(conn, conn->config->session_ticket_ctx, &ticket) >= S2N_SUCCESS, - S2N_ERR_CANCELLED); + S2N_ERR_CANCELLED); } return S2N_RESULT_OK; diff --git a/contrib/restricted/aws/s2n/tls/s2n_shutdown.c b/contrib/restricted/aws/s2n/tls/s2n_shutdown.c index 383d3026a5..877552ce8d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_shutdown.c +++ b/contrib/restricted/aws/s2n/tls/s2n_shutdown.c @@ -14,14 +14,12 @@ */ #include "api/s2n.h" - #include "tls/s2n_alerts.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - #include "utils/s2n_safety.h" -int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status * more) +int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *more) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(more); diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c index ce1eab6986..55024f3676 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.c @@ -13,18 +13,17 @@ * permissions and limitations under the License. */ +#include "tls/s2n_signature_algorithms.h" + #include "crypto/s2n_fips.h" -#include "crypto/s2n_rsa_signing.h" #include "crypto/s2n_rsa_pss.h" +#include "crypto/s2n_rsa_signing.h" #include "error/s2n_errno.h" - #include "tls/s2n_auth_selection.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_kex.h" -#include "tls/s2n_signature_algorithms.h" -#include "tls/s2n_signature_scheme.h" #include "tls/s2n_security_policies.h" - +#include "tls/s2n_signature_scheme.h" #include "utils/s2n_safety.h" static int s2n_signature_scheme_valid_to_offer(struct s2n_connection *conn, const struct s2n_signature_scheme *scheme) @@ -61,7 +60,8 @@ static int s2n_signature_scheme_valid_to_accept(struct s2n_connection *conn, con return 0; } -static int s2n_is_signature_scheme_usable(struct s2n_connection *conn, const struct s2n_signature_scheme *candidate) { +static int s2n_is_signature_scheme_usable(struct s2n_connection *conn, const struct s2n_signature_scheme *candidate) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(candidate); @@ -72,7 +72,7 @@ static int s2n_is_signature_scheme_usable(struct s2n_connection *conn, const str } static int s2n_choose_sig_scheme(struct s2n_connection *conn, struct s2n_sig_scheme_list *peer_wire_prefs, - struct s2n_signature_scheme *chosen_scheme_out) + struct s2n_signature_scheme *chosen_scheme_out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); @@ -132,7 +132,7 @@ int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signatu } int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn, struct s2n_stuffer *in, - struct s2n_signature_scheme *chosen_sig_scheme) + struct s2n_signature_scheme *chosen_sig_scheme) { uint16_t actual_iana_val; POSIX_GUARD(s2n_stuffer_read_uint16(in, &actual_iana_val)); @@ -163,7 +163,6 @@ int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn if ((conn->actual_protocol_version <= S2N_TLS12) && (s2n_signature_scheme_valid_to_accept(conn, &default_scheme) == S2N_SUCCESS) && (actual_iana_val == default_scheme.iana_value)) { - *chosen_sig_scheme = default_scheme; return S2N_SUCCESS; } @@ -200,7 +199,7 @@ int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signat } int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, struct s2n_sig_scheme_list *peer_wire_prefs, - struct s2n_signature_scheme *sig_scheme_out) + struct s2n_signature_scheme *sig_scheme_out) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(sig_scheme_out); @@ -255,7 +254,7 @@ int s2n_supported_sig_schemes_count(struct s2n_connection *conn) uint8_t count = 0; for (size_t i = 0; i < signature_preferences->count; i++) { if (0 == s2n_signature_scheme_valid_to_offer(conn, signature_preferences->signature_schemes[i])) { - count ++; + count++; } } return count; @@ -281,7 +280,7 @@ int s2n_recv_supported_sig_scheme_list(struct s2n_stuffer *in, struct s2n_sig_sc if (pairs_available > TLS_SIGNATURE_SCHEME_LIST_MAX_LEN) { POSIX_BAIL(S2N_ERR_TOO_MANY_SIGNATURE_SCHEMES); } - + sig_hash_algs->len = 0; for (size_t i = 0; i < pairs_available; i++) { diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h index 3bab8e9953..5867eaf8a3 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_algorithms.h @@ -16,12 +16,9 @@ #pragma once #include "api/s2n.h" - #include "crypto/s2n_hash.h" #include "crypto/s2n_signature.h" - #include "stuffer/s2n_stuffer.h" - #include "tls/s2n_signature_scheme.h" struct s2n_connection; @@ -35,9 +32,9 @@ int s2n_choose_default_sig_scheme(struct s2n_connection *conn, struct s2n_signat int s2n_tls13_default_sig_scheme(struct s2n_connection *conn, struct s2n_signature_scheme *sig_scheme_out); int s2n_choose_sig_scheme_from_peer_preference_list(struct s2n_connection *conn, struct s2n_sig_scheme_list *sig_hash_algs, - struct s2n_signature_scheme *sig_scheme_out); + struct s2n_signature_scheme *sig_scheme_out); int s2n_get_and_validate_negotiated_signature_scheme(struct s2n_connection *conn, struct s2n_stuffer *in, - struct s2n_signature_scheme *chosen_sig_scheme); + struct s2n_signature_scheme *chosen_sig_scheme); int s2n_recv_supported_sig_scheme_list(struct s2n_stuffer *in, struct s2n_sig_scheme_list *sig_hash_algs); int s2n_send_supported_sig_scheme_list(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c index e986013be5..4d674379f7 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.c @@ -13,251 +13,251 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" +#include "tls/s2n_signature_scheme.h" +#include "api/s2n.h" +#include "crypto/s2n_ecc_evp.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_signature.h" #include "tls/s2n_connection.h" -#include "tls/s2n_signature_scheme.h" -#include "crypto/s2n_ecc_evp.h" #include "utils/s2n_safety.h" /* RSA PKCS1 */ const struct s2n_signature_scheme s2n_rsa_pkcs1_md5_sha1 = { - .iana_value = TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1, - .hash_alg = S2N_HASH_MD5_SHA1, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_md5_sha1, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */ + .iana_value = TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1, + .hash_alg = S2N_HASH_MD5_SHA1, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_md5_sha1, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */ }; const struct s2n_signature_scheme s2n_rsa_pkcs1_sha1 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1, - .hash_alg = S2N_HASH_SHA1, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_sha1WithRSAEncryption, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1, + .hash_alg = S2N_HASH_SHA1, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_sha1WithRSAEncryption, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */ }; const struct s2n_signature_scheme s2n_rsa_pkcs1_sha224 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224, - .hash_alg = S2N_HASH_SHA224, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_sha224WithRSAEncryption, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224, + .hash_alg = S2N_HASH_SHA224, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_sha224WithRSAEncryption, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ }; const struct s2n_signature_scheme s2n_rsa_pkcs1_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_sha256WithRSAEncryption, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256, + .hash_alg = S2N_HASH_SHA256, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_sha256WithRSAEncryption, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ }; const struct s2n_signature_scheme s2n_rsa_pkcs1_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_sha384WithRSAEncryption, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_sha384WithRSAEncryption, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ }; const struct s2n_signature_scheme s2n_rsa_pkcs1_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_RSA, - .libcrypto_nid = NID_sha512WithRSAEncryption, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512, + .hash_alg = S2N_HASH_SHA512, + .sig_alg = S2N_SIGNATURE_RSA, + .libcrypto_nid = NID_sha512WithRSAEncryption, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */ }; /* TLS 1.2 Compatible ECDSA Signature Schemes */ const struct s2n_signature_scheme s2n_ecdsa_sha1 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA1, - .hash_alg = S2N_HASH_SHA1, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA1, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support sha1 and requires a signature curve */ + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA1, + .hash_alg = S2N_HASH_SHA1, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA1, + .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support sha1 and requires a signature curve */ }; const struct s2n_signature_scheme s2n_ecdsa_sha224 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA224, - .hash_alg = S2N_HASH_SHA224, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA224, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA224, + .hash_alg = S2N_HASH_SHA224, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA224, + .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ }; const struct s2n_signature_scheme s2n_ecdsa_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA256, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA256, + .hash_alg = S2N_HASH_SHA256, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA256, + .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ }; const struct s2n_signature_scheme s2n_ecdsa_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA384, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA384, + .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ }; const struct s2n_signature_scheme s2n_ecdsa_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA512, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA512, + .hash_alg = S2N_HASH_SHA512, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA512, + .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ + .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ }; /* TLS 1.3 Compatible ECDSA Schemes */ /* In TLS 1.3 the two byte IANA value also defines the Curve to use for signing */ const struct s2n_signature_scheme s2n_ecdsa_secp256r1_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA256, - .signature_curve = &s2n_ecc_curve_secp256r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, + .hash_alg = S2N_HASH_SHA256, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA256, + .signature_curve = &s2n_ecc_curve_secp256r1, /* Hardcoded as of TLS 1.3 */ + .minimum_protocol_version = S2N_TLS13, }; const struct s2n_signature_scheme s2n_ecdsa_secp384r1_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA384, - .signature_curve = &s2n_ecc_curve_secp384r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA384, + .signature_curve = &s2n_ecc_curve_secp384r1, /* Hardcoded as of TLS 1.3 */ + .minimum_protocol_version = S2N_TLS13, }; const struct s2n_signature_scheme s2n_ecdsa_secp521r1_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_ECDSA, - .signature_curve = &s2n_ecc_curve_secp521r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512, + .hash_alg = S2N_HASH_SHA512, + .sig_alg = S2N_SIGNATURE_ECDSA, + .signature_curve = &s2n_ecc_curve_secp521r1, /* Hardcoded as of TLS 1.3 */ + .minimum_protocol_version = S2N_TLS13, }; /** * RSA-PSS-RSAE */ const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256, + .hash_alg = S2N_HASH_SHA256, + .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ }; const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ }; const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512, + .hash_alg = S2N_HASH_SHA512, + .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ }; /** * RSA-PSS-PSS */ const struct s2n_signature_scheme s2n_rsa_pss_pss_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256, + .hash_alg = S2N_HASH_SHA256, + .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .minimum_protocol_version = S2N_TLS13, }; const struct s2n_signature_scheme s2n_rsa_pss_pss_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .minimum_protocol_version = S2N_TLS13, }; const struct s2n_signature_scheme s2n_rsa_pss_pss_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, - .libcrypto_nid = NID_rsassaPss, - .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ - .minimum_protocol_version = S2N_TLS13, + .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512, + .hash_alg = S2N_HASH_SHA512, + .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS, + .libcrypto_nid = NID_rsassaPss, + .signature_curve = NULL, /* Elliptic Curve not needed for RSA */ + .minimum_protocol_version = S2N_TLS13, }; /* All Supported SignatureSchemes. */ /* No MD5 to avoid SLOTH Vulnerability */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20140601[] = { - /* RSA PKCS1 */ - &s2n_rsa_pkcs1_sha256, - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, - &s2n_rsa_pkcs1_sha224, + /* RSA PKCS1 */ + &s2n_rsa_pkcs1_sha256, + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, + &s2n_rsa_pkcs1_sha224, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, - &s2n_ecdsa_sha224, + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ + &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha512, + &s2n_ecdsa_sha224, - /* SHA-1 Legacy */ - &s2n_rsa_pkcs1_sha1, - &s2n_ecdsa_sha1, + /* SHA-1 Legacy */ + &s2n_rsa_pkcs1_sha1, + &s2n_ecdsa_sha1, }; /* The original preference list, but with rsa_pss supported. */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20200207[] = { - /* RSA PSS */ - &s2n_rsa_pss_pss_sha256, - &s2n_rsa_pss_pss_sha384, - &s2n_rsa_pss_pss_sha512, - &s2n_rsa_pss_rsae_sha256, - &s2n_rsa_pss_rsae_sha384, - &s2n_rsa_pss_rsae_sha512, - - /* RSA PKCS1 */ - &s2n_rsa_pkcs1_sha256, - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, - &s2n_rsa_pkcs1_sha224, - - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, - &s2n_ecdsa_sha224, - - /* SHA-1 Legacy */ - &s2n_rsa_pkcs1_sha1, - &s2n_ecdsa_sha1, + /* RSA PSS */ + &s2n_rsa_pss_pss_sha256, + &s2n_rsa_pss_pss_sha384, + &s2n_rsa_pss_pss_sha512, + &s2n_rsa_pss_rsae_sha256, + &s2n_rsa_pss_rsae_sha384, + &s2n_rsa_pss_rsae_sha512, + + /* RSA PKCS1 */ + &s2n_rsa_pkcs1_sha256, + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, + &s2n_rsa_pkcs1_sha224, + + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ + &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha512, + &s2n_ecdsa_sha224, + + /* SHA-1 Legacy */ + &s2n_rsa_pkcs1_sha1, + &s2n_ecdsa_sha1, }; /* @@ -265,66 +265,66 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20200207[] = { * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_default_fips[] = { - /* RSA PKCS1 - TLS1.2 */ - &s2n_rsa_pkcs1_sha256, - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, + /* RSA PKCS1 - TLS1.2 */ + &s2n_rsa_pkcs1_sha256, + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_sha512, - &s2n_ecdsa_sha224, + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_sha512, + &s2n_ecdsa_sha224, }; const struct s2n_signature_preferences s2n_signature_preferences_default_fips = { - .count = s2n_array_len(s2n_sig_scheme_pref_list_default_fips), - .signature_schemes = s2n_sig_scheme_pref_list_default_fips, + .count = s2n_array_len(s2n_sig_scheme_pref_list_default_fips), + .signature_schemes = s2n_sig_scheme_pref_list_default_fips, }; /* Add s2n_ecdsa_secp521r1_sha512 */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201021[] = { - /* RSA PSS */ - &s2n_rsa_pss_pss_sha256, - &s2n_rsa_pss_pss_sha384, - &s2n_rsa_pss_pss_sha512, - &s2n_rsa_pss_rsae_sha256, - &s2n_rsa_pss_rsae_sha384, - &s2n_rsa_pss_rsae_sha512, - - /* RSA PKCS1 */ - &s2n_rsa_pkcs1_sha256, - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, - &s2n_rsa_pkcs1_sha224, - - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, /* same iana value as TLS 1.3 s2n_ecdsa_secp521r1_sha512 */ - &s2n_ecdsa_secp521r1_sha512, - &s2n_ecdsa_sha224, - - /* SHA-1 Legacy */ - &s2n_rsa_pkcs1_sha1, - &s2n_ecdsa_sha1, + /* RSA PSS */ + &s2n_rsa_pss_pss_sha256, + &s2n_rsa_pss_pss_sha384, + &s2n_rsa_pss_pss_sha512, + &s2n_rsa_pss_rsae_sha256, + &s2n_rsa_pss_rsae_sha384, + &s2n_rsa_pss_rsae_sha512, + + /* RSA PKCS1 */ + &s2n_rsa_pkcs1_sha256, + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, + &s2n_rsa_pkcs1_sha224, + + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ + &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha512, /* same iana value as TLS 1.3 s2n_ecdsa_secp521r1_sha512 */ + &s2n_ecdsa_secp521r1_sha512, + &s2n_ecdsa_sha224, + + /* SHA-1 Legacy */ + &s2n_rsa_pkcs1_sha1, + &s2n_ecdsa_sha1, }; const struct s2n_signature_preferences s2n_signature_preferences_20140601 = { - .count = s2n_array_len(s2n_sig_scheme_pref_list_20140601), - .signature_schemes = s2n_sig_scheme_pref_list_20140601, + .count = s2n_array_len(s2n_sig_scheme_pref_list_20140601), + .signature_schemes = s2n_sig_scheme_pref_list_20140601, }; const struct s2n_signature_preferences s2n_signature_preferences_20200207 = { - .count = s2n_array_len(s2n_sig_scheme_pref_list_20200207), - .signature_schemes = s2n_sig_scheme_pref_list_20200207, + .count = s2n_array_len(s2n_sig_scheme_pref_list_20200207), + .signature_schemes = s2n_sig_scheme_pref_list_20200207, }; const struct s2n_signature_preferences s2n_signature_preferences_20201021 = { - .count = s2n_array_len(s2n_sig_scheme_pref_list_20201021), - .signature_schemes = s2n_sig_scheme_pref_list_20201021, + .count = s2n_array_len(s2n_sig_scheme_pref_list_20201021), + .signature_schemes = s2n_sig_scheme_pref_list_20201021, }; const struct s2n_signature_preferences s2n_signature_preferences_null = { @@ -334,27 +334,27 @@ const struct s2n_signature_preferences s2n_signature_preferences_null = { /* TLS1.3 supported signature schemes, without SHA-1 legacy algorithms */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201110[] = { - /* RSA PSS */ - &s2n_rsa_pss_pss_sha256, - &s2n_rsa_pss_pss_sha384, - &s2n_rsa_pss_pss_sha512, - &s2n_rsa_pss_rsae_sha256, - &s2n_rsa_pss_rsae_sha384, - &s2n_rsa_pss_rsae_sha512, - - /* RSA PKCS1 */ - &s2n_rsa_pkcs1_sha256, - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, - &s2n_rsa_pkcs1_sha224, - - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, - &s2n_ecdsa_sha224, + /* RSA PSS */ + &s2n_rsa_pss_pss_sha256, + &s2n_rsa_pss_pss_sha384, + &s2n_rsa_pss_pss_sha512, + &s2n_rsa_pss_rsae_sha256, + &s2n_rsa_pss_rsae_sha384, + &s2n_rsa_pss_rsae_sha512, + + /* RSA PKCS1 */ + &s2n_rsa_pkcs1_sha256, + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, + &s2n_rsa_pkcs1_sha224, + + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ + &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha512, + &s2n_ecdsa_sha224, }; const struct s2n_signature_preferences s2n_certificate_signature_preferences_20201110 = { @@ -364,13 +364,13 @@ const struct s2n_signature_preferences s2n_certificate_signature_preferences_202 /* Based on s2n_sig_scheme_pref_list_20140601 but with all hashes < SHA-384 removed */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20210816[] = { - /* RSA PKCS1 */ - &s2n_rsa_pkcs1_sha384, - &s2n_rsa_pkcs1_sha512, + /* RSA PKCS1 */ + &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha512, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_sha512, + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_sha512, }; const struct s2n_signature_preferences s2n_signature_preferences_20210816 = { @@ -379,44 +379,43 @@ const struct s2n_signature_preferences s2n_signature_preferences_20210816 = { }; const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_rfc9151[] = { - /* ECDSA - TLS 1.3 */ - &s2n_ecdsa_secp384r1_sha384, + /* ECDSA - TLS 1.3 */ + &s2n_ecdsa_secp384r1_sha384, - /* RSA PSS - TLS 1.3 */ - &s2n_rsa_pss_pss_sha384, + /* RSA PSS - TLS 1.3 */ + &s2n_rsa_pss_pss_sha384, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - /* RSA */ - &s2n_rsa_pss_rsae_sha384, + /* RSA */ + &s2n_rsa_pss_rsae_sha384, - &s2n_rsa_pkcs1_sha384, + &s2n_rsa_pkcs1_sha384, }; const struct s2n_signature_scheme* const s2n_cert_sig_scheme_pref_list_rfc9151[] = { - /* ECDSA - TLS 1.3 */ - &s2n_ecdsa_secp384r1_sha384, - - /* RSA PSS - * https://github.com/aws/s2n-tls/issues/3435 - * - * The Openssl function used to parse signatures off certificates does not differentiate - * between any rsa pss signature schemes. Therefore a security policy with a certificate - * signatures preference list must include all rsa_pss signature schemes. - * - * Since only sha384 is allowed by rfc9151, this certificate signing policy does not - * support rsa_pss. - */ - - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - - /* RSA */ - &s2n_rsa_pkcs1_sha384, + /* ECDSA - TLS 1.3 */ + &s2n_ecdsa_secp384r1_sha384, + + /* RSA PSS + * https://github.com/aws/s2n-tls/issues/3435 + * + * The Openssl function used to parse signatures off certificates does not differentiate + * between any rsa pss signature schemes. Therefore a security policy with a certificate + * signatures preference list must include all rsa_pss signature schemes. + * + * Since only sha384 is allowed by rfc9151, this certificate signing policy does not + * support rsa_pss. + */ + + /* ECDSA - TLS 1.2 */ + &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + + /* RSA */ + &s2n_rsa_pkcs1_sha384, }; - const struct s2n_signature_preferences s2n_signature_preferences_rfc9151 = { .count = s2n_array_len(s2n_sig_scheme_pref_list_rfc9151), .signature_schemes = s2n_sig_scheme_pref_list_rfc9151 diff --git a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h index a3259804fe..c4700f4d1a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h +++ b/contrib/restricted/aws/s2n/tls/s2n_signature_scheme.h @@ -15,12 +15,12 @@ #pragma once -#include "api/s2n.h" #include <strings.h> +#include "api/s2n.h" +#include "crypto/s2n_ecc_evp.h" #include "crypto/s2n_hash.h" #include "crypto/s2n_signature.h" -#include "crypto/s2n_ecc_evp.h" struct s2n_signature_scheme { uint16_t iana_value; @@ -34,7 +34,7 @@ struct s2n_signature_scheme { struct s2n_ecc_named_curve const *signature_curve; }; -struct s2n_signature_preferences{ +struct s2n_signature_preferences { uint8_t count; const struct s2n_signature_scheme *const *signature_schemes; }; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls.c b/contrib/restricted/aws/s2n/tls/s2n_tls.c index 07ef4ff382..a54c885289 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls.c @@ -13,9 +13,10 @@ * permissions and limitations under the License. */ +#include "tls/s2n_tls.h" + #include <stdint.h> -#include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" uint8_t s2n_highest_protocol_version = S2N_TLS13; @@ -29,11 +30,10 @@ uint8_t s2n_unknown_protocol_version = S2N_UNKNOWN_PROTOCOL_VERSION; * } MaxFragmentLength; * and we add 0 -> extension unused */ -uint16_t mfl_code_to_length[5] = -{ - S2N_DEFAULT_FRAGMENT_LENGTH, /* S2N_TLS_MAX_FRAG_LEN_EXT_NONE */ - 512, /* S2N_TLS_MAX_FRAG_LEN_512 */ - 1024, /* S2N_TLS_MAX_FRAG_LEN_1024 */ - 2048, /* S2N_TLS_MAX_FRAG_LEN_2048 */ - 4096, /* S2N_TLS_MAX_FRAG_LEN_4096 */ +uint16_t mfl_code_to_length[5] = { + S2N_DEFAULT_FRAGMENT_LENGTH, /* S2N_TLS_MAX_FRAG_LEN_EXT_NONE */ + 512, /* S2N_TLS_MAX_FRAG_LEN_512 */ + 1024, /* S2N_TLS_MAX_FRAG_LEN_1024 */ + 2048, /* S2N_TLS_MAX_FRAG_LEN_2048 */ + 4096, /* S2N_TLS_MAX_FRAG_LEN_4096 */ }; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls.h b/contrib/restricted/aws/s2n/tls/s2n_tls.h index c99d53d66f..63650dcc02 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls.h @@ -15,15 +15,15 @@ #pragma once -#include <stdint.h> #include <stdbool.h> +#include <stdint.h> #include "tls/s2n_connection.h" extern uint8_t s2n_unknown_protocol_version; extern uint8_t s2n_highest_protocol_version; -extern int s2n_flush(struct s2n_connection *conn, s2n_blocked_status * more); +extern int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *more); S2N_RESULT s2n_client_hello_request_validate(struct s2n_connection *conn); S2N_RESULT s2n_client_hello_request_recv(struct s2n_connection *conn); extern int s2n_client_hello_send(struct s2n_connection *conn); @@ -82,28 +82,28 @@ extern int s2n_process_client_hello(struct s2n_connection *conn); extern int s2n_handshake_write_header(struct s2n_stuffer *out, uint8_t message_type); extern int s2n_handshake_finish_header(struct s2n_stuffer *out); S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t *message_type, uint32_t *length); -extern int s2n_read_full_record(struct s2n_connection *conn, uint8_t * record_type, int *isSSLv2); -extern int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status * blocked); +extern int s2n_read_full_record(struct s2n_connection *conn, uint8_t *record_type, int *isSSLv2); +extern int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status *blocked); extern uint16_t mfl_code_to_length[5]; #define s2n_server_received_server_name(conn) ((conn)->server_name[0] != 0) #define s2n_server_can_send_ec_point_formats(conn) \ - ((conn)->ec_point_formats) + ((conn)->ec_point_formats) -#define s2n_server_can_send_ocsp(conn) ((conn)->mode == S2N_SERVER && \ - (conn)->status_type == S2N_STATUS_REQUEST_OCSP && \ - (conn)->handshake_params.our_chain_and_key && \ - (conn)->handshake_params.our_chain_and_key->ocsp_status.size > 0) +#define s2n_server_can_send_ocsp(conn) ((conn)->mode == S2N_SERVER \ + && (conn)->status_type == S2N_STATUS_REQUEST_OCSP \ + && (conn)->handshake_params.our_chain_and_key \ + && (conn)->handshake_params.our_chain_and_key->ocsp_status.size > 0) -#define s2n_server_sent_ocsp(conn) ((conn)->mode == S2N_CLIENT && \ - (conn)->status_type == S2N_STATUS_REQUEST_OCSP) +#define s2n_server_sent_ocsp(conn) ((conn)->mode == S2N_CLIENT \ + && (conn)->status_type == S2N_STATUS_REQUEST_OCSP) -#define s2n_server_can_send_sct_list(conn) ((conn)->mode == S2N_SERVER && \ - (conn)->ct_level_requested == S2N_CT_SUPPORT_REQUEST && \ - (conn)->handshake_params.our_chain_and_key && \ - (conn)->handshake_params.our_chain_and_key->sct_list.size > 0) +#define s2n_server_can_send_sct_list(conn) ((conn)->mode == S2N_SERVER \ + && (conn)->ct_level_requested == S2N_CT_SUPPORT_REQUEST \ + && (conn)->handshake_params.our_chain_and_key \ + && (conn)->handshake_params.our_chain_and_key->sct_list.size > 0) -#define s2n_server_sending_nst(conn) ((conn)->config->use_tickets && \ - (conn)->session_ticket_status == S2N_NEW_TICKET) +#define s2n_server_sending_nst(conn) ((conn)->config->use_tickets \ + && (conn)->session_ticket_status == S2N_NEW_TICKET) diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13.c b/contrib/restricted/aws/s2n/tls/s2n_tls13.c index 790ad8cadc..983c979bac 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13.c @@ -13,11 +13,12 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" -#include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" + +#include "api/s2n.h" #include "crypto/s2n_rsa_pss.h" #include "crypto/s2n_rsa_signing.h" +#include "tls/s2n_tls.h" bool s2n_use_default_tls13_config_flag = false; @@ -89,7 +90,8 @@ int s2n_reset_tls13_in_test() } /* Returns whether a uint16 iana value is a valid TLS 1.3 cipher suite */ -bool s2n_is_valid_tls13_cipher(const uint8_t version[2]) { +bool s2n_is_valid_tls13_cipher(const uint8_t version[2]) +{ /* Valid TLS 1.3 Ciphers are * 0x1301, 0x1302, 0x1303, 0x1304, 0x1305. * (https://tools.ietf.org/html/rfc8446#appendix-B.4) @@ -143,6 +145,7 @@ S2N_RESULT s2n_connection_validate_tls13_support(struct s2n_connection *conn) return S2N_RESULT_OK; } -bool s2n_connection_supports_tls13(struct s2n_connection *conn) { +bool s2n_connection_supports_tls13(struct s2n_connection *conn) +{ return s2n_result_is_ok(s2n_connection_validate_tls13_support(conn)); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13.h b/contrib/restricted/aws/s2n/tls/s2n_tls13.h index 7ad815bd71..a5924ced64 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13.h @@ -24,20 +24,15 @@ extern "C" { #endif #if S2N_GCC_VERSION_AT_LEAST(4, 5, 0) - S2N_API - __attribute__((deprecated("The use of TLS1.3 is configured through security policies"))) - extern int s2n_enable_tls13(); +S2N_API __attribute__((deprecated("The use of TLS1.3 is configured through security policies"))) extern int s2n_enable_tls13(); #else - S2N_API - __attribute__((deprecated)) - extern int s2n_enable_tls13(); +S2N_API __attribute__((deprecated)) extern int s2n_enable_tls13(); #endif #ifdef __cplusplus } #endif - /* from RFC: https://tools.ietf.org/html/rfc8446#section-4.1.3*/ extern uint8_t hello_retry_req_random[S2N_TLS_RANDOM_DATA_LEN]; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c index abc96b8b21..f8babab4c7 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_certificate_verify.c @@ -13,17 +13,18 @@ * permissions and limitations under the License. */ +#include "tls/s2n_tls13_certificate_verify.h" + +#include <stdint.h> + #include "crypto/s2n_hash.h" #include "error/s2n_errno.h" #include "stuffer/s2n_stuffer.h" #include "tls/s2n_async_pkey.h" -#include "tls/s2n_tls13_handshake.h" -#include "tls/s2n_tls13_certificate_verify.h" #include "tls/s2n_connection.h" +#include "tls/s2n_tls13_handshake.h" #include "utils/s2n_safety.h" -#include <stdint.h> - /** * Specified in https://tools.ietf.org/html/rfc8446#section-4.4.3 * @@ -34,24 +35,26 @@ **/ /* 64 'space' characters (0x20) */ -const uint8_t S2N_CERT_VERIFY_PREFIX[] = {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20}; +const uint8_t S2N_CERT_VERIFY_PREFIX[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; /* 'TLS 1.3, server CertificateVerify' with 0x00 separator */ -const uint8_t S2N_SERVER_CERT_VERIFY_CONTEXT[] = {0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, - 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00}; +const uint8_t S2N_SERVER_CERT_VERIFY_CONTEXT[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, + 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00 }; /* 'TLS 1.3, client CertificateVerify' with 0x00 separator */ -const uint8_t S2N_CLIENT_CERT_VERIFY_CONTEXT[] = {0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, - 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00}; +const uint8_t S2N_CLIENT_CERT_VERIFY_CONTEXT[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, + 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00 }; - -static int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, struct s2n_signature_scheme *chosen_sig_scheme); +static int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, + struct s2n_signature_scheme *chosen_sig_scheme); static int s2n_tls13_write_signature(struct s2n_connection *conn, struct s2n_blob *signature); -static int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, struct s2n_stuffer *unsigned_content, s2n_mode mode); -static int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, struct s2n_signature_scheme *chosen_sig_scheme); +static int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, + struct s2n_stuffer *unsigned_content, s2n_mode mode); +static int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, + struct s2n_signature_scheme *chosen_sig_scheme); static uint8_t s2n_tls13_cert_verify_header_length(s2n_mode mode); int s2n_tls13_cert_verify_send(struct s2n_connection *conn) @@ -66,7 +69,6 @@ int s2n_tls13_cert_verify_send(struct s2n_connection *conn) POSIX_GUARD(s2n_tls13_write_cert_verify_signature(conn, &conn->handshake_params.client_cert_sig_scheme)); } - return 0; } @@ -78,14 +80,15 @@ int s2n_tls13_write_cert_verify_signature(struct s2n_connection *conn, struct s2 struct s2n_stuffer *out = &conn->handshake.io; POSIX_GUARD(s2n_stuffer_write_uint16(out, chosen_sig_scheme->iana_value)); - DEFER_CLEANUP(struct s2n_hash_state message_hash = {0}, s2n_hash_free); + DEFER_CLEANUP(struct s2n_hash_state message_hash = { 0 }, s2n_hash_free); POSIX_GUARD(s2n_hash_new(&message_hash)); POSIX_GUARD(s2n_hash_init(&message_hash, chosen_sig_scheme->hash_alg)); - DEFER_CLEANUP(struct s2n_stuffer unsigned_content = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer unsigned_content = { 0 }, s2n_stuffer_free); POSIX_GUARD(s2n_tls13_generate_unsigned_cert_verify_content(conn, &unsigned_content, conn->mode)); - POSIX_GUARD(s2n_hash_update(&message_hash, unsigned_content.blob.data, s2n_stuffer_data_available(&unsigned_content))); + POSIX_GUARD(s2n_hash_update(&message_hash, unsigned_content.blob.data, + s2n_stuffer_data_available(&unsigned_content))); S2N_ASYNC_PKEY_SIGN(conn, chosen_sig_scheme->sig_alg, &message_hash, s2n_tls13_write_signature); } @@ -100,7 +103,8 @@ int s2n_tls13_write_signature(struct s2n_connection *conn, struct s2n_blob *sign return 0; } -int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, struct s2n_stuffer *unsigned_content, s2n_mode mode) +int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, + struct s2n_stuffer *unsigned_content, s2n_mode mode) { s2n_tls13_connection_keys(tls13_ctx, conn); @@ -118,9 +122,11 @@ int s2n_tls13_generate_unsigned_cert_verify_content(struct s2n_connection *conn, POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, S2N_CERT_VERIFY_PREFIX, sizeof(S2N_CERT_VERIFY_PREFIX))); if (mode == S2N_CLIENT) { - POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, S2N_CLIENT_CERT_VERIFY_CONTEXT, sizeof(S2N_CLIENT_CERT_VERIFY_CONTEXT))); + POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, S2N_CLIENT_CERT_VERIFY_CONTEXT, + sizeof(S2N_CLIENT_CERT_VERIFY_CONTEXT))); } else { - POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, S2N_SERVER_CERT_VERIFY_CONTEXT, sizeof(S2N_SERVER_CERT_VERIFY_CONTEXT))); + POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, S2N_SERVER_CERT_VERIFY_CONTEXT, + sizeof(S2N_SERVER_CERT_VERIFY_CONTEXT))); } POSIX_GUARD(s2n_stuffer_write_bytes(unsigned_content, digest_out, hash_digest_length)); @@ -140,13 +146,16 @@ int s2n_tls13_cert_verify_recv(struct s2n_connection *conn) { if (conn->mode == S2N_SERVER) { /* Read the algorithm and update sig_scheme */ - POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, &conn->handshake.io, &conn->handshake_params.client_cert_sig_scheme)); + POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, &conn->handshake.io, + &conn->handshake_params.client_cert_sig_scheme)); /* Read the rest of the signature and verify */ - POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, &conn->handshake_params.client_cert_sig_scheme)); + POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, + &conn->handshake_params.client_cert_sig_scheme)); } else { /* Read the algorithm and update sig_scheme */ - POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, &conn->handshake.io, &conn->handshake_params.conn_sig_scheme)); + POSIX_GUARD(s2n_get_and_validate_negotiated_signature_scheme(conn, &conn->handshake.io, + &conn->handshake_params.conn_sig_scheme)); /* Read the rest of the signature and verify */ POSIX_GUARD(s2n_tls13_cert_read_and_verify_signature(conn, &conn->handshake_params.conn_sig_scheme)); @@ -155,12 +164,13 @@ int s2n_tls13_cert_verify_recv(struct s2n_connection *conn) return 0; } -int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, struct s2n_signature_scheme *chosen_sig_scheme) +int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, + struct s2n_signature_scheme *chosen_sig_scheme) { struct s2n_stuffer *in = &conn->handshake.io; - DEFER_CLEANUP(struct s2n_blob signed_content = {0}, s2n_free); - DEFER_CLEANUP(struct s2n_stuffer unsigned_content = {0}, s2n_stuffer_free); - DEFER_CLEANUP(struct s2n_hash_state message_hash = {0}, s2n_hash_free); + DEFER_CLEANUP(struct s2n_blob signed_content = { 0 }, s2n_free); + DEFER_CLEANUP(struct s2n_stuffer unsigned_content = { 0 }, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_hash_state message_hash = { 0 }, s2n_hash_free); POSIX_GUARD(s2n_hash_new(&message_hash)); /* Get signature size */ @@ -181,12 +191,15 @@ int s2n_tls13_cert_read_and_verify_signature(struct s2n_connection *conn, struct } POSIX_GUARD(s2n_hash_init(&message_hash, chosen_sig_scheme->hash_alg)); - POSIX_GUARD(s2n_hash_update(&message_hash, unsigned_content.blob.data, s2n_stuffer_data_available(&unsigned_content))); + POSIX_GUARD(s2n_hash_update(&message_hash, unsigned_content.blob.data, + s2n_stuffer_data_available(&unsigned_content))); if (conn->mode == S2N_CLIENT) { - POSIX_GUARD(s2n_pkey_verify(&conn->handshake_params.server_public_key, chosen_sig_scheme->sig_alg, &message_hash, &signed_content)); + POSIX_GUARD(s2n_pkey_verify(&conn->handshake_params.server_public_key, chosen_sig_scheme->sig_alg, + &message_hash, &signed_content)); } else { - POSIX_GUARD(s2n_pkey_verify(&conn->handshake_params.client_public_key, chosen_sig_scheme->sig_alg, &message_hash, &signed_content)); + POSIX_GUARD(s2n_pkey_verify(&conn->handshake_params.client_public_key, chosen_sig_scheme->sig_alg, + &message_hash, &signed_content)); } return 0; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c index f6fc69cfdc..d49b8d40ad 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.c @@ -14,6 +14,7 @@ */ #include "tls/s2n_tls13_handshake.h" + #include "tls/s2n_cipher_suites.h" #include "tls/s2n_key_log.h" #include "tls/s2n_security_policies.h" @@ -48,7 +49,8 @@ int s2n_tls13_keys_from_conn(struct s2n_tls13_keys *keys, struct s2n_connection return S2N_SUCCESS; } -int s2n_tls13_compute_ecc_shared_secret(struct s2n_connection *conn, struct s2n_blob *shared_secret) { +int s2n_tls13_compute_ecc_shared_secret(struct s2n_connection *conn, struct s2n_blob *shared_secret) +{ POSIX_ENSURE_REF(conn); const struct s2n_ecc_preferences *ecc_preferences = NULL; @@ -59,7 +61,7 @@ int s2n_tls13_compute_ecc_shared_secret(struct s2n_connection *conn, struct s2n_ POSIX_ENSURE_REF(server_key); POSIX_ENSURE_REF(server_key->negotiated_curve); - struct s2n_ecc_evp_params *client_key = &conn->kex_params.client_ecc_evp_params; + struct s2n_ecc_evp_params *client_key = &conn->kex_params.client_ecc_evp_params; POSIX_ENSURE_REF(client_key); POSIX_ENSURE_REF(client_key->negotiated_curve); @@ -76,7 +78,8 @@ int s2n_tls13_compute_ecc_shared_secret(struct s2n_connection *conn, struct s2n_ /* Computes the ECDHE+PQKEM hybrid shared secret as defined in * https://tools.ietf.org/html/draft-stebila-tls-hybrid-design */ -int s2n_tls13_compute_pq_hybrid_shared_secret(struct s2n_connection *conn, struct s2n_blob *shared_secret) { +int s2n_tls13_compute_pq_hybrid_shared_secret(struct s2n_connection *conn, struct s2n_blob *shared_secret) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(shared_secret); @@ -124,7 +127,8 @@ int s2n_tls13_compute_pq_hybrid_shared_secret(struct s2n_connection *conn, struc return S2N_SUCCESS; } -static int s2n_tls13_pq_hybrid_supported(struct s2n_connection *conn) { +static int s2n_tls13_pq_hybrid_supported(struct s2n_connection *conn) +{ return conn->kex_params.server_kem_group_params.kem_group != NULL; } @@ -154,7 +158,7 @@ int s2n_update_application_traffic_keys(struct s2n_connection *conn, s2n_mode mo { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(conn->secure); - + /* get tls13 key context */ s2n_tls13_connection_keys(keys, conn); @@ -169,7 +173,7 @@ int s2n_update_application_traffic_keys(struct s2n_connection *conn, s2n_mode mo } else { old_key = &conn->secure->server_key; POSIX_GUARD(s2n_blob_init(&old_app_secret, conn->secrets.tls13.server_app_secret, keys.size)); - POSIX_GUARD(s2n_blob_init(&app_iv, conn->secure->server_implicit_iv, S2N_TLS13_FIXED_IV_LEN)); + POSIX_GUARD(s2n_blob_init(&app_iv, conn->secure->server_implicit_iv, S2N_TLS13_FIXED_IV_LEN)); } /* Produce new application secret */ @@ -194,9 +198,9 @@ int s2n_update_application_traffic_keys(struct s2n_connection *conn, s2n_mode mo * MUST use sequence number 0. */ POSIX_GUARD(s2n_zero_sequence_number(conn, mode)); - + /* Save updated secret */ - struct s2n_stuffer old_secret_stuffer = {0}; + struct s2n_stuffer old_secret_stuffer = { 0 }; POSIX_GUARD(s2n_stuffer_init(&old_secret_stuffer, &old_app_secret)); POSIX_GUARD(s2n_stuffer_write_bytes(&old_secret_stuffer, app_secret_update.data, keys.size)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.h index e9785de6d0..86d8f677aa 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_handshake.h @@ -16,20 +16,20 @@ #pragma once #include "crypto/s2n_tls13_keys.h" -#include "utils/s2n_blob.h" -#include "utils/s2n_safety.h" #include "tls/s2n_connection.h" #include "tls/s2n_key_update.h" +#include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" int s2n_tls13_mac_verify(struct s2n_tls13_keys *keys, struct s2n_blob *finished_verify, struct s2n_blob *wire_verify); #define s2n_get_hash_state(hash_state, alg, conn) \ - struct s2n_hash_state hash_state = {0}; \ + struct s2n_hash_state hash_state = { 0 }; \ POSIX_GUARD(s2n_handshake_get_hash_state(conn, alg, &hash_state)); /* Creates a reference to tls13_keys from connection */ -#define s2n_tls13_connection_keys(keys, conn) \ - DEFER_CLEANUP(struct s2n_tls13_keys keys = {0}, s2n_tls13_keys_free);\ +#define s2n_tls13_connection_keys(keys, conn) \ + DEFER_CLEANUP(struct s2n_tls13_keys keys = { 0 }, s2n_tls13_keys_free); \ POSIX_GUARD(s2n_tls13_keys_from_conn(&keys, conn)); int s2n_tls13_keys_from_conn(struct s2n_tls13_keys *keys, struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c index 3b2cd361b3..046c57e389 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.c @@ -255,6 +255,7 @@ static S2N_RESULT s2n_server_key_schedule(struct s2n_connection *conn) */ if (message_type == SERVER_FINISHED) { K_send(conn, S2N_APPLICATION_SECRET); + /* clang-format off */ /** *= https://tools.ietf.org/rfc/rfc8446#appendix-A.2 *# here +--------+--------+ @@ -262,6 +263,7 @@ static S2N_RESULT s2n_server_key_schedule(struct s2n_connection *conn) *# | | *# K_recv = handshake | | K_recv = early data */ + /* clang-format on */ if (WITH_EARLY_DATA(conn)) { K_recv(conn, S2N_EARLY_SECRET); } else { @@ -308,7 +310,7 @@ static S2N_RESULT s2n_server_key_schedule(struct s2n_connection *conn) return S2N_RESULT_OK; } -s2n_result (*key_schedules[])(struct s2n_connection*) = { +s2n_result (*key_schedules[])(struct s2n_connection *) = { [S2N_CLIENT] = &s2n_client_key_schedule, [S2N_SERVER] = &s2n_server_key_schedule, }; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.h b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.h index 0991be9c06..9e0fc5e8d0 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_key_schedule.h @@ -19,4 +19,3 @@ S2N_RESULT s2n_tls13_key_schedule_update(struct s2n_connection *conn); S2N_RESULT s2n_tls13_key_schedule_reset(struct s2n_connection *conn); - diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c index d24e8b6344..66343fbd7d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.c @@ -27,11 +27,11 @@ #define CONN_HASHES(conn) ((conn)->handshake.hashes) #define CONN_SECRET(conn, secret) ( \ - (struct s2n_blob) { .data = CONN_SECRETS(conn).secret, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn))} ) + (struct s2n_blob){ .data = CONN_SECRETS(conn).secret, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn)) }) #define CONN_HASH(conn, hash) ( \ - (struct s2n_blob) { .data = CONN_HASHES(conn)->hash, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn))} ) + (struct s2n_blob){ .data = CONN_HASHES(conn)->hash, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn)) }) #define CONN_FINISHED(conn, mode) ( \ - (struct s2n_blob) { .data = (conn)->handshake.mode##_finished, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn))}) + (struct s2n_blob){ .data = (conn)->handshake.mode##_finished, .size = s2n_get_hash_len(CONN_HMAC_ALG(conn)) }) /** *= https://tools.ietf.org/rfc/rfc8446#section-7.1 @@ -40,7 +40,7 @@ */ static uint8_t zero_value_bytes[S2N_MAX_HASHLEN] = { 0 }; #define ZERO_VALUE(hmac_alg) ( \ - (const struct s2n_blob) { .data = zero_value_bytes, .size = s2n_get_hash_len(hmac_alg)}) + (const struct s2n_blob){ .data = zero_value_bytes, .size = s2n_get_hash_len(hmac_alg) }) /** * When an operation doesn't need an actual transcript hash, @@ -51,7 +51,7 @@ static uint8_t zero_value_bytes[S2N_MAX_HASHLEN] = { 0 }; *# length Context (indicated by "") is passed to HKDF-Expand-Label */ #define EMPTY_CONTEXT(hmac_alg) ( \ - (const struct s2n_blob) { .data = s2n_get_empty_context(hmac_alg), .size = s2n_get_hash_len(hmac_alg)}) + (const struct s2n_blob){ .data = s2n_get_empty_context(hmac_alg), .size = s2n_get_hash_len(hmac_alg) }) static uint8_t s2n_get_hash_len(s2n_hmac_algorithm hmac_alg) { @@ -67,7 +67,7 @@ static uint8_t *s2n_get_empty_context(s2n_hmac_algorithm hmac_alg) static uint8_t sha256_empty_digest[S2N_MAX_HASHLEN] = { 0 }; static uint8_t sha384_empty_digest[S2N_MAX_HASHLEN] = { 0 }; - switch(hmac_alg) { + switch (hmac_alg) { case S2N_HMAC_SHA256: return sha256_empty_digest; case S2N_HMAC_SHA384: @@ -78,8 +78,8 @@ static uint8_t *s2n_get_empty_context(s2n_hmac_algorithm hmac_alg) } static s2n_hmac_algorithm supported_hmacs[] = { - S2N_HMAC_SHA256, - S2N_HMAC_SHA384 + S2N_HMAC_SHA256, + S2N_HMAC_SHA384 }; S2N_RESULT s2n_tls13_empty_transcripts_init() @@ -215,7 +215,7 @@ static S2N_RESULT s2n_tls13_compute_finished_key(struct s2n_connection *conn, RESULT_GUARD_POSIX(s2n_hmac_new(&hmac_state)); RESULT_GUARD_POSIX(s2n_hkdf_expand_label(&hmac_state, CONN_HMAC_ALG(conn), - base_key, &s2n_tls13_label_finished, &(struct s2n_blob){0}, output)); + base_key, &s2n_tls13_label_finished, &(struct s2n_blob){ 0 }, output)); return S2N_RESULT_OK; } @@ -226,9 +226,9 @@ static S2N_RESULT s2n_trigger_secret_callbacks(struct s2n_connection *conn, RESULT_ENSURE_REF(secret); static const s2n_secret_type_t conversions[][2] = { - [S2N_EARLY_SECRET] = { S2N_CLIENT_EARLY_TRAFFIC_SECRET, S2N_CLIENT_EARLY_TRAFFIC_SECRET }, + [S2N_EARLY_SECRET] = { S2N_CLIENT_EARLY_TRAFFIC_SECRET, S2N_CLIENT_EARLY_TRAFFIC_SECRET }, [S2N_HANDSHAKE_SECRET] = { S2N_SERVER_HANDSHAKE_TRAFFIC_SECRET, S2N_CLIENT_HANDSHAKE_TRAFFIC_SECRET }, - [S2N_MASTER_SECRET] = { S2N_SERVER_APPLICATION_TRAFFIC_SECRET, S2N_CLIENT_APPLICATION_TRAFFIC_SECRET }, + [S2N_MASTER_SECRET] = { S2N_SERVER_APPLICATION_TRAFFIC_SECRET, S2N_CLIENT_APPLICATION_TRAFFIC_SECRET }, }; s2n_secret_type_t callback_secret_type = conversions[secret_type][mode]; @@ -280,7 +280,7 @@ static S2N_RESULT s2n_extract_early_secret_for_schedule(struct s2n_connection *c * to be the first PSK offered. */ if (conn->mode == S2N_CLIENT && conn->early_data_state == S2N_EARLY_DATA_REQUESTED) { - RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &psk)); + RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &psk)); RESULT_ENSURE_REF(psk); } @@ -521,9 +521,9 @@ S2N_RESULT s2n_derive_resumption_master_secret(struct s2n_connection *conn) } static s2n_result (*extract_methods[])(struct s2n_connection *conn) = { - [S2N_EARLY_SECRET] = &s2n_extract_early_secret_for_schedule, + [S2N_EARLY_SECRET] = &s2n_extract_early_secret_for_schedule, [S2N_HANDSHAKE_SECRET] = &s2n_extract_handshake_secret, - [S2N_MASTER_SECRET] = &s2n_extract_master_secret, + [S2N_MASTER_SECRET] = &s2n_extract_master_secret, }; S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type) @@ -548,9 +548,9 @@ S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_sec } static s2n_result (*derive_methods[][2])(struct s2n_connection *conn, struct s2n_blob *secret) = { - [S2N_EARLY_SECRET] = { &s2n_derive_client_early_traffic_secret, &s2n_derive_client_early_traffic_secret }, - [S2N_HANDSHAKE_SECRET] = { &s2n_derive_server_handshake_traffic_secret, &s2n_derive_client_handshake_traffic_secret }, - [S2N_MASTER_SECRET] = { &s2n_derive_server_application_traffic_secret, &s2n_derive_client_application_traffic_secret }, + [S2N_EARLY_SECRET] = { &s2n_derive_client_early_traffic_secret, &s2n_derive_client_early_traffic_secret }, + [S2N_HANDSHAKE_SECRET] = { &s2n_derive_server_handshake_traffic_secret, &s2n_derive_client_handshake_traffic_secret }, + [S2N_MASTER_SECRET] = { &s2n_derive_server_application_traffic_secret, &s2n_derive_client_application_traffic_secret }, }; S2N_RESULT s2n_tls13_derive_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type, @@ -608,13 +608,13 @@ S2N_RESULT s2n_tls13_secrets_update(struct s2n_connection *conn) if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) { return S2N_RESULT_OK; } - + /* Secret update requires these fields to be non-null. */ RESULT_ENSURE_REF(conn->secure); RESULT_ENSURE_REF(conn->secure->cipher_suite); message_type_t message_type = s2n_conn_get_current_message_type(conn); - switch(message_type) { + switch (message_type) { case CLIENT_HELLO: if (conn->early_data_state == S2N_EARLY_DATA_REQUESTED || conn->early_data_state == S2N_EARLY_DATA_ACCEPTED) { @@ -657,9 +657,9 @@ S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret RESULT_ENSURE_REF(conn->secure->cipher_suite); uint8_t *secrets[][2] = { - [S2N_EARLY_SECRET] = { NULL, CONN_SECRETS(conn).client_early_secret }, + [S2N_EARLY_SECRET] = { NULL, CONN_SECRETS(conn).client_early_secret }, [S2N_HANDSHAKE_SECRET] = { CONN_SECRETS(conn).server_handshake_secret, CONN_SECRETS(conn).client_handshake_secret }, - [S2N_MASTER_SECRET] = { CONN_SECRETS(conn).server_app_secret, CONN_SECRETS(conn).client_app_secret }, + [S2N_MASTER_SECRET] = { CONN_SECRETS(conn).server_app_secret, CONN_SECRETS(conn).client_app_secret }, }; RESULT_ENSURE_GT(secret_type, S2N_NONE_SECRET); RESULT_ENSURE_LT(secret_type, s2n_array_len(secrets)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h index 37c50a117c..526089169f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13_secrets.h @@ -52,4 +52,3 @@ S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn); S2N_RESULT s2n_derive_binder_key(struct s2n_psk *psk, struct s2n_blob *output); S2N_RESULT s2n_derive_resumption_master_secret(struct s2n_connection *conn); - diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls_parameters.h b/contrib/restricted/aws/s2n/tls/s2n_tls_parameters.h index 435ab7ee26..e0187fdf3b 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls_parameters.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls_parameters.h @@ -18,14 +18,14 @@ #include "crypto/s2n_hash.h" /* Codes from http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5 */ -#define TLS_NULL_WITH_NULL_NULL 0x00, 0x00 -#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x00, 0x3D -#define TLS_RSA_WITH_AES_256_CBC_SHA 0x00, 0x35 -#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x00, 0x3C -#define TLS_RSA_WITH_AES_128_CBC_SHA 0x00, 0x2F -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x00, 0x0A -#define TLS_RSA_WITH_RC4_128_MD5 0x00, 0x04 -#define TLS_RSA_WITH_RC4_128_SHA 0x00, 0x05 +#define TLS_NULL_WITH_NULL_NULL 0x00, 0x00 +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x00, 0x3D +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x00, 0x35 +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x00, 0x3C +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x00, 0x2F +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x00, 0x0A +#define TLS_RSA_WITH_RC4_128_MD5 0x00, 0x04 +#define TLS_RSA_WITH_RC4_128_SHA 0x00, 0x05 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x00, 0x33 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x00, 0x67 @@ -33,58 +33,57 @@ #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x00, 0x6B #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x00, 0x16 -#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC0, 0x09 -#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC0, 0x23 -#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC0, 0x0A -#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC0, 0x24 - -#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC0, 0x11 -#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC0, 0x13 -#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC0, 0x27 -#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC0, 0x14 -#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC0, 0x28 -#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC0, 0x12 - -#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x00, 0x9C -#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x00, 0x9D -#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x00, 0x9E -#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x00, 0x9F -#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC0, 0x2B -#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC0, 0x2C -#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC0, 0x2F -#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC0, 0x30 - -#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xA8 -#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xA9 -#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xAA +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC0, 0x09 +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC0, 0x23 +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC0, 0x0A +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC0, 0x24 + +#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC0, 0x11 +#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC0, 0x13 +#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC0, 0x27 +#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC0, 0x14 +#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC0, 0x28 +#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC0, 0x12 + +#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x00, 0x9C +#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x00, 0x9D +#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x00, 0x9E +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x00, 0x9F +#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC0, 0x2B +#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC0, 0x2C +#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC0, 0x2F +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC0, 0x30 + +#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xA8 +#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xA9 +#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC, 0xAA /* TLS 1.2 hybrid post-quantum definitions from https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid */ #define TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384 0xFF, 0x0C -#define TLS_EXTENSION_PQ_KEM_PARAMETERS 0xFE01 -#define TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3 28 +#define TLS_EXTENSION_PQ_KEM_PARAMETERS 0xFE01 +#define TLS_PQ_KEM_EXTENSION_ID_KYBER_512_R3 28 /* TLS 1.3 hybrid post-quantum definitions are from the proposed reserved range defined * in https://tools.ietf.org/html/draft-stebila-tls-hybrid-design. Values for interoperability are defined in * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-kem-info.md */ -#define TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3 0x2F39 -#define TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3 0x2F3A - +#define TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3 0x2F39 +#define TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3 0x2F3A /* From https://tools.ietf.org/html/rfc7507 */ -#define TLS_FALLBACK_SCSV 0x56, 0x00 -#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00, 0xff +#define TLS_FALLBACK_SCSV 0x56, 0x00 +#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00, 0xff /* TLS 1.3 cipher suites from https://tools.ietf.org/html/rfc8446#appendix-B.4 */ -#define TLS_AES_128_GCM_SHA256 0x13, 0x01 -#define TLS_AES_256_GCM_SHA384 0x13, 0x02 -#define TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 -#define TLS_AES_128_CCM_SHA256 0x13, 0x04 -#define TLS_AES_128_CCM_8_SHA256 0x13, 0x05 +#define TLS_AES_128_GCM_SHA256 0x13, 0x01 +#define TLS_AES_256_GCM_SHA384 0x13, 0x02 +#define TLS_CHACHA20_POLY1305_SHA256 0x13, 0x03 +#define TLS_AES_128_CCM_SHA256 0x13, 0x04 +#define TLS_AES_128_CCM_8_SHA256 0x13, 0x05 /* TLS extensions from https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ -#define TLS_EXTENSION_SERVER_NAME 0 -#define TLS_EXTENSION_MAX_FRAG_LEN 1 -#define TLS_EXTENSION_STATUS_REQUEST 5 +#define TLS_EXTENSION_SERVER_NAME 0 +#define TLS_EXTENSION_MAX_FRAG_LEN 1 +#define TLS_EXTENSION_STATUS_REQUEST 5 #define TLS_EXTENSION_SUPPORTED_GROUPS 10 #define TLS_EXTENSION_EC_POINT_FORMATS 11 #define TLS_EXTENSION_SIGNATURE_ALGORITHMS 13 @@ -100,7 +99,7 @@ * iana value. However, Openssl does have a chosen value for this extension * and that is what is used here. */ -#define TLS_EXTENSION_NPN 13172 +#define TLS_EXTENSION_NPN 13172 /* TLS 1.3 extensions from https://tools.ietf.org/html/rfc8446#section-4.2 */ #define TLS_EXTENSION_EARLY_DATA 42 @@ -119,45 +118,44 @@ *# quic_transport_parameters(0x39), (65535) *# } ExtensionType; */ -#define TLS_QUIC_TRANSPORT_PARAMETERS 0x39 +#define TLS_QUIC_TRANSPORT_PARAMETERS 0x39 /* TLS SignatureScheme (Backwards compatible with SigHash and SigAlg values above) */ /* Defined here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme */ -#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1 0x0201 -#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224 0x0301 -#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256 0x0401 -#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384 0x0501 -#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512 0x0601 +#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1 0x0201 +#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224 0x0301 +#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256 0x0401 +#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384 0x0501 +#define TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512 0x0601 /* In TLS 1.0 and 1.1 the hard-coded default scheme was RSA_PKCS1_MD5_SHA1, but there's no IANA defined backwards * compatible value for that Scheme for TLS 1.2 and 1.3. So we define an internal value in the private range that won't * match anything in the valid range so that all TLS Versions can use the same SignatureScheme negotiation abstraction * layer. This scheme isn't in any preference list, so it can't be negotiated even if a client sent it in its pref list. */ -#define TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1 0xFFFF +#define TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1 0xFFFF /* TLS 1.2 Backwards Compatible ECDSA Schemes */ -#define TLS_SIGNATURE_SCHEME_ECDSA_SHA1 0x0203 -#define TLS_SIGNATURE_SCHEME_ECDSA_SHA224 0x0303 -#define TLS_SIGNATURE_SCHEME_ECDSA_SHA256 0x0403 -#define TLS_SIGNATURE_SCHEME_ECDSA_SHA384 0x0503 -#define TLS_SIGNATURE_SCHEME_ECDSA_SHA512 0x0603 +#define TLS_SIGNATURE_SCHEME_ECDSA_SHA1 0x0203 +#define TLS_SIGNATURE_SCHEME_ECDSA_SHA224 0x0303 +#define TLS_SIGNATURE_SCHEME_ECDSA_SHA256 0x0403 +#define TLS_SIGNATURE_SCHEME_ECDSA_SHA384 0x0503 +#define TLS_SIGNATURE_SCHEME_ECDSA_SHA512 0x0603 /* TLS 1.3 ECDSA Signature Schemes */ -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256 0x0403 -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384 0x0503 -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512 0x0603 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256 0x0804 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384 0x0805 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512 0x0806 -#define TLS_SIGNATURE_SCHEME_ED25519 0x0807 -#define TLS_SIGNATURE_SCHEME_ED448 0x0808 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256 0x0809 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384 0x080A -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 0x080B - - -#define TLS_SIGNATURE_SCHEME_LEN 2 -#define TLS_SIGNATURE_SCHEME_LIST_MAX_LEN 64 +#define TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256 0x0403 +#define TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384 0x0503 +#define TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512 0x0603 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256 0x0804 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384 0x0805 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512 0x0806 +#define TLS_SIGNATURE_SCHEME_ED25519 0x0807 +#define TLS_SIGNATURE_SCHEME_ED448 0x0808 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256 0x0809 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384 0x080A +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 0x080B + +#define TLS_SIGNATURE_SCHEME_LEN 2 +#define TLS_SIGNATURE_SCHEME_LIST_MAX_LEN 64 /* The TLS record types we support */ #define SSLv2_CLIENT_HELLO 1 @@ -169,16 +167,16 @@ /* Elliptic curve formats from http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-9 * Only uncompressed is supported. */ -#define TLS_EC_FORMAT_UNCOMPRESSED 0 -#define TLS_EC_FORMAT_ANSIX962_COMPRESSED_PRIME 1 -#define TLS_EC_FORMAT_ANSIX962_COMPRESSED_CHAR2 2 +#define TLS_EC_FORMAT_UNCOMPRESSED 0 +#define TLS_EC_FORMAT_ANSIX962_COMPRESSED_PRIME 1 +#define TLS_EC_FORMAT_ANSIX962_COMPRESSED_CHAR2 2 /* Elliptic curves from https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 */ -#define TLS_EC_CURVE_SECP_256_R1 23 -#define TLS_EC_CURVE_SECP_384_R1 24 -#define TLS_EC_CURVE_SECP_521_R1 25 -#define TLS_EC_CURVE_ECDH_X25519 29 -#define TLS_EC_CURVE_ECDH_X448 30 +#define TLS_EC_CURVE_SECP_256_R1 23 +#define TLS_EC_CURVE_SECP_384_R1 24 +#define TLS_EC_CURVE_SECP_521_R1 25 +#define TLS_EC_CURVE_ECDH_X25519 29 +#define TLS_EC_CURVE_ECDH_X448 30 /* Ethernet maximum transmission unit (MTU) * MTU is usually associated with the Ethernet protocol, @@ -189,10 +187,10 @@ #define IP_V4_HEADER_LENGTH 20 #define IP_V6_HEADER_LENGTH 40 -#define TCP_HEADER_LENGTH 20 +#define TCP_HEADER_LENGTH 20 #define TCP_OPTIONS_LENGTH 40 -#define S2N_TLS_MAX_FRAG_LEN_EXT_NONE 0 +#define S2N_TLS_MAX_FRAG_LEN_EXT_NONE 0 /* The maximum size of an SSL2 message is 2^14 - 1, as neither of the first two * bits in the length field are usable. Per; @@ -209,19 +207,19 @@ * length that is designed to maximize throughput (fewer MACs per byte transferred * and better efficiency of crypto engines). */ -#define S2N_SMALL_RECORD_LENGTH (1500 - 20 - 20 - 20) +#define S2N_SMALL_RECORD_LENGTH (1500 - 20 - 20 - 20) #define S2N_SMALL_FRAGMENT_LENGTH (S2N_SMALL_RECORD_LENGTH - S2N_TLS_RECORD_HEADER_LENGTH) /* Testing in the wild has found 8k max record sizes give a good balance of low latency * and throughput. */ -#define S2N_DEFAULT_RECORD_LENGTH 8092 +#define S2N_DEFAULT_RECORD_LENGTH 8092 #define S2N_DEFAULT_FRAGMENT_LENGTH (S2N_DEFAULT_RECORD_LENGTH - S2N_TLS_RECORD_HEADER_LENGTH) /* S2N_LARGE_RECORD_LENGTH is used for initializing output buffers, we use the largest * possible value of all supported protocols to avoid branching at runtime */ -#define S2N_LARGE_RECORD_LENGTH S2N_TLS_MAXIMUM_RECORD_LENGTH +#define S2N_LARGE_RECORD_LENGTH S2N_TLS_MAXIMUM_RECORD_LENGTH #define S2N_LARGE_FRAGMENT_LENGTH S2N_TLS_MAXIMUM_FRAGMENT_LENGTH /* Cap dynamic record resize threshold to 8M */ @@ -237,6 +235,6 @@ #define S2N_ALERT_LENGTH 2 /* Handshake messages have their own header too */ -#define TLS_HANDSHAKE_HEADER_LENGTH 4 +#define TLS_HANDSHAKE_HEADER_LENGTH 4 #define S2N_MAX_SERVER_NAME 255 diff --git a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c index 561be9d815..c15f5b53d1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c +++ b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.c @@ -13,53 +13,56 @@ * permissions and limitations under the License. */ +#include <arpa/inet.h> +#include <openssl/asn1.h> +#include <openssl/err.h> +#include <openssl/x509.h> +#include <sys/socket.h> + #include "crypto/s2n_openssl.h" #include "crypto/s2n_openssl_x509.h" -#include "utils/s2n_asn1_time.h" -#include "utils/s2n_result.h" -#include "utils/s2n_safety.h" -#include "utils/s2n_rfc5952.h" #include "tls/extensions/s2n_extension_list.h" #include "tls/s2n_config.h" #include "tls/s2n_connection.h" #include "tls/s2n_crl.h" - -#include <arpa/inet.h> -#include <sys/socket.h> - -#include <openssl/err.h> -#include <openssl/asn1.h> -#include <openssl/x509.h> +#include "utils/s2n_asn1_time.h" +#include "utils/s2n_result.h" +#include "utils/s2n_rfc5952.h" +#include "utils/s2n_safety.h" #if S2N_OCSP_STAPLING_SUPPORTED -#include <openssl/ocsp.h> -DEFINE_POINTER_CLEANUP_FUNC(OCSP_RESPONSE*, OCSP_RESPONSE_free); -DEFINE_POINTER_CLEANUP_FUNC(OCSP_BASICRESP*, OCSP_BASICRESP_free); + #include <openssl/ocsp.h> +DEFINE_POINTER_CLEANUP_FUNC(OCSP_RESPONSE *, OCSP_RESPONSE_free); +DEFINE_POINTER_CLEANUP_FUNC(OCSP_BASICRESP *, OCSP_BASICRESP_free); #endif #ifndef X509_V_FLAG_PARTIAL_CHAIN -#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 + #define X509_V_FLAG_PARTIAL_CHAIN 0x80000 #endif #define DEFAULT_MAX_CHAIN_DEPTH 7 /* Time used by default for nextUpdate if none provided in OCSP: 1 hour since thisUpdate. */ #define DEFAULT_OCSP_NEXT_UPDATE_PERIOD 3600000000000 -DEFINE_POINTER_CLEANUP_FUNC(STACK_OF(X509_CRL)*, sk_X509_CRL_free); +DEFINE_POINTER_CLEANUP_FUNC(STACK_OF(X509_CRL) *, sk_X509_CRL_free); -uint8_t s2n_x509_ocsp_stapling_supported(void) { +uint8_t s2n_x509_ocsp_stapling_supported(void) +{ return S2N_OCSP_STAPLING_SUPPORTED; } -void s2n_x509_trust_store_init_empty(struct s2n_x509_trust_store *store) { +void s2n_x509_trust_store_init_empty(struct s2n_x509_trust_store *store) +{ store->trust_store = NULL; } -uint8_t s2n_x509_trust_store_has_certs(struct s2n_x509_trust_store *store) { +uint8_t s2n_x509_trust_store_has_certs(struct s2n_x509_trust_store *store) +{ return store->trust_store ? (uint8_t) 1 : (uint8_t) 0; } -int s2n_x509_trust_store_from_system_defaults(struct s2n_x509_trust_store *store) { +int s2n_x509_trust_store_from_system_defaults(struct s2n_x509_trust_store *store) +{ if (!store->trust_store) { store->trust_store = X509_STORE_new(); POSIX_ENSURE_REF(store->trust_store); @@ -83,14 +86,14 @@ int s2n_x509_trust_store_add_pem(struct s2n_x509_trust_store *store, const char store->trust_store = X509_STORE_new(); } - DEFER_CLEANUP(struct s2n_stuffer pem_in_stuffer = {0}, s2n_stuffer_free); - DEFER_CLEANUP(struct s2n_stuffer der_out_stuffer = {0}, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer pem_in_stuffer = { 0 }, s2n_stuffer_free); + DEFER_CLEANUP(struct s2n_stuffer der_out_stuffer = { 0 }, s2n_stuffer_free); POSIX_GUARD(s2n_stuffer_alloc_ro_from_string(&pem_in_stuffer, pem)); POSIX_GUARD(s2n_stuffer_growable_alloc(&der_out_stuffer, 2048)); do { - DEFER_CLEANUP(struct s2n_blob next_cert = {0}, s2n_free); + DEFER_CLEANUP(struct s2n_blob next_cert = { 0 }, s2n_free); POSIX_GUARD(s2n_stuffer_certificate_from_pem(&pem_in_stuffer, &der_out_stuffer)); POSIX_GUARD(s2n_alloc(&next_cert, s2n_stuffer_data_available(&der_out_stuffer))); @@ -109,7 +112,8 @@ int s2n_x509_trust_store_add_pem(struct s2n_x509_trust_store *store, const char return 0; } -int s2n_x509_trust_store_from_ca_file(struct s2n_x509_trust_store *store, const char *ca_pem_filename, const char *ca_dir) { +int s2n_x509_trust_store_from_ca_file(struct s2n_x509_trust_store *store, const char *ca_pem_filename, const char *ca_dir) +{ if (!store->trust_store) { store->trust_store = X509_STORE_new(); POSIX_ENSURE_REF(store->trust_store); @@ -131,14 +135,16 @@ int s2n_x509_trust_store_from_ca_file(struct s2n_x509_trust_store *store, const return 0; } -void s2n_x509_trust_store_wipe(struct s2n_x509_trust_store *store) { +void s2n_x509_trust_store_wipe(struct s2n_x509_trust_store *store) +{ if (store->trust_store) { X509_STORE_free(store->trust_store); store->trust_store = NULL; } } -int s2n_x509_validator_init_no_x509_validation(struct s2n_x509_validator *validator) { +int s2n_x509_validator_init_no_x509_validation(struct s2n_x509_validator *validator) +{ POSIX_ENSURE_REF(validator); validator->trust_store = NULL; validator->store_ctx = NULL; @@ -152,7 +158,8 @@ int s2n_x509_validator_init_no_x509_validation(struct s2n_x509_validator *valida return 0; } -int s2n_x509_validator_init(struct s2n_x509_validator *validator, struct s2n_x509_trust_store *trust_store, uint8_t check_ocsp) { +int s2n_x509_validator_init(struct s2n_x509_validator *validator, struct s2n_x509_trust_store *trust_store, uint8_t check_ocsp) +{ POSIX_ENSURE_REF(trust_store); validator->trust_store = trust_store; validator->skip_cert_validation = 0; @@ -170,13 +177,15 @@ int s2n_x509_validator_init(struct s2n_x509_validator *validator, struct s2n_x50 return 0; } -static inline void wipe_cert_chain(STACK_OF(X509) *cert_chain) { +static inline void wipe_cert_chain(STACK_OF(X509) *cert_chain) +{ if (cert_chain) { sk_X509_pop_free(cert_chain, X509_free); } } -int s2n_x509_validator_wipe(struct s2n_x509_validator *validator) { +int s2n_x509_validator_wipe(struct s2n_x509_validator *validator) +{ if (validator->store_ctx) { X509_STORE_CTX_free(validator->store_ctx); validator->store_ctx = NULL; @@ -195,7 +204,8 @@ int s2n_x509_validator_wipe(struct s2n_x509_validator *validator) { return S2N_SUCCESS; } -int s2n_x509_validator_set_max_chain_depth(struct s2n_x509_validator *validator, uint16_t max_depth) { +int s2n_x509_validator_set_max_chain_depth(struct s2n_x509_validator *validator, uint16_t max_depth) +{ POSIX_ENSURE_REF(validator); S2N_ERROR_IF(max_depth == 0, S2N_ERR_INVALID_ARGUMENT); @@ -207,8 +217,9 @@ int s2n_x509_validator_set_max_chain_depth(struct s2n_x509_validator *validator, * For each name in the cert. Iterate them. Call the callback. If one returns true, then consider it validated, * if none of them return true, the cert is considered invalid. */ -static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, struct s2n_connection *conn, X509 *public_cert) { - (void)validator; +static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, struct s2n_connection *conn, X509 *public_cert) +{ + (void) validator; uint8_t verified = 0; uint8_t san_found = 0; @@ -233,7 +244,7 @@ static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, san_found = 1; /* try to validate an IP address if it's in the subject alt name. */ const unsigned char *ip_addr = current_name->d.iPAddress->data; - size_t ip_addr_len = (size_t)current_name->d.iPAddress->length; + size_t ip_addr_len = (size_t) current_name->d.iPAddress->length; s2n_result parse_result = S2N_RESULT_ERROR; s2n_stack_blob(address, INET6_ADDRSTRLEN + 1, INET6_ADDRSTRLEN + 1); @@ -246,9 +257,9 @@ static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, /* strlen should be safe here since we made sure we were null terminated AND that inet_ntop succeeded */ if (s2n_result_is_ok(parse_result)) { verified = conn->verify_host_fn( - (const char *)address.data, - strlen((const char *)address.data), - conn->data_for_verify_host); + (const char *) address.data, + strlen((const char *) address.data), + conn->data_for_verify_host); } } } @@ -274,12 +285,11 @@ static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, POSIX_CHECKED_MEMSET(&peer_cn, 0, peer_cn_size); /* X520CommonName allows the following ANSI string types per RFC 5280 Appendix A.1 */ - if (ASN1_STRING_type(common_name) == V_ASN1_TELETEXSTRING || - ASN1_STRING_type(common_name) == V_ASN1_PRINTABLESTRING || - ASN1_STRING_type(common_name) == V_ASN1_UNIVERSALSTRING || - ASN1_STRING_type(common_name) == V_ASN1_UTF8STRING || - ASN1_STRING_type(common_name) == V_ASN1_BMPSTRING ) { - + if (ASN1_STRING_type(common_name) == V_ASN1_TELETEXSTRING + || ASN1_STRING_type(common_name) == V_ASN1_PRINTABLESTRING + || ASN1_STRING_type(common_name) == V_ASN1_UNIVERSALSTRING + || ASN1_STRING_type(common_name) == V_ASN1_UTF8STRING + || ASN1_STRING_type(common_name) == V_ASN1_BMPSTRING) { size_t len = (size_t) ASN1_STRING_length(common_name); POSIX_ENSURE_LTE(len, sizeof(peer_cn) - 1); @@ -294,7 +304,8 @@ static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, return verified; } -static S2N_RESULT s2n_x509_validator_read_asn1_cert(struct s2n_stuffer *cert_chain_in_stuffer, struct s2n_blob *asn1_cert) { +static S2N_RESULT s2n_x509_validator_read_asn1_cert(struct s2n_stuffer *cert_chain_in_stuffer, struct s2n_blob *asn1_cert) +{ uint32_t certificate_size = 0; RESULT_GUARD_POSIX(s2n_stuffer_read_uint24(cert_chain_in_stuffer, &certificate_size)); @@ -309,11 +320,12 @@ static S2N_RESULT s2n_x509_validator_read_asn1_cert(struct s2n_stuffer *cert_cha } static S2N_RESULT s2n_x509_validator_read_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn, - uint8_t *cert_chain_in, uint32_t cert_chain_len) { + uint8_t *cert_chain_in, uint32_t cert_chain_len) +{ RESULT_ENSURE(validator->skip_cert_validation || s2n_x509_trust_store_has_certs(validator->trust_store), S2N_ERR_CERT_UNTRUSTED); RESULT_ENSURE(validator->state == INIT, S2N_ERR_INVALID_CERT_STATE); - struct s2n_blob cert_chain_blob = {.data = cert_chain_in, .size = cert_chain_len}; + struct s2n_blob cert_chain_blob = { .data = cert_chain_in, .size = cert_chain_len }; DEFER_CLEANUP(struct s2n_stuffer cert_chain_in_stuffer = { 0 }, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_init(&cert_chain_in_stuffer, &cert_chain_blob)); @@ -321,7 +333,8 @@ static S2N_RESULT s2n_x509_validator_read_cert_chain(struct s2n_x509_validator * X509 *server_cert = NULL; - while (s2n_stuffer_data_available(&cert_chain_in_stuffer) && sk_X509_num(validator->cert_chain_from_wire) < validator->max_chain_depth) { + while (s2n_stuffer_data_available(&cert_chain_in_stuffer) + && sk_X509_num(validator->cert_chain_from_wire) < validator->max_chain_depth) { struct s2n_blob asn1_cert = { 0 }; RESULT_GUARD(s2n_x509_validator_read_asn1_cert(&cert_chain_in_stuffer, &asn1_cert)); @@ -359,7 +372,8 @@ static S2N_RESULT s2n_x509_validator_read_cert_chain(struct s2n_x509_validator * } static S2N_RESULT s2n_x509_validator_process_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn, - uint8_t *cert_chain_in, uint32_t cert_chain_len) { + uint8_t *cert_chain_in, uint32_t cert_chain_len) +{ RESULT_ENSURE(validator->state == INIT, S2N_ERR_INVALID_CERT_STATE); RESULT_GUARD(s2n_x509_validator_read_cert_chain(validator, conn, cert_chain_in, cert_chain_len)); @@ -376,7 +390,8 @@ static S2N_RESULT s2n_x509_validator_process_cert_chain(struct s2n_x509_validato } RESULT_GUARD_OSSL(X509_STORE_CTX_init(validator->store_ctx, validator->trust_store->trust_store, leaf, - validator->cert_chain_from_wire), S2N_ERR_INTERNAL_LIBCRYPTO_ERROR); + validator->cert_chain_from_wire), + S2N_ERR_INTERNAL_LIBCRYPTO_ERROR); if (conn->config->crl_lookup_cb) { RESULT_GUARD(s2n_crl_invoke_lookup_callbacks(conn, validator)); @@ -388,7 +403,8 @@ static S2N_RESULT s2n_x509_validator_process_cert_chain(struct s2n_x509_validato return S2N_RESULT_OK; } -static S2N_RESULT s2n_x509_validator_verify_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn) { +static S2N_RESULT s2n_x509_validator_verify_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn) +{ RESULT_ENSURE(validator->state == READY_TO_VERIFY, S2N_ERR_INVALID_CERT_STATE); X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(validator->store_ctx); @@ -418,7 +434,7 @@ static S2N_RESULT s2n_x509_validator_verify_cert_chain(struct s2n_x509_validator RESULT_GUARD(s2n_config_wall_clock(conn->config, ¤t_sys_time)); /* this wants seconds not nanoseconds */ - time_t current_time = (time_t)(current_sys_time / 1000000000); + time_t current_time = (time_t) (current_sys_time / 1000000000); X509_STORE_CTX_set_time(validator->store_ctx, 0, current_time); int verify_ret = X509_verify_cert(validator->store_ctx); @@ -449,8 +465,9 @@ static S2N_RESULT s2n_x509_validator_verify_cert_chain(struct s2n_x509_validator } static S2N_RESULT s2n_x509_validator_read_leaf_info(struct s2n_connection *conn, uint8_t *cert_chain_in, uint32_t cert_chain_len, - struct s2n_pkey *public_key, s2n_pkey_type *pkey_type, s2n_parsed_extensions_list *first_certificate_extensions) { - struct s2n_blob cert_chain_blob = {.data = cert_chain_in, .size = cert_chain_len}; + struct s2n_pkey *public_key, s2n_pkey_type *pkey_type, s2n_parsed_extensions_list *first_certificate_extensions) +{ + struct s2n_blob cert_chain_blob = { .data = cert_chain_in, .size = cert_chain_len }; DEFER_CLEANUP(struct s2n_stuffer cert_chain_in_stuffer = { 0 }, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_init(&cert_chain_in_stuffer, &cert_chain_blob)); @@ -474,7 +491,8 @@ static S2N_RESULT s2n_x509_validator_read_leaf_info(struct s2n_connection *conn, } S2N_RESULT s2n_x509_validator_validate_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn, - uint8_t *cert_chain_in, uint32_t cert_chain_len, s2n_pkey_type *pkey_type, struct s2n_pkey *public_key_out) { + uint8_t *cert_chain_in, uint32_t cert_chain_len, s2n_pkey_type *pkey_type, struct s2n_pkey *public_key_out) +{ switch (validator->state) { case INIT: break; @@ -519,8 +537,8 @@ S2N_RESULT s2n_x509_validator_validate_cert_chain(struct s2n_x509_validator *val } S2N_RESULT s2n_x509_validator_validate_cert_stapled_ocsp_response(struct s2n_x509_validator *validator, - struct s2n_connection *conn, const uint8_t *ocsp_response_raw, uint32_t ocsp_response_length) { - + struct s2n_connection *conn, const uint8_t *ocsp_response_raw, uint32_t ocsp_response_length) +{ if (validator->skip_cert_validation || !validator->check_stapled_ocsp) { validator->state = OCSP_VALIDATED; return S2N_RESULT_OK; @@ -536,7 +554,7 @@ S2N_RESULT s2n_x509_validator_validate_cert_stapled_ocsp_response(struct s2n_x50 RESULT_ENSURE_REF(ocsp_response_raw); DEFER_CLEANUP(OCSP_RESPONSE *ocsp_response = d2i_OCSP_RESPONSE(NULL, &ocsp_response_raw, ocsp_response_length), - OCSP_RESPONSE_free_pointer); + OCSP_RESPONSE_free_pointer); RESULT_ENSURE(ocsp_response != NULL, S2N_ERR_INVALID_OCSP_RESPONSE); int ocsp_status = OCSP_response_status(ocsp_response); @@ -647,7 +665,8 @@ S2N_RESULT s2n_validate_certificate_signature(struct s2n_connection *conn, X509 return S2N_RESULT_OK; } -S2N_RESULT s2n_validate_sig_scheme_supported(struct s2n_connection *conn, X509 *x509_cert, const struct s2n_signature_preferences *cert_sig_preferences) +S2N_RESULT s2n_validate_sig_scheme_supported(struct s2n_connection *conn, X509 *x509_cert, + const struct s2n_signature_preferences *cert_sig_preferences) { RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(x509_cert); @@ -655,19 +674,19 @@ S2N_RESULT s2n_validate_sig_scheme_supported(struct s2n_connection *conn, X509 * int nid = 0; - #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x02070000f) - RESULT_ENSURE_REF(x509_cert->sig_alg); - nid = OBJ_obj2nid(x509_cert->sig_alg->algorithm); - #else - nid = X509_get_signature_nid(x509_cert); - #endif +#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x02070000f) + RESULT_ENSURE_REF(x509_cert->sig_alg); + nid = OBJ_obj2nid(x509_cert->sig_alg->algorithm); +#else + nid = X509_get_signature_nid(x509_cert); +#endif for (size_t i = 0; i < cert_sig_preferences->count; i++) { - if (cert_sig_preferences->signature_schemes[i]->libcrypto_nid == nid) { /* SHA-1 algorithms are not supported in certificate signatures in TLS1.3 */ - RESULT_ENSURE(!(conn->actual_protocol_version >= S2N_TLS13 && - cert_sig_preferences->signature_schemes[i]->hash_alg == S2N_HASH_SHA1), S2N_ERR_CERT_UNTRUSTED); + RESULT_ENSURE(!(conn->actual_protocol_version >= S2N_TLS13 + && cert_sig_preferences->signature_schemes[i]->hash_alg == S2N_HASH_SHA1), + S2N_ERR_CERT_UNTRUSTED); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.h b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.h index 784eedce05..7d5ebc38ce 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_x509_validator.h +++ b/contrib/restricted/aws/s2n/tls/s2n_x509_validator.h @@ -15,18 +15,17 @@ #pragma once -#include "api/s2n.h" +#include <openssl/x509v3.h> +#include "api/s2n.h" #include "tls/s2n_signature_scheme.h" -#include <openssl/x509v3.h> - /* one day, BoringSSL may add ocsp stapling support. Let's future proof this a bit by grabbing a definition * that would have to be there when they add support */ #if defined(OPENSSL_IS_BORINGSSL) && !defined(OCSP_RESPONSE_STATUS_SUCCESSFUL) -#define S2N_OCSP_STAPLING_SUPPORTED 0 + #define S2N_OCSP_STAPLING_SUPPORTED 0 #else -#define S2N_OCSP_STAPLING_SUPPORTED 1 + #define S2N_OCSP_STAPLING_SUPPORTED 1 #endif /* defined(OPENSSL_IS_BORINGSSL) && !defined(OCSP_RESPONSE_STATUS_SUCCESSFUL) */ typedef enum { @@ -39,7 +38,7 @@ typedef enum { } validator_state; /** Return TRUE for trusted, FALSE for untrusted **/ -typedef uint8_t (*verify_host) (const char *host_name, size_t host_name_len, void *data); +typedef uint8_t (*verify_host)(const char *host_name, size_t host_name_len, void *data); struct s2n_connection; /** @@ -114,15 +113,15 @@ int s2n_x509_validator_wipe(struct s2n_x509_validator *validator); * s2n_x509_validator_validate_cert_stapled_ocsp_response(). */ S2N_RESULT s2n_x509_validator_validate_cert_chain(struct s2n_x509_validator *validator, struct s2n_connection *conn, - uint8_t *cert_chain_in, uint32_t cert_chain_len, s2n_pkey_type *pkey_type, - struct s2n_pkey *public_key_out); + uint8_t *cert_chain_in, uint32_t cert_chain_len, s2n_pkey_type *pkey_type, + struct s2n_pkey *public_key_out); /** * Validates an ocsp response against the most recent certificate chain. Also verifies the timestamps on the response. This function can only be * called once per instance of an s2n_x509_validator and only after a successful call to s2n_x509_validator_validate_cert_chain(). */ -S2N_RESULT s2n_x509_validator_validate_cert_stapled_ocsp_response(struct s2n_x509_validator *validator, struct s2n_connection *conn, - const uint8_t *ocsp_response, uint32_t size); +S2N_RESULT s2n_x509_validator_validate_cert_stapled_ocsp_response(struct s2n_x509_validator *validator, struct s2n_connection *conn, + const uint8_t *ocsp_response, uint32_t size); /** * Checks whether the peer's certificate chain has been received and validated. @@ -137,4 +136,5 @@ bool s2n_x509_validator_is_cert_chain_validated(const struct s2n_x509_validator S2N_RESULT s2n_validate_certificate_signature(struct s2n_connection *conn, X509 *x509_cert); /* Checks to see if a certificate has a signature algorithm that's in our certificate_signature_preferences list */ -S2N_RESULT s2n_validate_sig_scheme_supported(struct s2n_connection *conn, X509 *x509_cert, const struct s2n_signature_preferences *cert_sig_preferences); +S2N_RESULT s2n_validate_sig_scheme_supported(struct s2n_connection *conn, X509 *x509_cert, + const struct s2n_signature_preferences *cert_sig_preferences); diff --git a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c index 546a7a82c6..681d10493d 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c +++ b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c @@ -53,6 +53,11 @@ typedef __darwin_pthread_once_t pthread_once_t; #define MADV_WIPEONFORK 18 #endif +/* Sometimes (for example, on FreeBSD) MAP_INHERIT_ZERO is called INHERIT_ZERO */ +#if !defined(MAP_INHERIT_ZERO) && defined(INHERIT_ZERO) + #define MAP_INHERIT_ZERO INHERIT_ZERO +#endif + /* These variables are used to disable all fork detection mechanisms or at the * individual level during testing. */ @@ -107,7 +112,7 @@ static inline S2N_RESULT s2n_initialise_wipeonfork_best_effort(void *addr, long static inline S2N_RESULT s2n_initialise_inherit_zero(void *addr, long page_size) { #if defined(S2N_MINHERIT_SUPPORTED) && defined(MAP_INHERIT_ZERO) - RESULT_ENSURE(minherit(addr, pagesize, MAP_INHERIT_ZERO) == 0, S2N_ERR_FORK_DETECTION_INIT); + RESULT_ENSURE(minherit(addr, page_size, MAP_INHERIT_ZERO) == 0, S2N_ERR_FORK_DETECTION_INIT); #endif return S2N_RESULT_OK; @@ -338,7 +343,7 @@ bool s2n_is_madv_wipeonfork_supported(void) bool s2n_is_map_inherit_zero_supported(void) { #if defined(S2N_MINHERIT_SUPPORTED) && defined(MAP_INHERIT_ZERO) - return true + return true; #else return false; #endif |