Merge branch 'main' into ktls_fix_2

CMakeLists.txt

@@ -39,6 +39,7 @@ option(S2N_INTEG_TESTS "Enable the integrationv2 tests" OFF)
 option(S2N_FAST_INTEG_TESTS "Enable the integrationv2 with more parallelism, only has effect if S2N_INTEG_TESTS=ON" OFF)
 option(S2N_INSTALL_S2NC_S2ND "Install the binaries s2nc and s2nd" OFF)
 option(TSAN "Enable ThreadSanitizer to test thread safety" OFF)
+option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
 
 # Turn BUILD_TESTING=ON by default
 include(CTest)
@@ -218,6 +219,16 @@ if(TSAN)
     target_link_options(${PROJECT_NAME} PUBLIC -fsanitize=thread)
 endif()
 
+if(ASAN)
+    target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize=address -DS2N_ADDRESS_SANITIZER=1)
+    target_link_options(${PROJECT_NAME} PUBLIC -fsanitize=address)
+endif()
+
+if(TSAN OR ASAN)
+    # no-omit-frame-pointer and no-optimize-sibling-calls provide better stack traces
+    target_compile_options(${PROJECT_NAME} PUBLIC -fno-omit-frame-pointer -fno-optimize-sibling-calls)
+endif()
+
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
 
 if (NOT $ENV{S2N_LIBCRYPTO} MATCHES "awslc")
@@ -503,12 +514,14 @@ if (BUILD_TESTING)
     add_library(allocator_overrides SHARED ${TEST_LD_PRELOAD})
 
     set(UNIT_TEST_ENVS S2N_DONT_MLOCK=1)
+    if (TSAN OR ASAN)
+        set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} S2N_ADDRESS_SANITIZER=1)
+    endif()
     if(TSAN)
         set(TSAN_SUPPRESSIONS_FILE ${CMAKE_SOURCE_DIR}/tests/.tsan_suppressions)
         if(NOT EXISTS ${TSAN_SUPPRESSIONS_FILE})
             message(FATAL_ERROR "TSAN suppression file ${TSAN_SUPPRESSIONS_FILE} missing")
         endif()
-        set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} S2N_ADDRESS_SANITIZER=1)
         set(TSAN_OPTIONS suppressions=${TSAN_SUPPRESSIONS_FILE})
         if(DEFINED ENV{TSAN_OPTIONS})
             set(TSAN_OPTIONS "${TSAN_OPTIONS} $ENV{TSAN_OPTIONS}")

compliance/initialize_duvet.sh

@@ -7,4 +7,6 @@ duvet extract https://tools.ietf.org/rfc/rfc8448 # Example Handshake Traces for
 duvet extract https://tools.ietf.org/rfc/rfc7627 # Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
 duvet extract https://tools.ietf.org/rfc/rfc5746 # Transport Layer Security (TLS) Renegotiation Indication Extension
 duvet extract https://tools.ietf.org/rfc/rfc4492 # Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
+duvet extract https://tools.ietf.org/rfc/rfc8422 # Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier
+
 

nix/shell.sh

@@ -11,7 +11,7 @@ banner()
 
 
 function clean {
-    banner "Cleanup up ./build"
+    banner "Cleanup ./build"
     rm -rf ./build
 }
 
@@ -23,6 +23,7 @@ function configure {
           -DS2N_INSTALL_S2NC_S2ND=ON \
           -DS2N_INTEG_NIX=ON \
           -DBUILD_SHARED_LIBS=ON \
+          $S2N_CMAKE_OPTIONS \
           -DCMAKE_BUILD_TYPE=RelWithDebInfo
 }
 

tests/features/S2N_CLOEXEC_SUPPORTED.c

@@ -0,0 +1,20 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include <fcntl.h>
+
+int main() {
+    return O_CLOEXEC;
+}

tests/features/S2N_CLOEXEC_SUPPORTED.flags

@@ -0,0 +1 @@
+-Werror

tests/features/S2N_CLOEXEC_XOPEN_SUPPORTED.c

@@ -0,0 +1,22 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#define _XOPEN_SOURCE 700
+#include <fcntl.h>
+#undef _XOPEN_SOURCE
+
+int main() {
+    return O_CLOEXEC;
+}

tests/features/S2N_CLOEXEC_XOPEN_SUPPORTED.flags

@@ -0,0 +1 @@
+-Werror

tls/extensions/s2n_ec_point_format.c

@@ -64,9 +64,17 @@ static int s2n_ec_point_format_send(struct s2n_connection *conn, struct s2n_stuf
 
 static int s2n_ec_point_format_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
 {
-    /**
-     * Only uncompressed points are supported by the server and the client must include it in
+    /* Only uncompressed points are supported by the server and the client must include it in
      * the extension. Just skip the extension.
+     *
+     *= https://tools.ietf.org/rfc/rfc8422#section-5.1.2
+     *= type=exception
+     *= reason=Incorrect implementations exist in the wild. Skipping validation.
+     *# If the client sends the extension and the extension does not contain
+     *# the uncompressed point format, and the client has used the Supported
+     *# Groups extension to indicate support for any of the curves defined in
+     *# this specification, then the server MUST abort the handshake and
+     *# return an illegal_parameter alert.
      */
     conn->ec_point_formats = 1;
     return S2N_SUCCESS;

tls/s2n_record_read.c

@@ -106,12 +106,19 @@ int s2n_record_header_parse(
     S2N_ERROR_IF(conn->actual_protocol_version_established && MIN(conn->actual_protocol_version, S2N_TLS12) /* check against legacy record version (1.2) in tls 1.3 */
                             != version,
             S2N_ERR_BAD_MESSAGE);
-    POSIX_GUARD(s2n_stuffer_read_uint16(in, fragment_length));
 
-    /* Some servers send fragments that are above the maximum length.  (e.g.
-     * Openssl 1.0.1, so we don't check if the fragment length is >
-     * S2N_TLS_MAXIMUM_FRAGMENT_LENGTH. The on-the-wire max is 65k
+    /* Some servers send fragments that are above the maximum length (e.g.
+     * Openssl 1.0.1), so we don't check if the fragment length is >
+     * S2N_TLS_MAXIMUM_FRAGMENT_LENGTH. We allow up to 2^16.
+     *
+     *= https://tools.ietf.org/rfc/rfc8446#section-5.1
+     *= type=exception
+     *= reason=Incorrect implementations exist in the wild. Ignoring instead.
+     *# The length MUST NOT exceed 2^14 bytes.  An
+     *# endpoint that receives a record that exceeds this length MUST
+     *# terminate the connection with a "record_overflow" alert.
      */
+    POSIX_GUARD(s2n_stuffer_read_uint16(in, fragment_length));
     POSIX_GUARD(s2n_stuffer_reread(in));
 
     return 0;

utils/s2n_random.c

@@ -28,13 +28,17 @@
  * 700.  In glibc 2.11 and earlier, one obtains the definitions by
  * defining _GNU_SOURCE.
  *
- * # Relavent Links
+ * We use two feature probes to detect the need to perform this workaround.
+ * It is only applied if we can't get CLOEXEC without it and the build doesn't
+ * fail with _XOPEN_SOURCE being defined.
+ *
+ * # Relevent Links
  *
  * - POSIX.1-2017: https://pubs.opengroup.org/onlinepubs/9699919799
  * - https://stackoverflow.com/a/5724485
  * - https://stackoverflow.com/a/5583764
  */
-#ifndef _XOPEN_SOURCE
+#if !defined(S2N_CLOEXEC_SUPPORTED) && defined(S2N_CLOEXEC_XOPEN_SUPPORTED) && !defined(_XOPEN_SOURCE)
     #define _XOPEN_SOURCE 700
     #include <fcntl.h>
     #undef _XOPEN_SOURCE