-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pre-TLS13 libcrypto PRF implementation #4020
Conversation
Squashed commit of the following: commit 1678bff Author: Sam Clark <[email protected]> Date: Wed May 24 13:21:23 2023 -0400 cleanup commit ebea361 Author: Sam Clark <[email protected]> Date: Wed May 24 13:12:19 2023 -0400 clang-format commit e12b4ac Author: Sam Clark <[email protected]> Date: Wed May 24 13:09:12 2023 -0400 move s2n_libcrypto_supports_tls_prf to s2n_prf commit e9ae9ae Author: Sam Clark <[email protected]> Date: Wed May 24 13:01:43 2023 -0400 cleanup dynamic seed_b allocation commit 2e8ecc0 Author: Sam Clark <[email protected]> Date: Tue May 23 16:32:12 2023 -0400 remove openssl implementation commit 21b77d2 Author: Sam Clark <[email protected]> Date: Tue May 23 11:45:20 2023 -0400 gate libcrypto prf with > OpenSSL 1.0.2 commit ab20222 Author: Sam Clark <[email protected]> Date: Tue May 23 11:04:10 2023 -0400 discard const commit 287ecc1 Author: Sam Clark <[email protected]> Date: Wed May 17 19:01:56 2023 -0400 Add pre-TLS13 libcrypto PRF implementation commit 9711902 Author: Sam Clark <[email protected]> Date: Wed May 17 16:35:41 2023 -0400 wip
tls/s2n_prf.c
Outdated
/* BoringSSL and AWSLC define the CRYPTO_tls1_prf API in a private header. This function is | ||
* forward-declared to make it accessible. | ||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any concerns about visibility / this method not being stable? For example, this would be a very bad idea to do with any s2n-tls method not officially in the api.
If this is safe, we need to explain why in a comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a comment to explain this. I also removed the feature probe. After testing the probe by rebuilding AWSLC with modified API definitions, the try_compile was not sufficient to catch the changes and disable the API. If the modification just hid the symbol, the try_compile worked, but if an argument was added or something the try_compile failed to catch it. Since BoringSSL could theoretically change this API definition, I gated it behind just AWSLC rather than a feature probe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And just to confirm, since we're not using a try_compile, the method is available and exported in all versions of awslc? Even the oldest?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct - CRYPTO_tls1_prf
was made visible by aws/aws-lc@37c6eb4 in 2018. The first AWSLC release was v0.1-alpha, released in 2020. The API is exported in this version here: https://github.com/aws/aws-lc/blob/v0.1-alpha/third_party/boringssl/crypto/fipsmodule/tls/internal.h#L27-L33
a136896
to
46237a4
Compare
Description of changes:
s2n-tls currently uses a custom PRF implementation to generate secret data for the TLS connection. This PR adds the AWSLC/BoringSSL libcrypto implementation, and uses this when s2n-tls is operating in FIPS mode.
Call-outs:
EVP_PKEY_CTX
APIs, separate from the AWSLC/BoringSSL API. However, the TLS PRF was added in OpenSSL 1.1.0. Since the only FIPS-compatible OpenSSL version is 1.0.2, I didn't implement the OpenSSL version.Testing:
s2n_tls_prf_test
ensure the libcrypto implementation is correct. Thes2n_prf
function is provided 3 seeds in the case of calculating a hybrid PQ master secret, and this is tested ins2n_tls_hybrid_prf_test
.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.