Merge branch 'main' into so-version

aws · Aug 2, 2022 · 420cc40 · 420cc40
2 parents 7e9645f + 2ad9e17
commit 420cc40
Show file tree

Hide file tree

Showing 24 changed files with 894 additions and 279 deletions.
diff --git a/.github/workflows/ci_freebsd.yml b/.github/workflows/ci_freebsd.yml
@@ -4,25 +4,24 @@ on:
   pull_request:
     branches:
       - main
-      - master
 
 jobs:
   testfreebsd:
-    runs-on: macos-10.15
+    runs-on: macos-12
     name: CI FreeBSD
     steps:
-    - uses: actions/checkout@v2
-    - name: Build and test in FreeBSD
-      id: test
-      uses: vmactions/[email protected]
-      with:
-        prepare: pkg install -y ninja cmake
-        run: |
-          freebsd-version
-          .github/s2n_freebsd.sh
-    - name: Upload test results
-      if: always()
-      uses: actions/upload-artifact@master
-      with:
-        name: all_test_output
-        path: build/Testing/Temporary
+      - uses: actions/checkout@v2
+      - name: Build and test in FreeBSD
+        id: test
+        uses: vmactions/[email protected]
+        with:
+          prepare: pkg install -y ninja cmake
+          run: |
+            freebsd-version
+            .github/s2n_freebsd.sh
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@master
+        with:
+          name: all_test_output
+          path: build/Testing/Temporary
diff --git a/api/s2n.h b/api/s2n.h
@@ -496,7 +496,7 @@ S2N_API
 extern int s2n_config_set_cache_delete_callback(struct s2n_config *config, s2n_cache_delete_callback cache_delete_callback, void *data);
 
 /**
- * A function that will be called when s2n-tls is initialized.
+ * Called when `s2n_init` is executed.
  */
 typedef int (*s2n_mem_init_callback)(void);
 
@@ -506,21 +506,22 @@ typedef int (*s2n_mem_init_callback)(void);
 typedef int (*s2n_mem_cleanup_callback)(void);
 
 /**
- * A function that can allocate at least `requested` bytes of memory and
- * store the location of that memory in **\*ptr**, and the size of the allocated
+ * A function that can allocate at least `requested` bytes of memory.
+ *
+ * It stores the location of that memory in **\*ptr** and the size of the allocated
  * data in **\*allocated**. The function may choose to allocate more memory
  * than was requested. s2n-tls will consider all allocated memory available for
  * use, and will attempt to free all allocated memory when able.
  */
 typedef int (*s2n_mem_malloc_callback)(void **ptr, uint32_t requested, uint32_t *allocated);
 
 /**
- * A function that can free memory.
+ * Frees memory allocated by s2n_mem_malloc_callback.
  */
 typedef int (*s2n_mem_free_callback)(void *ptr, uint32_t size);
 
 /**
- * Allows the caller to over-ride s2n-tls's internal memory handling functions.
+ * Allows the caller to override s2n-tls's internal memory handling functions.
  * 
  * @warning This function must be called before s2n_init().
  * 
@@ -557,7 +558,7 @@ typedef int (*s2n_rand_seed_callback)(void *data, uint32_t size);
 typedef int (*s2n_rand_mix_callback)(void *data, uint32_t size);
 
 /**
- * Allows the caller to over-ride s2n-tls's entropy functions.
+ * Allows the caller to override s2n-tls's entropy functions.
  * 
  * @warning This function must be called before s2n_init().
  * 
@@ -880,22 +881,21 @@ extern int s2n_config_wipe_trust_store(struct s2n_config *config);
  * of the X.509 validation will succeed.
  *
  * If no hostname results in a 1 being returned, the certificate will be untrusted and the
- * validation will terminate immediately. The default behavior is to reject all host names
- * found in a certificate if client mode or client authentication is being used.
+ * validation will terminate immediately.
  *
- * Data is a opaque user context set in s2n_config_set_verify_host_callback().
+ * Data is a opaque user context set in s2n_config_set_verify_host_callback() or s2n_connection_set_verify_host_callback().
  */
 typedef uint8_t (*s2n_verify_host_fn) (const char *host_name, size_t host_name_len, void *data);
 
 /**
  * Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted.
- * By default, no certificate will be trusted. To override this behavior, set this callback.
  *
- * This change will be inherited by s2n_connections using this config. If s2n_connection specifies
- * a callback, that callback will be used for that connection.
+ * The default behavior is to require that the hostname match the server name set with s2n_set_server_name().
+ * This will likely lead to all client certificates being rejected, so the callback will need to be overriden when using
+ *  client authentication.
  *
- * If a separate callback for different connections using the same config is desired,
- * see s2n_connection_set_verify_host_callback().
+ * This change will be inherited by s2n_connections using this config. If a separate callback for different connections
+ * using the same config is desired, see s2n_connection_set_verify_host_callback().
  *
  * @param config The configuration object being updated
  * @param data A user supplied opaque context to pass back to the callback
@@ -1035,6 +1035,7 @@ extern int s2n_config_set_ct_support_level(struct s2n_config *config, s2n_ct_sup
  * - `S2N_ALERT_IGNORE_WARNINGS` - with the exception of `close_notify` s2n-tls will ignore all WARNING alerts and keep communicating with its peer. This setting is ignored in TLS1.3
  *
  * @note TLS1.3 terminates a connection for all alerts except user_canceled.
+ * @warning S2N_ALERT_FAIL_ON_WARNINGS is the recommended behavior. Past TLS protocol vulnerabilities have involved downgrading alerts to warnings.
  */
 typedef enum { S2N_ALERT_FAIL_ON_WARNINGS = 0, S2N_ALERT_IGNORE_WARNINGS = 1 } s2n_alert_behavior;
 
@@ -1071,6 +1072,8 @@ extern int s2n_config_set_extension_data(struct s2n_config *config, s2n_tls_exte
  * length overrides the preference set by the `s2n_connection_prefer_throughput` and
  * `s2n_connection_prefer_low_latency`.
  *
+ * @note Some TLS implementations do not respect their peer's max fragment length extension.
+ *
  * @param config The configuration object being updated
  * @param mfl_code The selected MFL size
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
@@ -1083,6 +1086,8 @@ extern int s2n_config_send_max_fragment_length(struct s2n_config *config, s2n_ma
  * requests. If this API is not called, and client requests the extension, server will ignore
  * the request and continue TLS handshake with default maximum fragment length of 8k bytes
  *
+ * @note Some TLS implementations do not respect their peer's max fragment length extension.
+ *
  * @param config The configuration object being updated
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
  */
@@ -1618,21 +1623,20 @@ S2N_API
 extern int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold);
 
 /** 
- * Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted. By default, 
- * no certificate will be trusted. To override this behavior, set this callback. See s2n_verify_host_fn()
- * for details. This configuration will be inherited by default to new instances of `s2n_connection`. 
+ * Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted.
  *
- * If a separate callback for different connections using the same config is desired, see s2n_connection_set_verify_host_callback()
+ * The default behavior is to require that the hostname match the server name set with s2n_set_server_name(). This will
+ * likely lead to all client certificates being rejected, so the callback will need to be overriden when using client authentication.
  *
- * @note If you don't want to use the configuration wide callback, you can set this per connection and it will be honored.
+ * If a single callback for different connections using the same config is desired, see s2n_config_set_verify_host_callback().
  *
- * @param config A pointer to a s2n_config object
+ * @param conn A pointer to a s2n_connection object
  * @param host_fn A pointer to a callback function that s2n will invoke in order to verify the hostname of an X.509 certificate
  * @param data Opaque pointer to data that the verify host function will be invoked with
  * @returns S2N_SUCCESS on success. S2N_FAILURE on failure
  */
 S2N_API
-extern int s2n_connection_set_verify_host_callback(struct s2n_connection *config, s2n_verify_host_fn host_fn, void *data);
+extern int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn host_fn, void *data);
 
 /**
  * Used to opt-out of s2n-tls's built-in blinding. Blinding is a

diff --git a/bindings/rust/s2n-tls-sys/Cargo.toml b/bindings/rust/s2n-tls-sys/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-sys"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.0.9"
+version = "0.0.10"
 authors = ["AWS s2n"]
 edition = "2021"
 links = "s2n-tls"

diff --git a/bindings/rust/s2n-tls-tokio/Cargo.toml b/bindings/rust/s2n-tls-tokio/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-tokio"
 description = "An implementation of TLS streams for Tokio built on top of s2n-tls"
-version = "0.0.9"
+version = "0.0.10"
 authors = ["AWS s2n"]
 edition = "2021"
 repository = "https://github.com/aws/s2n-tls"
@@ -13,7 +13,7 @@ default = []
 [dependencies]
 errno = { version = "0.2" }
 libc = { version = "0.2" }
-s2n-tls = { version = "=0.0.9", path = "../s2n-tls" }
+s2n-tls = { version = "=0.0.10", path = "../s2n-tls" }
 tokio = { version = "1", features = ["net", "time"] }
 
 [dev-dependencies]

diff --git a/bindings/rust/s2n-tls-tokio/tests/handshake.rs b/bindings/rust/s2n-tls-tokio/tests/handshake.rs
@@ -181,7 +181,7 @@ async fn handshake_error_with_blinding() -> Result<(), Box<dyn std::error::Error
     .await;
     let result = timeout?;
     assert!(result.is_err());
-    assert_eq!(result.unwrap_err().kind(), Some(ErrorType::ProtocolError));
+    assert_eq!(result.unwrap_err().kind(), ErrorType::ProtocolError);
 
     Ok(())
 }
diff --git a/bindings/rust/s2n-tls-tokio/tests/send_and_recv.rs b/bindings/rust/s2n-tls-tokio/tests/send_and_recv.rs
@@ -1,7 +1,6 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use s2n_tls::error::Error;
 use s2n_tls_tokio::{TlsAcceptor, TlsConnector};
 use std::{io, task::Poll::*};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -97,7 +96,7 @@ async fn send_error() -> Result<(), Box<dyn std::error::Error>> {
 
     // Setup write to fail
     overrides.next_write(Some(Box::new(|_, _, _| {
-        Ready(Err(io::Error::from(Error::InvalidInput)))
+        Ready(Err(io::Error::from(io::ErrorKind::ConnectionReset)))
     })));
 
     // Verify write fails
@@ -120,7 +119,7 @@ async fn recv_error() -> Result<(), Box<dyn std::error::Error>> {
 
     // Setup read to fail
     overrides.next_read(Some(Box::new(|_, _, _| {
-        Ready(Err(io::Error::from(Error::InvalidInput)))
+        Ready(Err(io::Error::from(io::ErrorKind::ConnectionReset)))
     })));
 
     // Verify read fails

diff --git a/bindings/rust/s2n-tls-tokio/tests/shutdown.rs b/bindings/rust/s2n-tls-tokio/tests/shutdown.rs
@@ -25,7 +25,7 @@ async fn write_until_shutdown<S: AsyncWrite + Unpin>(stream: &mut S) -> Result<(
     loop {
         if let Err(err) = stream.write(&sent).await {
             let tls_err = error::Error::try_from(err).unwrap();
-            assert_eq!(tls_err.kind(), Some(error::ErrorType::ConnectionClosed));
+            assert_eq!(tls_err.kind(), error::ErrorType::ConnectionClosed);
             break;
         }
     }

diff --git a/bindings/rust/s2n-tls/Cargo.toml b/bindings/rust/s2n-tls/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.0.9"
+version = "0.0.10"
 authors = ["AWS s2n"]
 edition = "2021"
 repository = "https://github.com/aws/s2n-tls"
@@ -11,15 +11,14 @@ license = "Apache-2.0"
 default = []
 quic = ["s2n-tls-sys/quic"]
 pq = ["s2n-tls-sys/pq"]
-testing = ["errno", "bytes"]
+testing = ["bytes"]
 
 [dependencies]
 bytes = { version = "1", optional = true }
-errno = { version = "0.2", optional = true }
+errno = { version = "0.2" }
 libc = "0.2"
-s2n-tls-sys = { version = "=0.0.9", path = "../s2n-tls-sys", features = ["internal"] }
+s2n-tls-sys = { version = "=0.0.10", path = "../s2n-tls-sys", features = ["internal"] }
 
 [dev-dependencies]
 bytes = { version = "1" }
-errno = { version = "0.2" }
 futures-test = "0.3"
diff --git a/bindings/rust/s2n-tls/src/config.rs b/bindings/rust/s2n-tls/src/config.rs
@@ -214,7 +214,10 @@ impl Builder {
             s2n_config_append_protocol_preference(
                 self.as_mut_ptr(),
                 protocol.as_ptr(),
-                protocol.len().try_into().map_err(|_| Error::InvalidInput)?,
+                protocol
+                    .len()
+                    .try_into()
+                    .map_err(|_| Error::INVALID_INPUT)?,
             )
             .into_result()
         }?;
@@ -232,14 +235,14 @@ impl Builder {
     }
 
     pub fn add_dhparams(&mut self, pem: &[u8]) -> Result<&mut Self, Error> {
-        let cstring = CString::new(pem).map_err(|_| Error::InvalidInput)?;
+        let cstring = CString::new(pem).map_err(|_| Error::INVALID_INPUT)?;
         unsafe { s2n_config_add_dhparams(self.as_mut_ptr(), cstring.as_ptr()).into_result() }?;
         Ok(self)
     }
 
     pub fn load_pem(&mut self, certificate: &[u8], private_key: &[u8]) -> Result<&mut Self, Error> {
-        let certificate = CString::new(certificate).map_err(|_| Error::InvalidInput)?;
-        let private_key = CString::new(private_key).map_err(|_| Error::InvalidInput)?;
+        let certificate = CString::new(certificate).map_err(|_| Error::INVALID_INPUT)?;
+        let private_key = CString::new(private_key).map_err(|_| Error::INVALID_INPUT)?;
         unsafe {
             s2n_config_add_cert_chain_and_key(
                 self.as_mut_ptr(),
@@ -252,7 +255,7 @@ impl Builder {
     }
 
     pub fn trust_pem(&mut self, certificate: &[u8]) -> Result<&mut Self, Error> {
-        let certificate = CString::new(certificate).map_err(|_| Error::InvalidInput)?;
+        let certificate = CString::new(certificate).map_err(|_| Error::INVALID_INPUT)?;
         unsafe {
             s2n_config_add_pem_to_trust_store(self.as_mut_ptr(), certificate.as_ptr()).into_result()
         }?;
@@ -267,8 +270,8 @@ impl Builder {
         fn to_cstr(input: Option<&Path>) -> Result<Option<CString>, Error> {
             Ok(match input {
                 Some(input) => {
-                    let string = input.to_str().ok_or(Error::InvalidInput)?;
-                    let cstring = CString::new(string).map_err(|_| Error::InvalidInput)?;
+                    let string = input.to_str().ok_or(Error::INVALID_INPUT)?;
+                    let cstring = CString::new(string).map_err(|_| Error::INVALID_INPUT)?;
                     Some(cstring)
                 }
                 None => None,
@@ -329,7 +332,7 @@ impl Builder {
     // which allows certificate chains to be shared across configs.
     // In that case, we'll need additional guard rails either in these bindings or in the underlying C.
     pub fn set_ocsp_data(&mut self, data: &[u8]) -> Result<&mut Self, Error> {
-        let size: u32 = data.len().try_into().map_err(|_| Error::InvalidInput)?;
+        let size: u32 = data.len().try_into().map_err(|_| Error::INVALID_INPUT)?;
         unsafe {
             s2n_config_set_extension_data(
                 self.as_mut_ptr(),