From d6329d5e7209b4e5658428d46085b33198bce212 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue, 23 Jan 2024 20:44:20 -0500 Subject: [PATCH 1/4] Fix SSLv3 detection with AWS-LC --- crypto/s2n_hmac.c | 6 +- tests/unit/s2n_sslv3_test.c | 133 ++++++++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+), 2 deletions(-) create mode 100644 tests/unit/s2n_sslv3_test.c diff --git a/crypto/s2n_hmac.c b/crypto/s2n_hmac.c index 20be85ffee4..1a1b1f270c3 100644 --- a/crypto/s2n_hmac.c +++ b/crypto/s2n_hmac.c @@ -82,8 +82,10 @@ bool s2n_hmac_is_available(s2n_hmac_algorithm hmac_alg) case S2N_HMAC_MD5: case S2N_HMAC_SSLv3_MD5: case S2N_HMAC_SSLv3_SHA1: - /* Set is_available to 0 if in FIPS mode, as MD5/SSLv3 algs are not available in FIPS mode. */ - return !s2n_is_in_fips_mode(); + /* Some libcryptos, such as OpenSSL, disable MD5 by default when in FIPS mode, which is + * required in order to negotiate SSLv3. However, this is supported in AWS-LC. + */ + return !s2n_is_in_fips_mode() || s2n_libcrypto_is_awslc(); case S2N_HMAC_NONE: case S2N_HMAC_SHA1: case S2N_HMAC_SHA224: diff --git a/tests/unit/s2n_sslv3_test.c b/tests/unit/s2n_sslv3_test.c new file mode 100644 index 00000000000..64b0cdd6abf --- /dev/null +++ b/tests/unit/s2n_sslv3_test.c @@ -0,0 +1,133 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#include "s2n_test.h" +#include "testlib/s2n_testlib.h" +#include "utils/s2n_random.h" + +#define S2N_TEST_DATA_SIZE 100 + +S2N_RESULT s2n_test_send_receive_data(struct s2n_connection *sender, struct s2n_connection *receiver) +{ + uint8_t test_data[S2N_TEST_DATA_SIZE] = { 0 }; + struct s2n_blob test_data_blob = { 0 }; + EXPECT_SUCCESS(s2n_blob_init(&test_data_blob, test_data, sizeof(test_data))); + EXPECT_OK(s2n_get_public_random_data(&test_data_blob)); + + /* Send data */ + s2n_blocked_status blocked = S2N_NOT_BLOCKED; + ssize_t bytes_written = 0; + while (bytes_written < S2N_TEST_DATA_SIZE) { + ssize_t w = s2n_send(sender, test_data + bytes_written, S2N_TEST_DATA_SIZE - bytes_written, &blocked); + EXPECT_TRUE(w >= 0); + bytes_written += w; + } + + /* Receive data */ + uint8_t buffer[S2N_TEST_DATA_SIZE] = { 0 }; + ssize_t bytes_received = 0; + while (bytes_received < S2N_TEST_DATA_SIZE) { + ssize_t r = s2n_recv(receiver, buffer + bytes_received, S2N_TEST_DATA_SIZE - bytes_received, &blocked); + EXPECT_TRUE(r > 0); + bytes_received += r; + } + + EXPECT_BYTEARRAY_EQUAL(test_data, buffer, S2N_TEST_DATA_SIZE); + + return S2N_RESULT_OK; +} + +int main(int argc, char **argv) +{ + BEGIN_TEST(); + + /* Ensure that AWS-LC supports the SSLv3 HMAC. */ + if (s2n_libcrypto_is_awslc()) { + EXPECT_TRUE(s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)); + } + + /* Skip the tests if SSLv3 isn't supported. */ + if (!s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)) { + END_TEST(); + } + + DEFER_CLEANUP(struct s2n_cert_chain_and_key *rsa_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); + EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&rsa_chain_and_key, + S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); + + DEFER_CLEANUP(struct s2n_cert_chain_and_key *ecdsa_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); + EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&ecdsa_chain_and_key, + S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY)); + + char dhparams_pem[S2N_MAX_TEST_PEM_SIZE] = { 0 }; + EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE)); + + /* Self-talk test */ + for (size_t i = 0; i < security_policy_test_all.cipher_preferences->count; i++) { + struct s2n_cipher_suite *cipher_suite = security_policy_test_all.cipher_preferences->suites[i]; + + /* Skip non-sslv3 cipher suites */ + if (!cipher_suite->sslv3_record_alg) { + continue; + } + + /* Skip unsupported record algorithms */ + if (!cipher_suite->sslv3_record_alg->cipher->is_available()) { + continue; + } + + struct s2n_cipher_preferences test_cipher_preferences = { + .count = 1, + .suites = &cipher_suite, + }; + struct s2n_security_policy test_policy = security_policy_test_all; + test_policy.cipher_preferences = &test_cipher_preferences; + + DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL)); + EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config)); + client_config->security_policy = &test_policy; + + DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, rsa_chain_and_key)); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ecdsa_chain_and_key)); + EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem)); + server_config->security_policy = &test_policy; + + DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT), + s2n_connection_ptr_free); + EXPECT_NOT_NULL(client); + EXPECT_SUCCESS(s2n_connection_set_config(client, client_config)); + client->client_protocol_version = S2N_SSLv3; + + DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER), + s2n_connection_ptr_free); + EXPECT_NOT_NULL(server); + EXPECT_SUCCESS(s2n_connection_set_config(server, server_config)); + + DEFER_CLEANUP(struct s2n_test_io_pair io_pair = { 0 }, s2n_io_pair_close); + EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair)); + EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair)); + + EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server, client)); + EXPECT_EQUAL(s2n_connection_get_client_protocol_version(server), S2N_SSLv3); + EXPECT_EQUAL(s2n_connection_get_actual_protocol_version(server), S2N_SSLv3); + + EXPECT_OK(s2n_test_send_receive_data(client, server)); + EXPECT_OK(s2n_test_send_receive_data(server, client)); + } + + END_TEST(); +} From 73107c3a76b35a3a933a45001407ac41598ba252 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:12:33 -0500 Subject: [PATCH 2/4] fix cbmc --- .../proofs/s2n_hmac_is_available/Makefile | 1 + .../s2n_hmac_is_available_harness.c | 3 +- tests/cbmc/stubs/s2n_libcrypto_is_awslc.c | 31 +++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 tests/cbmc/stubs/s2n_libcrypto_is_awslc.c diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/Makefile b/tests/cbmc/proofs/s2n_hmac_is_available/Makefile index c24a7ad8613..0cd6a1a078b 100644 --- a/tests/cbmc/proofs/s2n_hmac_is_available/Makefile +++ b/tests/cbmc/proofs/s2n_hmac_is_available/Makefile @@ -22,6 +22,7 @@ HARNESS_FILE = $(HARNESS_ENTRY).c PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE) PROOF_SOURCES += $(PROOF_STUB)/s2n_calculate_stacktrace.c PROOF_SOURCES += $(PROOF_STUB)/s2n_is_in_fips_mode.c +PROOF_SOURCES += $(PROOF_STUB)/s2n_libcrypto_is_awslc.c PROJECT_SOURCES += $(SRCDIR)/crypto/s2n_hmac.c diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c b/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c index 6b59bc84ce0..daa3a074812 100644 --- a/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c +++ b/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c @@ -17,6 +17,7 @@ #include "crypto/s2n_fips.h" #include "crypto/s2n_hmac.h" +#include "crypto/s2n_openssl.h" #include @@ -33,7 +34,7 @@ void s2n_hmac_is_available_harness() case S2N_HASH_MD5: case S2N_HMAC_SSLv3_MD5: case S2N_HMAC_SSLv3_SHA1: - assert(is_available == !s2n_is_in_fips_mode()); break; + assert(is_available == !s2n_is_in_fips_mode() || s2n_libcrypto_is_awslc()); break; case S2N_HASH_NONE: case S2N_HASH_SHA1: case S2N_HASH_SHA224: diff --git a/tests/cbmc/stubs/s2n_libcrypto_is_awslc.c b/tests/cbmc/stubs/s2n_libcrypto_is_awslc.c new file mode 100644 index 00000000000..6e74ecf193f --- /dev/null +++ b/tests/cbmc/stubs/s2n_libcrypto_is_awslc.c @@ -0,0 +1,31 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). You may not use +* this file except in compliance with the License. A copy of the License is +* located at +* +* http://aws.amazon.com/apache2.0/ +* +* or in the "license" file accompanying this file. This file is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +* implied. See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#include + +#include +#include "crypto/s2n_openssl.h" + +static int flag = 0; +static bool s2n_awslc_flag = 0; + +bool s2n_libcrypto_is_awslc() +{ + if (flag == 0) { + s2n_awslc_flag = nondet_bool() ? 1 : 0; + flag = 1; + } + return s2n_awslc_flag; +} From 175e6edd052edfe2a2f735de047cffce8501ca46 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 25 Jan 2024 10:59:35 -0500 Subject: [PATCH 3/4] pr feedback --- tests/unit/s2n_sslv3_test.c | 118 +++++++++++++++++++----------------- 1 file changed, 62 insertions(+), 56 deletions(-) diff --git a/tests/unit/s2n_sslv3_test.c b/tests/unit/s2n_sslv3_test.c index 64b0cdd6abf..58b194ac83e 100644 --- a/tests/unit/s2n_sslv3_test.c +++ b/tests/unit/s2n_sslv3_test.c @@ -53,13 +53,11 @@ int main(int argc, char **argv) { BEGIN_TEST(); - /* Ensure that AWS-LC supports the SSLv3 HMAC. */ - if (s2n_libcrypto_is_awslc()) { - EXPECT_TRUE(s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)); - } - - /* Skip the tests if SSLv3 isn't supported. */ if (!s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)) { + /* AWS-LC should support SSLv3. */ + EXPECT_FALSE(s2n_libcrypto_is_awslc()); + + /* Other libcryptos may not support SSLv3, so the tests are skipped. */ END_TEST(); } @@ -75,58 +73,66 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE)); /* Self-talk test */ - for (size_t i = 0; i < security_policy_test_all.cipher_preferences->count; i++) { - struct s2n_cipher_suite *cipher_suite = security_policy_test_all.cipher_preferences->suites[i]; - - /* Skip non-sslv3 cipher suites */ - if (!cipher_suite->sslv3_record_alg) { - continue; - } - - /* Skip unsupported record algorithms */ - if (!cipher_suite->sslv3_record_alg->cipher->is_available()) { - continue; + { + size_t supported_record_alg_count = 0; + + for (size_t i = 0; i < security_policy_test_all.cipher_preferences->count; i++) { + struct s2n_cipher_suite *cipher_suite = security_policy_test_all.cipher_preferences->suites[i]; + + /* Skip non-sslv3 cipher suites. */ + if (!cipher_suite->sslv3_record_alg) { + continue; + } + + /* Skip unsupported record algorithms. */ + if (!cipher_suite->sslv3_record_alg->cipher->is_available()) { + continue; + } + supported_record_alg_count += 1; + + struct s2n_cipher_preferences test_cipher_preferences = { + .count = 1, + .suites = &cipher_suite, + }; + struct s2n_security_policy test_policy = security_policy_test_all; + test_policy.cipher_preferences = &test_cipher_preferences; + + DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL)); + EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config)); + client_config->security_policy = &test_policy; + + DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, rsa_chain_and_key)); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ecdsa_chain_and_key)); + EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem)); + server_config->security_policy = &test_policy; + + DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT), + s2n_connection_ptr_free); + EXPECT_NOT_NULL(client); + EXPECT_SUCCESS(s2n_connection_set_config(client, client_config)); + client->client_protocol_version = S2N_SSLv3; + + DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER), + s2n_connection_ptr_free); + EXPECT_NOT_NULL(server); + EXPECT_SUCCESS(s2n_connection_set_config(server, server_config)); + + DEFER_CLEANUP(struct s2n_test_io_pair io_pair = { 0 }, s2n_io_pair_close); + EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair)); + EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair)); + + EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server, client)); + EXPECT_EQUAL(s2n_connection_get_client_protocol_version(server), S2N_SSLv3); + EXPECT_EQUAL(s2n_connection_get_actual_protocol_version(server), S2N_SSLv3); + + EXPECT_OK(s2n_test_send_receive_data(client, server)); + EXPECT_OK(s2n_test_send_receive_data(server, client)); } - struct s2n_cipher_preferences test_cipher_preferences = { - .count = 1, - .suites = &cipher_suite, - }; - struct s2n_security_policy test_policy = security_policy_test_all; - test_policy.cipher_preferences = &test_cipher_preferences; - - DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free); - EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL)); - EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config)); - client_config->security_policy = &test_policy; - - DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free); - EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, rsa_chain_and_key)); - EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ecdsa_chain_and_key)); - EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem)); - server_config->security_policy = &test_policy; - - DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(client); - EXPECT_SUCCESS(s2n_connection_set_config(client, client_config)); - client->client_protocol_version = S2N_SSLv3; - - DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(server); - EXPECT_SUCCESS(s2n_connection_set_config(server, server_config)); - - DEFER_CLEANUP(struct s2n_test_io_pair io_pair = { 0 }, s2n_io_pair_close); - EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair)); - EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair)); - - EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server, client)); - EXPECT_EQUAL(s2n_connection_get_client_protocol_version(server), S2N_SSLv3); - EXPECT_EQUAL(s2n_connection_get_actual_protocol_version(server), S2N_SSLv3); - - EXPECT_OK(s2n_test_send_receive_data(client, server)); - EXPECT_OK(s2n_test_send_receive_data(server, client)); + /* Ensure that a supported record algorithm was found, and SSLv3 was tested at least once. */ + EXPECT_TRUE(supported_record_alg_count > 0); } END_TEST(); From 938a02cf3c4acc4415b54d01fa9b6b164729872e Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri, 26 Jan 2024 17:17:09 -0500 Subject: [PATCH 4/4] enable SSLv3 for integ tests when linked with AWS-LC-FIPS --- tests/integrationv2/providers.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/integrationv2/providers.py b/tests/integrationv2/providers.py index c68e604a898..fb60dc96af9 100644 --- a/tests/integrationv2/providers.py +++ b/tests/integrationv2/providers.py @@ -164,8 +164,12 @@ def supports_protocol(cls, protocol, with_cert=None): if unsupported_lc in current_libcrypto: return False - # s2n-tls will not negotiate SSLv3 if in fips mode - if protocol == Protocols.SSLv3 and get_flag(S2N_FIPS_MODE): + # SSLv3 cannot be negotiated in FIPS mode with libcryptos other than AWS-LC. + if all([ + protocol == Protocols.SSLv3, + get_flag(S2N_FIPS_MODE), + "awslc" not in get_flag(S2N_PROVIDER_VERSION) + ]): return False return True