Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include "tls/s2n_connection.h"
17 : :
18 : : #include <stdbool.h>
19 : : #include <stdint.h>
20 : : #include <stdlib.h>
21 : : #include <string.h>
22 : : #include <strings.h>
23 : : #include <time.h>
24 : : #include <unistd.h>
25 : :
26 : : #include "api/s2n.h"
27 : : /* Required for s2n_connection_get_key_update_counts */
28 : : #include "api/unstable/ktls.h"
29 : : #include "crypto/s2n_certificate.h"
30 : : #include "crypto/s2n_cipher.h"
31 : : #include "crypto/s2n_crypto.h"
32 : : #include "crypto/s2n_fips.h"
33 : : #include "crypto/s2n_openssl_x509.h"
34 : : #include "error/s2n_errno.h"
35 : : #include "tls/extensions/s2n_client_server_name.h"
36 : : #include "tls/extensions/s2n_client_supported_versions.h"
37 : : #include "tls/s2n_alerts.h"
38 : : #include "tls/s2n_cipher_suites.h"
39 : : #include "tls/s2n_handshake.h"
40 : : #include "tls/s2n_internal.h"
41 : : #include "tls/s2n_kem.h"
42 : : #include "tls/s2n_prf.h"
43 : : #include "tls/s2n_record.h"
44 : : #include "tls/s2n_resume.h"
45 : : #include "tls/s2n_security_policies.h"
46 : : #include "tls/s2n_tls.h"
47 : : #include "tls/s2n_tls13_handshake.h"
48 : : #include "tls/s2n_tls_parameters.h"
49 : : #include "utils/s2n_atomic.h"
50 : : #include "utils/s2n_blob.h"
51 : : #include "utils/s2n_compiler.h"
52 : : #include "utils/s2n_io.h"
53 : : #include "utils/s2n_mem.h"
54 : : #include "utils/s2n_random.h"
55 : : #include "utils/s2n_safety.h"
56 : : #ifndef _WIN32
57 : : #include "utils/s2n_socket.h"
58 : : #endif
59 : : #include "utils/s2n_timer.h"
60 : :
61 : : #define S2N_SET_KEY_SHARE_LIST_EMPTY(keyshares) (keyshares |= 1)
62 : : #define S2N_SET_KEY_SHARE_REQUEST(keyshares, i) (keyshares |= (1 << (i + 1)))
63 : :
64 : : static S2N_RESULT s2n_connection_and_config_get_client_auth_type(const struct s2n_connection *conn,
65 : : const struct s2n_config *config, s2n_cert_auth_type *client_cert_auth_type);
66 : :
67 : : /* Allocates and initializes memory for a new connection.
68 : : *
69 : : * Since customers can reuse a connection, ensure that values on the connection are
70 : : * initialized in `s2n_connection_wipe` where possible. */
71 : : struct s2n_connection *s2n_connection_new(s2n_mode mode)
72 : 126683 : {
73 : 126683 : struct s2n_blob blob = { 0 };
74 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_alloc(&blob, sizeof(struct s2n_connection)));
75 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_blob_zero(&blob));
76 : :
77 : : /* Cast 'through' void to acknowledge that we are changing alignment,
78 : : * which is ok, as blob.data is always aligned.
79 : : */
80 : 126683 : struct s2n_connection *conn = (struct s2n_connection *) (void *) blob.data;
81 : :
82 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_connection_set_config(conn, s2n_fetch_default_config()));
83 : :
84 : : /* `mode` is initialized here since it's passed in as a parameter. */
85 : 126683 : conn->mode = mode;
86 : :
87 : : /* Allocate the fixed-size stuffers */
88 : 126683 : blob = (struct s2n_blob){ 0 };
89 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->alert_in_data, S2N_ALERT_LENGTH));
90 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_init(&conn->alert_in, &blob));
91 : :
92 : 126683 : blob = (struct s2n_blob){ 0 };
93 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->ticket_ext_data, S2N_TLS12_TICKET_SIZE_IN_BYTES));
94 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_init(&conn->client_ticket_to_decrypt, &blob));
95 : :
96 : : /* Allocate long term hash and HMAC memory */
97 [ - + ]: 126683 : PTR_GUARD_RESULT(s2n_prf_new(conn));
98 [ - + ]: 126683 : PTR_GUARD_RESULT(s2n_handshake_hashes_new(&conn->handshake.hashes));
99 : :
100 : : /* Initialize the growable stuffers. Zero length at first, but the resize
101 : : * in _wipe will fix that
102 : : */
103 : 126683 : blob = (struct s2n_blob){ 0 };
104 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_blob_init(&blob, conn->header_in_data, S2N_TLS_RECORD_HEADER_LENGTH));
105 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_init(&conn->header_in, &blob));
106 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->out, 0));
107 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->buffer_in, 0));
108 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->handshake.io, 0));
109 [ - + ]: 126683 : PTR_GUARD_RESULT(s2n_timer_start(conn->config, &conn->write_timer));
110 : :
111 : : /* NOTE: s2n_connection_wipe MUST be called last in this function.
112 : : *
113 : : * s2n_connection_wipe is used for initializing values but also used by customers to
114 : : * reset/reuse the connection. Calling it last ensures that s2n_connection_wipe is
115 : : * implemented correctly and safe.
116 : : */
117 [ - + ]: 126683 : PTR_GUARD_POSIX(s2n_connection_wipe(conn));
118 : 126683 : return conn;
119 : 126683 : }
120 : :
121 : : static int s2n_connection_zero(struct s2n_connection *conn, int mode, struct s2n_config *config)
122 : 3421997 : {
123 [ - + ][ # # ]: 3421997 : POSIX_ENSURE_REF(conn);
124 [ - + ][ # # ]: 3421997 : POSIX_ENSURE_REF(config);
125 : :
126 : : /* Zero the whole connection structure */
127 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMSET(conn, 0, sizeof(struct s2n_connection));
[ + - ]
128 : :
129 : 3421997 : conn->mode = mode;
130 : 3421997 : conn->max_outgoing_fragment_length = S2N_DEFAULT_FRAGMENT_LENGTH;
131 : 3421997 : conn->handshake.end_of_messages = APPLICATION_DATA;
132 : 3421997 : s2n_connection_set_config(conn, config);
133 : :
134 : 3421997 : return 0;
135 : 3421997 : }
136 : :
137 : : S2N_RESULT s2n_connection_wipe_all_keyshares(struct s2n_connection *conn)
138 : 3558155 : {
139 [ - + ][ # # ]: 3558155 : RESULT_ENSURE_REF(conn);
140 : :
141 [ - + ]: 3558155 : RESULT_GUARD_POSIX(s2n_ecc_evp_params_free(&conn->kex_params.server_ecc_evp_params));
142 [ - + ]: 3558155 : RESULT_GUARD_POSIX(s2n_ecc_evp_params_free(&conn->kex_params.client_ecc_evp_params));
143 : :
144 [ - + ]: 3558155 : RESULT_GUARD_POSIX(s2n_kem_group_free(&conn->kex_params.server_kem_group_params));
145 [ - + ]: 3558155 : RESULT_GUARD_POSIX(s2n_kem_group_free(&conn->kex_params.client_kem_group_params));
146 : :
147 : 3558155 : return S2N_RESULT_OK;
148 : 3558155 : }
149 : :
150 : : static int s2n_connection_wipe_keys(struct s2n_connection *conn)
151 : 3548680 : {
152 [ - + ][ # # ]: 3548680 : POSIX_ENSURE_REF(conn);
153 : :
154 : : /* Free any server key received (we may not have completed a
155 : : * handshake, so this may not have been free'd yet) */
156 [ - + ]: 3548680 : POSIX_GUARD(s2n_pkey_free(&conn->handshake_params.server_public_key));
157 [ - + ]: 3548680 : POSIX_GUARD(s2n_pkey_zero_init(&conn->handshake_params.server_public_key));
158 [ - + ]: 3548680 : POSIX_GUARD(s2n_pkey_free(&conn->handshake_params.client_public_key));
159 [ - + ]: 3548680 : POSIX_GUARD(s2n_pkey_zero_init(&conn->handshake_params.client_public_key));
160 : 3548680 : s2n_x509_validator_wipe(&conn->x509_validator);
161 [ - + ]: 3548680 : POSIX_GUARD(s2n_dh_params_free(&conn->kex_params.server_dh_params));
162 [ - + ]: 3548680 : POSIX_GUARD_RESULT(s2n_connection_wipe_all_keyshares(conn));
163 [ - + ]: 3548680 : POSIX_GUARD(s2n_kem_free(&conn->kex_params.kem_params));
164 [ - + ]: 3548680 : POSIX_GUARD(s2n_free(&conn->handshake_params.client_cert_chain));
165 [ - + ]: 3548680 : POSIX_GUARD(s2n_free(&conn->ct_response));
166 : :
167 : 3548680 : return 0;
168 : 3548680 : }
169 : :
170 : : static int s2n_connection_free_managed_recv_io(struct s2n_connection *conn)
171 : 3576502 : {
172 [ - + ][ # # ]: 3576502 : POSIX_ENSURE_REF(conn);
173 : :
174 : 3576502 : #ifndef _WIN32
175 [ + + ]: 3576502 : if (conn->managed_recv_io) {
176 [ - + ]: 6960 : POSIX_GUARD(s2n_free_object((uint8_t **) &conn->recv_io_context, sizeof(struct s2n_socket_read_io_context)));
177 : 6960 : conn->managed_recv_io = false;
178 : 6960 : conn->recv = NULL;
179 : 6960 : }
180 : 3576502 : #endif
181 : 3576502 : return S2N_SUCCESS;
182 : 3576502 : }
183 : :
184 : : static int s2n_connection_free_managed_send_io(struct s2n_connection *conn)
185 : 3576567 : {
186 [ - + ][ # # ]: 3576567 : POSIX_ENSURE_REF(conn);
187 : :
188 : 3576567 : #ifndef _WIN32
189 [ + + ]: 3576567 : if (conn->managed_send_io) {
190 [ - + ]: 6965 : POSIX_GUARD(s2n_free_object((uint8_t **) &conn->send_io_context, sizeof(struct s2n_socket_write_io_context)));
191 : 6965 : conn->managed_send_io = false;
192 : 6965 : conn->send = NULL;
193 : 6965 : }
194 : 3576567 : #endif
195 : 3576567 : return S2N_SUCCESS;
196 : 3576567 : }
197 : :
198 : : static int s2n_connection_free_managed_io(struct s2n_connection *conn)
199 : 3548680 : {
200 [ - + ]: 3548680 : POSIX_GUARD(s2n_connection_free_managed_recv_io(conn));
201 [ - + ]: 3548680 : POSIX_GUARD(s2n_connection_free_managed_send_io(conn));
202 : 3548680 : return S2N_SUCCESS;
203 : 3548680 : }
204 : :
205 : : static int s2n_connection_wipe_io(struct s2n_connection *conn)
206 : 3421997 : {
207 : 3421997 : #ifndef _WIN32
208 [ - + ][ # # ]: 3421997 : if (s2n_connection_is_managed_corked(conn) && conn->recv) {
209 [ # # ]: 0 : POSIX_GUARD(s2n_socket_read_restore(conn));
210 : 0 : }
211 [ - + ][ # # ]: 3421997 : if (s2n_connection_is_managed_corked(conn) && conn->send) {
212 [ # # ]: 0 : POSIX_GUARD(s2n_socket_write_restore(conn));
213 : 0 : }
214 : 3421997 : #endif
215 : :
216 : : /* Remove all I/O-related members */
217 [ - + ]: 3421997 : POSIX_GUARD(s2n_connection_free_managed_io(conn));
218 : :
219 : 3421997 : return 0;
220 : 3421997 : }
221 : :
222 : : static uint8_t s2n_default_verify_host(const char *host_name, size_t len, void *data)
223 : 257 : {
224 : : /* if present, match server_name of the connection using rules
225 : : * outlined in RFC6125 6.4. */
226 : :
227 : 257 : struct s2n_connection *conn = data;
228 : :
229 [ + + ]: 257 : if (conn->server_name[0] == '\0') {
230 : 7 : return 0;
231 : 7 : }
232 : :
233 : : /* complete match */
234 [ + + ][ + + ]: 250 : if (strlen(conn->server_name) == len && strncasecmp(conn->server_name, host_name, len) == 0) {
235 : 245 : return 1;
236 : 245 : }
237 : :
238 : : /* match 1 level of wildcard */
239 [ + - ][ + + ]: 5 : if (len > 2 && host_name[0] == '*' && host_name[1] == '.') {
[ + - ]
240 : 2 : const char *suffix = strchr(conn->server_name, '.');
241 : :
242 [ - + ]: 2 : if (suffix == NULL) {
243 : 0 : return 0;
244 : 0 : }
245 : :
246 [ + + ][ + - ]: 2 : if (strlen(suffix) == len - 1 && strncasecmp(suffix, host_name + 1, len - 1) == 0) {
247 : 1 : return 1;
248 : 1 : }
249 : 2 : }
250 : :
251 : 4 : return 0;
252 : 5 : }
253 : :
254 : : S2N_CLEANUP_RESULT s2n_connection_ptr_free(struct s2n_connection **conn)
255 : 124416 : {
256 [ - + ][ # # ]: 124416 : RESULT_ENSURE_REF(conn);
257 [ - + ]: 124416 : RESULT_GUARD_POSIX(s2n_connection_free(*conn));
258 : 124416 : *conn = NULL;
259 : 124416 : return S2N_RESULT_OK;
260 : 124416 : }
261 : :
262 : : int s2n_connection_free(struct s2n_connection *conn)
263 : 126683 : {
264 [ - + ]: 126683 : POSIX_GUARD(s2n_connection_wipe_keys(conn));
265 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_psk_parameters_wipe(&conn->psk_params));
266 : :
267 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_prf_free(conn));
268 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_handshake_hashes_free(&conn->handshake.hashes));
269 : :
270 [ - + ]: 126683 : POSIX_GUARD(s2n_connection_free_managed_io(conn));
271 : :
272 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->client_ticket));
273 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->status_response));
274 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->our_quic_transport_parameters));
275 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->peer_quic_transport_parameters));
276 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->server_early_data_context));
277 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->tls13_ticket_fields.session_secret));
278 [ - + ]: 126683 : POSIX_GUARD(s2n_stuffer_free(&conn->buffer_in));
279 [ - + ]: 126683 : POSIX_GUARD(s2n_stuffer_free(&conn->in));
280 [ - + ]: 126683 : POSIX_GUARD(s2n_stuffer_free(&conn->out));
281 [ - + ]: 126683 : POSIX_GUARD(s2n_stuffer_free(&conn->handshake.io));
282 [ - + ]: 126683 : POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in));
283 : 126683 : s2n_x509_validator_wipe(&conn->x509_validator);
284 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_async_offload_op_wipe(&conn->async_offload_op));
285 [ - + ]: 126683 : POSIX_GUARD(s2n_client_hello_free_raw_message(&conn->client_hello));
286 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->application_protocols_overridden));
287 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->cookie));
288 [ - + ]: 126683 : POSIX_GUARD(s2n_free(&conn->cert_authorities));
289 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_crypto_parameters_free(&conn->initial));
290 [ - + ]: 126683 : POSIX_GUARD_RESULT(s2n_crypto_parameters_free(&conn->secure));
291 [ - + ]: 126683 : POSIX_GUARD(s2n_free_object((uint8_t **) &conn, sizeof(struct s2n_connection)));
292 : :
293 : 126683 : return 0;
294 : 126683 : }
295 : :
296 : : int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *config)
297 : 3561392 : {
298 [ - + ][ # # ]: 3561392 : POSIX_ENSURE_REF(conn);
299 [ - + ][ # # ]: 3561392 : POSIX_ENSURE_REF(config);
300 : :
301 [ + + ]: 3561392 : if (conn->config == config) {
302 : 43 : return 0;
303 : 43 : }
304 : :
305 : : /* s2n_config invariant: any s2n_config is always in a state that respects the
306 : : * config->security_policy certificate preferences. Therefore we only need to
307 : : * validate certificates here if the connection is using a security policy override.
308 : : */
309 : 3561349 : const struct s2n_security_policy *security_policy_override = conn->security_policy_override;
310 [ + + ]: 3561349 : if (security_policy_override) {
311 [ + + ]: 205 : POSIX_GUARD_RESULT(s2n_config_validate_loaded_certificates(config, security_policy_override));
312 : 205 : }
313 : :
314 : : /* We only support one client certificate */
315 [ + + ][ - + ]: 3561348 : if (s2n_config_get_num_default_certs(config) > 1 && conn->mode == S2N_CLIENT) {
316 [ # # ]: 0 : POSIX_BAIL(S2N_ERR_TOO_MANY_CERTIFICATES);
317 : 0 : }
318 : :
319 : 3561348 : s2n_x509_validator_wipe(&conn->x509_validator);
320 : :
321 [ + + ]: 3561348 : if (config->disable_x509_validation) {
322 [ - + ]: 10213 : POSIX_GUARD(s2n_x509_validator_init_no_x509_validation(&conn->x509_validator));
323 : 3551135 : } else {
324 [ - + ]: 3551135 : POSIX_GUARD(s2n_x509_validator_init(&conn->x509_validator, &config->trust_store, config->check_ocsp));
325 [ + - ]: 3551135 : if (!conn->verify_host_fn_overridden) {
326 [ + + ]: 3551135 : if (config->verify_host_fn != NULL) {
327 : 146 : conn->verify_host_fn = config->verify_host_fn;
328 : 146 : conn->data_for_verify_host = config->data_for_verify_host;
329 : 3550989 : } else {
330 : 3550989 : conn->verify_host_fn = s2n_default_verify_host;
331 : 3550989 : conn->data_for_verify_host = conn;
332 : 3550989 : }
333 : 3551135 : }
334 : :
335 [ - + ]: 3551135 : if (config->max_verify_cert_chain_depth_set) {
336 [ # # ]: 0 : POSIX_GUARD(s2n_x509_validator_set_max_chain_depth(&conn->x509_validator, config->max_verify_cert_chain_depth));
337 : 0 : }
338 : 3551135 : }
339 : 3561348 : conn->tickets_to_send = config->initial_tickets_to_send;
340 : :
341 [ + + ][ + + ]: 3561348 : if (conn->psk_params.psk_list.len == 0 && !conn->psk_mode_overridden) {
342 [ - + ]: 3561336 : POSIX_GUARD(s2n_connection_set_psk_mode(conn, config->psk_mode));
343 : 3561336 : conn->psk_mode_overridden = false;
344 : 3561336 : }
345 : :
346 : : /* If at least one certificate does not have a private key configured,
347 : : * the config must provide an async pkey callback.
348 : : * The handshake could still fail if the callback doesn't offload the
349 : : * signature, but this at least catches configuration mistakes.
350 : : */
351 [ + + ]: 3561348 : if (config->no_signing_key) {
352 [ + + ][ + - ]: 24 : POSIX_ENSURE(config->async_pkey_cb, S2N_ERR_NO_PRIVATE_KEY);
353 : 24 : }
354 : :
355 [ + + ]: 3561346 : if (config->quic_enabled) {
356 : : /* If QUIC is ever enabled for a connection via the config,
357 : : * we should enforce that it can never be disabled by
358 : : * changing the config.
359 : : *
360 : : * Enabling QUIC indicates that the connection is being used by
361 : : * a QUIC implementation, which never changes. Disabling QUIC
362 : : * partially through a connection could also potentially be
363 : : * dangerous, as QUIC handles encryption.
364 : : */
365 [ - + ]: 35 : POSIX_GUARD(s2n_connection_enable_quic(conn));
366 : 35 : }
367 : :
368 [ + + ]: 3561346 : if (config->send_buffer_size_override) {
369 : 18 : conn->multirecord_send = true;
370 : 18 : }
371 : :
372 : : /* Historically, calling s2n_config_set_verification_ca_location enabled OCSP stapling
373 : : * regardless of the value set by an application calling s2n_config_set_status_request_type.
374 : : * We maintain this behavior for backwards compatibility.
375 : : *
376 : : * However, the s2n_config_set_verification_ca_location behavior predates client authentication
377 : : * support for OCSP stapling, so could only affect whether clients requested OCSP stapling. We
378 : : * therefore only have to maintain the legacy behavior for clients, not servers.
379 : : *
380 : : * Note: The Rust bindings do not maintain the legacy behavior.
381 : : */
382 : 3561346 : conn->request_ocsp_status = config->ocsp_status_requested_by_user;
383 [ + + ][ + + ]: 3561346 : if (config->ocsp_status_requested_by_s2n && conn->mode == S2N_CLIENT) {
384 : 386 : conn->request_ocsp_status = true;
385 : 386 : }
386 : :
387 : 3561346 : conn->config = config;
388 : 3561346 : return S2N_SUCCESS;
389 : 3561346 : }
390 : :
391 : : int s2n_connection_server_name_extension_used(struct s2n_connection *conn)
392 : 21 : {
393 [ - + ][ # # ]: 21 : POSIX_ENSURE_REF(conn);
394 [ - + ][ # # ]: 21 : POSIX_ENSURE(conn->mode == S2N_SERVER, S2N_ERR_INVALID_STATE);
395 [ - + ][ # # ]: 21 : POSIX_ENSURE(!(conn->handshake.client_hello_received), S2N_ERR_INVALID_STATE);
396 : :
397 : 21 : conn->server_name_used = 1;
398 : 21 : return S2N_SUCCESS;
399 : 21 : }
400 : :
401 : : int s2n_connection_set_ctx(struct s2n_connection *conn, void *ctx)
402 : 2413 : {
403 [ # # ][ - + ]: 2413 : POSIX_ENSURE_REF(conn);
404 : :
405 : 2413 : conn->context = ctx;
406 : 2413 : return S2N_SUCCESS;
407 : 2413 : }
408 : :
409 : : void *s2n_connection_get_ctx(struct s2n_connection *conn)
410 : 3218 : {
411 [ - + ][ # # ]: 3218 : PTR_ENSURE_REF(conn);
412 : 3218 : return conn->context;
413 : 3218 : }
414 : :
415 : : int s2n_connection_release_buffers(struct s2n_connection *conn)
416 : 2009 : {
417 [ # # ][ - + ]: 2009 : POSIX_ENSURE_REF(conn);
418 [ - + ][ + - ]: 2009 : POSIX_PRECONDITION(s2n_stuffer_validate(&conn->out));
419 [ - + ][ + - ]: 2009 : POSIX_PRECONDITION(s2n_stuffer_validate(&conn->in));
420 : :
421 [ # # ][ - + ]: 2009 : POSIX_ENSURE(s2n_stuffer_is_consumed(&conn->out), S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA);
422 [ - + ]: 2009 : POSIX_GUARD(s2n_stuffer_resize(&conn->out, 0));
423 : :
424 [ + + ][ + - ]: 2009 : POSIX_ENSURE(s2n_stuffer_is_consumed(&conn->in), S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA);
425 [ + + ]: 2007 : if (s2n_stuffer_is_consumed(&conn->buffer_in)) {
426 [ - + ]: 2006 : POSIX_GUARD(s2n_stuffer_resize(&conn->buffer_in, 0));
427 : 2006 : }
428 : :
429 [ + - ][ + + ]: 2007 : POSIX_ENSURE(s2n_stuffer_is_consumed(&conn->post_handshake.in), S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA);
430 [ - + ]: 2006 : POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in));
431 : :
432 [ - + ][ + - ]: 2006 : POSIX_POSTCONDITION(s2n_stuffer_validate(&conn->out));
433 [ - + ][ + - ]: 2006 : POSIX_POSTCONDITION(s2n_stuffer_validate(&conn->in));
434 : 2006 : return S2N_SUCCESS;
435 : 2006 : }
436 : :
437 : : int s2n_connection_free_handshake(struct s2n_connection *conn)
438 : 288 : {
439 [ - + ][ # # ]: 288 : POSIX_ENSURE_REF(conn);
440 : :
441 : : /* We are done with the handshake */
442 [ - + ]: 288 : POSIX_GUARD_RESULT(s2n_handshake_hashes_free(&conn->handshake.hashes));
443 [ - + ]: 288 : POSIX_GUARD_RESULT(s2n_prf_free(conn));
444 : :
445 : : /* All IO should use conn->secure after the handshake.
446 : : * However, if this method is called before the handshake completes,
447 : : * the connection may still be using conn->initial.
448 : : */
449 [ + + ][ + - ]: 288 : if (conn->client != conn->initial && conn->server != conn->initial) {
450 [ - + ]: 283 : POSIX_GUARD_RESULT(s2n_crypto_parameters_free(&conn->initial));
451 : 283 : }
452 : :
453 : : /* Wipe the buffers we are going to free */
454 [ - + ]: 288 : POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io));
455 [ - + ]: 288 : POSIX_GUARD(s2n_blob_zero(&conn->client_hello.raw_message));
456 : :
457 : : /* Truncate buffers to save memory, we are done with the handshake */
458 [ - + ]: 288 : POSIX_GUARD(s2n_stuffer_resize(&conn->handshake.io, 0));
459 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->client_hello.raw_message));
460 : :
461 : : /* We can free extension data we no longer need */
462 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->client_ticket));
463 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->status_response));
464 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->our_quic_transport_parameters));
465 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->application_protocols_overridden));
466 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->cookie));
467 [ - + ]: 288 : POSIX_GUARD(s2n_free(&conn->cert_authorities));
468 : :
469 : 288 : return 0;
470 : 288 : }
471 : :
472 : : /* An idempotent operation which initializes values on the connection.
473 : : *
474 : : * Called in order to reuse a connection structure for a new connection. Should wipe
475 : : * any persistent memory, free any temporary memory, and set all fields back to their
476 : : * defaults.
477 : : */
478 : : int s2n_connection_wipe(struct s2n_connection *conn)
479 : 3421997 : {
480 [ - + ][ # # ]: 3421997 : POSIX_ENSURE_REF(conn);
481 : :
482 : : /* First make a copy of everything we'd like to save, which isn't very much. */
483 : 3421997 : int mode = conn->mode;
484 : 3421997 : struct s2n_config *config = conn->config;
485 : 3421997 : struct s2n_stuffer alert_in = { 0 };
486 : 3421997 : struct s2n_stuffer client_ticket_to_decrypt = { 0 };
487 : 3421997 : struct s2n_stuffer handshake_io = { 0 };
488 : 3421997 : struct s2n_stuffer header_in = { 0 };
489 : 3421997 : struct s2n_stuffer buffer_in = { 0 };
490 : 3421997 : struct s2n_stuffer out = { 0 };
491 : :
492 : : /* Some required structures might have been freed to conserve memory between handshakes.
493 : : * Restore them.
494 : : */
495 [ + + ]: 3421997 : if (!conn->handshake.hashes) {
496 [ - + ]: 262 : POSIX_GUARD_RESULT(s2n_handshake_hashes_new(&conn->handshake.hashes));
497 : 262 : }
498 [ - + ]: 3421997 : POSIX_GUARD_RESULT(s2n_handshake_hashes_wipe(conn->handshake.hashes));
499 : 3421997 : struct s2n_handshake_hashes *handshake_hashes = conn->handshake.hashes;
500 [ + + ]: 3421997 : if (!conn->prf_space) {
501 [ - + ]: 263 : POSIX_GUARD_RESULT(s2n_prf_new(conn));
502 : 263 : }
503 [ - + ]: 3421997 : POSIX_GUARD_RESULT(s2n_prf_wipe(conn));
504 : 3421997 : struct s2n_prf_working_space *prf_workspace = conn->prf_space;
505 [ + + ]: 3421997 : if (!conn->initial) {
506 [ - + ]: 126941 : POSIX_GUARD_RESULT(s2n_crypto_parameters_new(&conn->initial));
507 : 3295056 : } else {
508 [ - + ]: 3295056 : POSIX_GUARD_RESULT(s2n_crypto_parameters_wipe(conn->initial));
509 : 3295056 : }
510 : 3421997 : struct s2n_crypto_parameters *initial = conn->initial;
511 [ + + ]: 3421997 : if (!conn->secure) {
512 [ - + ]: 127204 : POSIX_GUARD_RESULT(s2n_crypto_parameters_new(&conn->secure));
513 : 3294793 : } else {
514 [ - + ]: 3294793 : POSIX_GUARD_RESULT(s2n_crypto_parameters_wipe(conn->secure));
515 : 3294793 : }
516 : 3421997 : struct s2n_crypto_parameters *secure = conn->secure;
517 : :
518 : : /* Wipe all of the sensitive stuff */
519 [ - + ]: 3421997 : POSIX_GUARD(s2n_connection_wipe_keys(conn));
520 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->alert_in));
521 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->client_ticket_to_decrypt));
522 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->handshake.io));
523 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->post_handshake.in));
524 [ - + ]: 3421997 : POSIX_GUARD(s2n_blob_zero(&conn->client_hello.raw_message));
525 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->header_in));
526 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->buffer_in));
527 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_wipe(&conn->out));
528 : :
529 : : /* Free stuffers we plan to just recreate */
530 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_free(&conn->post_handshake.in));
531 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_free(&conn->in));
532 : :
533 [ - + ]: 3421997 : POSIX_GUARD_RESULT(s2n_psk_parameters_wipe(&conn->psk_params));
534 [ - + ]: 3421997 : POSIX_GUARD_RESULT(s2n_async_offload_op_wipe(&conn->async_offload_op));
535 : :
536 : : /* Wipe the I/O-related info and restore the original socket if necessary */
537 [ - + ]: 3421997 : POSIX_GUARD(s2n_connection_wipe_io(conn));
538 : :
539 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->client_ticket));
540 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->status_response));
541 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->application_protocols_overridden));
542 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->our_quic_transport_parameters));
543 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->peer_quic_transport_parameters));
544 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->server_early_data_context));
545 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->tls13_ticket_fields.session_secret));
546 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->cookie));
547 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->cert_authorities));
548 : :
549 : : /* Allocate memory for handling handshakes */
550 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_resize(&conn->handshake.io, S2N_LARGE_RECORD_LENGTH));
551 : :
552 : : /* Truncate the message buffers to save memory, we will dynamically resize it as needed */
553 [ - + ]: 3421997 : POSIX_GUARD(s2n_free(&conn->client_hello.raw_message));
554 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_resize(&conn->buffer_in, 0));
555 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_resize(&conn->out, 0));
556 : :
557 : : /* Remove context associated with connection */
558 : 3421997 : conn->context = NULL;
559 : 3421997 : conn->verify_host_fn_overridden = 0;
560 : 3421997 : conn->verify_host_fn = NULL;
561 : 3421997 : conn->data_for_verify_host = NULL;
562 : :
563 : : /* Clone the stuffers */
564 : : /* ignore address warnings because dest is allocated on the stack */
565 : 3421997 : #ifdef S2N_DIAGNOSTICS_PUSH_SUPPORTED
566 : 3421997 : #pragma GCC diagnostic push
567 : 3421997 : #pragma GCC diagnostic ignored "-Waddress"
568 : 3421997 : #endif
569 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer));
[ + - ]
570 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&client_ticket_to_decrypt, &conn->client_ticket_to_decrypt, sizeof(struct s2n_stuffer));
[ + - ]
571 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&handshake_io, &conn->handshake.io, sizeof(struct s2n_stuffer));
[ + - ]
572 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&header_in, &conn->header_in, sizeof(struct s2n_stuffer));
[ + - ]
573 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&buffer_in, &conn->buffer_in, sizeof(struct s2n_stuffer));
[ + - ]
574 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&out, &conn->out, sizeof(struct s2n_stuffer));
[ + - ]
575 : 3421997 : #ifdef S2N_DIAGNOSTICS_POP_SUPPORTED
576 : 3421997 : #pragma GCC diagnostic pop
577 : 3421997 : #endif
578 : :
579 [ - + ]: 3421997 : POSIX_GUARD(s2n_connection_zero(conn, mode, config));
580 : :
581 [ # # ][ - + ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->alert_in, &alert_in, sizeof(struct s2n_stuffer));
[ + - ]
582 [ # # ][ - + ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->client_ticket_to_decrypt, &client_ticket_to_decrypt, sizeof(struct s2n_stuffer));
[ + - ]
583 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->handshake.io, &handshake_io, sizeof(struct s2n_stuffer));
[ + - ]
584 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->header_in, &header_in, sizeof(struct s2n_stuffer));
[ + - ]
585 [ - + ][ # # ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->buffer_in, &buffer_in, sizeof(struct s2n_stuffer));
[ + - ]
586 [ # # ][ - + ]: 3421997 : POSIX_CHECKED_MEMCPY(&conn->out, &out, sizeof(struct s2n_stuffer));
[ + - ]
587 : :
588 : : /* conn->in will eventually point to part of conn->buffer_in, but we initialize
589 : : * it as growable and allocated to support legacy tests.
590 : : */
591 [ - + ]: 3421997 : POSIX_GUARD(s2n_stuffer_growable_alloc(&conn->in, 0));
592 : :
593 : 3421997 : conn->handshake.hashes = handshake_hashes;
594 : 3421997 : conn->prf_space = prf_workspace;
595 : 3421997 : conn->initial = initial;
596 : 3421997 : conn->secure = secure;
597 : 3421997 : conn->client = conn->initial;
598 : 3421997 : conn->server = conn->initial;
599 : 3421997 : conn->handshake_params.client_cert_sig_scheme = &s2n_null_sig_scheme;
600 : 3421997 : conn->handshake_params.server_cert_sig_scheme = &s2n_null_sig_scheme;
601 : :
602 [ - + ]: 3421997 : POSIX_GUARD_RESULT(s2n_psk_parameters_init(&conn->psk_params));
603 : 3421997 : conn->server_keying_material_lifetime = ONE_WEEK_IN_SEC;
604 : :
605 : : /* Require all handshakes hashes. This set can be reduced as the handshake progresses. */
606 [ - + ]: 3421997 : POSIX_GUARD(s2n_handshake_require_all_hashes(&conn->handshake));
607 : :
608 [ + + ]: 3421997 : if (conn->mode == S2N_SERVER) {
609 : : /* Start with the highest protocol version so that the highest common protocol version can be selected */
610 : : /* during handshake. */
611 : 3367118 : conn->server_protocol_version = s2n_highest_protocol_version;
612 : 3367118 : conn->client_protocol_version = s2n_unknown_protocol_version;
613 : 3367118 : conn->actual_protocol_version = s2n_unknown_protocol_version;
614 : 3367118 : } else {
615 : : /* For clients, also set actual_protocol_version. Record generation uses that value for the initial */
616 : : /* ClientHello record version. Not all servers ignore the record version in ClientHello. */
617 : 54879 : conn->server_protocol_version = s2n_unknown_protocol_version;
618 : 54879 : conn->client_protocol_version = s2n_highest_protocol_version;
619 : 54879 : conn->actual_protocol_version = s2n_highest_protocol_version;
620 : 54879 : }
621 : :
622 : : /* Initialize remaining values */
623 : 3421997 : conn->blinding = S2N_BUILT_IN_BLINDING;
624 : 3421997 : conn->session_ticket_status = S2N_NO_TICKET;
625 : :
626 : 3421997 : return 0;
627 : 3421997 : }
628 : :
629 : : int s2n_connection_set_recv_ctx(struct s2n_connection *conn, void *ctx)
630 : 13910 : {
631 [ # # ][ - + ]: 13910 : POSIX_ENSURE_REF(conn);
632 [ - + ]: 13910 : POSIX_GUARD(s2n_connection_free_managed_recv_io(conn));
633 : 13910 : conn->recv_io_context = ctx;
634 : 13910 : return S2N_SUCCESS;
635 : 13910 : }
636 : :
637 : : int s2n_connection_set_send_ctx(struct s2n_connection *conn, void *ctx)
638 : 13944 : {
639 [ # # ][ - + ]: 13944 : POSIX_ENSURE_REF(conn);
640 [ - + ]: 13944 : POSIX_GUARD(s2n_connection_free_managed_send_io(conn));
641 : 13944 : conn->send_io_context = ctx;
642 : 13944 : return S2N_SUCCESS;
643 : 13944 : }
644 : :
645 : : int s2n_connection_set_recv_cb(struct s2n_connection *conn, s2n_recv_fn recv)
646 : 13912 : {
647 [ # # ][ - + ]: 13912 : POSIX_ENSURE_REF(conn);
648 [ - + ]: 13912 : POSIX_GUARD(s2n_connection_free_managed_recv_io(conn));
649 : 13912 : conn->recv = recv;
650 : 13912 : return S2N_SUCCESS;
651 : 13912 : }
652 : :
653 : : int s2n_connection_set_send_cb(struct s2n_connection *conn, s2n_send_fn send)
654 : 13943 : {
655 [ - + ][ # # ]: 13943 : POSIX_ENSURE_REF(conn);
656 [ - + ]: 13943 : POSIX_GUARD(s2n_connection_free_managed_send_io(conn));
657 : 13943 : conn->send = send;
658 : 13943 : return S2N_SUCCESS;
659 : 13943 : }
660 : :
661 : : int s2n_connection_get_client_cert_chain(struct s2n_connection *conn, uint8_t **cert_chain_out, uint32_t *cert_chain_len)
662 : 65 : {
663 [ - + ][ # # ]: 65 : POSIX_ENSURE_REF(conn);
664 [ - + ][ # # ]: 65 : POSIX_ENSURE_REF(cert_chain_out);
665 [ - + ][ # # ]: 65 : POSIX_ENSURE_REF(cert_chain_len);
666 [ + - ][ + + ]: 65 : POSIX_ENSURE_REF(conn->handshake_params.client_cert_chain.data);
667 : :
668 : 61 : *cert_chain_out = conn->handshake_params.client_cert_chain.data;
669 : 61 : *cert_chain_len = conn->handshake_params.client_cert_chain.size;
670 : :
671 : 61 : return S2N_SUCCESS;
672 : 65 : }
673 : :
674 : : int s2n_connection_get_cipher_preferences(struct s2n_connection *conn, const struct s2n_cipher_preferences **cipher_preferences)
675 : 1021 : {
676 [ + + ][ + - ]: 1021 : POSIX_ENSURE_REF(conn);
677 [ - + ][ # # ]: 1020 : POSIX_ENSURE_REF(conn->config);
678 [ - + ][ # # ]: 1020 : POSIX_ENSURE_REF(cipher_preferences);
679 : :
680 [ + + ]: 1020 : if (conn->security_policy_override != NULL) {
681 : 970 : *cipher_preferences = conn->security_policy_override->cipher_preferences;
682 [ + + ]: 970 : } else if (conn->config->security_policy != NULL) {
683 : 49 : *cipher_preferences = conn->config->security_policy->cipher_preferences;
684 : 49 : } else {
685 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_CIPHER_PREFERENCES);
686 : 1 : }
687 : :
688 [ - + ][ # # ]: 1019 : POSIX_ENSURE_REF(*cipher_preferences);
689 : 1019 : return 0;
690 : 1019 : }
691 : :
692 : : int s2n_connection_get_certificate_match(struct s2n_connection *conn, s2n_cert_sni_match *match_status)
693 : 9 : {
694 [ + + ][ + - ]: 9 : POSIX_ENSURE(conn, S2N_ERR_INVALID_ARGUMENT);
695 [ - + ][ # # ]: 7 : POSIX_ENSURE(match_status, S2N_ERR_INVALID_ARGUMENT);
696 [ + + ][ + - ]: 7 : POSIX_ENSURE(conn->mode == S2N_SERVER, S2N_ERR_CLIENT_MODE);
697 : :
698 : : /* Server must have gotten past certificate selection */
699 [ + - ][ + + ]: 6 : POSIX_ENSURE(conn->handshake_params.our_chain_and_key, S2N_ERR_NO_CERT_FOUND);
700 : :
701 [ + + ]: 5 : if (!s2n_server_received_server_name(conn)) {
702 : 1 : *match_status = S2N_SNI_NONE;
703 [ + + ]: 4 : } else if (conn->handshake_params.exact_sni_match_exists) {
704 : 1 : *match_status = S2N_SNI_EXACT_MATCH;
705 [ + + ]: 3 : } else if (conn->handshake_params.wc_sni_match_exists) {
706 : 1 : *match_status = S2N_SNI_WILDCARD_MATCH;
707 : 2 : } else {
708 : 2 : *match_status = S2N_SNI_NO_MATCH;
709 : 2 : }
710 : :
711 : 5 : return S2N_SUCCESS;
712 : 6 : }
713 : :
714 : : int s2n_connection_get_security_policy(struct s2n_connection *conn, const struct s2n_security_policy **security_policy)
715 : 99191 : {
716 [ + + ][ + - ]: 99191 : POSIX_ENSURE_REF(conn);
717 [ - + ][ # # ]: 99190 : POSIX_ENSURE_REF(conn->config);
718 [ # # ][ - + ]: 99190 : POSIX_ENSURE_REF(security_policy);
719 : :
720 [ + + ]: 99190 : if (conn->security_policy_override != NULL) {
721 : 20626 : *security_policy = conn->security_policy_override;
722 [ + + ]: 78564 : } else if (conn->config->security_policy != NULL) {
723 : 78563 : *security_policy = conn->config->security_policy;
724 : 78563 : } else {
725 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_SECURITY_POLICY);
726 : 1 : }
727 : :
728 [ - + ][ # # ]: 99189 : POSIX_ENSURE_REF(*security_policy);
729 : 99189 : return 0;
730 : 99189 : }
731 : :
732 : : int s2n_connection_get_kem_preferences(struct s2n_connection *conn, const struct s2n_kem_preferences **kem_preferences)
733 : 24371 : {
734 [ + - ][ + + ]: 24371 : POSIX_ENSURE_REF(conn);
735 [ - + ][ # # ]: 24370 : POSIX_ENSURE_REF(conn->config);
736 [ - + ][ # # ]: 24370 : POSIX_ENSURE_REF(kem_preferences);
737 : :
738 [ + + ]: 24370 : if (conn->security_policy_override != NULL) {
739 : 6782 : *kem_preferences = conn->security_policy_override->kem_preferences;
740 [ + + ]: 17588 : } else if (conn->config->security_policy != NULL) {
741 : 17587 : *kem_preferences = conn->config->security_policy->kem_preferences;
742 : 17587 : } else {
743 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_KEM_PREFERENCES);
744 : 1 : }
745 : :
746 [ - + ][ # # ]: 24369 : POSIX_ENSURE_REF(*kem_preferences);
747 : 24369 : return 0;
748 : 24369 : }
749 : :
750 : : int s2n_connection_get_signature_preferences(struct s2n_connection *conn, const struct s2n_signature_preferences **signature_preferences)
751 : 17410 : {
752 [ + + ][ + - ]: 17410 : POSIX_ENSURE_REF(conn);
753 [ - + ][ # # ]: 17409 : POSIX_ENSURE_REF(conn->config);
754 [ - + ][ # # ]: 17409 : POSIX_ENSURE_REF(signature_preferences);
755 : :
756 [ + + ]: 17409 : if (conn->security_policy_override != NULL) {
757 : 2876 : *signature_preferences = conn->security_policy_override->signature_preferences;
758 [ + + ]: 14533 : } else if (conn->config->security_policy != NULL) {
759 : 14532 : *signature_preferences = conn->config->security_policy->signature_preferences;
760 : 14532 : } else {
761 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES);
762 : 1 : }
763 : :
764 [ - + ][ # # ]: 17408 : POSIX_ENSURE_REF(*signature_preferences);
765 : 17408 : return 0;
766 : 17408 : }
767 : :
768 : : int s2n_connection_get_ecc_preferences(struct s2n_connection *conn, const struct s2n_ecc_preferences **ecc_preferences)
769 : 84723 : {
770 [ + + ][ + - ]: 84723 : POSIX_ENSURE_REF(conn);
771 [ - + ][ # # ]: 84722 : POSIX_ENSURE_REF(conn->config);
772 [ - + ][ # # ]: 84722 : POSIX_ENSURE_REF(ecc_preferences);
773 : :
774 [ + + ]: 84722 : if (conn->security_policy_override != NULL) {
775 : 20595 : *ecc_preferences = conn->security_policy_override->ecc_preferences;
776 [ + + ]: 64127 : } else if (conn->config->security_policy != NULL) {
777 : 64126 : *ecc_preferences = conn->config->security_policy->ecc_preferences;
778 : 64126 : } else {
779 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_INVALID_ECC_PREFERENCES);
780 : 1 : }
781 : :
782 [ - + ][ # # ]: 84721 : POSIX_ENSURE_REF(*ecc_preferences);
783 : 84721 : return 0;
784 : 84721 : }
785 : :
786 : : int s2n_connection_get_protocol_preferences(struct s2n_connection *conn, struct s2n_blob **protocol_preferences)
787 : 15553 : {
788 [ + + ][ + - ]: 15553 : POSIX_ENSURE_REF(conn);
789 [ - + ][ # # ]: 15552 : POSIX_ENSURE_REF(protocol_preferences);
790 : :
791 : 15552 : *protocol_preferences = NULL;
792 [ + + ]: 15552 : if (conn->application_protocols_overridden.size > 0) {
793 : 20 : *protocol_preferences = &conn->application_protocols_overridden;
794 : 15532 : } else {
795 [ - + ][ # # ]: 15532 : POSIX_ENSURE_REF(conn->config);
796 : 15532 : *protocol_preferences = &conn->config->application_protocols;
797 : 15532 : }
798 : :
799 [ - + ][ # # ]: 15552 : POSIX_ENSURE_REF(*protocol_preferences);
800 : 15552 : return 0;
801 : 15552 : }
802 : :
803 : : static S2N_RESULT s2n_connection_and_config_get_client_auth_type(const struct s2n_connection *conn,
804 : : const struct s2n_config *config, s2n_cert_auth_type *client_cert_auth_type)
805 : 60123 : {
806 [ # # ][ - + ]: 60123 : RESULT_ENSURE_REF(conn);
807 [ - + ][ # # ]: 60123 : RESULT_ENSURE_REF(config);
808 [ # # ][ - + ]: 60123 : RESULT_ENSURE_REF(client_cert_auth_type);
809 : :
810 [ + + ]: 60123 : if (conn->client_cert_auth_type_overridden) {
811 : 1263 : *client_cert_auth_type = conn->client_cert_auth_type;
812 [ + + ]: 58860 : } else if (config->client_cert_auth_type_overridden) {
813 : 1580 : *client_cert_auth_type = config->client_cert_auth_type;
814 [ + + ]: 57280 : } else if (conn->mode == S2N_CLIENT) {
815 : : /* Clients should default to "Optional" so that they handle any
816 : : * CertificateRequests sent by the server.
817 : : */
818 : 39879 : *client_cert_auth_type = S2N_CERT_AUTH_OPTIONAL;
819 : 39879 : } else {
820 : : /* Servers should default to "None" so that they send no CertificateRequests. */
821 : 17401 : *client_cert_auth_type = S2N_CERT_AUTH_NONE;
822 : 17401 : }
823 : :
824 : 60123 : return S2N_RESULT_OK;
825 : 60123 : }
826 : :
827 : : int s2n_connection_get_client_auth_type(struct s2n_connection *conn,
828 : : s2n_cert_auth_type *client_cert_auth_type)
829 : 60123 : {
830 [ # # ][ - + ]: 60123 : POSIX_ENSURE_REF(conn);
831 [ - + ]: 60123 : POSIX_GUARD_RESULT(s2n_connection_and_config_get_client_auth_type(
832 : 60123 : conn, conn->config, client_cert_auth_type));
833 : 60123 : return S2N_SUCCESS;
834 : 60123 : }
835 : :
836 : : int s2n_connection_set_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type client_cert_auth_type)
837 : 245 : {
838 [ # # ][ - + ]: 245 : POSIX_ENSURE_REF(conn);
839 : :
840 : 245 : conn->client_cert_auth_type_overridden = 1;
841 : 245 : conn->client_cert_auth_type = client_cert_auth_type;
842 : 245 : return 0;
843 : 245 : }
844 : :
845 : : #ifndef _WIN32
846 : : int s2n_connection_set_read_fd(struct s2n_connection *conn, int rfd)
847 : 6962 : {
848 : 6962 : struct s2n_blob ctx_mem = { 0 };
849 : 6962 : struct s2n_socket_read_io_context *peer_socket_ctx = NULL;
850 : :
851 [ + + ][ + - ]: 6962 : POSIX_ENSURE_REF(conn);
852 [ - + ]: 6960 : POSIX_GUARD(s2n_alloc(&ctx_mem, sizeof(struct s2n_socket_read_io_context)));
853 [ - + ]: 6960 : POSIX_GUARD(s2n_blob_zero(&ctx_mem));
854 : :
855 : 6960 : peer_socket_ctx = (struct s2n_socket_read_io_context *) (void *) ctx_mem.data;
856 : 6960 : peer_socket_ctx->fd = rfd;
857 : :
858 [ - + ]: 6960 : POSIX_GUARD(s2n_connection_set_recv_cb(conn, s2n_socket_read));
859 [ - + ]: 6960 : POSIX_GUARD(s2n_connection_set_recv_ctx(conn, peer_socket_ctx));
860 : 6960 : conn->managed_recv_io = true;
861 : :
862 : : /* This is only needed if the user is using corked io.
863 : : * Take the snapshot in case optimized io is enabled after setting the fd.
864 : : */
865 [ - + ]: 6960 : POSIX_GUARD(s2n_socket_read_snapshot(conn));
866 : :
867 : 6960 : return 0;
868 : 6960 : }
869 : :
870 : : int s2n_connection_get_read_fd(struct s2n_connection *conn, int *readfd)
871 : 18 : {
872 [ + - ][ + + ]: 18 : POSIX_ENSURE_REF(conn);
873 [ # # ][ - + ]: 17 : POSIX_ENSURE_REF(readfd);
874 [ + - ][ + - ]: 17 : POSIX_ENSURE((conn->managed_recv_io && conn->recv_io_context), S2N_ERR_INVALID_STATE);
[ + + ]
875 : :
876 : 16 : const struct s2n_socket_read_io_context *peer_socket_ctx = conn->recv_io_context;
877 : 16 : *readfd = peer_socket_ctx->fd;
878 : 16 : return S2N_SUCCESS;
879 : 17 : }
880 : :
881 : : int s2n_connection_set_write_fd(struct s2n_connection *conn, int wfd)
882 : 6966 : {
883 : 6966 : struct s2n_blob ctx_mem = { 0 };
884 : 6966 : struct s2n_socket_write_io_context *peer_socket_ctx = NULL;
885 : :
886 [ + - ][ + + ]: 6966 : POSIX_ENSURE_REF(conn);
887 [ - + ]: 6965 : POSIX_GUARD(s2n_alloc(&ctx_mem, sizeof(struct s2n_socket_write_io_context)));
888 : :
889 : 6965 : peer_socket_ctx = (struct s2n_socket_write_io_context *) (void *) ctx_mem.data;
890 : 6965 : peer_socket_ctx->fd = wfd;
891 : :
892 [ - + ]: 6965 : POSIX_GUARD(s2n_connection_set_send_cb(conn, s2n_socket_write));
893 [ - + ]: 6965 : POSIX_GUARD(s2n_connection_set_send_ctx(conn, peer_socket_ctx));
894 : 6965 : conn->managed_send_io = true;
895 : :
896 : : /* This is only needed if the user is using corked io.
897 : : * Take the snapshot in case optimized io is enabled after setting the fd.
898 : : */
899 [ - + ]: 6965 : POSIX_GUARD(s2n_socket_write_snapshot(conn));
900 : :
901 : 6965 : conn->write_fd_broken = 0;
902 : :
903 : 6965 : return 0;
904 : 6965 : }
905 : :
906 : : int s2n_connection_get_write_fd(struct s2n_connection *conn, int *writefd)
907 : 1500 : {
908 [ + - ][ + + ]: 1500 : POSIX_ENSURE_REF(conn);
909 [ # # ][ - + ]: 1499 : POSIX_ENSURE_REF(writefd);
910 [ + - ][ + - ]: 1499 : POSIX_ENSURE((conn->managed_send_io && conn->send_io_context), S2N_ERR_INVALID_STATE);
[ + + ]
911 : :
912 : 1498 : const struct s2n_socket_write_io_context *peer_socket_ctx = conn->send_io_context;
913 : 1498 : *writefd = peer_socket_ctx->fd;
914 : 1498 : return S2N_SUCCESS;
915 : 1499 : }
916 : : int s2n_connection_set_fd(struct s2n_connection *conn, int fd)
917 : 6940 : {
918 [ + + ]: 6940 : POSIX_GUARD(s2n_connection_set_read_fd(conn, fd));
919 [ - + ]: 6939 : POSIX_GUARD(s2n_connection_set_write_fd(conn, fd));
920 : 6939 : return 0;
921 : 6939 : }
922 : :
923 : : int s2n_connection_use_corked_io(struct s2n_connection *conn)
924 : 37 : {
925 [ # # ][ - + ]: 37 : POSIX_ENSURE_REF(conn);
926 : :
927 : : /* Caller shouldn't be trying to set s2n IO corked on non-s2n-managed IO */
928 [ + - ][ + + ]: 37 : POSIX_ENSURE(conn->managed_send_io, S2N_ERR_CORK_SET_ON_UNMANAGED);
929 : 36 : conn->corked_io = 1;
930 : :
931 : 36 : return 0;
932 : 37 : }
933 : : #endif
934 : :
935 : : uint64_t s2n_connection_get_wire_bytes_in(struct s2n_connection *conn)
936 : 0 : {
937 [ # # ]: 0 : if (conn == NULL) {
938 : 0 : return 0;
939 : 0 : }
940 [ # # ]: 0 : if (conn->ktls_recv_enabled) {
941 : 0 : return 0;
942 : 0 : }
943 : 0 : return conn->wire_bytes_in;
944 : 0 : }
945 : :
946 : : uint64_t s2n_connection_get_wire_bytes_out(struct s2n_connection *conn)
947 : 4 : {
948 [ - + ]: 4 : if (conn == NULL) {
949 : 0 : return 0;
950 : 0 : }
951 [ - + ]: 4 : if (conn->ktls_send_enabled) {
952 : 0 : return 0;
953 : 0 : }
954 : 4 : return conn->wire_bytes_out;
955 : 4 : }
956 : :
957 : : const char *s2n_connection_get_cipher(struct s2n_connection *conn)
958 : 20408 : {
959 [ + - ][ + + ]: 20408 : PTR_ENSURE_REF(conn);
960 [ # # ][ - + ]: 20407 : PTR_ENSURE_REF(conn->secure);
961 [ - + ][ # # ]: 20407 : PTR_ENSURE_REF(conn->secure->cipher_suite);
962 : :
963 : 20407 : return conn->secure->cipher_suite->name;
964 : 20407 : }
965 : :
966 : : int s2n_connection_get_cipher_iana_value(struct s2n_connection *conn, uint8_t *first, uint8_t *second)
967 : 72 : {
968 [ - + ][ # # ]: 72 : POSIX_ENSURE_REF(conn);
969 [ - + ][ # # ]: 72 : POSIX_ENSURE_REF(conn->secure);
970 [ # # ][ - + ]: 72 : POSIX_ENSURE_REF(conn->secure->cipher_suite);
971 [ # # ][ - + ]: 72 : POSIX_ENSURE_MUT(first);
972 [ - + ][ # # ]: 72 : POSIX_ENSURE_MUT(second);
973 : :
974 : : /* ensure we've negotiated a cipher suite */
975 [ + - ][ + + ]: 72 : POSIX_ENSURE(!s2n_constant_time_equals(conn->secure->cipher_suite->iana_value,
976 : 71 : s2n_null_cipher_suite.iana_value, sizeof(s2n_null_cipher_suite.iana_value)),
977 : 71 : S2N_ERR_INVALID_STATE);
978 : :
979 : 71 : const uint8_t *iana_value = conn->secure->cipher_suite->iana_value;
980 : 71 : *first = iana_value[0];
981 : 71 : *second = iana_value[1];
982 : :
983 : 71 : return S2N_SUCCESS;
984 : 72 : }
985 : :
986 : : const char *s2n_connection_get_curve(struct s2n_connection *conn)
987 : 20298 : {
988 [ - + ][ # # ]: 20298 : PTR_ENSURE_REF(conn);
989 [ - + ][ # # ]: 20298 : PTR_ENSURE_REF(conn->secure);
990 [ # # ][ - + ]: 20298 : PTR_ENSURE_REF(conn->secure->cipher_suite);
991 : :
992 [ + + ]: 20298 : if (conn->kex_params.server_ecc_evp_params.negotiated_curve) {
993 : : /* TLS1.3 currently only uses ECC groups. */
994 : 19077 : bool tls13 = conn->actual_protocol_version >= S2N_TLS13;
995 : : /* we check for a full handshake, because TLS 1.2 resumption does not perform
996 : : * an additional diffie-hellman exchange */
997 [ + + ]: 19077 : bool ecdhe_cipher_negotiated = s2n_kex_includes(conn->secure->cipher_suite->key_exchange_alg, &s2n_ecdhe)
998 [ + + ]: 19077 : && IS_FULL_HANDSHAKE(conn);
999 [ + + ][ + + ]: 19077 : if (tls13 || ecdhe_cipher_negotiated) {
1000 : 16915 : return conn->kex_params.server_ecc_evp_params.negotiated_curve->name;
1001 : 16915 : }
1002 : 19077 : }
1003 : :
1004 : 3383 : return "NONE";
1005 : 20298 : }
1006 : :
1007 : : const char *s2n_connection_get_kem_name(struct s2n_connection *conn)
1008 : 0 : {
1009 [ # # ][ # # ]: 0 : PTR_ENSURE_REF(conn);
1010 : :
1011 [ # # ]: 0 : if (!conn->kex_params.kem_params.kem) {
1012 : 0 : return "NONE";
1013 : 0 : }
1014 : :
1015 : 0 : return conn->kex_params.kem_params.kem->name;
1016 : 0 : }
1017 : :
1018 : : const char *s2n_connection_get_kem_group_name(struct s2n_connection *conn)
1019 : 0 : {
1020 [ # # ][ # # ]: 0 : PTR_ENSURE_REF(conn);
1021 : :
1022 [ # # ][ # # ]: 0 : if (conn->actual_protocol_version < S2N_TLS13 || !conn->kex_params.server_kem_group_params.kem_group) {
1023 : 0 : return "NONE";
1024 : 0 : }
1025 : :
1026 : 0 : return conn->kex_params.server_kem_group_params.kem_group->name;
1027 : 0 : }
1028 : :
1029 : : int s2n_connection_get_key_exchange_group(struct s2n_connection *conn, const char **group_name)
1030 : 20246 : {
1031 [ # # ][ - + ]: 20246 : POSIX_ENSURE_REF(conn);
1032 [ - + ][ # # ]: 20246 : POSIX_ENSURE_REF(group_name);
1033 : :
1034 : : /* s2n_connection_get_curve returns only the ECDH curve portion of a named group, even if
1035 : : the negotiated group was a hybrid PQ key exchange also containing a KEM. Therefore,
1036 : : we use the result of s2n_connection_get_kem_group_name if the connection supports PQ. */
1037 [ - + ]: 20246 : if (s2n_tls13_pq_hybrid_supported(conn)) {
1038 : 0 : *group_name = s2n_connection_get_kem_group_name(conn);
1039 : 20246 : } else {
1040 : 20246 : *group_name = s2n_connection_get_curve(conn);
1041 : 20246 : }
1042 : :
1043 [ + - ][ + - ]: 20246 : POSIX_ENSURE(*group_name != NULL && strcmp(*group_name, "NONE"), S2N_ERR_INVALID_STATE);
[ + + ]
1044 : :
1045 : 16865 : return S2N_SUCCESS;
1046 : 20246 : }
1047 : :
1048 : : static S2N_RESULT s2n_connection_get_client_supported_version(struct s2n_connection *conn,
1049 : : uint8_t *client_supported_version)
1050 : 43 : {
1051 [ # # ][ - + ]: 43 : RESULT_ENSURE_REF(conn);
1052 [ # # ][ - + ]: 43 : RESULT_ENSURE_EQ(conn->mode, S2N_SERVER);
1053 : :
1054 : 43 : struct s2n_client_hello *client_hello = s2n_connection_get_client_hello(conn);
1055 [ - + ][ # # ]: 43 : RESULT_ENSURE_REF(client_hello);
1056 : :
1057 : 43 : s2n_parsed_extension *supported_versions_extension = NULL;
1058 [ + + ]: 43 : RESULT_GUARD_POSIX(s2n_client_hello_get_parsed_extension(S2N_EXTENSION_SUPPORTED_VERSIONS, &client_hello->extensions,
1059 : 28 : &supported_versions_extension));
1060 [ - + ][ # # ]: 28 : RESULT_ENSURE_REF(supported_versions_extension);
1061 : :
1062 : 28 : struct s2n_stuffer supported_versions_stuffer = { 0 };
1063 [ - + ]: 28 : RESULT_GUARD_POSIX(s2n_stuffer_init_written(&supported_versions_stuffer, &supported_versions_extension->extension));
1064 : :
1065 : 28 : uint8_t client_protocol_version = s2n_unknown_protocol_version;
1066 : 28 : uint8_t actual_protocol_version = s2n_unknown_protocol_version;
1067 [ + + ]: 28 : RESULT_GUARD_POSIX(s2n_extensions_client_supported_versions_process(conn, &supported_versions_stuffer,
1068 : 24 : &client_protocol_version, &actual_protocol_version));
1069 : :
1070 [ + - ][ + + ]: 24 : RESULT_ENSURE_NE(client_protocol_version, s2n_unknown_protocol_version);
1071 : :
1072 : 20 : *client_supported_version = client_protocol_version;
1073 : :
1074 : 20 : return S2N_RESULT_OK;
1075 : 24 : }
1076 : :
1077 : : int s2n_connection_get_client_protocol_version(struct s2n_connection *conn)
1078 : 74 : {
1079 [ + - ][ + + ]: 74 : POSIX_ENSURE_REF(conn);
1080 : :
1081 : : /* For backwards compatibility, the client_protocol_version field isn't updated via the
1082 : : * supported versions extension on TLS 1.2 servers. See
1083 : : * https://github.com/aws/s2n-tls/issues/4240.
1084 : : *
1085 : : * The extension is processed here to ensure that TLS 1.2 servers report the same client
1086 : : * protocol version to applications as TLS 1.3 servers.
1087 : : */
1088 [ + + ][ + + ]: 73 : if (conn->mode == S2N_SERVER && conn->server_protocol_version <= S2N_TLS12) {
1089 : 43 : uint8_t client_supported_version = s2n_unknown_protocol_version;
1090 : 43 : s2n_result result = s2n_connection_get_client_supported_version(conn, &client_supported_version);
1091 : :
1092 : : /* If the extension wasn't received, or if a client protocol version couldn't be determined
1093 : : * after processing the extension, the extension is ignored.
1094 : : */
1095 [ + + ]: 43 : if (s2n_result_is_ok(result)) {
1096 : 20 : return client_supported_version;
1097 : 20 : }
1098 : 43 : }
1099 : :
1100 : 53 : return conn->client_protocol_version;
1101 : 73 : }
1102 : :
1103 : : int s2n_connection_get_server_protocol_version(struct s2n_connection *conn)
1104 : 55 : {
1105 [ + + ][ + - ]: 55 : POSIX_ENSURE_REF(conn);
1106 : :
1107 : 54 : return conn->server_protocol_version;
1108 : 55 : }
1109 : :
1110 : : int s2n_connection_get_actual_protocol_version(struct s2n_connection *conn)
1111 : 20327 : {
1112 [ + - ][ + + ]: 20327 : POSIX_ENSURE_REF(conn);
1113 : :
1114 : 20326 : return conn->actual_protocol_version;
1115 : 20327 : }
1116 : :
1117 : : int s2n_connection_get_client_hello_version(struct s2n_connection *conn)
1118 : 1262 : {
1119 [ + + ][ + - ]: 1262 : POSIX_ENSURE_REF(conn);
1120 : :
1121 [ + + ]: 1261 : if (conn->client_hello.sslv2) {
1122 : 2 : return S2N_SSLv2;
1123 : 1259 : } else {
1124 [ + + ]: 1259 : return S2N_MIN(conn->client_hello.legacy_version, S2N_TLS12);
1125 : 1259 : }
1126 : 1261 : }
1127 : :
1128 : : int s2n_connection_client_cert_used(struct s2n_connection *conn)
1129 : 180 : {
1130 [ - + ][ # # ]: 180 : POSIX_ENSURE_REF(conn);
1131 : :
1132 [ + + ][ + + ]: 180 : if (IS_CLIENT_AUTH_HANDSHAKE(conn) && is_handshake_complete(conn)) {
1133 [ + - ][ + + ]: 132 : if (IS_CLIENT_AUTH_NO_CERT(conn)) {
1134 : 32 : return 0;
1135 : 32 : }
1136 : 100 : return 1;
1137 : 132 : }
1138 : 48 : return 0;
1139 : 180 : }
1140 : :
1141 : : int s2n_connection_get_alert(struct s2n_connection *conn)
1142 : 3017 : {
1143 [ # # ][ - + ]: 3017 : POSIX_ENSURE_REF(conn);
1144 : :
1145 [ - + ][ # # ]: 3017 : S2N_ERROR_IF(s2n_stuffer_data_available(&conn->alert_in) != 2, S2N_ERR_NO_ALERT);
1146 : :
1147 : : /* Shallow copy the stuffer. We assume that multiple threads might call this
1148 : : * function concurrently, so we must not mutate anything outside of the function scope */
1149 : 3017 : struct s2n_stuffer alert_stuffer = conn->alert_in;
1150 : 3017 : uint8_t alert_code = 0;
1151 [ - + ]: 3017 : POSIX_GUARD(s2n_stuffer_read_uint8(&alert_stuffer, &alert_code));
1152 [ - + ]: 3017 : POSIX_GUARD(s2n_stuffer_read_uint8(&alert_stuffer, &alert_code));
1153 : :
1154 : 3017 : return alert_code;
1155 : 3017 : }
1156 : :
1157 : : int s2n_set_server_name(struct s2n_connection *conn, const char *server_name)
1158 : 220 : {
1159 [ - + ][ # # ]: 220 : POSIX_ENSURE_REF(conn);
1160 [ # # ][ - + ]: 220 : POSIX_ENSURE_REF(server_name);
1161 : :
1162 [ - + ][ # # ]: 220 : S2N_ERROR_IF(conn->mode != S2N_CLIENT, S2N_ERR_CLIENT_MODE);
1163 : :
1164 : 220 : int len = strlen(server_name);
1165 [ - + ][ # # ]: 220 : S2N_ERROR_IF(len > S2N_MAX_SERVER_NAME, S2N_ERR_SERVER_NAME_TOO_LONG);
1166 : :
1167 [ - + ][ # # ]: 220 : POSIX_CHECKED_MEMCPY(conn->server_name, server_name, len);
[ + + ]
1168 : :
1169 : 220 : return 0;
1170 : 220 : }
1171 : :
1172 : : const char *s2n_get_server_name(struct s2n_connection *conn)
1173 : 76 : {
1174 [ + + ][ + - ]: 76 : PTR_ENSURE_REF(conn);
1175 : :
1176 [ + + ]: 42 : if (conn->server_name[0]) {
1177 : 4 : return conn->server_name;
1178 : 4 : }
1179 : :
1180 [ - + ]: 38 : PTR_GUARD_POSIX(s2n_extension_process(&s2n_client_server_name_extension, conn, &conn->client_hello.extensions));
1181 : :
1182 [ + + ]: 38 : if (!conn->server_name[0]) {
1183 : 2 : return NULL;
1184 : 2 : }
1185 : :
1186 : 36 : return conn->server_name;
1187 : 38 : }
1188 : :
1189 : : const char *s2n_get_application_protocol(struct s2n_connection *conn)
1190 : 75 : {
1191 [ # # ][ - + ]: 75 : PTR_ENSURE_REF(conn);
1192 : :
1193 [ + + ]: 75 : if (strlen(conn->application_protocol) == 0) {
1194 : 16 : return NULL;
1195 : 16 : }
1196 : :
1197 : 59 : return conn->application_protocol;
1198 : 75 : }
1199 : :
1200 : : int s2n_connection_get_session_id_length(struct s2n_connection *conn)
1201 : 11 : {
1202 [ + + ][ + - ]: 11 : POSIX_ENSURE_REF(conn);
1203 : : /* Stateful session resumption in TLS1.3 using session id is not yet supported. */
1204 [ + + ]: 10 : if (conn->actual_protocol_version >= S2N_TLS13) {
1205 : 1 : return 0;
1206 : 1 : }
1207 : 9 : return conn->session_id_len;
1208 : 10 : }
1209 : :
1210 : : int s2n_connection_get_session_id(struct s2n_connection *conn, uint8_t *session_id, size_t max_length)
1211 : 3 : {
1212 [ # # ][ - + ]: 3 : POSIX_ENSURE_REF(conn);
1213 [ - + ][ # # ]: 3 : POSIX_ENSURE_REF(session_id);
1214 : :
1215 : 3 : const int session_id_len = s2n_connection_get_session_id_length(conn);
1216 [ - + ]: 3 : POSIX_GUARD(session_id_len);
1217 : :
1218 [ # # ][ - + ]: 3 : POSIX_ENSURE((size_t) session_id_len <= max_length, S2N_ERR_SESSION_ID_TOO_LONG);
1219 : :
1220 [ # # ][ - + ]: 3 : POSIX_CHECKED_MEMCPY(session_id, conn->session_id, session_id_len);
[ + - ]
1221 : :
1222 : 3 : return session_id_len;
1223 : 3 : }
1224 : :
1225 : : int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blinding)
1226 : 8421 : {
1227 [ - + ][ # # ]: 8421 : POSIX_ENSURE_REF(conn);
1228 : 8421 : conn->blinding = blinding;
1229 : :
1230 : 8421 : return 0;
1231 : 8421 : }
1232 : :
1233 : 2122 : #define ONE_S INT64_C(1000000000)
1234 : :
1235 : : static S2N_RESULT s2n_connection_get_delay_impl(struct s2n_connection *conn, uint64_t *delay)
1236 : 33 : {
1237 [ # # ][ - + ]: 33 : RESULT_ENSURE_REF(conn);
1238 [ # # ][ - + ]: 33 : RESULT_ENSURE_REF(delay);
1239 : :
1240 [ + + ]: 33 : if (!conn->delay) {
1241 : 24 : *delay = 0;
1242 : 24 : return S2N_RESULT_OK;
1243 : 24 : }
1244 : :
1245 : 9 : uint64_t elapsed = 0;
1246 [ - + ]: 9 : RESULT_GUARD(s2n_timer_elapsed(conn->config, &conn->write_timer, &elapsed));
1247 : :
1248 [ - + ]: 9 : if (elapsed > conn->delay) {
1249 : 0 : *delay = 0;
1250 : 0 : return S2N_RESULT_OK;
1251 : 0 : }
1252 : :
1253 : 9 : *delay = conn->delay - elapsed;
1254 : :
1255 : 9 : return S2N_RESULT_OK;
1256 : 9 : }
1257 : :
1258 : : uint64_t s2n_connection_get_delay(struct s2n_connection *conn)
1259 : 33 : {
1260 : 33 : uint64_t delay = 0;
1261 [ + - ]: 33 : if (s2n_result_is_ok(s2n_connection_get_delay_impl(conn, &delay))) {
1262 : 33 : return delay;
1263 : 33 : } else {
1264 : 0 : return UINT64_MAX;
1265 : 0 : }
1266 : 33 : }
1267 : :
1268 : : /* s2n-tls has a random delay that will trigger for sensitive errors. This is a mitigation
1269 : : * for possible timing sidechannels.
1270 : : *
1271 : : * The historical sidechannel that inspired s2n-tls blinding was the Lucky 13 attack, which takes
1272 : : * advantage of potential timing differences when removing padding from a record encrypted in CBC mode.
1273 : : * The attack is only theoretical in TLS; the attack criteria is unlikely to ever occur
1274 : : * (See: Fardan, N. J. A., & Paterson, K. G. (2013, May 1). Lucky Thirteen: Breaking the TLS and
1275 : : * DTLS Record Protocols.) However, we still include blinding to provide a defense in depth mitigation.
1276 : : */
1277 : : S2N_RESULT s2n_connection_calculate_blinding(struct s2n_connection *conn, int64_t *min, int64_t *max)
1278 : 1056 : {
1279 [ # # ][ - + ]: 1056 : RESULT_ENSURE_REF(conn);
1280 [ # # ][ - + ]: 1056 : RESULT_ENSURE_REF(min);
1281 [ - + ][ # # ]: 1056 : RESULT_ENSURE_REF(max);
1282 [ - + ][ # # ]: 1056 : RESULT_ENSURE_REF(conn->config);
1283 : :
1284 : : /*
1285 : : * The default delay is a random value between 10-30s. The rationale behind the range is that the
1286 : : * floor is the fixed cost that an attacker must pay per attempt, in this case, 10s. The length of
1287 : : * the range then affects the number of attempts that an attacker must perform in order to recover a
1288 : : * byte of plaintext with a certain degree of confidence.
1289 : : *
1290 : : * A uniform distribution of the range [a, b] has a variance of ((b - a)^2)/12. Therefore, given a
1291 : : * hypothetical timing difference of 1us, the number of attempts necessary to distinguish the correct
1292 : : * byte from an incorrect byte in a Lucky13-style attack is (((30 - 10) * 10 ^6)^2)/12 ~= 3.3 trillion
1293 : : * (note that we first have to convert from seconds to microseconds to match the unit of the timing difference.)
1294 : : */
1295 : 1056 : *min = S2N_DEFAULT_BLINDING_MIN * ONE_S;
1296 : 1056 : *max = S2N_DEFAULT_BLINDING_MAX * ONE_S;
1297 : :
1298 : : /* Setting the min to 1/3 of the max is an arbitrary ratio of fixed to variable delay.
1299 : : * It is based on the ratio of our original default values.
1300 : : */
1301 [ + + ]: 1056 : if (conn->config->custom_blinding_set) {
1302 : 10 : *max = conn->config->max_blinding * ONE_S;
1303 : 10 : *min = *max / 3;
1304 : 10 : }
1305 : :
1306 : 1056 : return S2N_RESULT_OK;
1307 : 1056 : }
1308 : :
1309 : : static S2N_RESULT s2n_connection_kill(struct s2n_connection *conn)
1310 : 1050 : {
1311 [ # # ][ - + ]: 1050 : RESULT_ENSURE_REF(conn);
1312 [ - + ]: 1050 : RESULT_GUARD(s2n_connection_set_closed(conn));
1313 : :
1314 : 1050 : int64_t min = 0, max = 0;
1315 [ - + ]: 1050 : RESULT_GUARD(s2n_connection_calculate_blinding(conn, &min, &max));
1316 [ + + ]: 1050 : if (max == 0) {
1317 : 4 : return S2N_RESULT_OK;
1318 : 4 : }
1319 : :
1320 : : /* Keep track of the delay so that it can be enforced */
1321 : 1046 : uint64_t rand_delay = 0;
1322 [ - + ]: 1046 : RESULT_GUARD(s2n_public_random(max - min, &rand_delay));
1323 : :
1324 : 1046 : conn->delay = min + rand_delay;
1325 : :
1326 : : /* Restart the write timer */
1327 [ - + ]: 1046 : RESULT_GUARD(s2n_timer_start(conn->config, &conn->write_timer));
1328 : :
1329 [ - + ]: 1046 : if (conn->blinding == S2N_BUILT_IN_BLINDING) {
1330 : 0 : struct timespec sleep_time = { .tv_sec = conn->delay / ONE_S, .tv_nsec = conn->delay % ONE_S };
1331 : :
1332 : 0 : int r = 0;
1333 : 0 : do {
1334 : 0 : r = nanosleep(&sleep_time, &sleep_time);
1335 [ # # ]: 0 : } while (r != 0);
1336 : 0 : }
1337 : :
1338 : 1046 : return S2N_RESULT_OK;
1339 : 1046 : }
1340 : :
1341 : : S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **conn)
1342 : 648841 : {
1343 [ + + ][ + - ]: 648841 : RESULT_ENSURE_REF(conn);
1344 [ + + ]: 648840 : if (*conn == NULL) {
1345 : 647670 : return S2N_RESULT_OK;
1346 : 647670 : }
1347 : :
1348 : 1170 : int error_code = s2n_errno;
1349 : 1170 : int error_type = s2n_error_get_type(error_code);
1350 : :
1351 : 1170 : switch (error_type) {
1352 [ + + ]: 1 : case S2N_ERR_T_OK:
1353 : : /* Ignore no error */
1354 : 1 : return S2N_RESULT_OK;
1355 [ + + ]: 83 : case S2N_ERR_T_BLOCKED:
1356 : : /* All blocking errors are retriable and should trigger no further action. */
1357 : 83 : return S2N_RESULT_OK;
1358 [ + + ]: 1086 : default:
1359 : 1086 : break;
1360 : 1170 : }
1361 : :
1362 : : /* Ensure that conn->in doesn't contain any leftover invalid or unauthenticated data. */
1363 [ - + ]: 1086 : RESULT_GUARD_POSIX(s2n_stuffer_wipe(&(*conn)->in));
1364 : :
1365 : 1086 : switch (error_code) {
1366 : : /* Don't invoke blinding on some of the common errors.
1367 : : *
1368 : : * Be careful adding new errors here. Disabling blinding for an
1369 : : * error that can be triggered by secret / encrypted values can
1370 : : * potentially lead to a side channel attack.
1371 : : *
1372 : : * We may want to someday add an explicit error type for these errors.
1373 : : */
1374 [ + + ]: 1 : case S2N_ERR_CLOSED:
1375 [ + + ]: 14 : case S2N_ERR_CANCELLED:
1376 [ + + ]: 31 : case S2N_ERR_CIPHER_NOT_SUPPORTED:
1377 [ + + ]: 34 : case S2N_ERR_PROTOCOL_VERSION_UNSUPPORTED:
1378 [ + + ]: 36 : case S2N_ERR_CONFIG_NULL_BEFORE_CH_CALLBACK:
1379 [ - + ]: 36 : RESULT_GUARD(s2n_connection_set_closed(*conn));
1380 : 36 : break;
1381 [ + + ]: 1050 : default:
1382 : : /* Apply blinding to all other errors */
1383 [ - + ]: 1050 : RESULT_GUARD(s2n_connection_kill(*conn));
1384 : 1050 : break;
1385 : 1086 : }
1386 : :
1387 : 1086 : return S2N_RESULT_OK;
1388 : 1086 : }
1389 : :
1390 : : S2N_RESULT s2n_connection_set_closed(struct s2n_connection *conn)
1391 : 4187 : {
1392 [ # # ][ - + ]: 4187 : RESULT_ENSURE_REF(conn);
1393 : 4187 : s2n_atomic_flag_set(&conn->read_closed);
1394 : 4187 : s2n_atomic_flag_set(&conn->write_closed);
1395 : 4187 : return S2N_RESULT_OK;
1396 : 4187 : }
1397 : :
1398 : : const uint8_t *s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t *length)
1399 : 17 : {
1400 [ # # ][ - + ]: 17 : PTR_ENSURE_REF(conn);
1401 [ # # ][ - + ]: 17 : PTR_ENSURE_REF(length);
1402 : :
1403 : 17 : *length = conn->status_response.size;
1404 : 17 : return conn->status_response.data;
1405 : 17 : }
1406 : :
1407 : : S2N_RESULT s2n_connection_set_max_fragment_length(struct s2n_connection *conn, uint16_t max_frag_length)
1408 : 5704 : {
1409 [ + - ][ + + ]: 5704 : RESULT_ENSURE_REF(conn);
1410 : :
1411 [ + + ]: 5703 : if (conn->negotiated_mfl_code) {
1412 : : /* Respect the upper limit agreed on with the peer */
1413 [ + + ][ + - ]: 775 : RESULT_ENSURE_LT(conn->negotiated_mfl_code, s2n_array_len(mfl_code_to_length));
1414 [ + + ]: 774 : conn->max_outgoing_fragment_length = S2N_MIN(mfl_code_to_length[conn->negotiated_mfl_code], max_frag_length);
1415 : 4928 : } else {
1416 : 4928 : conn->max_outgoing_fragment_length = max_frag_length;
1417 : 4928 : }
1418 : :
1419 : : /* If no buffer has been initialized yet, no need to resize.
1420 : : * The standard I/O logic will handle initializing the buffer.
1421 : : */
1422 [ + + ]: 5702 : if (s2n_stuffer_is_freed(&conn->out)) {
1423 : 5312 : return S2N_RESULT_OK;
1424 : 5312 : }
1425 : :
1426 : 390 : uint16_t max_wire_record_size = 0;
1427 [ - + ]: 390 : RESULT_GUARD(s2n_record_max_write_size(conn, conn->max_outgoing_fragment_length, &max_wire_record_size));
1428 [ + + ]: 390 : if ((conn->out.blob.size < max_wire_record_size)) {
1429 [ - + ]: 3 : RESULT_GUARD_POSIX(s2n_realloc(&conn->out.blob, max_wire_record_size));
1430 : 3 : }
1431 : :
1432 : 390 : return S2N_RESULT_OK;
1433 : 390 : }
1434 : :
1435 : : int s2n_connection_prefer_throughput(struct s2n_connection *conn)
1436 : 30 : {
1437 [ - + ]: 30 : POSIX_GUARD_RESULT(s2n_connection_set_max_fragment_length(conn, S2N_LARGE_FRAGMENT_LENGTH));
1438 : 30 : return S2N_SUCCESS;
1439 : 30 : }
1440 : :
1441 : : int s2n_connection_prefer_low_latency(struct s2n_connection *conn)
1442 : 4337 : {
1443 [ - + ]: 4337 : POSIX_GUARD_RESULT(s2n_connection_set_max_fragment_length(conn, S2N_SMALL_FRAGMENT_LENGTH));
1444 : 4337 : return S2N_SUCCESS;
1445 : 4337 : }
1446 : :
1447 : : int s2n_connection_set_dynamic_buffers(struct s2n_connection *conn, bool enabled)
1448 : 2 : {
1449 [ # # ][ - + ]: 2 : POSIX_ENSURE_REF(conn);
1450 : 2 : conn->dynamic_buffers = enabled;
1451 : 2 : return S2N_SUCCESS;
1452 : 2 : }
1453 : :
1454 : : int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold)
1455 : 6 : {
1456 [ - + ][ # # ]: 6 : POSIX_ENSURE_REF(conn);
1457 [ - + ][ # # ]: 6 : S2N_ERROR_IF(resize_threshold > S2N_TLS_MAX_RESIZE_THRESHOLD, S2N_ERR_INVALID_DYNAMIC_THRESHOLD);
1458 : :
1459 : 6 : conn->dynamic_record_resize_threshold = resize_threshold;
1460 : 6 : conn->dynamic_record_timeout_threshold = timeout_threshold;
1461 : 6 : return 0;
1462 : 6 : }
1463 : :
1464 : : int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn verify_host_fn, void *data)
1465 : 40 : {
1466 [ - + ][ # # ]: 40 : POSIX_ENSURE_REF(conn);
1467 : :
1468 : 40 : conn->verify_host_fn = verify_host_fn;
1469 : 40 : conn->data_for_verify_host = data;
1470 : 40 : conn->verify_host_fn_overridden = 1;
1471 : :
1472 : 40 : return 0;
1473 : 40 : }
1474 : :
1475 : : int s2n_connection_recv_stuffer(struct s2n_stuffer *stuffer, struct s2n_connection *conn, uint32_t len)
1476 : 930634 : {
1477 [ + - ][ + + ]: 930634 : POSIX_ENSURE_REF(conn->recv);
1478 : : /* Make sure we have enough space to write */
1479 [ - + ]: 930629 : POSIX_GUARD(s2n_stuffer_reserve_space(stuffer, len));
1480 : :
1481 : 930629 : int r = 0;
1482 [ + + ][ - + ]: 930629 : S2N_IO_RETRY_EINTR(r,
1483 : 930629 : conn->recv(conn->recv_io_context, stuffer->blob.data + stuffer->write_cursor, len));
1484 [ + - ][ + + ]: 930629 : POSIX_ENSURE(r >= 0, S2N_ERR_RECV_STUFFER_FROM_CONN);
1485 : :
1486 : : /* Record just how many bytes we have written */
1487 [ - + ]: 584550 : POSIX_GUARD(s2n_stuffer_skip_write(stuffer, r));
1488 : 584550 : return r;
1489 : 584550 : }
1490 : :
1491 : : int s2n_connection_send_stuffer(struct s2n_stuffer *stuffer, struct s2n_connection *conn, uint32_t len)
1492 : 496704 : {
1493 [ - + ][ # # ]: 496704 : POSIX_ENSURE_REF(conn);
1494 [ + - ][ + + ]: 496704 : POSIX_ENSURE_REF(conn->send);
1495 [ + + ]: 496700 : if (conn->write_fd_broken) {
1496 [ + - ]: 3 : POSIX_BAIL(S2N_ERR_SEND_STUFFER_TO_CONN);
1497 : 3 : }
1498 : : /* Make sure we even have the data */
1499 [ - + ][ # # ]: 496697 : S2N_ERROR_IF(s2n_stuffer_data_available(stuffer) < len, S2N_ERR_STUFFER_OUT_OF_DATA);
1500 : :
1501 : 496697 : int w = 0;
1502 [ + + ][ - + ]: 496697 : S2N_IO_RETRY_EINTR(w,
1503 : 496697 : conn->send(conn->send_io_context, stuffer->blob.data + stuffer->read_cursor, len));
1504 [ + + ][ + + ]: 496697 : if (w < 0 && errno == EPIPE) {
1505 : 5 : conn->write_fd_broken = 1;
1506 : 5 : }
1507 [ + + ][ + - ]: 496697 : POSIX_ENSURE(w >= 0, S2N_ERR_SEND_STUFFER_TO_CONN);
1508 : :
1509 [ - + ]: 257014 : POSIX_GUARD(s2n_stuffer_skip_read(stuffer, w));
1510 : 257014 : return w;
1511 : 257014 : }
1512 : :
1513 : : int s2n_connection_is_managed_corked(const struct s2n_connection *s2n_connection)
1514 : 6844128 : {
1515 [ # # ][ - + ]: 6844128 : POSIX_ENSURE_REF(s2n_connection);
1516 : :
1517 [ + + ][ + + ]: 6844128 : return (s2n_connection->managed_send_io && s2n_connection->corked_io);
1518 : 6844128 : }
1519 : :
1520 : : const uint8_t *s2n_connection_get_sct_list(struct s2n_connection *conn, uint32_t *length)
1521 : 3 : {
1522 [ - + ][ # # ]: 3 : PTR_ENSURE_REF(conn);
1523 [ - + ]: 3 : if (!length) {
1524 : 0 : return NULL;
1525 : 0 : }
1526 : :
1527 : 3 : *length = conn->ct_response.size;
1528 : 3 : return conn->ct_response.data;
1529 : 3 : }
1530 : :
1531 : : int s2n_connection_is_client_auth_enabled(struct s2n_connection *s2n_connection)
1532 : 12561 : {
1533 : 12561 : s2n_cert_auth_type auth_type;
1534 [ - + ]: 12561 : POSIX_GUARD(s2n_connection_get_client_auth_type(s2n_connection, &auth_type));
1535 : :
1536 : 12561 : return (auth_type != S2N_CERT_AUTH_NONE);
1537 : 12561 : }
1538 : :
1539 : : struct s2n_cert_chain_and_key *s2n_connection_get_selected_cert(struct s2n_connection *conn)
1540 : 893 : {
1541 [ - + ][ # # ]: 893 : PTR_ENSURE_REF(conn);
1542 : 893 : return conn->handshake_params.our_chain_and_key;
1543 : 893 : }
1544 : :
1545 : : uint8_t s2n_connection_get_protocol_version(const struct s2n_connection *conn)
1546 : 1740514 : {
1547 [ + + ]: 1740514 : if (conn == NULL) {
1548 : 2 : return S2N_UNKNOWN_PROTOCOL_VERSION;
1549 : 2 : }
1550 : :
1551 [ + + ]: 1740512 : if (conn->actual_protocol_version != S2N_UNKNOWN_PROTOCOL_VERSION) {
1552 : 1681489 : return conn->actual_protocol_version;
1553 : 1681489 : }
1554 : :
1555 [ + + ]: 59023 : if (conn->mode == S2N_CLIENT) {
1556 : 4 : return conn->client_protocol_version;
1557 : 4 : }
1558 : 59019 : return conn->server_protocol_version;
1559 : 59023 : }
1560 : :
1561 : : DEFINE_POINTER_CLEANUP_FUNC(struct s2n_cert_chain *, s2n_cert_chain_free);
1562 : :
1563 : : int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct s2n_cert_chain_and_key *cert_chain_and_key)
1564 : 31 : {
1565 [ + + ][ + - ]: 31 : POSIX_ENSURE_REF(conn);
1566 [ + + ][ + - ]: 30 : POSIX_ENSURE_REF(cert_chain_and_key);
1567 [ - + ][ # # ]: 29 : POSIX_ENSURE_REF(cert_chain_and_key->cert_chain);
1568 : :
1569 : : /* Ensure that cert_chain_and_key is empty BEFORE we modify it in any way.
1570 : : * That includes before tying its cert_chain to DEFER_CLEANUP.
1571 : : */
1572 [ + + ][ + - ]: 29 : POSIX_ENSURE(cert_chain_and_key->cert_chain->head == NULL, S2N_ERR_INVALID_ARGUMENT);
1573 : :
1574 : 28 : DEFER_CLEANUP(struct s2n_cert_chain *cert_chain = cert_chain_and_key->cert_chain, s2n_cert_chain_free_pointer);
1575 : 28 : struct s2n_cert **insert = &cert_chain->head;
1576 : :
1577 : 28 : const struct s2n_x509_validator *validator = &conn->x509_validator;
1578 [ - + ][ # # ]: 28 : POSIX_ENSURE_REF(validator);
1579 [ + + ][ + - ]: 28 : POSIX_ENSURE(s2n_x509_validator_is_cert_chain_validated(validator), S2N_ERR_CERT_NOT_VALIDATED);
1580 : :
1581 : 27 : DEFER_CLEANUP(struct s2n_validated_cert_chain validated_cert_chain = { 0 }, s2n_x509_validator_validated_cert_chain_free);
1582 [ - + ]: 27 : POSIX_GUARD_RESULT(s2n_x509_validator_get_validated_cert_chain(validator, &validated_cert_chain));
1583 : 27 : STACK_OF(X509) *cert_chain_validated = validated_cert_chain.stack;
1584 [ - + ][ # # ]: 27 : POSIX_ENSURE_REF(cert_chain_validated);
1585 : :
1586 : 27 : int cert_count = sk_X509_num(cert_chain_validated);
1587 [ # # ][ - + ]: 27 : POSIX_ENSURE_GTE(cert_count, 0);
1588 : :
1589 [ + + ]: 78 : for (size_t cert_idx = 0; cert_idx < (size_t) cert_count; cert_idx++) {
1590 : 51 : X509 *cert = sk_X509_value(cert_chain_validated, cert_idx);
1591 [ - + ][ # # ]: 51 : POSIX_ENSURE_REF(cert);
1592 : 51 : DEFER_CLEANUP(uint8_t *cert_data = NULL, s2n_crypto_free);
1593 : 51 : int cert_size = i2d_X509(cert, &cert_data);
1594 [ # # ][ - + ]: 51 : POSIX_ENSURE_GT(cert_size, 0);
1595 : :
1596 : 51 : struct s2n_blob mem = { 0 };
1597 [ - + ]: 51 : POSIX_GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert)));
1598 : :
1599 : 51 : struct s2n_cert *new_node = (struct s2n_cert *) (void *) mem.data;
1600 [ # # ][ - + ]: 51 : POSIX_ENSURE_REF(new_node);
1601 : :
1602 : 51 : new_node->next = NULL;
1603 : 51 : *insert = new_node;
1604 : 51 : insert = &new_node->next;
1605 : :
1606 [ - + ]: 51 : POSIX_GUARD(s2n_alloc(&new_node->raw, cert_size));
1607 [ - + ][ # # ]: 51 : POSIX_CHECKED_MEMCPY(new_node->raw.data, cert_data, cert_size);
[ + - ]
1608 : 51 : }
1609 : :
1610 : 27 : ZERO_TO_DISABLE_DEFER_CLEANUP(cert_chain);
1611 : :
1612 : 27 : return S2N_SUCCESS;
1613 : 27 : }
1614 : :
1615 : : static S2N_RESULT s2n_signature_scheme_to_tls_iana(const struct s2n_signature_scheme *sig_scheme,
1616 : : s2n_tls_hash_algorithm *converted_scheme)
1617 : 131082 : {
1618 [ # # ][ - + ]: 131082 : RESULT_ENSURE_REF(sig_scheme);
1619 [ - + ][ # # ]: 131082 : RESULT_ENSURE_REF(converted_scheme);
1620 : 131082 : *converted_scheme = S2N_TLS_HASH_NONE;
1621 : :
1622 [ + + ]: 131082 : switch (sig_scheme->hash_alg) {
1623 [ + + ]: 2 : case S2N_HASH_MD5:
1624 : 2 : *converted_scheme = S2N_TLS_HASH_MD5;
1625 : 2 : break;
1626 [ + + ]: 2 : case S2N_HASH_SHA1:
1627 : 2 : *converted_scheme = S2N_TLS_HASH_SHA1;
1628 : 2 : break;
1629 [ + + ]: 2 : case S2N_HASH_SHA224:
1630 : 2 : *converted_scheme = S2N_TLS_HASH_SHA224;
1631 : 2 : break;
1632 [ + + ]: 6 : case S2N_HASH_SHA256:
1633 : 6 : *converted_scheme = S2N_TLS_HASH_SHA256;
1634 : 6 : break;
1635 [ + + ]: 6 : case S2N_HASH_SHA384:
1636 : 6 : *converted_scheme = S2N_TLS_HASH_SHA384;
1637 : 6 : break;
1638 [ + + ]: 2 : case S2N_HASH_SHA512:
1639 : 2 : *converted_scheme = S2N_TLS_HASH_SHA512;
1640 : 2 : break;
1641 [ + + ]: 2 : case S2N_HASH_MD5_SHA1:
1642 : 2 : *converted_scheme = S2N_TLS_HASH_MD5_SHA1;
1643 : 2 : break;
1644 [ + + ]: 4 : case S2N_HASH_NONE:
1645 [ + + ]: 6 : case S2N_HASH_SHAKE256_64:
1646 [ + + ]: 8 : case S2N_HASH_ALGS_COUNT:
1647 : 8 : *converted_scheme = S2N_TLS_HASH_NONE;
1648 : 8 : break;
1649 : 131082 : }
1650 : :
1651 : 131082 : return S2N_RESULT_OK;
1652 : 131082 : }
1653 : :
1654 : : int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn,
1655 : : s2n_tls_hash_algorithm *converted_scheme)
1656 : 65543 : {
1657 [ + - ][ + + ]: 65543 : POSIX_ENSURE_REF(conn);
1658 [ + + ][ + - ]: 65542 : POSIX_ENSURE_REF(converted_scheme);
1659 : :
1660 [ - + ]: 65541 : POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana(
1661 : 65541 : conn->handshake_params.server_cert_sig_scheme, converted_scheme));
1662 : :
1663 : 65541 : return S2N_SUCCESS;
1664 : 65541 : }
1665 : :
1666 : : int s2n_connection_get_selected_client_cert_digest_algorithm(struct s2n_connection *conn,
1667 : : s2n_tls_hash_algorithm *converted_scheme)
1668 : 65543 : {
1669 [ + + ][ + - ]: 65543 : POSIX_ENSURE_REF(conn);
1670 [ + + ][ + - ]: 65542 : POSIX_ENSURE_REF(converted_scheme);
1671 : :
1672 [ - + ]: 65541 : POSIX_GUARD_RESULT(s2n_signature_scheme_to_tls_iana(
1673 : 65541 : conn->handshake_params.client_cert_sig_scheme, converted_scheme));
1674 : 65541 : return S2N_SUCCESS;
1675 : 65541 : }
1676 : :
1677 : : static S2N_RESULT s2n_signature_scheme_to_signature_algorithm(const struct s2n_signature_scheme *sig_scheme,
1678 : : s2n_tls_signature_algorithm *converted_scheme)
1679 : 131097 : {
1680 [ # # ][ - + ]: 131097 : RESULT_ENSURE_REF(sig_scheme);
1681 [ - + ][ # # ]: 131097 : RESULT_ENSURE_REF(converted_scheme);
1682 : 131097 : *converted_scheme = S2N_TLS_SIGNATURE_ANONYMOUS;
1683 : :
1684 [ + + ]: 131097 : switch (sig_scheme->sig_alg) {
1685 [ + + ]: 10 : case S2N_SIGNATURE_RSA:
1686 : 10 : *converted_scheme = S2N_TLS_SIGNATURE_RSA;
1687 : 10 : break;
1688 [ + + ]: 12 : case S2N_SIGNATURE_ECDSA:
1689 : 12 : *converted_scheme = S2N_TLS_SIGNATURE_ECDSA;
1690 : 12 : break;
1691 [ + + ]: 5 : case S2N_SIGNATURE_RSA_PSS_RSAE:
1692 : 5 : *converted_scheme = S2N_TLS_SIGNATURE_RSA_PSS_RSAE;
1693 : 5 : break;
1694 [ + + ]: 2 : case S2N_SIGNATURE_RSA_PSS_PSS:
1695 : 2 : *converted_scheme = S2N_TLS_SIGNATURE_RSA_PSS_PSS;
1696 : 2 : break;
1697 [ + + ]: 2 : case S2N_SIGNATURE_MLDSA:
1698 : 2 : *converted_scheme = S2N_TLS_SIGNATURE_MLDSA;
1699 : 2 : break;
1700 [ + + ]: 6 : case S2N_SIGNATURE_ANONYMOUS:
1701 : 6 : *converted_scheme = S2N_TLS_SIGNATURE_ANONYMOUS;
1702 : 6 : break;
1703 : 131097 : }
1704 : :
1705 : 131097 : return S2N_RESULT_OK;
1706 : 131097 : }
1707 : :
1708 : : int s2n_connection_get_selected_signature_algorithm(struct s2n_connection *conn,
1709 : : s2n_tls_signature_algorithm *converted_scheme)
1710 : 65553 : {
1711 [ + + ][ + - ]: 65553 : POSIX_ENSURE_REF(conn);
1712 [ + + ][ + - ]: 65552 : POSIX_ENSURE_REF(converted_scheme);
1713 : :
1714 [ - + ]: 65551 : POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm(
1715 : 65551 : conn->handshake_params.server_cert_sig_scheme, converted_scheme));
1716 : :
1717 : 65551 : return S2N_SUCCESS;
1718 : 65551 : }
1719 : :
1720 : : int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_connection *conn,
1721 : : s2n_tls_signature_algorithm *converted_scheme)
1722 : 65548 : {
1723 [ + + ][ + - ]: 65548 : POSIX_ENSURE_REF(conn);
1724 [ + - ][ + + ]: 65547 : POSIX_ENSURE_REF(converted_scheme);
1725 : :
1726 [ - + ]: 65546 : POSIX_GUARD_RESULT(s2n_signature_scheme_to_signature_algorithm(
1727 : 65546 : conn->handshake_params.client_cert_sig_scheme, converted_scheme));
1728 : :
1729 : 65546 : return S2N_SUCCESS;
1730 : 65546 : }
1731 : :
1732 : : int s2n_connection_get_signature_scheme(struct s2n_connection *conn, const char **scheme_name)
1733 : 710 : {
1734 [ + + ][ + - ]: 710 : POSIX_ENSURE_REF(conn);
1735 [ + - ][ + + ]: 709 : POSIX_ENSURE_REF(scheme_name);
1736 [ + + ][ + - ]: 708 : POSIX_ENSURE(IS_NEGOTIATED(conn), S2N_ERR_INVALID_STATE);
1737 : :
1738 : 707 : const struct s2n_signature_scheme *scheme = conn->handshake_params.server_cert_sig_scheme;
1739 : : /* The scheme should never be NULL. A "none" placeholder is used if no
1740 : : * scheme has been negotiated.
1741 : : */
1742 [ - + ][ # # ]: 707 : POSIX_ENSURE_REF(scheme);
1743 : :
1744 : 707 : *scheme_name = scheme->name;
1745 [ + + ]: 707 : if (scheme->signature_curve) {
1746 : : /* Some TLS1.2 and TLS1.3 signature schemes share an IANA value,
1747 : : * but are NOT the same. The TLS1.3 version implies a specific curve.
1748 : : */
1749 [ + + ]: 108 : if (conn->actual_protocol_version >= S2N_TLS13) {
1750 : 4 : *scheme_name = scheme->tls13_name;
1751 : 104 : } else {
1752 : 104 : *scheme_name = scheme->legacy_name;
1753 : 104 : }
1754 : 108 : }
1755 : :
1756 [ - + ][ # # ]: 707 : POSIX_ENSURE_REF(*scheme_name);
1757 : 707 : return S2N_SUCCESS;
1758 : 707 : }
1759 : :
1760 : : /*
1761 : : * Gets the config set on the connection.
1762 : : */
1763 : : int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config)
1764 : 2 : {
1765 [ - + ][ # # ]: 2 : POSIX_ENSURE_REF(conn);
1766 [ # # ][ - + ]: 2 : POSIX_ENSURE_REF(config);
1767 : :
1768 [ + + ]: 2 : if (s2n_fetch_default_config() == conn->config) {
1769 [ + - ]: 1 : POSIX_BAIL(S2N_ERR_NULL);
1770 : 1 : }
1771 : :
1772 : 1 : *config = conn->config;
1773 : :
1774 : 1 : return S2N_SUCCESS;
1775 : 2 : }
1776 : :
1777 : : S2N_RESULT s2n_connection_dynamic_free_out_buffer(struct s2n_connection *conn)
1778 : 396616 : {
1779 [ - + ][ # # ]: 396616 : RESULT_ENSURE_REF(conn);
1780 : :
1781 : : /* free the out buffer if we're in dynamic mode and it's completely flushed */
1782 [ + + ][ + + ]: 396616 : if (conn->dynamic_buffers && s2n_stuffer_is_consumed(&conn->out)) {
1783 : : /* since outgoing buffers are already encrypted, the buffers don't need to be zeroed, which saves some overhead */
1784 [ - + ]: 5 : RESULT_GUARD_POSIX(s2n_stuffer_free_without_wipe(&conn->out));
1785 : :
1786 : : /* reset the stuffer to its initial state */
1787 [ - + ]: 5 : RESULT_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->out, 0));
1788 : 5 : }
1789 : :
1790 : 396616 : return S2N_RESULT_OK;
1791 : 396616 : }
1792 : :
1793 : : S2N_RESULT s2n_connection_dynamic_free_in_buffer(struct s2n_connection *conn)
1794 : 582407 : {
1795 [ - + ][ # # ]: 582407 : RESULT_ENSURE_REF(conn);
1796 : :
1797 : : /* free `buffer_in` if we're in dynamic mode and it's completely flushed */
1798 [ + + ][ + + ]: 582407 : if (conn->dynamic_buffers && s2n_stuffer_is_consumed(&conn->buffer_in)) {
1799 : : /* when copying the buffer into the application, we use `s2n_stuffer_erase_and_read`, which already zeroes the memory */
1800 [ - + ]: 5 : RESULT_GUARD_POSIX(s2n_stuffer_free_without_wipe(&conn->buffer_in));
1801 : :
1802 : : /* reset the stuffer to its initial state */
1803 [ - + ]: 5 : RESULT_GUARD_POSIX(s2n_stuffer_growable_alloc(&conn->buffer_in, 0));
1804 : 5 : }
1805 : :
1806 : 582407 : return S2N_RESULT_OK;
1807 : 582407 : }
1808 : :
1809 : : bool s2n_connection_check_io_status(struct s2n_connection *conn, s2n_io_status status)
1810 : 1340821 : {
1811 [ + + ]: 1340821 : if (!conn) {
1812 : 5 : return false;
1813 : 5 : }
1814 : :
1815 : 1340816 : bool read_closed = s2n_atomic_flag_test(&conn->read_closed);
1816 : 1340816 : bool write_closed = s2n_atomic_flag_test(&conn->write_closed);
1817 [ + + ][ + + ]: 1340816 : bool full_duplex = !read_closed && !write_closed;
1818 : :
1819 : : /*
1820 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6.1
1821 : : *# Note that this is a change from versions of TLS prior to TLS 1.3 in
1822 : : *# which implementations were required to react to a "close_notify" by
1823 : : *# discarding pending writes and sending an immediate "close_notify"
1824 : : *# alert of their own.
1825 : : */
1826 [ + + ]: 1340816 : if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) {
1827 [ - + ]: 330955 : switch (status) {
1828 [ + + ]: 11824 : case S2N_IO_WRITABLE:
1829 [ + + ]: 265052 : case S2N_IO_READABLE:
1830 [ + + ]: 330931 : case S2N_IO_FULL_DUPLEX:
1831 : 330931 : return full_duplex;
1832 [ + + ]: 24 : case S2N_IO_CLOSED:
1833 : 24 : return !full_duplex;
1834 : 330955 : }
1835 : 330955 : }
1836 : :
1837 [ + + ]: 1009861 : switch (status) {
1838 [ + + ]: 222340 : case S2N_IO_WRITABLE:
1839 : 222340 : return !write_closed;
1840 [ + + ]: 604648 : case S2N_IO_READABLE:
1841 : 604648 : return !read_closed;
1842 [ + + ]: 179958 : case S2N_IO_FULL_DUPLEX:
1843 : 179958 : return full_duplex;
1844 [ + + ]: 3036 : case S2N_IO_CLOSED:
1845 [ + + ][ + + ]: 3036 : return read_closed && write_closed;
1846 : 1009861 : }
1847 : :
1848 : 1 : return false;
1849 : 1009861 : }
1850 : :
1851 : : S2N_RESULT s2n_connection_get_secure_cipher(struct s2n_connection *conn, const struct s2n_cipher **cipher)
1852 : 60568 : {
1853 [ - + ][ # # ]: 60568 : RESULT_ENSURE_REF(conn);
1854 [ # # ][ - + ]: 60568 : RESULT_ENSURE_REF(cipher);
1855 [ # # ][ - + ]: 60568 : RESULT_ENSURE_REF(conn->secure);
1856 [ # # ][ - + ]: 60568 : RESULT_ENSURE_REF(conn->secure->cipher_suite);
1857 [ - + ][ # # ]: 60568 : RESULT_ENSURE_REF(conn->secure->cipher_suite->record_alg);
1858 : 60568 : *cipher = conn->secure->cipher_suite->record_alg->cipher;
1859 : 60568 : return S2N_RESULT_OK;
1860 : 60568 : }
1861 : :
1862 : : S2N_RESULT s2n_connection_get_sequence_number(struct s2n_connection *conn,
1863 : : s2n_mode mode, struct s2n_blob *seq_num)
1864 : 82950 : {
1865 [ - + ][ # # ]: 82950 : RESULT_ENSURE_REF(conn);
1866 [ # # ][ - + ]: 82950 : RESULT_ENSURE_REF(seq_num);
1867 [ - + ][ # # ]: 82950 : RESULT_ENSURE_REF(conn->secure);
1868 : :
1869 : 82950 : switch (mode) {
1870 [ + + ]: 27280 : case S2N_CLIENT:
1871 [ - + ]: 27280 : RESULT_GUARD_POSIX(s2n_blob_init(seq_num, conn->secure->client_sequence_number,
1872 : 27280 : sizeof(conn->secure->client_sequence_number)));
1873 : 27280 : break;
1874 [ + + ]: 55670 : case S2N_SERVER:
1875 [ - + ]: 55670 : RESULT_GUARD_POSIX(s2n_blob_init(seq_num, conn->secure->server_sequence_number,
1876 : 55670 : sizeof(conn->secure->server_sequence_number)));
1877 : 55670 : break;
1878 [ - + ]: 55670 : default:
1879 [ # # ]: 0 : RESULT_BAIL(S2N_ERR_SAFETY);
1880 : 82950 : }
1881 : :
1882 : 82950 : return S2N_RESULT_OK;
1883 : 82950 : }
1884 : :
1885 : : int s2n_connection_get_key_update_counts(struct s2n_connection *conn,
1886 : : uint8_t *send_key_updates, uint8_t *recv_key_updates)
1887 : 4 : {
1888 [ + - ][ + + ]: 4 : POSIX_ENSURE_REF(conn);
1889 [ + + ][ + - ]: 3 : POSIX_ENSURE_REF(send_key_updates);
1890 [ + + ][ + - ]: 2 : POSIX_ENSURE_REF(recv_key_updates);
1891 : 1 : *send_key_updates = conn->send_key_updated;
1892 : 1 : *recv_key_updates = conn->recv_key_updated;
1893 : 1 : return S2N_SUCCESS;
1894 : 2 : }
1895 : :
1896 : : int s2n_connection_set_recv_buffering(struct s2n_connection *conn, bool enabled)
1897 : 220 : {
1898 [ - + ][ # # ]: 220 : POSIX_ENSURE_REF(conn);
1899 : : /* QUIC support is not currently compatible with recv_buffering */
1900 [ - + ][ # # ]: 220 : POSIX_ENSURE(!s2n_connection_is_quic_enabled(conn), S2N_ERR_INVALID_STATE);
1901 : 220 : conn->recv_buffering = enabled;
1902 : 220 : return S2N_SUCCESS;
1903 : 220 : }
1904 : :
1905 : : s2n_mode s2n_connection_get_mode(struct s2n_connection *conn)
1906 : 3 : {
1907 [ + + ]: 3 : if (conn == NULL) {
1908 : 1 : return S2N_SERVER;
1909 : 1 : }
1910 : 2 : return conn->mode;
1911 : 3 : }
|