Merge branch 'main' into test/reduce-parameter-selection

Author: johubertj

.git-blame-ignore-revs

@@ -40,4 +40,4 @@ e8cdc1ae63ff1de6f14cf91e3c317fbf57c198ec
 # clang-format `utils/` and enforce in ci (#3651)
 be8ad6c027b50e9dc86d8f8eb729ce88f2d4206d
 # Ruff format updated CI and code (#5138)
-8e80fc46c8e6192c7359dd3b1c17c833eb979b51
+ac1d09851b4d625f83d1fa68b467abbca8fdd408

.github/workflows/ci_linting.yml

@@ -108,7 +108,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nixbuild/nix-quick-install-action@v30
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix flake check
@@ -117,7 +117,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nixbuild/nix-quick-install-action@v30
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix fmt

bindings/rust/extended/s2n-tls-sys/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-sys"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.3.12"
+version = "0.3.13"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"

bindings/rust/extended/s2n-tls-sys/templates/Cargo.template

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-sys"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.3.12"
+version = "0.3.13"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"

bindings/rust/extended/s2n-tls-tokio/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-tokio"
 description = "An implementation of TLS streams for Tokio built on top of s2n-tls"
-version = "0.3.12"
+version = "0.3.13"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"
@@ -16,7 +16,7 @@ errno = { version = "0.3" }
 # A minimum libc version of 0.2.121 is required by aws-lc-sys 0.14.0.
 libc = { version = "0.2.121" }
 pin-project-lite = { version = "0.2" }
-s2n-tls = { version = "=0.3.12", path = "../s2n-tls" }
+s2n-tls = { version = "=0.3.13", path = "../s2n-tls" }
 tokio = { version = "1", features = ["net", "time"] }
 
 [dev-dependencies]

bindings/rust/extended/s2n-tls/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.3.12"
+version = "0.3.13"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"
@@ -22,7 +22,7 @@ unstable-testing = []
 errno = { version = "0.3" }
 # A minimum libc version of 0.2.121 is required by aws-lc-sys 0.14.0.
 libc = "0.2.121"
-s2n-tls-sys = { version = "=0.3.12", path = "../s2n-tls-sys", features = ["internal"] }
+s2n-tls-sys = { version = "=0.3.13", path = "../s2n-tls-sys", features = ["internal"] }
 pin-project-lite = "0.2"
 hex = "0.4"
 

bindings/rust/standard/bench/Cargo.toml

@@ -20,6 +20,7 @@ pprof = { version = "0.14", features = ["criterion", "flamegraph"] }
 # debugging interop failures
 env_logger = "0.10"
 log = "0.4"
+symbolic-common = { version = "=12.13.4" } # newer versions require rust 1.82.0, see https://github.com/aws/s2n-tls/issues/5165
 
 [[bench]]
 name = "handshake"

bindings/rust/standard/rust-toolchain.toml

@@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.74.0"
+channel = "1.81.0"

bindings/rust/standard/s2n-tls-hyper/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-hyper"
 description = "A compatbility crate allowing s2n-tls to be used with the hyper HTTP library"
-version = "0.0.4"
+version = "0.0.5"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.74.0"
@@ -12,8 +12,8 @@ license = "Apache-2.0"
 default = []
 
 [dependencies]
-s2n-tls = { version = "=0.3.12", path = "../../extended/s2n-tls" }
-s2n-tls-tokio = { version = "=0.3.12", path = "../../extended/s2n-tls-tokio" }
+s2n-tls = { version = "=0.3.13", path = "../../extended/s2n-tls" }
+s2n-tls-tokio = { version = "=0.3.13", path = "../../extended/s2n-tls-tokio" }
 # A minimum hyper version of 1.3 is required by hyper-util 0.1.4:
 # https://github.com/hyperium/hyper-util/blob/3f6a92ecd019b8d534d2945564d3ab8a92ff1f41/Cargo.toml#L34
 hyper = { version = "1.3" }

codebuild/spec/buildspec_openssl3fips.yml

@@ -35,6 +35,4 @@ phases:
     commands:
       - export CTEST_PARALLEL_LEVEL=$(nproc)
       # openssl3fips is still a work-in-progress. Not all tests pass.
-      - make -C build test -- ARGS="-R 's2n_build_test|s2n_fips_test'"
-      - make -C build test -- ARGS="-R 's2n_hash_test|s2n_hash_all_algs_test|s2n_openssl_test|s2n_init_test'"
-      - make -C build test -- ARGS="-R 's2n_evp_signing_test'"
+      - make -C build test -- ARGS="-E 's2n_self_talk_offload_signing_test'"

crypto/s2n_aead_cipher_chacha20_poly1305.c

@@ -16,6 +16,7 @@
 #include <openssl/evp.h>
 
 #include "crypto/s2n_cipher.h"
+#include "crypto/s2n_libcrypto.h"
 #include "crypto/s2n_openssl.h"
 #include "tls/s2n_crypto.h"
 #include "utils/s2n_blob.h"
@@ -37,7 +38,11 @@
 static bool s2n_aead_chacha20_poly1305_available(void)
 {
 #if defined(S2N_CHACHA20_POLY1305_AVAILABLE_OSSL) || defined(S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC)
-    return true;
+    /* We could support ChaChaPoly with openssl-3.0-fips,
+     * but it would require more branching and logic to fetch a non-fips EVP_CIPHER.
+     * For now, just consider ChaChaPoly unsupported by openssl-3.0-fips.
+     */
+    return !s2n_libcrypto_is_openssl_fips();
 #else
     return false;
 #endif

crypto/s2n_prf_libcrypto.c

@@ -0,0 +1,193 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include "crypto/s2n_prf_libcrypto.h"
+
+#include "crypto/s2n_hash.h"
+#include "error/s2n_errno.h"
+#include "tls/s2n_connection.h"
+#include "utils/s2n_safety.h"
+
+#if defined(OPENSSL_IS_AWSLC)
+
+/* The AWSLC TLS PRF API is exported in all AWSLC versions. However, in the AWSLC FIPS branch, this
+ * API is defined in a private header:
+ * https://github.com/aws/aws-lc/blob/d251b365b73a6e6acff6ee634aa8f077f23cdea4/crypto/fipsmodule/tls/internal.h#L27
+ *
+ * AWSLC has committed to this API definition, and the API has been added to a public header in the
+ * main branch: https://github.com/aws/aws-lc/pull/1033. As such, this API is forward-declared in
+ * order to make it accessible to s2n-tls when linked to AWSLC-FIPS.
+ */
+int CRYPTO_tls1_prf(const EVP_MD *digest,
+        uint8_t *out, size_t out_len,
+        const uint8_t *secret, size_t secret_len,
+        const char *label, size_t label_len,
+        const uint8_t *seed1, size_t seed1_len,
+        const uint8_t *seed2, size_t seed2_len);
+
+S2N_RESULT s2n_prf_libcrypto(struct s2n_connection *conn,
+        struct s2n_blob *secret, struct s2n_blob *label,
+        struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c,
+        struct s2n_blob *out)
+{
+    const EVP_MD *digest = NULL;
+    if (conn->actual_protocol_version < S2N_TLS12) {
+        /* md5_sha1 is a digest that indicates both MD5 and SHA1 should be used in the PRF calculation.
+         * This is needed for pre-TLS12 PRFs.
+         */
+        digest = EVP_md5_sha1();
+    } else {
+        RESULT_GUARD(s2n_hmac_md_from_alg(conn->secure->cipher_suite->prf_alg, &digest));
+    }
+    RESULT_ENSURE_REF(digest);
+
+    DEFER_CLEANUP(struct s2n_stuffer seed_b_stuffer = { 0 }, s2n_stuffer_free);
+    size_t seed_b_len = 0;
+    uint8_t *seed_b_data = NULL;
+
+    if (seed_b != NULL) {
+        struct s2n_blob seed_b_blob = { 0 };
+        RESULT_GUARD_POSIX(s2n_blob_init(&seed_b_blob, seed_b->data, seed_b->size));
+        RESULT_GUARD_POSIX(s2n_stuffer_init_written(&seed_b_stuffer, &seed_b_blob));
+
+        if (seed_c != NULL) {
+            /* The AWSLC TLS PRF implementation only provides two seed arguments. If three seeds
+             * were provided, pass in the third seed by concatenating it with the second seed.
+             */
+            RESULT_GUARD_POSIX(s2n_stuffer_alloc(&seed_b_stuffer, seed_b->size + seed_c->size));
+            RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&seed_b_stuffer, seed_b->data, seed_b->size));
+            RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&seed_b_stuffer, seed_c->data, seed_c->size));
+        }
+
+        seed_b_len = s2n_stuffer_data_available(&seed_b_stuffer);
+        seed_b_data = s2n_stuffer_raw_read(&seed_b_stuffer, seed_b_len);
+        RESULT_ENSURE_REF(seed_b_data);
+    }
+
+    RESULT_GUARD_OSSL(CRYPTO_tls1_prf(digest,
+                              out->data, out->size,
+                              secret->data, secret->size,
+                              (const char *) label->data, label->size,
+                              seed_a->data, seed_a->size,
+                              seed_b_data, seed_b_len),
+            S2N_ERR_PRF_DERIVE);
+
+    return S2N_RESULT_OK;
+}
+
+#elif S2N_OPENSSL_VERSION_AT_LEAST(3, 0, 0)
+
+    #include <openssl/core_names.h>
+    #include <openssl/kdf.h>
+
+    #define S2N_OSSL_PARAM_BLOB(id, blob) \
+        OSSL_PARAM_octet_string(id, blob->data, blob->size)
+    #define S2N_OSSL_PARAM_STR(id, cstr) \
+        OSSL_PARAM_utf8_string(id, cstr, strlen(cstr))
+
+DEFINE_POINTER_CLEANUP_FUNC(EVP_KDF_CTX *, EVP_KDF_CTX_free);
+DEFINE_POINTER_CLEANUP_FUNC(EVP_KDF *, EVP_KDF_free);
+
+S2N_RESULT s2n_prf_libcrypto(struct s2n_connection *conn,
+        struct s2n_blob *secret, struct s2n_blob *label,
+        struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c,
+        struct s2n_blob *out)
+{
+    RESULT_ENSURE_REF(conn);
+    RESULT_ENSURE_REF(secret);
+    RESULT_ENSURE_REF(label);
+    RESULT_ENSURE_REF(seed_a);
+    RESULT_ENSURE_REF(out);
+
+    struct s2n_blob empty_seed = { 0 };
+    if (!seed_b) {
+        seed_b = &empty_seed;
+    }
+    if (!seed_c) {
+        seed_c = &empty_seed;
+    }
+
+    /* Openssl limits the size of the seed to 1024 bytes, including the label.
+     * This would be an issue for TLS1.2 PQ, which uses full keyshares as seeds.
+     * However, s2n-tls doesn't support PQ with Openssl, so this limitation will
+     * never affect customers.
+     *
+     * As of this commit, EVP_KDF_derive will fail silently (without logging any
+     * error) if the seed is too large. This check adds visibility.
+     */
+    uint64_t seed_total_size = label->size + seed_a->size + seed_b->size + seed_c->size;
+    RESULT_ENSURE(seed_total_size <= 1024, S2N_ERR_PRF_INVALID_SEED);
+
+    const char *digest_name = "MD5-SHA1";
+    const char *fetch_properties = "-fips";
+
+    if (conn->actual_protocol_version == S2N_TLS12) {
+        fetch_properties = "";
+
+        RESULT_ENSURE_REF(conn->secure);
+        RESULT_ENSURE_REF(conn->secure->cipher_suite);
+        s2n_hmac_algorithm prf_alg = conn->secure->cipher_suite->prf_alg;
+
+        const EVP_MD *digest = NULL;
+        RESULT_GUARD(s2n_hmac_md_from_alg(prf_alg, &digest));
+        RESULT_ENSURE_REF(digest);
+        digest_name = EVP_MD_get0_name(digest);
+        RESULT_ENSURE_REF(digest_name);
+    }
+
+    /* As an optimization, we should be able to fetch and cache this EVP_KDF*
+     * once when s2n_init is called.
+     */
+    DEFER_CLEANUP(EVP_KDF *prf_impl = EVP_KDF_fetch(NULL, "TLS1-PRF", fetch_properties),
+            EVP_KDF_free_pointer);
+    RESULT_ENSURE(prf_impl, S2N_ERR_PRF_INVALID_ALGORITHM);
+
+    DEFER_CLEANUP(EVP_KDF_CTX *prf_ctx = EVP_KDF_CTX_new(prf_impl),
+            EVP_KDF_CTX_free_pointer);
+    RESULT_ENSURE_REF(prf_ctx);
+
+    OSSL_PARAM params[] = {
+        /* Casting away the const is safe because providers are forbidden from
+         * modifying any OSSL_PARAM value other than return_size.
+         * Even the examples in the Openssl documentation cast const strings to
+         * non-const void pointers when setting up OSSL_PARAMs.
+         */
+        S2N_OSSL_PARAM_STR(OSSL_KDF_PARAM_PROPERTIES, (void *) (uintptr_t) fetch_properties),
+        S2N_OSSL_PARAM_STR(OSSL_KDF_PARAM_DIGEST, (void *) (uintptr_t) digest_name),
+        S2N_OSSL_PARAM_BLOB(OSSL_KDF_PARAM_SECRET, secret),
+        /* "TLS1-PRF" handles the label like just another seed */
+        S2N_OSSL_PARAM_BLOB(OSSL_KDF_PARAM_SEED, label),
+        S2N_OSSL_PARAM_BLOB(OSSL_KDF_PARAM_SEED, seed_a),
+        S2N_OSSL_PARAM_BLOB(OSSL_KDF_PARAM_SEED, seed_b),
+        S2N_OSSL_PARAM_BLOB(OSSL_KDF_PARAM_SEED, seed_c),
+        OSSL_PARAM_END,
+    };
+
+    RESULT_GUARD_OSSL(EVP_KDF_derive(prf_ctx, out->data, out->size, params),
+            S2N_ERR_PRF_DERIVE);
+    return S2N_RESULT_OK;
+}
+
+#else
+
+S2N_RESULT s2n_prf_libcrypto(struct s2n_connection *conn,
+        struct s2n_blob *secret, struct s2n_blob *label,
+        struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c,
+        struct s2n_blob *out)
+{
+    RESULT_BAIL(S2N_ERR_FIPS_MODE_UNSUPPORTED);
+}
+
+#endif

crypto/s2n_prf_libcrypto.h

@@ -0,0 +1,24 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#pragma once
+
+#include "utils/s2n_blob.h"
+#include "utils/s2n_result.h"
+
+S2N_RESULT s2n_prf_libcrypto(struct s2n_connection *conn,
+        struct s2n_blob *secret, struct s2n_blob *label,
+        struct s2n_blob *seed_a, struct s2n_blob *seed_b, struct s2n_blob *seed_c,
+        struct s2n_blob *out);

tests/integrationv2/common.py

@@ -7,6 +7,7 @@
 import itertools
 import random
 import string
+import pytest
 
 from constants import TEST_CERT_DIRECTORY
 from global_flags import get_flag, S2N_PROVIDER_VERSION

tests/integrationv2/fixtures.py

@@ -4,7 +4,6 @@
 import pytest
 import subprocess
 
-from global_flags import get_flag
 from processes import ManagedProcess
 from providers import Provider, S2N
 
@@ -90,7 +89,7 @@ def _fn(
 
     try:
         yield _fn
-    except Exception as e:
+    except Exception as _:
         # The ManagedProcess already prints information to stdout, so there
         # is nothing to capture here.
         pass