aws-crt 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/CMakeLists.txt +30 -0
- data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/main.c +208 -0
- data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/CMakeLists.txt +30 -0
- data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c +244 -0
- data/aws-crt-ffi/crt/aws-c-cal/ecdsa-fuzz-corpus/darwin/p256_sig_corpus.txt +10000 -0
- data/aws-crt-ffi/crt/aws-c-cal/ecdsa-fuzz-corpus/windows/p256_sig_corpus.txt +10000 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/windows/bcrypt_ecc.c +8 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +11 -10
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/tls_channel_handler.h +2 -0
- data/aws-crt-ffi/crt/aws-c-io/source/darwin/darwin_pki_utils.c +8 -0
- data/aws-crt-ffi/crt/aws-c-io/source/tls_channel_handler.c +2 -0
- data/aws-crt-ffi/crt/aws-c-io/source/windows/windows_pki_utils.c +65 -35
- data/aws-crt-ffi/crt/s2n/CMakeLists.txt +67 -21
- data/aws-crt-ffi/crt/s2n/Makefile +10 -0
- data/aws-crt-ffi/crt/s2n/bin/Makefile +9 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/Makefile +14 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +3 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/config.rs +265 -39
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/raw/connection.rs +170 -20
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +120 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing.rs +58 -23
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/Cargo.toml +1 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/src/internal.rs +3 -0
- data/aws-crt-ffi/crt/s2n/crypto/s2n_composite_cipher_aes_sha.c +1 -1
- data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c +8 -3
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.c +3 -0
- data/aws-crt-ffi/crt/s2n/error/s2n_errno.h +2 -0
- data/aws-crt-ffi/crt/s2n/lib/Makefile +11 -0
- data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_90s_r2/ntt.h +2 -2
- data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r2/ntt.h +2 -2
- data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_poly_avx2.h +2 -2
- data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_polyvec_avx2.h +2 -2
- data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/P503_internal_r1.h +1 -1
- data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/fips202_r1.h +1 -1
- data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r3/sikep434r3_fp_x64_asm.S +4 -0
- data/aws-crt-ffi/crt/s2n/s2n.mk +25 -0
- data/aws-crt-ffi/crt/s2n/scripts/s2n_safety_macros.py +14 -0
- data/aws-crt-ffi/crt/s2n/tests/benchmark/Readme.md +23 -9
- data/aws-crt-ffi/crt/s2n/tests/features/clone.c +24 -0
- data/aws-crt-ffi/crt/s2n/tests/features/madvise.c +27 -0
- data/aws-crt-ffi/crt/s2n/tests/features/minherit.c +22 -0
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/conftest.py +2 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_fork_generation_number_test.c +335 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_mem_usage_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_client_hello_cb_test.c +93 -11
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_hello_retry_test.c +123 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c +18 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_key_schedule_test.c +0 -38
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_secrets_test.c +134 -15
- data/aws-crt-ffi/crt/s2n/tls/s2n_cipher_suites.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +20 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.h +8 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.c +13 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_config.h +6 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_io.c +2 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_internal.h +9 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c +7 -7
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c +61 -8
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h +11 -5
- data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c +367 -0
- data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.h +28 -0
- data/aws-crt-ffi/crt/s2n/utils/s2n_safety_macros.h +13 -22
- metadata +18 -3
|
@@ -28,6 +28,8 @@
|
|
|
28
28
|
#include "tls/extensions/s2n_server_key_share.h"
|
|
29
29
|
|
|
30
30
|
#include "error/s2n_errno.h"
|
|
31
|
+
#include "utils/s2n_result.h"
|
|
32
|
+
#include "tls/s2n_internal.h"
|
|
31
33
|
|
|
32
34
|
#define HELLO_RETRY_MSG_NO 1
|
|
33
35
|
|
|
@@ -37,8 +39,45 @@ const uint8_t COMPRESSION_METHOD_SIZE = 1;
|
|
|
37
39
|
struct client_hello_context {
|
|
38
40
|
int invocations;
|
|
39
41
|
s2n_client_hello_cb_mode mode;
|
|
42
|
+
bool mark_done;
|
|
43
|
+
bool enable_poll;
|
|
40
44
|
};
|
|
41
45
|
|
|
46
|
+
int s2n_negotiate_poll_hello_retry(struct s2n_connection *server_conn,
|
|
47
|
+
struct s2n_connection *client_conn,
|
|
48
|
+
struct client_hello_context *client_hello_ctx)
|
|
49
|
+
{
|
|
50
|
+
s2n_blocked_status blocked = S2N_NOT_BLOCKED;
|
|
51
|
+
EXPECT_FAILURE_WITH_ERRNO(s2n_negotiate(client_conn, &blocked), S2N_ERR_IO_BLOCKED);
|
|
52
|
+
|
|
53
|
+
int expected_invocation = 0;
|
|
54
|
+
|
|
55
|
+
/* if polling is enabled then confirm that the callback is incremented each time */
|
|
56
|
+
if (client_hello_ctx->enable_poll) {
|
|
57
|
+
do {
|
|
58
|
+
/* invocation should increase each time s2n_negotiate is called */
|
|
59
|
+
EXPECT_FAILURE_WITH_ERRNO(s2n_negotiate(server_conn, &blocked), S2N_ERR_ASYNC_BLOCKED);
|
|
60
|
+
EXPECT_EQUAL(blocked, S2N_BLOCKED_ON_APPLICATION_INPUT);
|
|
61
|
+
expected_invocation++;
|
|
62
|
+
EXPECT_EQUAL(client_hello_ctx->invocations, expected_invocation);
|
|
63
|
+
} while (expected_invocation < 10);
|
|
64
|
+
}
|
|
65
|
+
EXPECT_EQUAL(client_hello_ctx->invocations, expected_invocation);
|
|
66
|
+
|
|
67
|
+
/* complete the callback on the next call */
|
|
68
|
+
client_hello_ctx->mark_done = true;
|
|
69
|
+
EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
|
|
70
|
+
|
|
71
|
+
/*
|
|
72
|
+
* hello retry will invoke the s2n_negotiate twice but the callback should
|
|
73
|
+
* be called once regardless of polling
|
|
74
|
+
*/
|
|
75
|
+
expected_invocation++;
|
|
76
|
+
EXPECT_EQUAL(client_hello_ctx->invocations, expected_invocation);
|
|
77
|
+
|
|
78
|
+
return S2N_SUCCESS;
|
|
79
|
+
}
|
|
80
|
+
|
|
42
81
|
static int client_hello_detect_duplicate_calls(struct s2n_connection *conn, void *ctx)
|
|
43
82
|
{
|
|
44
83
|
if (ctx == NULL) {
|
|
@@ -56,6 +95,78 @@ static int client_hello_detect_duplicate_calls(struct s2n_connection *conn, void
|
|
|
56
95
|
return 0;
|
|
57
96
|
}
|
|
58
97
|
|
|
98
|
+
int s2n_client_hello_poll_cb(struct s2n_connection *conn, void *ctx)
|
|
99
|
+
{
|
|
100
|
+
struct client_hello_context *client_hello_ctx;
|
|
101
|
+
if (ctx == NULL) {
|
|
102
|
+
return -1;
|
|
103
|
+
}
|
|
104
|
+
client_hello_ctx = ctx;
|
|
105
|
+
/* Increment counter to ensure that callback was invoked */
|
|
106
|
+
client_hello_ctx->invocations++;
|
|
107
|
+
|
|
108
|
+
if (client_hello_ctx->mark_done) {
|
|
109
|
+
EXPECT_SUCCESS(s2n_client_hello_cb_done(conn));
|
|
110
|
+
return S2N_SUCCESS;
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
return S2N_SUCCESS;
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
S2N_RESULT hello_retry_client_hello_cb_test(bool enable_poll) {
|
|
117
|
+
struct s2n_cert_chain_and_key *tls13_chain_and_key = NULL;
|
|
118
|
+
EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&tls13_chain_and_key,
|
|
119
|
+
S2N_ECDSA_P384_PKCS1_CERT_CHAIN, S2N_ECDSA_P384_PKCS1_KEY));
|
|
120
|
+
EXPECT_NOT_NULL(tls13_chain_and_key);
|
|
121
|
+
|
|
122
|
+
DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
|
|
123
|
+
EXPECT_NOT_NULL(config);
|
|
124
|
+
|
|
125
|
+
EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
|
|
126
|
+
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, tls13_chain_and_key));
|
|
127
|
+
EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default_tls13"));
|
|
128
|
+
|
|
129
|
+
DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free);
|
|
130
|
+
DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), s2n_connection_ptr_free);
|
|
131
|
+
EXPECT_NOT_NULL(server_conn);
|
|
132
|
+
EXPECT_NOT_NULL(client_conn);
|
|
133
|
+
|
|
134
|
+
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config));
|
|
135
|
+
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config));
|
|
136
|
+
|
|
137
|
+
struct s2n_test_io_pair io_pair = { 0 };
|
|
138
|
+
EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair));
|
|
139
|
+
EXPECT_SUCCESS(s2n_connections_set_io_pair(client_conn, server_conn, &io_pair));
|
|
140
|
+
|
|
141
|
+
/* Force HRR path */
|
|
142
|
+
client_conn->security_policy_override = &security_policy_test_tls13_retry;
|
|
143
|
+
|
|
144
|
+
/* setup the client hello callback */
|
|
145
|
+
struct client_hello_context client_hello_ctx = {.invocations = 0,
|
|
146
|
+
.mode = S2N_CLIENT_HELLO_CB_NONBLOCKING, .mark_done = false,
|
|
147
|
+
.enable_poll = enable_poll };
|
|
148
|
+
EXPECT_SUCCESS(s2n_config_set_client_hello_cb(config,
|
|
149
|
+
s2n_client_hello_poll_cb, &client_hello_ctx));
|
|
150
|
+
EXPECT_SUCCESS(s2n_config_set_client_hello_cb_mode(config,
|
|
151
|
+
S2N_CLIENT_HELLO_CB_NONBLOCKING));
|
|
152
|
+
|
|
153
|
+
if (enable_poll) {
|
|
154
|
+
/* Enable callback polling mode */
|
|
155
|
+
EXPECT_SUCCESS(s2n_config_client_hello_cb_enable_poll(config));
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
/* negotiate and make assertions */
|
|
159
|
+
EXPECT_SUCCESS(s2n_negotiate_poll_hello_retry(server_conn, client_conn, &client_hello_ctx));
|
|
160
|
+
|
|
161
|
+
/* check hello retry state */
|
|
162
|
+
EXPECT_TRUE(IS_HELLO_RETRY_HANDSHAKE(client_conn));
|
|
163
|
+
EXPECT_TRUE(IS_HELLO_RETRY_HANDSHAKE(server_conn));
|
|
164
|
+
|
|
165
|
+
/* cleanup */
|
|
166
|
+
EXPECT_SUCCESS(s2n_cert_chain_and_key_free(tls13_chain_and_key));
|
|
167
|
+
EXPECT_SUCCESS(s2n_io_pair_close(&io_pair));
|
|
168
|
+
return S2N_RESULT_OK;
|
|
169
|
+
}
|
|
59
170
|
|
|
60
171
|
int main(int argc, char **argv)
|
|
61
172
|
{
|
|
@@ -450,6 +561,9 @@ int main(int argc, char **argv)
|
|
|
450
561
|
EXPECT_TRUE(server_conn->handshake.handshake_type & HELLO_RETRY_REQUEST);
|
|
451
562
|
EXPECT_EQUAL(client_hello_ctx.invocations, 1);
|
|
452
563
|
|
|
564
|
+
EXPECT_TRUE(IS_HELLO_RETRY_HANDSHAKE(client_conn));
|
|
565
|
+
EXPECT_TRUE(IS_HELLO_RETRY_HANDSHAKE(server_conn));
|
|
566
|
+
|
|
453
567
|
EXPECT_SUCCESS(s2n_connection_free(server_conn));
|
|
454
568
|
EXPECT_SUCCESS(s2n_connection_free(client_conn));
|
|
455
569
|
EXPECT_SUCCESS(s2n_config_free(client_config));
|
|
@@ -458,6 +572,14 @@ int main(int argc, char **argv)
|
|
|
458
572
|
EXPECT_SUCCESS(s2n_io_pair_close(&io_pair));
|
|
459
573
|
}
|
|
460
574
|
|
|
575
|
+
/* Hello Retry Request + (poll and no-poll) client hello callback */
|
|
576
|
+
{
|
|
577
|
+
/* enable polling */
|
|
578
|
+
EXPECT_OK(hello_retry_client_hello_cb_test(true));
|
|
579
|
+
/* disable polling */
|
|
580
|
+
EXPECT_OK(hello_retry_client_hello_cb_test(false));
|
|
581
|
+
}
|
|
582
|
+
|
|
461
583
|
/* Test s2n_set_hello_retry_required correctly sets the handshake type to HELLO_RETRY_REQUEST,
|
|
462
584
|
* when conn->actual_protocol_version is set to TLS1.3 version */
|
|
463
585
|
{
|
|
@@ -471,7 +593,7 @@ int main(int argc, char **argv)
|
|
|
471
593
|
EXPECT_SUCCESS(s2n_connection_free(conn));
|
|
472
594
|
}
|
|
473
595
|
|
|
474
|
-
/* Test s2n_set_hello_retry_required raises a S2N_ERR_INVALID_HELLO_RETRY error
|
|
596
|
+
/* Test s2n_set_hello_retry_required raises a S2N_ERR_INVALID_HELLO_RETRY error
|
|
475
597
|
* when conn->actual_protocol_version is less than TLS1.3 */
|
|
476
598
|
{
|
|
477
599
|
struct s2n_connection *conn;
|
|
@@ -205,10 +205,15 @@ int main(int argc, char **argv)
|
|
|
205
205
|
server_hello_hash.data, server_hello_hash.size);
|
|
206
206
|
|
|
207
207
|
conn->handshake.handshake_type = one_rtt_handshake_type;
|
|
208
|
+
|
|
209
|
+
conn->handshake.message_number = one_rtt_message_nums[SERVER_HELLO];
|
|
210
|
+
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), SERVER_HELLO);
|
|
211
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
212
|
+
|
|
208
213
|
conn->handshake.message_number = one_rtt_message_nums[SERVER_FINISHED];
|
|
209
214
|
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), SERVER_FINISHED);
|
|
210
|
-
|
|
211
215
|
EXPECT_OK(s2n_tls13_key_schedule_update(conn));
|
|
216
|
+
|
|
212
217
|
EXPECT_IVS_EQUAL(conn, iv, S2N_CLIENT);
|
|
213
218
|
EXPECT_KEYS_EQUAL(conn, key, S2N_CLIENT);
|
|
214
219
|
}
|
|
@@ -289,10 +294,15 @@ int main(int argc, char **argv)
|
|
|
289
294
|
server_finished_hash.data, server_finished_hash.size);
|
|
290
295
|
|
|
291
296
|
conn->handshake.handshake_type = one_rtt_handshake_type;
|
|
297
|
+
|
|
298
|
+
conn->handshake.message_number = one_rtt_message_nums[SERVER_FINISHED];
|
|
299
|
+
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), SERVER_FINISHED);
|
|
300
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
301
|
+
|
|
292
302
|
conn->handshake.message_number = one_rtt_message_nums[trigger_message];
|
|
293
303
|
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), trigger_message);
|
|
294
|
-
|
|
295
304
|
EXPECT_OK(s2n_tls13_key_schedule_update(conn));
|
|
305
|
+
|
|
296
306
|
EXPECT_IVS_EQUAL(conn, iv, S2N_SERVER);
|
|
297
307
|
EXPECT_KEYS_EQUAL(conn, key, S2N_SERVER);
|
|
298
308
|
}
|
|
@@ -335,10 +345,15 @@ int main(int argc, char **argv)
|
|
|
335
345
|
server_finished_hash.data, server_finished_hash.size);
|
|
336
346
|
|
|
337
347
|
conn->handshake.handshake_type = one_rtt_handshake_type;
|
|
348
|
+
|
|
349
|
+
conn->handshake.message_number = one_rtt_message_nums[SERVER_FINISHED];
|
|
350
|
+
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), SERVER_FINISHED);
|
|
351
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
352
|
+
|
|
338
353
|
conn->handshake.message_number = one_rtt_message_nums[CLIENT_FINISHED];
|
|
339
354
|
EXPECT_EQUAL(s2n_conn_get_current_message_type(conn), CLIENT_FINISHED);
|
|
340
|
-
|
|
341
355
|
EXPECT_OK(s2n_tls13_key_schedule_update(conn));
|
|
356
|
+
|
|
342
357
|
EXPECT_IVS_EQUAL(conn, iv, S2N_CLIENT);
|
|
343
358
|
EXPECT_KEYS_EQUAL(conn, key, S2N_CLIENT);
|
|
344
359
|
}
|
|
@@ -52,18 +52,6 @@ static int s2n_test_secret_cb(void* context, struct s2n_connection *conn,
|
|
|
52
52
|
POSIX_GUARD(s2n_blob_init(&secrets->blobs[secret_type],
|
|
53
53
|
secrets->bytes[secret_type], secret_size));
|
|
54
54
|
POSIX_CHECKED_MEMCPY(secrets->bytes[secret_type], secret_bytes, secret_size);
|
|
55
|
-
|
|
56
|
-
/* s2n-quic requires that all handshake secrets be emitted before
|
|
57
|
-
* any application secrets.
|
|
58
|
-
*
|
|
59
|
-
* This requirement is not supported for 0RTT yet.
|
|
60
|
-
*/
|
|
61
|
-
bool is_handshake_secret = (secret_type == S2N_CLIENT_HANDSHAKE_TRAFFIC_SECRET
|
|
62
|
-
|| secret_type == S2N_SERVER_HANDSHAKE_TRAFFIC_SECRET);
|
|
63
|
-
if (!WITH_EARLY_DATA(conn) && is_handshake_secret) {
|
|
64
|
-
POSIX_ENSURE_EQ(secrets->blobs[S2N_CLIENT_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
65
|
-
POSIX_ENSURE_EQ(secrets->blobs[S2N_SERVER_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
66
|
-
}
|
|
67
55
|
return S2N_SUCCESS;
|
|
68
56
|
}
|
|
69
57
|
|
|
@@ -230,26 +218,17 @@ int main(int argc, char **argv)
|
|
|
230
218
|
case CLIENT_HELLO:
|
|
231
219
|
/* Expect not encrypted */
|
|
232
220
|
EXPECT_EQUAL(conn->client, &conn->initial);
|
|
233
|
-
/* Expect all secrets not available yet */
|
|
234
|
-
EXPECT_EQUAL(secrets.blobs[S2N_CLIENT_HANDSHAKE_TRAFFIC_SECRET].size, 0);
|
|
235
|
-
EXPECT_EQUAL(secrets.blobs[S2N_CLIENT_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
236
221
|
break;
|
|
237
222
|
case HELLO_RETRY_MSG:
|
|
238
223
|
case SERVER_HELLO:
|
|
239
224
|
/* Expect not encrypted */
|
|
240
225
|
EXPECT_EQUAL(conn->server, &conn->initial);
|
|
241
|
-
/* Expect all secrets not available yet */
|
|
242
|
-
EXPECT_EQUAL(secrets.blobs[S2N_SERVER_HANDSHAKE_TRAFFIC_SECRET].size, 0);
|
|
243
|
-
EXPECT_EQUAL(secrets.blobs[S2N_SERVER_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
244
226
|
break;
|
|
245
227
|
case END_OF_EARLY_DATA:
|
|
246
228
|
/* Expect encrypted */
|
|
247
229
|
EXPECT_EQUAL(conn->client, &conn->secure);
|
|
248
230
|
/* Expect correct secret available */
|
|
249
231
|
EXPECT_TRUE(secrets.blobs[S2N_CLIENT_EARLY_TRAFFIC_SECRET].size > 0);
|
|
250
|
-
/* Expect other secrets not available yet */
|
|
251
|
-
EXPECT_EQUAL(secrets.blobs[S2N_CLIENT_HANDSHAKE_TRAFFIC_SECRET].size, 0);
|
|
252
|
-
EXPECT_EQUAL(secrets.blobs[S2N_CLIENT_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
253
232
|
break;
|
|
254
233
|
case ENCRYPTED_EXTENSIONS:
|
|
255
234
|
case SERVER_CERT:
|
|
@@ -260,8 +239,6 @@ int main(int argc, char **argv)
|
|
|
260
239
|
EXPECT_EQUAL(conn->server, &conn->secure);
|
|
261
240
|
/* Expect correct secret available */
|
|
262
241
|
EXPECT_TRUE(secrets.blobs[S2N_SERVER_HANDSHAKE_TRAFFIC_SECRET].size > 0);
|
|
263
|
-
/* Expect other secrets not available yet */
|
|
264
|
-
EXPECT_EQUAL(secrets.blobs[S2N_SERVER_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
265
242
|
break;
|
|
266
243
|
case CLIENT_CERT:
|
|
267
244
|
case CLIENT_CERT_VERIFY:
|
|
@@ -270,8 +247,6 @@ int main(int argc, char **argv)
|
|
|
270
247
|
EXPECT_EQUAL(conn->client, &conn->secure);
|
|
271
248
|
/* Expect correct secret available */
|
|
272
249
|
EXPECT_TRUE(secrets.blobs[S2N_CLIENT_HANDSHAKE_TRAFFIC_SECRET].size > 0);
|
|
273
|
-
/* Expect other secrets not available yet */
|
|
274
|
-
EXPECT_EQUAL(secrets.blobs[S2N_CLIENT_APPLICATION_TRAFFIC_SECRET].size, 0);
|
|
275
250
|
break;
|
|
276
251
|
case APPLICATION_DATA:
|
|
277
252
|
/* Expect encrypted */
|
|
@@ -298,19 +273,6 @@ int main(int argc, char **argv)
|
|
|
298
273
|
}
|
|
299
274
|
|
|
300
275
|
EXPECT_OK(s2n_tls13_key_schedule_update(conn));
|
|
301
|
-
|
|
302
|
-
/*
|
|
303
|
-
* For complete QUIC support, secrets need to be available as soon as possible.
|
|
304
|
-
* For the server, that means that the application traffic secrets
|
|
305
|
-
* must be available immediately after the server Finished message, even though
|
|
306
|
-
* they're not technically required until APPLICATION_DATA.
|
|
307
|
-
*/
|
|
308
|
-
if (s2n_conn_get_current_message_type(conn) == SERVER_FINISHED
|
|
309
|
-
&& conn->mode == S2N_SERVER) {
|
|
310
|
-
EXPECT_EQUAL(conn->server, &conn->secure);
|
|
311
|
-
EXPECT_TRUE(secrets.blobs[S2N_SERVER_APPLICATION_TRAFFIC_SECRET].size > 0);
|
|
312
|
-
}
|
|
313
|
-
|
|
314
276
|
conn->handshake.message_number++;
|
|
315
277
|
}
|
|
316
278
|
|
|
@@ -52,6 +52,10 @@ int main(int argc, char **argv)
|
|
|
52
52
|
const struct s2n_ecc_preferences *curves = &s2n_ecc_preferences_test_all;
|
|
53
53
|
const s2n_mode modes[] = { S2N_CLIENT, S2N_SERVER };
|
|
54
54
|
|
|
55
|
+
struct s2n_blob test_secret = { 0 };
|
|
56
|
+
uint8_t test_secret_bytes[S2N_TLS13_SECRET_MAX_LEN] = "hello world";
|
|
57
|
+
EXPECT_SUCCESS(s2n_blob_init(&test_secret, test_secret_bytes, sizeof(test_secret_bytes)));
|
|
58
|
+
|
|
55
59
|
struct s2n_tls13_secrets_test_case test_cases[1000] = { 0 };
|
|
56
60
|
size_t test_cases_count = 0;
|
|
57
61
|
for (s2n_extract_secret_type_t next_type = S2N_EARLY_SECRET; next_type <= S2N_MASTER_SECRET; next_type++) {
|
|
@@ -224,14 +228,10 @@ int main(int argc, char **argv)
|
|
|
224
228
|
}
|
|
225
229
|
}
|
|
226
230
|
|
|
227
|
-
/*
|
|
231
|
+
/* s2n_tls13_secrets_clean */
|
|
228
232
|
{
|
|
229
233
|
/* Safety */
|
|
230
|
-
EXPECT_ERROR_WITH_ERRNO(
|
|
231
|
-
|
|
232
|
-
struct s2n_blob test_secret = { 0 };
|
|
233
|
-
uint8_t test_secret_bytes[S2N_TLS13_SECRET_MAX_LEN] = "hello world";
|
|
234
|
-
EXPECT_SUCCESS(s2n_blob_init(&test_secret, test_secret_bytes, sizeof(test_secret_bytes)));
|
|
234
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_clean(NULL), S2N_ERR_NULL);
|
|
235
235
|
|
|
236
236
|
/* Wipes all secrets */
|
|
237
237
|
{
|
|
@@ -247,36 +247,155 @@ int main(int argc, char **argv)
|
|
|
247
247
|
EXPECT_OK(s2n_connection_set_test_early_secret(conn, &test_secret));
|
|
248
248
|
EXPECT_OK(s2n_connection_set_test_handshake_secret(conn, &test_secret));
|
|
249
249
|
EXPECT_OK(s2n_connection_set_test_master_secret(conn, &test_secret));
|
|
250
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.client_handshake_secret, test_secret.data, test_secret.size);
|
|
251
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.server_handshake_secret, test_secret.data, test_secret.size);
|
|
252
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.client_app_secret, test_secret.data, test_secret.size);
|
|
253
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.server_app_secret, test_secret.data, test_secret.size);
|
|
254
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.resumption_master_secret, test_secret.data, test_secret.size);
|
|
250
255
|
|
|
251
256
|
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.early_secret, empty_secret, sizeof(empty_secret));
|
|
252
257
|
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.handshake_secret, empty_secret, sizeof(empty_secret));
|
|
253
258
|
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.master_secret, empty_secret, sizeof(empty_secret));
|
|
259
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.client_handshake_secret, empty_secret, sizeof(empty_secret));
|
|
260
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.server_handshake_secret, empty_secret, sizeof(empty_secret));
|
|
261
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.client_app_secret, empty_secret, sizeof(empty_secret));
|
|
262
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.server_app_secret, empty_secret, sizeof(empty_secret));
|
|
263
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.resumption_master_secret, empty_secret, sizeof(empty_secret));
|
|
254
264
|
|
|
255
|
-
EXPECT_OK(
|
|
265
|
+
EXPECT_OK(s2n_tls13_secrets_clean(conn));
|
|
256
266
|
|
|
257
267
|
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.early_secret, empty_secret, sizeof(empty_secret));
|
|
258
268
|
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.handshake_secret, empty_secret, sizeof(empty_secret));
|
|
259
269
|
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.master_secret, empty_secret, sizeof(empty_secret));
|
|
270
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.client_handshake_secret, empty_secret, sizeof(empty_secret));
|
|
271
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.server_handshake_secret, empty_secret, sizeof(empty_secret));
|
|
272
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.client_app_secret, empty_secret, sizeof(empty_secret));
|
|
273
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.server_app_secret, empty_secret, sizeof(empty_secret));
|
|
274
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.resumption_master_secret, empty_secret, sizeof(empty_secret));
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
/* Test s2n_tls13_secrets_get */
|
|
279
|
+
{
|
|
280
|
+
/* Safety */
|
|
281
|
+
{
|
|
282
|
+
struct s2n_blob result = { 0 };
|
|
283
|
+
struct s2n_connection conn = { 0 };
|
|
284
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(NULL, S2N_HANDSHAKE_SECRET, S2N_CLIENT, &result), S2N_ERR_NULL);
|
|
285
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(&conn, S2N_HANDSHAKE_SECRET, S2N_CLIENT, NULL), S2N_ERR_NULL);
|
|
286
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(&conn, S2N_NONE_SECRET, S2N_CLIENT, &result), S2N_ERR_SAFETY);
|
|
287
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(&conn, -1, S2N_CLIENT, &result), S2N_ERR_SAFETY);
|
|
288
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(&conn, 100, S2N_CLIENT, &result), S2N_ERR_SAFETY);
|
|
289
|
+
|
|
290
|
+
conn.secrets.tls13.secrets_state = S2N_NONE_SECRET;
|
|
291
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_get(&conn, S2N_HANDSHAKE_SECRET, S2N_CLIENT, &result), S2N_ERR_SAFETY);
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
/* Retrieves an existing secret */
|
|
295
|
+
{
|
|
296
|
+
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
|
|
297
|
+
s2n_connection_ptr_free);
|
|
298
|
+
conn->secure.cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
|
|
299
|
+
conn->actual_protocol_version = S2N_TLS13;
|
|
300
|
+
|
|
301
|
+
EXPECT_MEMCPY_SUCCESS(conn->secrets.tls13.client_handshake_secret,
|
|
302
|
+
test_secret.data, test_secret.size);
|
|
303
|
+
conn->secrets.tls13.secrets_state = S2N_HANDSHAKE_SECRET;
|
|
304
|
+
|
|
305
|
+
struct s2n_blob result = { 0 };
|
|
306
|
+
uint8_t result_bytes[S2N_TLS13_SECRET_MAX_LEN] = { 0 };
|
|
307
|
+
EXPECT_SUCCESS(s2n_blob_init(&result, result_bytes, sizeof(result_bytes)));
|
|
308
|
+
EXPECT_OK(s2n_tls13_secrets_get(conn, S2N_HANDSHAKE_SECRET, S2N_CLIENT, &result));
|
|
309
|
+
|
|
310
|
+
EXPECT_TRUE(result.size > 0);
|
|
311
|
+
EXPECT_TRUE(result.size <= S2N_TLS13_SECRET_MAX_LEN);
|
|
312
|
+
EXPECT_BYTEARRAY_EQUAL(result.data, test_secret.data, result.size);
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
/* Derives a new secret */
|
|
316
|
+
{
|
|
317
|
+
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
|
|
318
|
+
s2n_connection_ptr_free);
|
|
319
|
+
conn->secure.cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
|
|
320
|
+
conn->actual_protocol_version = S2N_TLS13;
|
|
321
|
+
|
|
322
|
+
struct s2n_blob result = { 0 };
|
|
323
|
+
uint8_t result_bytes[S2N_TLS13_SECRET_MAX_LEN] = { 0 };
|
|
324
|
+
EXPECT_SUCCESS(s2n_blob_init(&result, result_bytes, sizeof(result_bytes)));
|
|
325
|
+
EXPECT_OK(s2n_tls13_secrets_get(conn, S2N_EARLY_SECRET, S2N_CLIENT, &result));
|
|
326
|
+
|
|
327
|
+
EXPECT_TRUE(result.size > 0);
|
|
328
|
+
EXPECT_TRUE(result.size <= S2N_TLS13_SECRET_MAX_LEN);
|
|
329
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(result.data, empty_secret, result.size);
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
|
|
333
|
+
/* s2n_tls13_secrets_update */
|
|
334
|
+
{
|
|
335
|
+
/* Safety */
|
|
336
|
+
EXPECT_ERROR_WITH_ERRNO(s2n_tls13_secrets_update(NULL), S2N_ERR_NULL);
|
|
337
|
+
|
|
338
|
+
/* Derives handshake secrets on SERVER_HELLO */
|
|
339
|
+
{
|
|
340
|
+
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
|
|
341
|
+
s2n_connection_ptr_free);
|
|
342
|
+
conn->secure.cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
|
|
343
|
+
conn->actual_protocol_version = S2N_TLS13;
|
|
344
|
+
EXPECT_OK(s2n_connection_set_test_handshake_secret(conn, &test_secret));
|
|
345
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.client_handshake_secret,
|
|
346
|
+
empty_secret, sizeof(empty_secret));
|
|
347
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.server_handshake_secret,
|
|
348
|
+
empty_secret, sizeof(empty_secret));
|
|
349
|
+
|
|
350
|
+
while(s2n_conn_get_current_message_type(conn) != SERVER_HELLO) {
|
|
351
|
+
conn->handshake.message_number++;
|
|
352
|
+
}
|
|
353
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
354
|
+
|
|
355
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.client_handshake_secret,
|
|
356
|
+
empty_secret, sizeof(empty_secret));
|
|
357
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.server_handshake_secret,
|
|
358
|
+
empty_secret, sizeof(empty_secret));
|
|
260
359
|
}
|
|
261
360
|
|
|
262
|
-
/*
|
|
361
|
+
/* Derives application secrets on SERVER_FINISHED */
|
|
263
362
|
{
|
|
264
363
|
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
|
|
265
364
|
s2n_connection_ptr_free);
|
|
266
365
|
conn->secure.cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
|
|
366
|
+
conn->actual_protocol_version = S2N_TLS13;
|
|
267
367
|
EXPECT_OK(s2n_connection_set_test_master_secret(conn, &test_secret));
|
|
268
|
-
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.
|
|
368
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.client_app_secret,
|
|
369
|
+
empty_secret, sizeof(empty_secret));
|
|
370
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.server_app_secret,
|
|
269
371
|
empty_secret, sizeof(empty_secret));
|
|
270
372
|
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
373
|
+
while(s2n_conn_get_current_message_type(conn) != SERVER_FINISHED) {
|
|
374
|
+
conn->handshake.message_number++;
|
|
375
|
+
}
|
|
376
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
377
|
+
|
|
378
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.client_app_secret,
|
|
275
379
|
empty_secret, sizeof(empty_secret));
|
|
380
|
+
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.server_app_secret,
|
|
381
|
+
empty_secret, sizeof(empty_secret));
|
|
382
|
+
}
|
|
276
383
|
|
|
277
|
-
|
|
384
|
+
/* Derives resumption secret on CLIENT_FINISHED */
|
|
385
|
+
{
|
|
386
|
+
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER),
|
|
387
|
+
s2n_connection_ptr_free);
|
|
388
|
+
conn->secure.cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
|
|
278
389
|
conn->actual_protocol_version = S2N_TLS13;
|
|
279
|
-
EXPECT_OK(
|
|
390
|
+
EXPECT_OK(s2n_connection_set_test_master_secret(conn, &test_secret));
|
|
391
|
+
EXPECT_BYTEARRAY_EQUAL(conn->secrets.tls13.resumption_master_secret,
|
|
392
|
+
empty_secret, sizeof(empty_secret));
|
|
393
|
+
|
|
394
|
+
while(s2n_conn_get_current_message_type(conn) != CLIENT_FINISHED) {
|
|
395
|
+
conn->handshake.message_number++;
|
|
396
|
+
}
|
|
397
|
+
EXPECT_OK(s2n_tls13_secrets_update(conn));
|
|
398
|
+
|
|
280
399
|
EXPECT_BYTEARRAY_NOT_EQUAL(conn->secrets.tls13.resumption_master_secret,
|
|
281
400
|
empty_secret, sizeof(empty_secret));
|
|
282
401
|
}
|
|
@@ -1088,7 +1088,7 @@ int s2n_cipher_suites_cleanup(void)
|
|
|
1088
1088
|
return 0;
|
|
1089
1089
|
}
|
|
1090
1090
|
|
|
1091
|
-
S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t iana[], struct s2n_cipher_suite **cipher_suite)
|
|
1091
|
+
S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t iana[static S2N_TLS_CIPHER_SUITE_LEN], struct s2n_cipher_suite **cipher_suite)
|
|
1092
1092
|
{
|
|
1093
1093
|
RESULT_ENSURE_REF(cipher_suite);
|
|
1094
1094
|
*cipher_suite = NULL;
|
|
@@ -33,6 +33,7 @@
|
|
|
33
33
|
#include "tls/s2n_connection.h"
|
|
34
34
|
#include "tls/s2n_client_hello.h"
|
|
35
35
|
#include "tls/s2n_alerts.h"
|
|
36
|
+
#include "tls/s2n_handshake_type.h"
|
|
36
37
|
#include "tls/s2n_signature_algorithms.h"
|
|
37
38
|
#include "tls/s2n_tls.h"
|
|
38
39
|
#include "tls/s2n_security_policies.h"
|
|
@@ -116,6 +117,7 @@ int s2n_client_hello_cb_done(struct s2n_connection *conn)
|
|
|
116
117
|
POSIX_ENSURE(conn->config->client_hello_cb_mode ==
|
|
117
118
|
S2N_CLIENT_HELLO_CB_NONBLOCKING, S2N_ERR_INVALID_STATE);
|
|
118
119
|
POSIX_ENSURE(conn->client_hello.callback_invoked == 1, S2N_ERR_ASYNC_NOT_PERFORMED);
|
|
120
|
+
POSIX_ENSURE(conn->client_hello.parsed == 1, S2N_ERR_INVALID_STATE);
|
|
119
121
|
|
|
120
122
|
conn->client_hello.callback_async_blocked = 0;
|
|
121
123
|
conn->client_hello.callback_async_done = 1;
|
|
@@ -170,6 +172,7 @@ int s2n_client_hello_free(struct s2n_client_hello *client_hello)
|
|
|
170
172
|
* incase we are preparing for CH retry */
|
|
171
173
|
client_hello->callback_async_blocked = 0;
|
|
172
174
|
client_hello->callback_async_done = 0;
|
|
175
|
+
client_hello->parsed = 0;
|
|
173
176
|
|
|
174
177
|
return 0;
|
|
175
178
|
}
|
|
@@ -225,7 +228,7 @@ int s2n_parse_client_hello(struct s2n_connection *conn)
|
|
|
225
228
|
POSIX_GUARD(s2n_stuffer_read_uint16(in, &cipher_suites_length));
|
|
226
229
|
POSIX_ENSURE(cipher_suites_length > 0, S2N_ERR_BAD_MESSAGE);
|
|
227
230
|
POSIX_ENSURE(cipher_suites_length % S2N_TLS_CIPHER_SUITE_LEN == 0, S2N_ERR_BAD_MESSAGE);
|
|
228
|
-
|
|
231
|
+
|
|
229
232
|
client_hello->cipher_suites.size = cipher_suites_length;
|
|
230
233
|
client_hello->cipher_suites.data = s2n_stuffer_raw_read(in, cipher_suites_length);
|
|
231
234
|
POSIX_ENSURE_REF(client_hello->cipher_suites.data);
|
|
@@ -346,19 +349,28 @@ fail:
|
|
|
346
349
|
RESULT_BAIL(S2N_ERR_CANCELLED);
|
|
347
350
|
}
|
|
348
351
|
|
|
352
|
+
bool s2n_client_hello_invoke_callback(struct s2n_connection *conn) {
|
|
353
|
+
/* Invoke only if the callback has not been called or if polling mode is enabled */
|
|
354
|
+
bool invoke = !conn->client_hello.callback_invoked || conn->config->client_hello_cb_enable_poll;
|
|
355
|
+
/*
|
|
356
|
+
* The callback should not be called if this client_hello is in response to a hello retry.
|
|
357
|
+
*/
|
|
358
|
+
return invoke && !IS_HELLO_RETRY_HANDSHAKE(conn);
|
|
359
|
+
}
|
|
360
|
+
|
|
349
361
|
int s2n_client_hello_recv(struct s2n_connection *conn)
|
|
350
362
|
{
|
|
351
|
-
|
|
363
|
+
if (conn->config->client_hello_cb_enable_poll == 0) {
|
|
364
|
+
POSIX_ENSURE(conn->client_hello.callback_async_blocked == 0, S2N_ERR_ASYNC_BLOCKED);
|
|
365
|
+
}
|
|
352
366
|
|
|
353
|
-
if (conn->
|
|
354
|
-
!conn->client_hello.callback_async_done)
|
|
355
|
-
{
|
|
367
|
+
if (conn->client_hello.parsed == 0) {
|
|
356
368
|
/* Parse client hello */
|
|
357
369
|
POSIX_GUARD(s2n_parse_client_hello(conn));
|
|
370
|
+
conn->client_hello.parsed = 1;
|
|
358
371
|
}
|
|
359
|
-
/*
|
|
360
|
-
|
|
361
|
-
if (conn->client_hello.callback_invoked == 0) {
|
|
372
|
+
/* Call the client_hello_cb once unless polling is enabled. */
|
|
373
|
+
if (s2n_client_hello_invoke_callback(conn)) {
|
|
362
374
|
/* Mark the collected client hello as available when parsing is done and before the client hello callback */
|
|
363
375
|
conn->client_hello.callback_invoked = 1;
|
|
364
376
|
|
|
@@ -376,7 +388,6 @@ int s2n_client_hello_recv(struct s2n_connection *conn)
|
|
|
376
388
|
return 0;
|
|
377
389
|
}
|
|
378
390
|
|
|
379
|
-
|
|
380
391
|
S2N_RESULT s2n_cipher_suite_validate_available(struct s2n_connection *conn, struct s2n_cipher_suite *cipher)
|
|
381
392
|
{
|
|
382
393
|
RESULT_ENSURE_REF(conn);
|
|
@@ -36,6 +36,14 @@ struct s2n_client_hello {
|
|
|
36
36
|
unsigned int callback_invoked:1;
|
|
37
37
|
unsigned int callback_async_blocked:1;
|
|
38
38
|
unsigned int callback_async_done:1;
|
|
39
|
+
/*
|
|
40
|
+
* Marks if the client hello has been parsed.
|
|
41
|
+
*
|
|
42
|
+
* While a client_hello is only parsed once, it is possible to parse
|
|
43
|
+
* two different client_hello during a single handshake if the server
|
|
44
|
+
* issues a hello retry.
|
|
45
|
+
*/
|
|
46
|
+
unsigned int parsed:1;
|
|
39
47
|
};
|
|
40
48
|
|
|
41
49
|
int s2n_client_hello_free(struct s2n_client_hello *client_hello);
|
|
@@ -924,3 +924,16 @@ int s2n_config_get_ctx(struct s2n_config *config, void **ctx) {
|
|
|
924
924
|
|
|
925
925
|
return S2N_SUCCESS;
|
|
926
926
|
}
|
|
927
|
+
|
|
928
|
+
/*
|
|
929
|
+
* Set the client_hello callback behavior to polling.
|
|
930
|
+
*
|
|
931
|
+
* Polling means that the callback function can be called multiple times.
|
|
932
|
+
*/
|
|
933
|
+
int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) {
|
|
934
|
+
POSIX_ENSURE_REF(config);
|
|
935
|
+
|
|
936
|
+
config->client_hello_cb_enable_poll = 1;
|
|
937
|
+
|
|
938
|
+
return S2N_SUCCESS;
|
|
939
|
+
}
|
|
@@ -55,6 +55,12 @@ struct s2n_config {
|
|
|
55
55
|
* but async signing must be enabled. Use this flag to enforce that restriction.
|
|
56
56
|
*/
|
|
57
57
|
unsigned no_signing_key:1;
|
|
58
|
+
/*
|
|
59
|
+
* This option exists to allow for polling the client_hello callback.
|
|
60
|
+
*
|
|
61
|
+
* Note: This defaults to false to ensure backwards compatibility.
|
|
62
|
+
*/
|
|
63
|
+
unsigned client_hello_cb_enable_poll:1;
|
|
58
64
|
|
|
59
65
|
struct s2n_dh_params *dhparams;
|
|
60
66
|
/* Needed until we can deprecate s2n_config_add_cert_chain_and_key. This is
|
|
@@ -1424,7 +1424,8 @@ int s2n_negotiate_impl(struct s2n_connection *conn, s2n_blocked_status *blocked)
|
|
|
1424
1424
|
}
|
|
1425
1425
|
|
|
1426
1426
|
if (ACTIVE_STATE(conn).writer == 'B') {
|
|
1427
|
-
|
|
1427
|
+
/* Clean up handshake secrets */
|
|
1428
|
+
POSIX_GUARD_RESULT(s2n_tls13_secrets_clean(conn));
|
|
1428
1429
|
|
|
1429
1430
|
/* Send any pending post-handshake messages */
|
|
1430
1431
|
POSIX_GUARD(s2n_post_handshake_send(conn, blocked));
|
|
@@ -47,3 +47,12 @@ struct s2n_connection;
|
|
|
47
47
|
*/
|
|
48
48
|
S2N_PRIVATE_API
|
|
49
49
|
extern int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config);
|
|
50
|
+
|
|
51
|
+
/*
|
|
52
|
+
* Enable polling the async client_hello callback to make progress.
|
|
53
|
+
*
|
|
54
|
+
* `s2n_negotiate` must be called multiple times to poll the callback function
|
|
55
|
+
* and make progress.
|
|
56
|
+
*/
|
|
57
|
+
S2N_PRIVATE_API
|
|
58
|
+
extern int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config);
|