Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to 1.3.56 #2

Merged
merged 286 commits into from
Feb 11, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
286 commits
Select commit Hold shift + click to select a range
eb83c3d
Add JA3 to s2nd (#3838)
lrstewart Feb 23, 2023
55c8a52
filter do_not_merge label from Ready to merge (#3849)
WesleyRosenblum Feb 24, 2023
60da828
Remove unused s2n_config_client_hello_cb_enable_poll (#3850)
lrstewart Feb 24, 2023
6d4eb1f
Run integv2 tests with nix (#3824)
harrisonkaiser Feb 27, 2023
5d1898a
ci: nix fmt action (#3834)
dougch Feb 27, 2023
2352dd1
Add CBMC proof-running GitHub Action (#3840)
karkhaz Feb 27, 2023
9533076
Upgrade OpenSSL model for CBMC proofs (#3857)
feliperodri Feb 28, 2023
a9c152f
Bump Rust MSRV for latest openssl-src. (#3858)
dougch Feb 28, 2023
8062414
Handle ASN.1 type detection errors (#3855)
lrstewart Feb 28, 2023
274f321
[bindings] Add private key callback (#3847)
lrstewart Mar 1, 2023
4af1487
Removed codecov github status badge. (#3859)
amazonKamath Mar 1, 2023
e885b1b
Add method to create Rust certs without private keys (#3860)
lrstewart Mar 2, 2023
7640009
Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
alexw91 Mar 2, 2023
e3cecf2
chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
dougch Mar 2, 2023
61d77b0
ci: Check for msrv match between rust-toolchain an crates; make them …
dougch Mar 3, 2023
acb9cb5
fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_…
WesleyRosenblum Mar 11, 2023
8816a57
tests: add checks for LTO+interning compatibility (#3839)
camshaft Mar 11, 2023
77d70d8
Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)
lrstewart Mar 11, 2023
1707ff2
Rewrite of the PSK section in Usage Guide (#3864)
maddeleine Mar 14, 2023
ae5c47c
test: cleanup after tests (#3831)
toidiu Mar 14, 2023
bd0b756
ktls: feature probe test (#3869)
toidiu Mar 14, 2023
6f4e104
Fixes some compiler warnings coming from tests (#3883)
maddeleine Mar 14, 2023
d35e966
tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
mathpal Mar 16, 2023
63870f4
chore: bump rust bindings for 1.3.39 release (#3887)
jmayclin Mar 16, 2023
10ec83a
Migrate Kyber 512 to EVP KEM API (#3853)
WillChilds-Klein Mar 16, 2023
b999dba
test: cleanup tests (#3832)
toidiu Mar 16, 2023
736bbed
test: Add missing packages to nix devShell (#3885)
dougch Mar 16, 2023
3a4639e
Document behavior of s2n_negotiate for a client with client auth (#3891)
lrstewart Mar 17, 2023
2004999
Switch OpenBSD CI job GH action to something more robust (#3877)
knightjoel Mar 17, 2023
7a5a07a
Enable strict compile checks in unit test build (#3878)
aditishri18 Mar 17, 2023
cc8e2ed
ci: enable valgrind pedantic check (#3886)
toidiu Mar 20, 2023
bcaaaeb
Allow client hellos from raw bytes (#3871)
lrstewart Mar 21, 2023
404b56b
Add new security policy (#3895)
lrstewart Mar 22, 2023
c9588d0
fix: remove broken check in test (#3901)
toidiu Mar 23, 2023
4569ff3
test: Nix s3 cache (#3904)
dougch Mar 27, 2023
be71cd2
chore: bump rust bindings (#3909)
toidiu Mar 27, 2023
1ec46fc
Appends S2N_API (#3910)
maddeleine Mar 28, 2023
36691b0
Move secret type out of tls12/tls13 union (#3908)
lrstewart Mar 29, 2023
c87191f
Expose curve details to rust bindings (#3912)
shraddha-1508 Mar 29, 2023
0f69c37
Don't set actual_protocol_version early when resuming a session (#3907)
lrstewart Mar 30, 2023
92b571a
CI: Restrict Nix integ test to 1 job (#3897)
dougch Mar 30, 2023
87ef083
docs: add compliance notes for RFC 6125 (#3915)
camshaft Apr 3, 2023
e082333
test: add retry logic for well-known endpoints (#3918)
camshaft Apr 4, 2023
4378487
chore(bindings): release 0.0.29 (#3919)
camshaft Apr 4, 2023
818a092
test: Bump nix devShell python to 3.10 (#3914)
dougch Apr 6, 2023
49097f4
Attempts to fix flakiness in session_ticket_test (#3913)
maddeleine Apr 11, 2023
0182afa
Create new PQ TLS Policies with minimum of TLSv1.2 (#3927)
alexw91 Apr 11, 2023
c467738
doc: Flesh out steps in nix readme. (#3923)
dougch Apr 12, 2023
9d1fd47
Add note about server_name spec requirements (#3930)
lrstewart Apr 12, 2023
962861e
ci: Update AWSLC test dependency to v1.8.0 (#3938)
goatgoose Apr 13, 2023
922fe99
Adds FAQ doc (#3920)
maddeleine Apr 13, 2023
9215611
Remove unnecessary flush (#3940)
lrstewart Apr 14, 2023
199b0f4
update security policy and rust binding documentation (#3906)
jmayclin Apr 15, 2023
1164db2
Add github stale action (#3929)
goatgoose Apr 17, 2023
007d527
Add test to verify TLS1.2 downgrade (#3939)
aditishri18 Apr 17, 2023
c0d3fb8
Reinstate Kyber KEM check (#3905)
WillChilds-Klein Apr 18, 2023
53af3e9
Don't send close_notify after an alert (#3942)
lrstewart Apr 18, 2023
1e3ee20
Update IO section of Usage Guide (#3917)
lrstewart Apr 18, 2023
f6750da
Add basic half-close TLS1.3 behavior (#3932)
lrstewart Apr 19, 2023
bb9f295
bindings: add verify_host_callback to the connection (#3925)
toidiu Apr 19, 2023
ca9691d
ci: Add AWSLC-FIPS 2022 to CI (#3943)
goatgoose Apr 19, 2023
d7c8d70
add 32 bit cross-compile toolchain (#3924)
jmayclin Apr 19, 2023
882c38c
ci: Disable automatically closing stale PRs (#3946)
goatgoose Apr 21, 2023
635893c
Fix expected negotiated version in client auth downgrade test (#3951)
goatgoose Apr 21, 2023
d9e87d4
Fix end-of-data behavior (#3945)
lrstewart Apr 24, 2023
1a18443
Add logging for failed CRT tests (#3962)
lrstewart Apr 27, 2023
1f412e6
Cover more situations where no close_notify is sent/received (#3957)
lrstewart Apr 27, 2023
cd0f2a4
chore: bindings release (#3956)
toidiu Apr 27, 2023
a7e56c8
chore: remove module.modulemap and allow customers to generate it the…
toidiu Apr 27, 2023
00c7b4f
Add API to create s2n_configs without loading system certs (#3950)
goatgoose Apr 28, 2023
9cc4042
Add new API to perform half-close (#3952)
lrstewart May 2, 2023
5ef43b3
Add test for cipher selection with dh params (#3974)
lrstewart May 2, 2023
b3400ff
style: clean up fuzz corpus (#3971)
jmayclin May 3, 2023
816f5ae
Only LTO on GCC (#3968)
justsmth May 3, 2023
0c11ca4
docs: update clang-format and gdb documentation (#3967)
jmayclin May 3, 2023
405a888
s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypt…
riverszhang89 May 3, 2023
fd330d0
[ci]: Use custom library context for rc4 instead of global default co…
lrstewart May 5, 2023
760c09a
ci: add 32 bit buildspec (#3977)
jmayclin May 5, 2023
9b7b1f3
test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
jmayclin May 6, 2023
5965220
utils: Add a stale box to the GH dashboard; use an action for pushing…
dougch May 8, 2023
5af21c6
ci: nix devShell simplification (#3964)
dougch May 8, 2023
8db1211
Print Wire Bytes In and Out for s2nc (#3986)
alexw91 May 8, 2023
7e1e08c
chore: bindings release 0.0.31 (#3997)
WesleyRosenblum May 9, 2023
800b61f
ci: enable ossl3 tls13 tests (#3992)
jmayclin May 10, 2023
3b639f0
test: add more x509 OCSP tests (#3970)
jmayclin May 10, 2023
820b585
Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
lrstewart May 11, 2023
d206e79
bindings: Add option to disable loading system certs (#3985)
goatgoose May 11, 2023
784842e
docs: add notes on s2nc and s2nd usage (#4003)
WesleyRosenblum May 11, 2023
bc5b1dc
Quoting RFC-4492 to verify behavior when supported_groups extension i…
aditishri18 May 11, 2023
bb17c09
Upgrade OpenSSL model for CBMC proofs (#3978)
feliperodri May 15, 2023
73f1639
nix devShell with openssl3 (#3993)
dougch May 15, 2023
8584b89
fix(s2nd): parse psk given to s2nd non-destructively (#4006)
WesleyRosenblum May 15, 2023
f9a6ffa
style: simplfy api for test utility (#4008)
jmayclin May 16, 2023
5c22c5d
nix: add a LibreSSL nix devShell (#4010)
dougch May 23, 2023
933907f
nix: Use nixpkgs gnutls instead (#4013)
dougch May 23, 2023
36463b9
Add the libcrypto random generation implementation (#4004)
goatgoose May 23, 2023
6f70554
feat(s2n-tls): X509 asn1 refactor (#4011)
jmayclin May 24, 2023
3531431
fix: open files with the O_CLOEXEC flag (#3989)
toidiu May 24, 2023
eb52b0d
test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
jmayclin May 24, 2023
1f03ba5
fix(api/unstable): make all api methods visible (#4015)
jmayclin May 25, 2023
6705db4
nix: add an Openssl102 nix devShell (#4014)
dougch May 25, 2023
b71de53
Fix s2n_error_get_type mistake in usage guide (#4022)
lrstewart May 25, 2023
620ea24
Publish minimal s2n_config APIs and add documentation (#3972)
goatgoose May 25, 2023
de70b1c
Only call getenv for integ test marker in s2n_init (#4025)
lrstewart May 26, 2023
a0208f8
Disable retry client random validation outside of tests (#4023)
lrstewart May 30, 2023
b9c4d60
fix: improve compatibility with old Linux versions (#4027)
camshaft May 31, 2023
6c38bde
build: make feature flags consistent (#3921)
camshaft Jun 2, 2023
1c26d11
Fixes dynamic loading bug (#4024)
maddeleine Jun 2, 2023
e5d334e
bindings: release 0.0.32 (#4032)
camshaft Jun 5, 2023
6e971f9
Refactor alerts to make behavior clear (#4019)
lrstewart Jun 5, 2023
a61ba00
ci: typos config file (#4021)
dougch Jun 6, 2023
56a897c
Add pre-TLS13 libcrypto PRF implementation (#4020)
goatgoose Jun 6, 2023
382847c
fix: ossl3 legacy provider mem leak (#4033)
jmayclin Jun 6, 2023
a7ccb7e
nix devShell with aws-lc (#4028)
dougch Jun 6, 2023
dece431
Never send KeyUpdate message if <TLS1.3 (#4038)
lrstewart Jun 7, 2023
93754d9
ci: allow running multiple integ tests at once in nix devshell (#4029)
dougch Jun 9, 2023
1fd76fb
Add libcrypto HKDF implementation (#4035)
goatgoose Jun 12, 2023
ba2ffa8
Fix pthread leak (#4037)
maddeleine Jun 12, 2023
b9b05d3
Fix usage guide examples + enable testing of examples (#4044)
lrstewart Jun 12, 2023
23840a5
feat: add checked return values diagnostic (#3798)
camshaft Jun 12, 2023
b4aee0c
Add ThreadSanitizer (#4046)
lrstewart Jun 13, 2023
f7d65fc
Update nix corretto; make it platform aware. (#4043)
dougch Jun 14, 2023
c9dd66e
Fix TSAN s2n_shutdown failures (#4055)
lrstewart Jun 15, 2023
3af5d12
feat(bindings/s2n-tls): add ja-3 apis (#4009)
jmayclin Jun 16, 2023
669142d
s2n-tls handshake benchmark (#4053)
tinzh Jun 16, 2023
bb061b3
Validate PRK output size in the libcrypto HKDF implementation (#4057)
goatgoose Jun 19, 2023
5e7f054
remove kTLS feature probe (#4064)
toidiu Jun 20, 2023
b96117f
Add rustls handshake to benchmarks (#4063)
tinzh Jun 21, 2023
6592bba
Disable build flag for openssl102 nix aarch64-linux (#4045)
dougch Jun 21, 2023
3a6b566
Fixes broken link in comment (#4060)
maddeleine Jun 22, 2023
491e7f8
bindings: do not enable OCSP when calling trust_location() (#4016)
WesleyRosenblum Jun 22, 2023
e954ee5
Create new KMS TLS Policy with TLSv1.2 Minimum (#4068)
alexw91 Jun 23, 2023
c991bcc
Add KeyUpdate threading test (#4059)
lrstewart Jun 26, 2023
8893bc2
Adds new CRT policies (#4072)
maddeleine Jun 27, 2023
5d7925f
nix: skip the sslyze test on aarch64 (#4050)
dougch Jun 27, 2023
90dd13a
fix: Add implicit gcc flag to all feature probes (#4074)
goatgoose Jun 27, 2023
a23e8c5
feat(bench): add openssl handshake to benchmarking (#4069)
tinzh Jun 29, 2023
34b344b
bindings: release 0.0.33 (#4076)
goatgoose Jun 29, 2023
01bc0d9
Fix openssl-1.0.2k x509 validator test failure (#4084)
lrstewart Jun 30, 2023
ab3426d
feat: introduce s2n_key_material for handling key material info (#4047)
toidiu Jul 3, 2023
dce91ac
Fix pthread key cleanup with musl libc (#4085)
lrstewart Jul 6, 2023
e0fd532
feat(bench): add mTLS to benchmarks (#4079)
tinzh Jul 10, 2023
86c9dc9
feat(bench): add throughput benchmarks (#4077)
tinzh Jul 11, 2023
d3822c1
ktls: config socket ULP (#4066)
toidiu Jul 12, 2023
9b247e7
Disabling sign compare check as debug build option, enabling wsign-co…
aditishri18 Jul 12, 2023
9835df2
Generify Kyber files + functions over security parameters (#4087)
WillChilds-Klein Jul 13, 2023
6597019
Fix clippy warnings (#4093)
WillChilds-Klein Jul 13, 2023
de98786
Fix try_compile bug on gcc 4 (#4091)
maddeleine Jul 13, 2023
57943c8
bindings: release 0.0.34 (#4096)
maddeleine Jul 14, 2023
5cc827d
nix: pin corretto version (#4103)
dougch Jul 20, 2023
20b0174
feat(bench): add historical performance benchmark (#4083)
tinzh Jul 24, 2023
aab13d5
feat(bench): add memory bench with valgrind/massif (#4081)
tinzh Jul 25, 2023
6881358
feat(bench): add different certificate signature algorithms to benchm…
tinzh Jul 25, 2023
bce2b1a
fix: get_session behavior for TLS 1.3 (#4104)
jmayclin Jul 25, 2023
403d5e6
Trying to use an invalid ticket should not mutate state (#4110)
lrstewart Jul 25, 2023
b0b253e
ktls: set keys on socket and enable ktls (#4071)
toidiu Jul 26, 2023
65e74ca
Print error for 32bit test (#4107)
lrstewart Jul 26, 2023
35d08ba
refactor(bench): separate out client and server connections in benchi…
tinzh Jul 28, 2023
ea6d02a
bindings: release 0.0.35 (#4122)
goatgoose Jul 28, 2023
138e46b
Fix PR template styling (#4116)
tinzh Jul 31, 2023
9465e1a
refactor(bench): move around and update scripts in bench crate (#4115)
tinzh Aug 1, 2023
4a973af
refactor(bench): feature cleanup for benches (#4120)
tinzh Aug 2, 2023
0e2768c
ktls: self talk inet socket test (#4075)
toidiu Aug 2, 2023
9810dc1
refactor(bench): unnest loops over parameters in handshake bench (#4129)
tinzh Aug 2, 2023
ab8f107
fix(bench): fix throughput bench issues and add documentation (#4130)
tinzh Aug 2, 2023
190ad5d
Add new Kyber768+ KEMs and security policy (#4034)
WillChilds-Klein Aug 3, 2023
2765ba8
feat(bench): add flamegraph generation to benchmarks and reuse config…
tinzh Aug 3, 2023
17eae9d
feat(bench): add different parameters for memory benching (#4125)
tinzh Aug 3, 2023
05ae36c
Update build documentation (#4126)
goatgoose Aug 5, 2023
2da0bf4
Prevent get_peer_cert_chain from modifying existing cert chain (#4135)
lrstewart Aug 9, 2023
feaa541
Add additional Kyber768 tests (#4089)
WillChilds-Klein Aug 9, 2023
c44123d
test: ensure s2n_recv blocked status behavior doesn't change (#4127)
camshaft Aug 9, 2023
cb32a54
ktls: mock send/recvmsg IO (#4109)
toidiu Aug 9, 2023
2a365f4
Adds resumption functions to Rust bindings (#4114)
maddeleine Aug 10, 2023
4b2187d
Make invalid chains available via get_client_cert_chain (#4134)
lrstewart Aug 11, 2023
b8c3945
Update blocked status documentation (#4139)
goatgoose Aug 11, 2023
d98d0af
bindings: release 0.0.36 (#4145)
goatgoose Aug 15, 2023
32cbdbf
Use client_hello.parsed as precondition for retrieving client_hello (…
raycoll Aug 15, 2023
5164bdf
docs(bench): update historical benching graphs and readme (#4136)
tinzh Aug 15, 2023
048b8f3
Don't exit nix dev shell on integ test failure (#4149)
lrstewart Aug 17, 2023
0c3ec11
kTLS: get and set control data on msghdr (#4146)
toidiu Aug 17, 2023
f971bad
Call enable_session_tickets before adding a ticket key (#4150)
maddeleine Aug 17, 2023
074ff8b
refactor and cleanup some ktls code (#4152)
toidiu Aug 18, 2023
1a5e406
Fix s2n_ecdsa_secp521r1_sha512 + improve integ ECDSA coverage (#4148)
lrstewart Aug 18, 2023
346bd1a
kTLS: implement sendmsg (#4147)
toidiu Aug 21, 2023
e04acc3
Add cert validation callback (#4156)
goatgoose Aug 22, 2023
625ff98
Fix clippy (#4166)
goatgoose Aug 25, 2023
b70868e
kTLS: implement recvmsg (#4154)
toidiu Aug 25, 2023
baf0947
Publish cert validation callback APIs and add documentation (#4161)
goatgoose Aug 25, 2023
5d5400a
bindings: release 0.0.37 (#4172)
goatgoose Aug 29, 2023
21d3510
feat(benchmarks): add session resumption support (#4173)
jmayclin Aug 30, 2023
d9c9a10
api: Add S2N_EXTENSION_SUPPORTED_VERSIONS as s2n_tls_extension_type (…
raycoll Aug 30, 2023
ea7caff
Small sendv doc fix (#4178)
lrstewart Aug 30, 2023
62dc7a6
ktls: send app data (#4174)
lrstewart Aug 31, 2023
282312c
Add testlib to track memory allocations (#4180)
lrstewart Sep 5, 2023
406013b
ci: buildspec for qemu ktls test (#4175)
dougch Sep 5, 2023
a888cfc
Add AL2 test with system libcrypto (#4179)
lrstewart Sep 6, 2023
a7b0dfa
ktls: send alerts (#4185)
lrstewart Sep 7, 2023
bb6052e
Commit buildspec for s2nGeneralBatch (#4188)
lrstewart Sep 7, 2023
f7930e5
Add API to disable certificate validity period validation (#4183)
goatgoose Sep 8, 2023
bcec2c5
Add test with ktls enabled to s2nGeneralBatch (#4190)
lrstewart Sep 8, 2023
b4f0c5c
ktls: add sendfile (#4186)
lrstewart Sep 9, 2023
f71b60c
ci: Upgrade asan to catch use after scope (#4192)
lrstewart Sep 11, 2023
1f19c68
ci: run duvet when commits are merged into main branch (#4197)
toidiu Sep 12, 2023
f40c6b9
ktls: self-talk tests for send (#4189)
lrstewart Sep 12, 2023
765afea
Reduce allocs in ktls app data send (#4181)
lrstewart Sep 13, 2023
87f0c9e
ktls: recv alerts (#4199)
lrstewart Sep 15, 2023
e99e435
bindings: release 0.0.38 (#4196)
goatgoose Sep 15, 2023
e15bf7f
docs: add citations for alert behavior (#4198)
toidiu Sep 15, 2023
3758f4b
ktls: receive app data (#4201)
lrstewart Sep 18, 2023
1640db5
Add asan support to cmake/nix (#4194)
lrstewart Sep 19, 2023
9d1e6c8
build: use feature probes for CLOEXEC (#4206)
camshaft Sep 19, 2023
fef3e5a
docs: add rfc citations (#4202)
toidiu Sep 20, 2023
7afd286
ktls: fix flaky test (#4214)
lrstewart Sep 20, 2023
c3528aa
Generalize io handling + add ktls EINTR handling (#4203)
lrstewart Sep 20, 2023
c527fa2
ktls: clean up enable (#4212)
lrstewart Sep 21, 2023
9014236
feat: send psk_ke_modes ext in first flight (#4177)
jmayclin Sep 21, 2023
b80c555
feat: add s2n_strerror_source API (#4209)
camshaft Sep 21, 2023
7318609
docs: generate citations meta data and add CI check (#4205)
toidiu Sep 22, 2023
5e232a6
Add API to retrieve parsed supported groups (#4216)
goatgoose Sep 23, 2023
2c8f025
ktls: release APIs as unstable (#4217)
lrstewart Sep 25, 2023
5af7d6c
ci: Authorize requests to GitHub API (#4223)
qinheping Sep 26, 2023
6da4a64
overwrite the random state key only if initialized (#4225)
arielb1 Sep 28, 2023
ab7bfce
ktls: make usable outside of tests (#4232)
lrstewart Oct 2, 2023
b15a1ba
Add support for exporting symmetric keys from connections (#4230)
Mark-Simulacrum Oct 4, 2023
76fb286
ci: add ktls + asan build (#4213)
lrstewart Oct 4, 2023
a6517c5
ktls: forbid renegotiation (#4229)
lrstewart Oct 5, 2023
2a6ead7
ktls: support aes256 (#4227)
lrstewart Oct 5, 2023
4654fec
Merge pull request from GHSA-97r4-p6c4-5gv3
dougch Oct 5, 2023
b0ada99
Run clang-format (#4238)
goatgoose Oct 6, 2023
5af7a0d
bindings: release 0.0.39 (#4235)
goatgoose Oct 6, 2023
18dd059
feat: Processes post-handshake messages for quic (#4218)
maddeleine Oct 6, 2023
2d05302
chore: pin dependency to fix rust MSRV issues (#4243)
toidiu Oct 11, 2023
a2b16d2
feat: Turns off automatic ticket creation for quic (#4239)
maddeleine Oct 12, 2023
92c35cb
Switch sig schemes from copies to references (#4237)
lrstewart Oct 12, 2023
3526e69
Add new PQ TLS 1.3 policies (#4247)
WillChilds-Klein Oct 13, 2023
6f86292
bindings: release 0.0.40 (#4251)
WesleyRosenblum Oct 18, 2023
fa58945
docs: remove extra security policy item (#4248)
jmayclin Oct 19, 2023
dec039d
refactor(bench): remove non-generic connection logic (#4236)
jmayclin Oct 19, 2023
e4f5bf6
Clean up sending supported sig algs (#4254)
lrstewart Oct 23, 2023
e9d48da
Allow TLS 1.2 servers to report client versions from the supported ve…
goatgoose Oct 24, 2023
e76363e
Always apply the PARTIAL_CHAIN flag (#4258)
goatgoose Oct 25, 2023
80db009
Update get_client_cert_chain API documentation (#4260)
goatgoose Oct 25, 2023
aa41c9b
Switch from vmactions to cross-platform-actions (#4266)
lrstewart Oct 27, 2023
5c860d7
Clean up receiving peer sig alg (#4259)
lrstewart Oct 27, 2023
1dc74a5
fix: update permissions to allow dashboard to write to gh-pages. (#4228)
dougch Oct 27, 2023
95753f0
ci: Minor cppcheck speedup (#4268)
lrstewart Oct 28, 2023
5e0c164
Fix memory leak from `s2n_per_thread_rand_state` thread-local data wh…
vitlibar Jan 5, 2023
955d421
Merge branch 'master' into upd_1.3.56
nickitat Jan 23, 2024
9a1e754
fix build
nickitat Jan 27, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix TSAN s2n_shutdown failures (aws#4055)
  • Loading branch information
lrstewart authored Jun 15, 2023
commit c9dd66ed11b44e3b20d68883b60affc83a391bfc
8 changes: 6 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ if(S2N_UNSAFE_FUZZING_MODE)
endif()

if(TSAN)
target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize=thread)
target_compile_options(${PROJECT_NAME} PUBLIC -fsanitize=thread -DS2N_THREAD_SANITIZER=1)
target_link_options(${PROJECT_NAME} PUBLIC -fsanitize=thread)
endif()

Expand Down Expand Up @@ -510,7 +510,11 @@ if (BUILD_TESTING)
message(FATAL_ERROR "TSAN suppression file ${TSAN_SUPPRESSIONS_FILE} missing")
endif()
set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} S2N_ADDRESS_SANITIZER=1)
set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} TSAN_OPTIONS=suppressions=${TSAN_SUPPRESSIONS_FILE})
set(TSAN_OPTIONS suppressions=${TSAN_SUPPRESSIONS_FILE})
if(DEFINED ENV{TSAN_OPTIONS})
set(TSAN_OPTIONS "${TSAN_OPTIONS} $ENV{TSAN_OPTIONS}")
endif()
set(UNIT_TEST_ENVS ${UNIT_TEST_ENVS} TSAN_OPTIONS=${TSAN_OPTIONS})
endif()
message(STATUS "Running tests with environment: ${UNIT_TEST_ENVS}")

Expand Down
1 change: 1 addition & 0 deletions error/s2n_errno.c
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,7 @@ static const char *no_such_error = "Internal s2n error";
ERR_ENTRY(S2N_ERR_INTERNAL_LIBCRYPTO_ERROR, "An internal error has occurred in the libcrypto API") \
ERR_ENTRY(S2N_ERR_NO_RENEGOTIATION, "Only secure, server-initiated renegotiation is supported") \
ERR_ENTRY(S2N_ERR_APP_DATA_BLOCKED, "Blocked on application data during handshake") \
ERR_ENTRY(S2N_ERR_ATOMIC, "Atomic operations in this environment would require locking") \
/* clang-format on */

#define ERR_STR_CASE(ERR, str) \
Expand Down
1 change: 1 addition & 0 deletions error/s2n_errno.h
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ typedef enum {
S2N_ERR_SECRET_SCHEDULE_STATE,
S2N_ERR_CERT_OWNERSHIP,
S2N_ERR_INTERNAL_LIBCRYPTO_ERROR,
S2N_ERR_ATOMIC,
S2N_ERR_T_USAGE_END,
} s2n_error;

Expand Down
30 changes: 30 additions & 0 deletions tests/features/S2N_ATOMIC_SUPPORTED.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

#include <signal.h>
#include <stddef.h>

int main() {
/* Atomic builtins are supported by gcc 4.7.3 and later. */
sig_atomic_t atomic = 0, value = 1;
__atomic_store(&atomic, &value, __ATOMIC_RELAXED);
__atomic_load(&atomic, &value, __ATOMIC_RELAXED);

/* _Static_assert is supported for C99 by gcc 4.6 and later,
* so using it here shouldn't limit use of the atomic builtins. */
_Static_assert(__atomic_always_lock_free(sizeof(sig_atomic_t), NULL),
"Atomic operations in this environment would require locking");
return 0;
}
1 change: 1 addition & 0 deletions tests/features/S2N_ATOMIC_SUPPORTED.flags
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-Werror
8 changes: 4 additions & 4 deletions tests/unit/s2n_alerts_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ int main(int argc, char **argv)
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));

/* Verify state prior to alert */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));

/* Write and process the alert */
EXPECT_SUCCESS(s2n_stuffer_write_bytes(&conn->in, not_close_notify_alert, sizeof(not_close_notify_alert)));
Expand All @@ -115,7 +115,7 @@ int main(int argc, char **argv)
EXPECT_FAILURE_WITH_ERRNO(s2n_process_alert_fragment(conn), S2N_ERR_ALERT);

/* Verify state after alert */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));

EXPECT_SUCCESS(s2n_connection_free(conn));
}
Expand All @@ -126,14 +126,14 @@ int main(int argc, char **argv)
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));

/* Verify state prior to alert */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));

/* Write and process the alert */
EXPECT_SUCCESS(s2n_stuffer_write_bytes(&conn->in, close_notify_alert, sizeof(close_notify_alert)));
EXPECT_SUCCESS(s2n_process_alert_fragment(conn));

/* Verify state after alert */
EXPECT_TRUE(conn->close_notify_received);
EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received));

EXPECT_SUCCESS(s2n_connection_free(conn));
}
Expand Down
32 changes: 12 additions & 20 deletions tests/unit/s2n_connection_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -795,14 +795,6 @@ int main(int argc, char **argv)
EXPECT_FALSE(s2n_connection_check_io_status(NULL, S2N_IO_CLOSED));
EXPECT_FALSE(s2n_connection_check_io_status(NULL, 10));
EXPECT_FALSE(s2n_connection_check_io_status(conn, 10));

EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
conn->write_closed = 10;
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));

EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
conn->read_closed = 10;
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
}

/* TLS1.2 */
Expand All @@ -819,24 +811,24 @@ int main(int argc, char **argv)
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));

/* Close write */
conn->write_closed = 1;
s2n_atomic_flag_set(&conn->write_closed);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
conn->write_closed = 0;
s2n_atomic_flag_clear(&conn->write_closed);

/* Close read */
conn->read_closed = 1;
s2n_atomic_flag_set(&conn->read_closed);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
conn->read_closed = 0;
s2n_atomic_flag_clear(&conn->read_closed);

/* Close both */
conn->read_closed = 1;
conn->write_closed = 1;
s2n_atomic_flag_set(&conn->read_closed);
s2n_atomic_flag_set(&conn->write_closed);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
Expand All @@ -857,24 +849,24 @@ int main(int argc, char **argv)
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));

/* Close write */
conn->write_closed = 1;
s2n_atomic_flag_set(&conn->write_closed);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
conn->write_closed = 0;
s2n_atomic_flag_clear(&conn->write_closed);

/* Close read */
conn->read_closed = 1;
s2n_atomic_flag_set(&conn->read_closed);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
conn->read_closed = 0;
s2n_atomic_flag_clear(&conn->read_closed);

/* Close both */
conn->read_closed = 1;
conn->write_closed = 1;
s2n_atomic_flag_set(&conn->read_closed);
s2n_atomic_flag_set(&conn->write_closed);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));
Expand Down
4 changes: 2 additions & 2 deletions tests/unit/s2n_early_data_io_api_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -373,8 +373,8 @@ int main(int argc, char **argv)

/* Pretend we didn't test the above error condition.
* The S2N_ERR_BAD_MESSAGE error triggered S2N to close the connection. */
server_conn->write_closed = false;
client_conn->write_closed = false;
s2n_atomic_flag_clear(&server_conn->write_closed);
s2n_atomic_flag_clear(&client_conn->write_closed);

/* Read the remaining early data properly */
EXPECT_SUCCESS(s2n_recv_early_data(server_conn, actual_payload, sizeof(actual_payload),
Expand Down
36 changes: 18 additions & 18 deletions tests/unit/s2n_shutdown_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ int main(int argc, char **argv)

/* Verify state prior to alert */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -78,7 +78,7 @@ int main(int argc, char **argv)

/* Verify state after shutdown attempt */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));

Expand Down Expand Up @@ -109,7 +109,7 @@ int main(int argc, char **argv)

/* Verify state prior to alert */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -123,7 +123,7 @@ int main(int argc, char **argv)

/* Verify state after shutdown attempt */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));

Expand All @@ -146,7 +146,7 @@ int main(int argc, char **argv)

/* Verify state prior to alert */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -173,7 +173,7 @@ int main(int argc, char **argv)

/* Verify state after shutdown attempt */
EXPECT_TRUE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));

Expand All @@ -195,7 +195,7 @@ int main(int argc, char **argv)

/* Verify state prior to alert */
EXPECT_FALSE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -204,7 +204,7 @@ int main(int argc, char **argv)

/* Verify state after shutdown */
EXPECT_FALSE(s2n_handshake_is_complete(conn));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);

/* Fully closed: we don't worry about truncating data */
Expand All @@ -225,7 +225,7 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_connection_set_io_stuffers(&input, &output, conn));

/* Verify state prior to alert */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -234,7 +234,7 @@ int main(int argc, char **argv)
EXPECT_EQUAL(blocked, S2N_BLOCKED_ON_READ);

/* Verify state after shutdown attempt */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);

/* Half-close: only write closed */
Expand All @@ -257,7 +257,7 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_connection_set_io_stuffers(&input, &output, conn));

/* Verify state prior to alert */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_FULL_DUPLEX));

Expand All @@ -266,7 +266,7 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_process_alert_fragment(conn));

/* Verify state after alert */
EXPECT_TRUE(conn->close_notify_received);
EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE));
EXPECT_FALSE(s2n_connection_check_io_status(conn, S2N_IO_READABLE));
Expand All @@ -276,7 +276,7 @@ int main(int argc, char **argv)
EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);

/* Verify state after shutdown attempt */
EXPECT_TRUE(conn->close_notify_received);
EXPECT_TRUE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
};
Expand Down Expand Up @@ -309,15 +309,15 @@ int main(int argc, char **argv)
EXPECT_FAILURE_WITH_ERRNO(s2n_shutdown(conn, &blocked), S2N_ERR_ALERT);

/* Verify state after shutdown attempt */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
EXPECT_EQUAL(s2n_stuffer_data_available(&output), alert_record_size);

/* Future calls are no-ops */
for (size_t i = 0; i < 5; i++) {
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_TRUE(conn->alert_sent);
}
};
Expand Down Expand Up @@ -410,7 +410,7 @@ int main(int argc, char **argv)
EXPECT_EQUAL(blocked, S2N_NOT_BLOCKED);

/* Verify state after shutdown attempt */
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
EXPECT_FALSE(conn->alert_sent);
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
};
Expand Down Expand Up @@ -586,7 +586,7 @@ int main(int argc, char **argv)
/* Full close is no-op */
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
};

/* Test: Half close, peer alert, then full close */
Expand Down Expand Up @@ -621,7 +621,7 @@ int main(int argc, char **argv)
/* Full close is no-op */
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_TRUE(s2n_connection_check_io_status(conn, S2N_IO_CLOSED));
EXPECT_FALSE(conn->close_notify_received);
EXPECT_FALSE(s2n_atomic_flag_test(&conn->close_notify_received));
};
}

Expand Down
6 changes: 4 additions & 2 deletions tls/s2n_alerts.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
#include "tls/s2n_record.h"
#include "tls/s2n_resume.h"
#include "tls/s2n_tls_parameters.h"
#include "utils/s2n_atomic.h"
#include "utils/s2n_blob.h"
#include "utils/s2n_safety.h"

Expand Down Expand Up @@ -203,8 +204,8 @@ int s2n_process_alert_fragment(struct s2n_connection *conn)
if (s2n_stuffer_data_available(&conn->alert_in) == 2) {
/* Close notifications are handled as shutdowns */
if (conn->alert_in_data[1] == S2N_TLS_ALERT_CLOSE_NOTIFY) {
conn->read_closed = 1;
conn->close_notify_received = true;
s2n_atomic_flag_set(&conn->read_closed);
s2n_atomic_flag_set(&conn->close_notify_received);
return 0;
}

Expand All @@ -221,6 +222,7 @@ int s2n_process_alert_fragment(struct s2n_connection *conn)

/* All other alerts are treated as fatal errors */
POSIX_GUARD_RESULT(s2n_connection_set_closed(conn));
s2n_atomic_flag_set(&conn->error_alert_received);
POSIX_BAIL(S2N_ERR_ALERT);
}
}
Expand Down
Loading