Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor signature algorithm selection logic #4257

Closed
4 of 5 tasks
lrstewart opened this issue Oct 23, 2023 · 1 comment
Closed
4 of 5 tasks

Refactor signature algorithm selection logic #4257

lrstewart opened this issue Oct 23, 2023 · 1 comment
Labels
s2n-core team

Comments

@lrstewart
Copy link
Contributor

lrstewart commented Oct 23, 2023
edited
Loading

Problem:

We addressed this security advisory with a fairly hacky fix. Our signature algorithms logic is also one of the first sections of the code touched during our TLS1.3 changes, and is pretty difficult to read and maintain.

Solution:

We should revisit signature algorithm negotiation and do some cleanup, particularly around our default logic.

To keep changes small, I've broken it down into the separate steps of negotiation: the client sends the supported sig algs, the server receives the supported sig algs, the server sends its chosen sig alg, and the client receives the chosen sig alg.

Tasks:

Once all tasks are complete, s2n_signature_algorithms.h should look like:

S2N_RESULT s2n_signature_algorithm_recv(struct s2n_connection *conn, struct s2n_stuffer *in);

S2N_RESULT s2n_signature_algorithms_supported_list_process(struct s2n_connection *conn,
        struct s2n_blob *peer_list);
S2N_RESULT s2n_signature_algorithms_supported_list_recv(struct s2n_connection *conn,
        struct s2n_stuffer *in);

S2N_RESULT s2n_signature_algorithms_supported_list_send(struct s2n_connection *conn,
        struct s2n_stuffer *out);
  • Does this change what S2N sends over the wire? If yes, explain.
  • Does this change any public APIs? If yes, explain.
  • Which versions of TLS will this impact?

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

  • RFC links: Links to relevant RFC(s)
  • Related Issues: Link any relevant issues
  • Will the Usage Guide or other documentation need to be updated?
  • Testing: How will this change be tested? Call out new integration tests, functional tests, or particularly interesting/important unit tests.
    • Will this change trigger SAW changes? Changes to the state machine, the s2n_handshake_io code that controls state transitions, the DRBG, or the corking/uncorking logic could trigger SAW failures.
    • Should this change be fuzz tested? Will it handle untrusted input? Create a separate issue to track the fuzzing work.

Out of scope:

Is there anything the solution will intentionally NOT address?
@lrstewart lrstewart mentioned this issue Oct 24, 2023
Merged
@lrstewart lrstewart mentioned this issue Nov 14, 2023
Merged
@maddeleine
Copy link
Contributor

Remaining task: #4543

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lrstewart @WesleyRosenblum @maddeleine