refactor: remove conn->client_hello_version (aws#5278)

Co-authored-by: Sam Clark <[email protected]>

Author: 2 people

tests/unit/s2n_client_hello_recv_test.c

@@ -83,8 +83,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_connection_set_config(server_conn, tls13_config));
 
         /* Record version and protocol version are in the header for SSLv2 */
-        server_conn->client_hello_version = S2N_SSLv2;
-        server_conn->client_protocol_version = S2N_TLS12;
+        server_conn->client_hello.sslv2 = true;
+        server_conn->client_hello.legacy_version = S2N_TLS12;
 
         uint8_t sslv2_client_hello[] = {
             SSLv2_CLIENT_HELLO_PREFIX,
@@ -103,8 +103,10 @@ int main(int argc, char **argv)
 
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_SSLv2);
+        EXPECT_EQUAL(server_conn->client_hello.sslv2, true);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_hello.callback_invoked, 1);
+        EXPECT_EQUAL(s2n_connection_get_client_hello_version(server_conn), S2N_SSLv2);
 
         s2n_connection_free(server_conn);
 
@@ -122,7 +124,7 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_client_hello_send(client_conn));
         EXPECT_EQUAL(client_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(client_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS12);
 
         EXPECT_SUCCESS(s2n_stuffer_write(&server_conn->handshake.io, &client_conn->handshake.io.blob));
         EXPECT_SUCCESS(s2n_client_hello_recv(server_conn));
@@ -147,15 +149,15 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_client_hello_send(client_conn));
         EXPECT_EQUAL(client_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(client_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS12);
 
         EXPECT_SUCCESS(s2n_stuffer_write(&server_conn->handshake.io, &client_conn->handshake.io.blob));
         EXPECT_SUCCESS(s2n_client_hello_recv(server_conn));
 
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -177,15 +179,15 @@ int main(int argc, char **argv)
         client_conn->client_protocol_version = S2N_TLS11;
 
         EXPECT_SUCCESS(s2n_client_hello_send(client_conn));
-        EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS11);
+        EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS11);
 
         EXPECT_SUCCESS(s2n_stuffer_write(&server_conn->handshake.io, &client_conn->handshake.io.blob));
         EXPECT_SUCCESS(s2n_client_hello_recv(server_conn));
 
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS11);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS11);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS11);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS11);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -205,15 +207,15 @@ int main(int argc, char **argv)
 
         EXPECT_SUCCESS(s2n_client_hello_send(client_conn));
         EXPECT_EQUAL(client_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS12);
 
         EXPECT_SUCCESS(s2n_stuffer_write(&server_conn->handshake.io, &client_conn->handshake.io.blob));
         EXPECT_SUCCESS(s2n_client_hello_recv(server_conn));
 
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS13);
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -247,12 +249,12 @@ int main(int argc, char **argv)
 
         EXPECT_EQUAL(client_conn->actual_protocol_version, s2n_get_highest_fully_supported_tls_version());
         EXPECT_EQUAL(client_conn->client_protocol_version, s2n_get_highest_fully_supported_tls_version());
-        EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS12);
 
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS13);
         EXPECT_EQUAL(server_conn->actual_protocol_version, s2n_get_highest_fully_supported_tls_version());
         EXPECT_EQUAL(server_conn->client_protocol_version, s2n_get_highest_fully_supported_tls_version());
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS13);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -279,7 +281,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS13);
         EXPECT_EQUAL(server_conn->actual_protocol_version, s2n_get_highest_fully_supported_tls_version());
         EXPECT_EQUAL(server_conn->client_protocol_version, s2n_get_highest_fully_supported_tls_version());
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -313,7 +315,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(server_conn->server_protocol_version, s2n_get_highest_fully_supported_tls_version());
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS13);
 
         s2n_connection_free(server_conn);
         s2n_connection_free(client_conn);
@@ -352,8 +354,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_connection_set_config(server_conn, tls12_config));
 
         /* Record version and protocol version are in the header for SSLv2 */
-        server_conn->client_hello_version = S2N_SSLv2;
-        server_conn->client_protocol_version = S2N_TLS12;
+        server_conn->client_hello.sslv2 = true;
+        server_conn->client_hello.legacy_version = S2N_TLS12;
 
         /* Writing a sslv2 client hello with a length 0 cipher suite list */
         uint8_t sslv2_client_hello[] = {
@@ -501,7 +503,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS13);
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
 
         s2n_connection_free(server_conn);
         EXPECT_SUCCESS(s2n_disable_tls13_in_test());
@@ -542,8 +544,9 @@ int main(int argc, char **argv)
         /* Successfully read the full message */
         EXPECT_OK(s2n_negotiate_until_message(server, &blocked, SERVER_HELLO));
         EXPECT_EQUAL(server->client_protocol_version, S2N_TLS12);
-        EXPECT_EQUAL(server->client_hello_version, S2N_SSLv2);
+        EXPECT_EQUAL(server->client_hello.legacy_version, S2N_TLS12);
         EXPECT_TRUE(server->client_hello.sslv2);
+        EXPECT_EQUAL(s2n_connection_get_client_hello_version(server), S2N_SSLv2);
     };
 
     s2n_config_free(tls12_config);

tests/unit/s2n_client_hello_test.c

@@ -749,7 +749,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_client_hello_send(conn));
             EXPECT_EQUAL(conn->actual_protocol_version, s2n_get_highest_fully_supported_tls_version());
             EXPECT_EQUAL(conn->client_protocol_version, s2n_get_highest_fully_supported_tls_version());
-            EXPECT_EQUAL(conn->client_hello_version, S2N_TLS12);
+            EXPECT_EQUAL(conn->client_hello.legacy_version, S2N_TLS12);
 
             EXPECT_SUCCESS(s2n_connection_free(conn));
         };
@@ -768,7 +768,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_client_hello_send(conn));
             EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS12);
             EXPECT_EQUAL(conn->client_protocol_version, S2N_TLS12);
-            EXPECT_EQUAL(conn->client_hello_version, S2N_TLS12);
+            EXPECT_EQUAL(conn->client_hello.legacy_version, S2N_TLS12);
 
             EXPECT_SUCCESS(s2n_connection_free(conn));
         };
@@ -789,7 +789,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_client_hello_send(client_conn));
             EXPECT_EQUAL(client_conn->actual_protocol_version, s2n_get_highest_fully_supported_tls_version());
             EXPECT_EQUAL(client_conn->client_protocol_version, s2n_get_highest_fully_supported_tls_version());
-            EXPECT_EQUAL(client_conn->client_hello_version, S2N_TLS12);
+            EXPECT_EQUAL(client_conn->client_hello.legacy_version, S2N_TLS12);
 
             /* Server configured with TLS 1.2 negotiates TLS12 version */
             EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
@@ -809,7 +809,7 @@ int main(int argc, char **argv)
             EXPECT_EQUAL(server_conn->server_protocol_version, S2N_TLS12);
             EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS12);
             EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS12);
-            EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS12);
+            EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS12);
 
             EXPECT_SUCCESS(s2n_connection_free(server_conn));
             EXPECT_SUCCESS(s2n_connection_free(client_conn));
@@ -1538,12 +1538,12 @@ int main(int argc, char **argv)
         EXPECT_OK(s2n_handshake_type_set_tls13_flag(server_conn, HELLO_RETRY_REQUEST));
 
         /* Second client hello has version SSLv2 */
-        server_conn->client_hello_version = S2N_SSLv2;
+        server_conn->client_hello.sslv2 = true;
 
         /* Mock having some data in the client hello */
         EXPECT_SUCCESS(s2n_stuffer_write_uint16(&server_conn->handshake.io, 100));
 
-        EXPECT_FAILURE_WITH_ERRNO(s2n_parse_client_hello(server_conn), S2N_ERR_SAFETY);
+        EXPECT_FAILURE_WITH_ERRNO(s2n_parse_client_hello(server_conn), S2N_ERR_BAD_MESSAGE);
     };
 
     /* Test s2n_client_hello_parse_message

tests/unit/s2n_client_supported_versions_extension_test.c

@@ -440,7 +440,7 @@ int main(int argc, char **argv)
         /* The server does not use the protocol version in the Client Hello to set the actual protocol version. */
         EXPECT_EQUAL(server_conn->actual_protocol_version, S2N_TLS13);
         EXPECT_EQUAL(server_conn->client_protocol_version, S2N_TLS13);
-        EXPECT_EQUAL(server_conn->client_hello_version, S2N_TLS10);
+        EXPECT_EQUAL(server_conn->client_hello.legacy_version, S2N_TLS10);
     }
 
     /* Ensure that TLS 1.3 is enforced in the supported versions extension for ClientHellos sent in

tests/unit/s2n_config_test.c

@@ -1259,8 +1259,8 @@ int main(int argc, char **argv)
             server_conn->config = NULL;
 
             /* Record version and protocol version are in the header for SSLv2 */
-            server_conn->client_hello_version = S2N_SSLv2;
-            server_conn->client_protocol_version = S2N_TLS12;
+            server_conn->client_hello.sslv2 = true;
+            server_conn->client_hello.legacy_version = S2N_TLS12;
 
             /* S2N_ERR_CONFIG_NULL_BEFORE_CH_CALLBACK is only called in one location, just before the
              * client hello callback. Therefore, we can assert that if we hit this error, we

tests/unit/s2n_connection_protocol_versions_test.c

@@ -76,7 +76,7 @@ static int s2n_overwrite_client_hello_cb(struct s2n_connection *conn, void *ctx)
      * with a different version.
      */
     if (context->client_hello_version) {
-        conn->client_hello_version = context->client_hello_version;
+        conn->client_hello.legacy_version = context->client_hello_version;
         conn->client_protocol_version = context->client_hello_version;
     }
 

tests/unit/s2n_fingerprint_ja3_test.c

@@ -253,8 +253,8 @@ int main(int argc, char **argv)
              * not when processing the actual ClientHello message.
              * So we need to set the versions manually.
              */
-            server->client_hello_version = S2N_SSLv2;
-            server->client_protocol_version = S2N_TLS12;
+            server->client_hello.sslv2 = true;
+            server->client_hello.legacy_version = S2N_TLS12;
 
             uint8_t sslv2_client_hello[] = {
                 SSLv2_CLIENT_HELLO_PREFIX,

tls/s2n_client_hello.c

@@ -354,7 +354,6 @@ static S2N_RESULT s2n_client_hello_verify_for_retry(struct s2n_connection *conn,
 }
 
 S2N_RESULT s2n_client_hello_parse_raw(struct s2n_client_hello *client_hello,
-        uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN],
         uint8_t client_random[S2N_TLS_RANDOM_DATA_LEN])
 {
     RESULT_ENSURE_REF(client_hello);
@@ -383,6 +382,7 @@ S2N_RESULT s2n_client_hello_parse_raw(struct s2n_client_hello *client_hello,
      **/
 
     /* legacy_version */
+    uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = { 0 };
     RESULT_GUARD_POSIX(s2n_stuffer_read_bytes(in, client_protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN));
 
     /* Encode the version as a 1 byte representation of the two protocol version bytes, with the
@@ -428,6 +428,11 @@ int s2n_parse_client_hello(struct s2n_connection *conn)
 {
     POSIX_ENSURE_REF(conn);
 
+    /* SSLv2 ClientHellos are not allowed during a HelloRetryRequest */
+    if (s2n_is_hello_retry_handshake(conn)) {
+        POSIX_ENSURE(!conn->client_hello.sslv2, S2N_ERR_BAD_MESSAGE);
+    }
+
     /* If a retry, move the old version of the client hello
      * somewhere safe so we can compare it to the new client hello later.
      */
@@ -439,12 +444,7 @@ int s2n_parse_client_hello(struct s2n_connection *conn)
 
     POSIX_GUARD(s2n_collect_client_hello(&conn->client_hello, &conn->handshake.io));
 
-    /* The ClientHello version must be TLS12 after a HelloRetryRequest */
-    if (s2n_is_hello_retry_handshake(conn)) {
-        POSIX_ENSURE_EQ(conn->client_hello_version, S2N_TLS12);
-    }
-
-    if (conn->client_hello_version == S2N_SSLv2) {
+    if (conn->client_hello.sslv2) {
         POSIX_GUARD(s2n_sslv2_client_hello_parse(conn));
         return S2N_SUCCESS;
     }
@@ -455,16 +455,14 @@ int s2n_parse_client_hello(struct s2n_connection *conn)
             S2N_TLS_RANDOM_DATA_LEN);
 
     /* Parse raw, collected client hello */
-    uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = { 0 };
     POSIX_GUARD_RESULT(s2n_client_hello_parse_raw(&conn->client_hello,
-            client_protocol_version, conn->handshake_params.client_random));
+            conn->handshake_params.client_random));
 
     /* Protocol version in the ClientHello is fixed at 0x0303(TLS 1.2) for
      * future versions of TLS. Therefore, we will negotiate down if a client sends
      * an unexpected value above 0x0303.
      */
-    conn->client_protocol_version = MIN((client_protocol_version[0] * 10) + client_protocol_version[1], S2N_TLS12);
-    conn->client_hello_version = conn->client_protocol_version;
+    conn->client_protocol_version = MIN(conn->client_hello.legacy_version, S2N_TLS12);
 
     /* Copy the session id to the connection. */
     conn->session_id_len = conn->client_hello.session_id.size;
@@ -502,9 +500,8 @@ static S2N_RESULT s2n_client_hello_parse_message_impl(struct s2n_client_hello **
     RESULT_GUARD_POSIX(s2n_collect_client_hello(client_hello, &in));
     RESULT_ENSURE(s2n_stuffer_data_available(&in) == 0, S2N_ERR_BAD_MESSAGE);
 
-    uint8_t protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = { 0 };
     uint8_t random[S2N_TLS_RANDOM_DATA_LEN] = { 0 };
-    RESULT_GUARD(s2n_client_hello_parse_raw(client_hello, protocol_version, random));
+    RESULT_GUARD(s2n_client_hello_parse_raw(client_hello, random));
 
     *result = client_hello;
     ZERO_TO_DISABLE_DEFER_CLEANUP(client_hello);
@@ -593,7 +590,7 @@ int s2n_process_client_hello(struct s2n_connection *conn)
     POSIX_CHECKED_MEMCPY(previous_cipher_suite_iana, conn->secure->cipher_suite->iana_value, S2N_TLS_CIPHER_SUITE_LEN);
 
     /* Now choose the ciphers we have certs for. */
-    if (conn->client_hello_version == S2N_SSLv2) {
+    if (conn->client_hello.sslv2) {
         POSIX_GUARD(s2n_set_cipher_as_sslv2_server(conn, client_hello->cipher_suites.data,
                 client_hello->cipher_suites.size / S2N_SSLv2_CIPHER_SUITE_LEN));
     } else {
@@ -725,9 +722,9 @@ int s2n_client_hello_send(struct s2n_connection *conn)
     uint8_t client_protocol_version[S2N_TLS_PROTOCOL_VERSION_LEN] = { 0 };
 
     uint8_t reported_protocol_version = MIN(conn->client_protocol_version, S2N_TLS12);
+    conn->client_hello.legacy_version = reported_protocol_version;
     client_protocol_version[0] = reported_protocol_version / 10;
     client_protocol_version[1] = reported_protocol_version % 10;
-    conn->client_hello_version = reported_protocol_version;
     POSIX_GUARD(s2n_stuffer_write_bytes(out, client_protocol_version, S2N_TLS_PROTOCOL_VERSION_LEN));
 
     struct s2n_blob client_random = { 0 };
@@ -815,8 +812,8 @@ int s2n_client_hello_send(struct s2n_connection *conn)
  * Clients may send SSLv2 ClientHellos advertising higher protocol versions for
  * backwards compatibility reasons. See https://tools.ietf.org/rfc/rfc2246 Appendix E.
  *
- * In this case, conn->client_hello_version will be SSLv2, but conn->client_protocol_version
- * will likely be higher.
+ * In this case, conn->client_hello.legacy_version and conn->client_protocol_version
+ * will be higher than SSLv2.
  *
  * See http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html Section 2.5
  * for a description of the expected SSLv2 format.
@@ -826,7 +823,7 @@ int s2n_client_hello_send(struct s2n_connection *conn)
 int s2n_sslv2_client_hello_parse(struct s2n_connection *conn)
 {
     struct s2n_client_hello *client_hello = &conn->client_hello;
-    client_hello->sslv2 = true;
+    conn->client_protocol_version = MIN(client_hello->legacy_version, S2N_TLS12);
 
     struct s2n_stuffer in_stuffer = { 0 };
     POSIX_GUARD(s2n_stuffer_init(&in_stuffer, &client_hello->raw_message));