Merge branch 'main' into main

CMakeLists.txt

@@ -24,6 +24,8 @@ otherwise a crypto target needs to be defined." ON)
 option(UNSAFE_TREAT_WARNINGS_AS_ERRORS "Compiler warnings are treated as errors. Warnings may
 indicate danger points where you should verify with the S2N-TLS developers that the security of
 the library is not compromised. Turn this OFF to ignore warnings." ON)
+option(S2N_WERROR_ALL "This option will cause all artifacts linked to libs2n to use the 
+-Werror setting." OFF)
 option(S2N_INTERN_LIBCRYPTO "This ensures that s2n-tls is compiled and deployed with a specific
 version of libcrypto by interning the code and hiding symbols. This also enables s2n-tls to be
 loaded in an application with an otherwise conflicting libcrypto version." OFF)
@@ -137,7 +139,9 @@ target_compile_options(${PROJECT_NAME} PRIVATE -pedantic -std=gnu99 -Wall -Wimpl
         -Wno-missing-braces -Wsign-compare -Wno-strict-prototypes -Wa,--noexecstack
 )
 
-if (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
+if (S2N_WERROR_ALL)
+    target_compile_options(${PROJECT_NAME} PUBLIC -Werror)
+elseif (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
     target_compile_options(${PROJECT_NAME} PRIVATE -Werror )
 endif ()
 
@@ -501,7 +505,11 @@ if (BUILD_TESTING)
                   find . -name '${test_case_name}.c.o' -exec objcopy --redefine-syms libcrypto.symbols {} \\\;
             )
         endif()
-        target_compile_options(${test_case_name} PRIVATE -Wno-implicit-function-declaration -Wno-deprecated -Wunused-result -D_POSIX_C_SOURCE=200809L -std=gnu99)
+        target_compile_options(${test_case_name} PRIVATE 
+                -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
+                -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
+                -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99)
         if (S2N_LTO)
             target_compile_options(${test_case_name} PRIVATE -flto)
         endif()

api/s2n.h

@@ -1559,6 +1559,47 @@ S2N_API extern int s2n_client_hello_get_session_id_length(struct s2n_client_hell
  */
 S2N_API extern int s2n_client_hello_get_session_id(struct s2n_client_hello *ch, uint8_t *out, uint32_t *out_length, uint32_t max_length);
 
+/**
+ * Get the length of the compression methods list sent in the Client Hello.
+ *
+ * @param ch A pointer to the Client Hello
+ * @param out_length An out pointer. Will be set to the length of the compression methods list in bytes.
+ * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
+ */
+S2N_API extern int s2n_client_hello_get_compression_methods_length(struct s2n_client_hello *ch, uint32_t *out_length);
+
+/**
+ * Retrieves the list of compression methods sent in the Client Hello.
+ *
+ * Use `s2n_client_hello_get_compression_methods_length()`
+ * to retrieve how much memory should be allocated for the buffer in advance.
+ *
+ * @note Compression methods were removed in TLS1.3 and therefore the only valid value in this list is the
+ * "null" compression method when TLS1.3 is negotiated.
+ *
+ * @note s2n-tls has never supported compression methods in any TLS version and therefore a
+ * compression method will never be negotiated or used.
+ * 
+ * @param ch A pointer to the Client Hello
+ * @param list A pointer to some memory that s2n will write the compression methods to. This memory MUST be the size of `list_length`
+ * @param list_length The size of `list`.
+ * @param out_length An out pointer. s2n will set its value to the size of the compression methods list in bytes.
+ * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
+ */
+S2N_API extern int s2n_client_hello_get_compression_methods(struct s2n_client_hello *ch, uint8_t *list, uint32_t list_length, uint32_t *out_length);
+
+/**
+ * Access the Client Hello protocol version
+ *
+ * @note This field is a legacy field in TLS1.3 and is no longer used to negotiate the
+ * protocol version of the connection. It will be set to TLS1.2 even if TLS1.3 is negotiated.
+ * Therefore this method should only be used for logging or fingerprinting.
+ *
+ * @param ch A pointer to the client hello struct
+ * @param out The protocol version in the client hello.
+ */
+S2N_API extern int s2n_client_hello_get_legacy_protocol_version(struct s2n_client_hello *ch, uint8_t *out);
+
 /**
  * Retrieves the supported groups received from the client in the supported groups extension.
  *
@@ -2879,6 +2920,19 @@ S2N_API extern int s2n_connection_get_actual_protocol_version(struct s2n_connect
  */
 S2N_API extern int s2n_connection_get_client_hello_version(struct s2n_connection *conn);
 
+/**
+ * Access the protocol version from the header of the first record that contained the ClientHello message.
+ * 
+ * @note This field has been deprecated and should not be confused with the client hello
+ * version. It is often set very low, usually to TLS1.0 for compatibility reasons,
+ * and should never be set higher than TLS1.2. Therefore this method should only be used
+ * for logging or fingerprinting.
+ *
+ * @param conn A pointer to the client hello struct
+ * @param out The protocol version in the record header containing the Client Hello.
+ */
+S2N_API extern int s2n_client_hello_get_legacy_record_version(struct s2n_client_hello *ch, uint8_t *out);
+
 /**
  * Check if Client Auth was used for a connection.
  *

bindings/rust/s2n-tls-tokio/src/lib.rs

@@ -112,10 +112,11 @@ where
         let result = match self.error.take() {
             Some(err) => Err(err),
             None => {
-                ready!(self.tls.with_io(ctx, |context| {
+                let handshake_poll = self.tls.with_io(ctx, |context| {
                     let conn = context.get_mut().as_mut();
                     conn.poll_negotiate().map(|r| r.map(|_| ()))
-                }))
+                });
+                ready!(handshake_poll)
             }
         };
         // If the result isn't a fatal error, return it immediately.

crypto/s2n_certificate.h

@@ -24,6 +24,13 @@
 
 #define S2N_CERT_TYPE_COUNT S2N_PKEY_TYPE_SENTINEL
 
+struct s2n_cert_info {
+    int signature_nid;
+    /* This field is not populated for RSA_PSS signatures */
+    int signature_digest_nid;
+    bool self_signed;
+};
+
 struct s2n_cert {
     s2n_pkey_type pkey_type;
     uint16_t ec_curve_nid;

crypto/s2n_openssl_x509.c

@@ -83,3 +83,36 @@ S2N_RESULT s2n_openssl_x509_parse(struct s2n_blob *asn1der, X509 **cert_out)
 
     return S2N_RESULT_OK;
 }
+
+S2N_RESULT s2n_openssl_x509_get_cert_info(X509 *cert, struct s2n_cert_info *info)
+{
+    RESULT_ENSURE_REF(cert);
+    RESULT_ENSURE_REF(info);
+
+    X509_NAME *issuer_name = X509_get_issuer_name(cert);
+    RESULT_ENSURE_REF(issuer_name);
+
+    X509_NAME *subject_name = X509_get_subject_name(cert);
+    RESULT_ENSURE_REF(subject_name);
+
+    if (X509_NAME_cmp(issuer_name, subject_name) == 0) {
+        info->self_signed = true;
+    } else {
+        info->self_signed = false;
+    }
+
+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x02070000f)
+    RESULT_ENSURE_REF(cert->sig_alg);
+    info->signature_nid = OBJ_obj2nid(cert->sig_alg->algorithm);
+#else
+    info->signature_nid = X509_get_signature_nid(cert);
+#endif
+    /* These is no method to directly retrieve that signature digest from the X509*
+     * that is available in all libcryptos, so instead we use find_sigid_algs. For
+     * a signature NID_ecdsa_with_SHA256 this will return NID_SHA256 
+     */
+    RESULT_GUARD_OSSL(OBJ_find_sigid_algs(info->signature_nid, &info->signature_digest_nid, NULL),
+            S2N_ERR_CERT_TYPE_UNSUPPORTED);
+
+    return S2N_RESULT_OK;
+}

crypto/s2n_openssl_x509.h

@@ -19,6 +19,7 @@
 #include <openssl/x509.h>
 #include <stdint.h>
 
+#include "crypto/s2n_certificate.h"
 #include "utils/s2n_blob.h"
 #include "utils/s2n_safety.h"
 
@@ -44,3 +45,5 @@ S2N_RESULT s2n_openssl_x509_parse(struct s2n_blob *asn1der, X509 **cert_out);
  * compatability with previous permissive parsing behavior.
  */
 S2N_RESULT s2n_openssl_x509_parse_without_length_validation(struct s2n_blob *asn1der, X509 **cert_out);
+
+S2N_RESULT s2n_openssl_x509_get_cert_info(X509 *cert, struct s2n_cert_info *info);

tests/fuzz/s2n_certificate_extensions_parse_test.c

@@ -25,6 +25,7 @@
 #include "api/s2n.h"
 #include "stuffer/s2n_stuffer.h"
 #include "tls/extensions/s2n_extension_list.h"
+#include "tls/s2n_config.h"
 #include "tls/s2n_connection.h"
 #include "tls/s2n_tls.h"
 #include "utils/s2n_safety.h"
@@ -50,6 +51,8 @@ static const uint8_t TLS_VERSIONS[] = {S2N_TLS13};
 
 int s2n_fuzz_init(int *argc, char **argv[])
 {
+    /* Initialize the trust store */
+    POSIX_GUARD_RESULT(s2n_config_testing_defaults_init_tls13_certs());
     POSIX_GUARD(s2n_enable_tls13_in_test());
     return S2N_SUCCESS;
 }

tests/testlib/s2n_test_certs.c

@@ -63,6 +63,14 @@ int s2n_test_cert_permutation_get_ca_path(char *output, const char *type, const
     return S2N_SUCCESS;
 }
 
+S2N_RESULT s2n_test_cert_permutation_get_server_chain_path(char *output, const char *type,
+        const char *signature, const char *size, const char *digest)
+{
+    sprintf(output, "../pems/permutations/%s_%s_%s_%s/server-chain.pem", type, signature, size,
+            digest);
+    return S2N_RESULT_OK;
+}
+
 int s2n_read_test_pem(const char *pem_path, char *pem_out, long int max_size)
 {
     uint32_t pem_len = 0;

tests/testlib/s2n_testlib.h

@@ -213,6 +213,8 @@ int s2n_test_cert_permutation_load_server_chain(struct s2n_cert_chain_and_key **
 
 int s2n_test_cert_permutation_get_ca_path(char *output, const char *type, const char *siganture,
         const char *size, const char *digest);
+S2N_RESULT s2n_test_cert_permutation_get_server_chain_path(char *output, const char *type,
+        const char *siganture, const char *size, const char *digest);
 
 S2N_RESULT s2n_test_cert_chain_data_from_pem(struct s2n_connection *conn, const char *pem_path,
         struct s2n_stuffer *cert_chain_stuffer);

tests/unit/s2n_build_test.c

@@ -23,6 +23,8 @@
 #include "crypto/s2n_openssl.h"
 #include "s2n_test.h"
 
+#define MAX_LIBCRYPTO_NAME_LEN 100
+
 int tokenize_s2n_libcrypto(char *s2n_libcrypto, char **name, char **version)
 {
     if (name == NULL || version == NULL || s2n_libcrypto == NULL) {
@@ -44,6 +46,19 @@ int tokenize_s2n_libcrypto(char *s2n_libcrypto, char **name, char **version)
     return S2N_SUCCESS;
 }
 
+S2N_RESULT s2n_test_lowercase_copy(const char *input, char *destination, size_t max_len)
+{
+    RESULT_ENSURE_REF(input);
+    RESULT_ENSURE_REF(destination);
+
+    for (size_t i = 0; i < strlen(input); i++) {
+        RESULT_ENSURE_LT(i, max_len);
+        destination[i] = tolower(input[i]);
+    }
+
+    return S2N_RESULT_OK;
+}
+
 int main()
 {
     BEGIN_TEST();
@@ -69,8 +84,9 @@ int main()
         END_TEST();
     }
 
-    char s2n_libcrypto_copy[100] = { 0 };
-    strncpy(s2n_libcrypto_copy, s2n_libcrypto, 99);
+    char s2n_libcrypto_copy[MAX_LIBCRYPTO_NAME_LEN] = { 0 };
+    EXPECT_TRUE(strlen(s2n_libcrypto) < MAX_LIBCRYPTO_NAME_LEN);
+    EXPECT_OK(s2n_test_lowercase_copy(s2n_libcrypto, &s2n_libcrypto_copy[0], s2n_array_len(s2n_libcrypto_copy)));
     char *name = NULL;
     char *version = NULL;
     EXPECT_SUCCESS(tokenize_s2n_libcrypto(s2n_libcrypto_copy, &name, &version));
@@ -83,8 +99,9 @@ int main()
             EXPECT_TRUE(s2n_libcrypto_is_awslc());
         } else {
             /* Any other library should have the name of the library (modulo case) in its version string.  */
-            const char *ssleay_version_text = SSLeay_version(SSLEAY_VERSION);
-            EXPECT_NOT_NULL(strcasestr(ssleay_version_text, name));
+            char ssleay_version_text[MAX_LIBCRYPTO_NAME_LEN] = { 0 };
+            EXPECT_OK(s2n_test_lowercase_copy(SSLeay_version(SSLEAY_VERSION), &ssleay_version_text[0], MAX_LIBCRYPTO_NAME_LEN));
+            EXPECT_NOT_NULL(strstr(ssleay_version_text, name));
         }
     };