From 24afd67394804b9a76c34f6110e99cdf26a362ff Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed, 6 Mar 2024 11:28:29 -0500 Subject: [PATCH 1/5] feat: Add additional EC key validation for FIPS --- crypto/s2n_ecc_evp.c | 20 +++++++++++++++- ...S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.c | 23 +++++++++++++++++++ ...LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.flags | 0 tests/unit/s2n_ecc_evp_test.c | 16 +++++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.c create mode 100644 tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.flags diff --git a/crypto/s2n_ecc_evp.c b/crypto/s2n_ecc_evp.c index c101b96242a..6f6df986de2 100644 --- a/crypto/s2n_ecc_evp.c +++ b/crypto/s2n_ecc_evp.c @@ -23,6 +23,8 @@ #include +#include "crypto/s2n_fips.h" +#include "crypto/s2n_libcrypto.h" #include "tls/s2n_connection.h" #include "tls/s2n_ecc_preferences.h" #include "tls/s2n_tls_parameters.h" @@ -163,6 +165,22 @@ static int s2n_ecc_evp_generate_own_key(const struct s2n_ecc_named_curve *named_ return named_curve->generate_key(named_curve, evp_pkey); } +static S2N_RESULT s2n_ecc_check_key(EC_KEY *ec_key) +{ + RESULT_ENSURE_REF(ec_key); + +#ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS + if (s2n_is_in_fips_mode()) { + RESULT_GUARD_OSSL(EC_KEY_check_fips(ec_key), S2N_ERR_ECDHE_SHARED_SECRET); + return S2N_RESULT_OK; + } +#endif + + RESULT_GUARD_OSSL(EC_KEY_check_key(ec_key), S2N_ERR_ECDHE_SHARED_SECRET); + + return S2N_RESULT_OK; +} + static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_public, uint16_t iana_id, struct s2n_blob *shared_secret) { POSIX_ENSURE_REF(peer_public); @@ -180,7 +198,7 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p if (iana_id != TLS_EC_CURVE_ECDH_X25519 && iana_id != TLS_EC_CURVE_ECDH_X448) { DEFER_CLEANUP(EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(peer_public), EC_KEY_free_pointer); S2N_ERROR_IF(ec_key == NULL, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); - POSIX_GUARD_OSSL(EC_KEY_check_key(ec_key), S2N_ERR_ECDHE_SHARED_SECRET); + POSIX_GUARD_RESULT(s2n_ecc_check_key(ec_key)); } size_t shared_secret_size; diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.c b/tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.c new file mode 100644 index 00000000000..8ef8342e7e6 --- /dev/null +++ b/tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.c @@ -0,0 +1,23 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#include + +int main() +{ + EC_KEY *ec_key = NULL; + EC_KEY_check_fips(ec_key); + return 0; +} diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.flags b/tests/features/S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS.flags new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/unit/s2n_ecc_evp_test.c b/tests/unit/s2n_ecc_evp_test.c index a3074052439..513e2c874c6 100644 --- a/tests/unit/s2n_ecc_evp_test.c +++ b/tests/unit/s2n_ecc_evp_test.c @@ -16,6 +16,7 @@ #include "crypto/s2n_ecc_evp.h" #include "api/s2n.h" +#include "crypto/s2n_libcrypto.h" #include "s2n_test.h" #include "stuffer/s2n_stuffer.h" #include "testlib/s2n_testlib.h" @@ -27,10 +28,25 @@ extern const struct s2n_ecc_named_curve s2n_unsupported_curve; +bool s2n_libcrypto_supports_ec_key_check_fips() +{ +#ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS + return true; +#else + return false; +#endif +} + int main(int argc, char** argv) { BEGIN_TEST(); EXPECT_SUCCESS(s2n_disable_tls13_in_test()); + + /* Test the EC_KEY_CHECK_FIPS feature probe. AWS-LC is a libcrypto known to support this feature. */ + if (s2n_libcrypto_is_awslc()) { + EXPECT_TRUE(s2n_libcrypto_supports_ec_key_check_fips()); + } + { /* Test generate ephemeral keys for all supported curves */ for (size_t i = 0; i < s2n_all_supported_curves_list_len; i++) { From 62f5cfb252ca191c96adf2296597dc253d79ec05 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:49:25 -0400 Subject: [PATCH 2/5] pr feedback --- crypto/s2n_ecc_evp.c | 9 +++++++++ crypto/s2n_ecc_evp.h | 1 + tests/unit/s2n_ecc_evp_test.c | 9 --------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/s2n_ecc_evp.c b/crypto/s2n_ecc_evp.c index 6f6df986de2..4bc1f98a5ce 100644 --- a/crypto/s2n_ecc_evp.c +++ b/crypto/s2n_ecc_evp.c @@ -120,6 +120,15 @@ int s2n_is_evp_apis_supported() return EVP_APIS_SUPPORTED; } +bool s2n_libcrypto_supports_ec_key_check_fips() +{ +#ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS + return true; +#else + return false; +#endif +} + #if EVP_APIS_SUPPORTED static int s2n_ecc_evp_generate_key_x25519(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey) { diff --git a/crypto/s2n_ecc_evp.h b/crypto/s2n_ecc_evp.h index cd76417770f..b52b1e6a8c5 100644 --- a/crypto/s2n_ecc_evp.h +++ b/crypto/s2n_ecc_evp.h @@ -85,3 +85,4 @@ int s2n_ecc_evp_parse_params(struct s2n_connection *conn, int s2n_ecc_evp_find_supported_curve(struct s2n_connection *conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found); int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params); int s2n_is_evp_apis_supported(); +bool s2n_libcrypto_supports_ec_key_check_fips(); diff --git a/tests/unit/s2n_ecc_evp_test.c b/tests/unit/s2n_ecc_evp_test.c index 513e2c874c6..82b757d8cba 100644 --- a/tests/unit/s2n_ecc_evp_test.c +++ b/tests/unit/s2n_ecc_evp_test.c @@ -28,15 +28,6 @@ extern const struct s2n_ecc_named_curve s2n_unsupported_curve; -bool s2n_libcrypto_supports_ec_key_check_fips() -{ -#ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS - return true; -#else - return false; -#endif -} - int main(int argc, char** argv) { BEGIN_TEST(); From 746381c4494429ce0a39866393c914cca90e04e9 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:36:35 -0400 Subject: [PATCH 3/5] EC_KEY_check_key test --- crypto/s2n_ecc_evp.c | 27 ++++++++----- error/s2n_errno.c | 2 + error/s2n_errno.h | 2 + tests/unit/s2n_ecc_evp_test.c | 73 +++++++++++++++++++++++++++++++++++ tls/s2n_alerts.c | 2 + 5 files changed, 96 insertions(+), 10 deletions(-) diff --git a/crypto/s2n_ecc_evp.c b/crypto/s2n_ecc_evp.c index 4bc1f98a5ce..e140f5450b5 100644 --- a/crypto/s2n_ecc_evp.c +++ b/crypto/s2n_ecc_evp.c @@ -180,12 +180,12 @@ static S2N_RESULT s2n_ecc_check_key(EC_KEY *ec_key) #ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS if (s2n_is_in_fips_mode()) { - RESULT_GUARD_OSSL(EC_KEY_check_fips(ec_key), S2N_ERR_ECDHE_SHARED_SECRET); + RESULT_GUARD_OSSL(EC_KEY_check_fips(ec_key), S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS); return S2N_RESULT_OK; } #endif - RESULT_GUARD_OSSL(EC_KEY_check_key(ec_key), S2N_ERR_ECDHE_SHARED_SECRET); + RESULT_GUARD_OSSL(EC_KEY_check_key(ec_key), S2N_ERR_ECDHE_INVALID_PUBLIC_KEY); return S2N_RESULT_OK; } @@ -195,18 +195,25 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p POSIX_ENSURE_REF(peer_public); POSIX_ENSURE_REF(own_key); - /* From RFC 8446(TLS1.3) Section 4.2.8.2: For the curves secp256r1, secp384r1, and secp521r1, peers MUST validate - * each other's public value Q by ensuring that the point is a valid point on the elliptic curve. - * For the curve x25519 and x448 the peer public-key validation check doesn't apply. - * From RFC 8422(TLS1.2) Section 5.11: With the NIST curves, each party MUST validate the public key sent by its peer - * in the ClientKeyExchange and ServerKeyExchange messages. A receiving party MUST check that the x and y parameters from - * the peer's public value satisfy the curve equation, y^2 = x^3 + ax + b mod p. - * Note that the `EC_KEY_check_key` validation is a MUST for only NIST curves, if a non-NIST curve is added to s2n-tls + /** + *= https://tools.ietf.org/rfc/rfc8446#section-4.2.8.2 + *# For the curves secp256r1, secp384r1, and secp521r1, peers MUST + *# validate each other's public value Q by ensuring that the point is a + *# valid point on the elliptic curve. + * + *= https://tools.ietf.org/rfc/rfc8422#section-5.11 + *# With the NIST curves, each party MUST validate the public key sent by + *# its peer in the ClientKeyExchange and ServerKeyExchange messages. A + *# receiving party MUST check that the x and y parameters from the + *# peer's public value satisfy the curve equation, y^2 = x^3 + ax + b + *# mod p. + * + * Note that the `EC_KEY_check_key` validation is a MUST for only NIST curves, if a non-NIST curve is added to s2n-tls * this is an additional validation step that increases security but decreases performance. */ if (iana_id != TLS_EC_CURVE_ECDH_X25519 && iana_id != TLS_EC_CURVE_ECDH_X448) { DEFER_CLEANUP(EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(peer_public), EC_KEY_free_pointer); - S2N_ERROR_IF(ec_key == NULL, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); + POSIX_ENSURE(ec_key, S2N_ERR_ECDHE_UNSUPPORTED_CURVE); POSIX_GUARD_RESULT(s2n_ecc_check_key(ec_key)); } diff --git a/error/s2n_errno.c b/error/s2n_errno.c index 411d4bf70c2..7b770681758 100644 --- a/error/s2n_errno.c +++ b/error/s2n_errno.c @@ -88,6 +88,8 @@ static const char *no_such_error = "Internal s2n error"; ERR_ENTRY(S2N_ERR_ECDHE_GEN_KEY, "Failed to generate an ECDHE key") \ ERR_ENTRY(S2N_ERR_ECDHE_SHARED_SECRET, "Error computing ECDHE shared secret") \ ERR_ENTRY(S2N_ERR_ECDHE_UNSUPPORTED_CURVE, "Unsupported EC curve was presented during an ECDHE handshake") \ + ERR_ENTRY(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY, "Failed to validate the peer's point on the elliptic curve") \ + ERR_ENTRY(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS, "Failed to validate the peer's point on the elliptic curve, per FIPS requirements") \ ERR_ENTRY(S2N_ERR_ECDSA_UNSUPPORTED_CURVE, "Unsupported EC curve was presented during an ECDSA SignatureScheme handshake") \ ERR_ENTRY(S2N_ERR_ECDHE_SERIALIZING, "Error serializing ECDHE public") \ ERR_ENTRY(S2N_ERR_KEM_UNSUPPORTED_PARAMS, "Unsupported KEM params was presented during a handshake that uses a KEM") \ diff --git a/error/s2n_errno.h b/error/s2n_errno.h index f2efeffcc1e..fa16387839d 100644 --- a/error/s2n_errno.h +++ b/error/s2n_errno.h @@ -103,6 +103,8 @@ typedef enum { S2N_ERR_ECDHE_GEN_KEY, S2N_ERR_ECDHE_SHARED_SECRET, S2N_ERR_ECDHE_UNSUPPORTED_CURVE, + S2N_ERR_ECDHE_INVALID_PUBLIC_KEY, + S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS, S2N_ERR_ECDSA_UNSUPPORTED_CURVE, S2N_ERR_ECDHE_SERIALIZING, S2N_ERR_KEM_UNSUPPORTED_PARAMS, diff --git a/tests/unit/s2n_ecc_evp_test.c b/tests/unit/s2n_ecc_evp_test.c index 82b757d8cba..9f6e63c40df 100644 --- a/tests/unit/s2n_ecc_evp_test.c +++ b/tests/unit/s2n_ecc_evp_test.c @@ -16,6 +16,7 @@ #include "crypto/s2n_ecc_evp.h" #include "api/s2n.h" +#include "crypto/s2n_fips.h" #include "crypto/s2n_libcrypto.h" #include "s2n_test.h" #include "stuffer/s2n_stuffer.h" @@ -412,5 +413,77 @@ int main(int argc, char** argv) EXPECT_SUCCESS(s2n_ecc_evp_params_free(&client_params)); } }; + + /** + *= https://tools.ietf.org/rfc/rfc8446#section-4.2.8.2 + *= type=test + *# For the curves secp256r1, secp384r1, and secp521r1, peers MUST + *# validate each other's public value Q by ensuring that the point is a + *# valid point on the elliptic curve. The appropriate validation + *# procedures are defined in Section 4.3.7 of [ECDSA] and alternatively + *# in Section 5.6.2.3 of [KEYAGREEMENT]. This process consists of three + *# steps: (1) verify that Q is not the point at infinity (O), (2) verify + *# that for Q = (x, y) both integers x and y are in the correct + *# interval, and (3) ensure that (x, y) is a correct solution to the + *# elliptic curve equation. For these curves, implementors do not need + *# to verify membership in the correct subgroup. + * + * s2n-tls performs this validation by invoking the libcrypto APIs: EC_KEY_check_key, and + * EC_KEY_check_fips. To ensure that these APIs are properly called, step (1) is invalidated. + */ + { + const struct s2n_ecc_named_curve* const nist_curves[] = { + &s2n_ecc_curve_secp256r1, + &s2n_ecc_curve_secp384r1, + &s2n_ecc_curve_secp521r1, + }; + + for (size_t i = 0; i < s2n_array_len(nist_curves); i++) { + const struct s2n_ecc_named_curve* curve = nist_curves[i]; + + DEFER_CLEANUP(struct s2n_ecc_evp_params server_params = { 0 }, s2n_ecc_evp_params_free); + DEFER_CLEANUP(struct s2n_ecc_evp_params client_params = { 0 }, s2n_ecc_evp_params_free); + DEFER_CLEANUP(struct s2n_blob shared_key = { 0 }, s2n_free); + + /* Create a server key. */ + server_params.negotiated_curve = curve; + EXPECT_SUCCESS(s2n_ecc_evp_generate_ephemeral_key(&server_params)); + EXPECT_NOT_NULL(server_params.evp_pkey); + + /* Create a client key. */ + client_params.negotiated_curve = curve; + EXPECT_SUCCESS(s2n_ecc_evp_generate_ephemeral_key(&client_params)); + EXPECT_NOT_NULL(client_params.evp_pkey); + + /* Retrieve the existing client public key. */ + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(client_params.evp_pkey); + EXPECT_NOT_NULL(ec_key); + const EC_GROUP* group = EC_KEY_get0_group(ec_key); + EXPECT_NOT_NULL(group); + const EC_POINT* public_key = EC_KEY_get0_public_key(ec_key); + EXPECT_NOT_NULL(public_key); + + /* Invalidate the public key by setting the coordinate to infinity. */ + EC_POINT* invalid_public_key = EC_POINT_dup(public_key, group); + EXPECT_NOT_NULL(invalid_public_key); + EXPECT_EQUAL(EC_POINT_set_to_infinity(group, invalid_public_key), 1); + EXPECT_EQUAL(EC_KEY_set_public_key(ec_key, invalid_public_key), 1); + EXPECT_EQUAL(EVP_PKEY_set1_EC_KEY(client_params.evp_pkey, ec_key), 1); + + /* Compute the server's shared secret. */ + int ret = s2n_ecc_evp_compute_shared_secret_from_params(&server_params, + &client_params, &shared_key); + + /* If s2n-tls is in FIPS mode and the libcrypto supports the EC_KEY_check_fips API, + * ensure that this API is called by checking for the correct error. + */ + if (s2n_is_in_fips_mode() && s2n_libcrypto_supports_ec_key_check_fips()) { + EXPECT_FAILURE_WITH_ERRNO(ret, S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS); + } else { + EXPECT_FAILURE_WITH_ERRNO(ret, S2N_ERR_ECDHE_INVALID_PUBLIC_KEY); + } + } + } + END_TEST(); } diff --git a/tls/s2n_alerts.c b/tls/s2n_alerts.c index ca0e2039664..88752b16d25 100644 --- a/tls/s2n_alerts.c +++ b/tls/s2n_alerts.c @@ -97,6 +97,8 @@ static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t S2N_NO_ALERT(S2N_ERR_ECDHE_GEN_KEY); S2N_NO_ALERT(S2N_ERR_ECDHE_SHARED_SECRET); S2N_NO_ALERT(S2N_ERR_ECDHE_UNSUPPORTED_CURVE); + S2N_NO_ALERT(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY); + S2N_NO_ALERT(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS); S2N_NO_ALERT(S2N_ERR_ECDSA_UNSUPPORTED_CURVE); S2N_NO_ALERT(S2N_ERR_ECDHE_SERIALIZING); S2N_NO_ALERT(S2N_ERR_KEM_UNSUPPORTED_PARAMS); From 5923102dd10819218ca67695dd3ea11f8d9b3ee1 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 14 Mar 2024 17:15:40 -0400 Subject: [PATCH 4/5] pr feedback --- crypto/s2n_ecc_evp.c | 6 +++--- crypto/s2n_ecc_evp.h | 2 +- tests/unit/s2n_ecc_evp_test.c | 13 +++++++++---- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/crypto/s2n_ecc_evp.c b/crypto/s2n_ecc_evp.c index e140f5450b5..c73f567df10 100644 --- a/crypto/s2n_ecc_evp.c +++ b/crypto/s2n_ecc_evp.c @@ -120,7 +120,7 @@ int s2n_is_evp_apis_supported() return EVP_APIS_SUPPORTED; } -bool s2n_libcrypto_supports_ec_key_check_fips() +bool s2n_ecc_evp_supports_fips_check() { #ifdef S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS return true; @@ -208,8 +208,8 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p *# peer's public value satisfy the curve equation, y^2 = x^3 + ax + b *# mod p. * - * Note that the `EC_KEY_check_key` validation is a MUST for only NIST curves, if a non-NIST curve is added to s2n-tls - * this is an additional validation step that increases security but decreases performance. + * The validation requirement for the public key value only applies to NIST curves. The + * validation is skipped with non-NIST curves for increased performance. */ if (iana_id != TLS_EC_CURVE_ECDH_X25519 && iana_id != TLS_EC_CURVE_ECDH_X448) { DEFER_CLEANUP(EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(peer_public), EC_KEY_free_pointer); diff --git a/crypto/s2n_ecc_evp.h b/crypto/s2n_ecc_evp.h index b52b1e6a8c5..6cc38f10cc4 100644 --- a/crypto/s2n_ecc_evp.h +++ b/crypto/s2n_ecc_evp.h @@ -85,4 +85,4 @@ int s2n_ecc_evp_parse_params(struct s2n_connection *conn, int s2n_ecc_evp_find_supported_curve(struct s2n_connection *conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found); int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params); int s2n_is_evp_apis_supported(); -bool s2n_libcrypto_supports_ec_key_check_fips(); +bool s2n_ecc_evp_supports_fips_check(); diff --git a/tests/unit/s2n_ecc_evp_test.c b/tests/unit/s2n_ecc_evp_test.c index 9f6e63c40df..162f183724d 100644 --- a/tests/unit/s2n_ecc_evp_test.c +++ b/tests/unit/s2n_ecc_evp_test.c @@ -29,6 +29,9 @@ extern const struct s2n_ecc_named_curve s2n_unsupported_curve; +DEFINE_POINTER_CLEANUP_FUNC(EC_KEY *, EC_KEY_free); +DEFINE_POINTER_CLEANUP_FUNC(EC_POINT *, EC_POINT_free); + int main(int argc, char** argv) { BEGIN_TEST(); @@ -36,7 +39,7 @@ int main(int argc, char** argv) /* Test the EC_KEY_CHECK_FIPS feature probe. AWS-LC is a libcrypto known to support this feature. */ if (s2n_libcrypto_is_awslc()) { - EXPECT_TRUE(s2n_libcrypto_supports_ec_key_check_fips()); + EXPECT_TRUE(s2n_ecc_evp_supports_fips_check()); } { @@ -456,7 +459,8 @@ int main(int argc, char** argv) EXPECT_NOT_NULL(client_params.evp_pkey); /* Retrieve the existing client public key. */ - EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(client_params.evp_pkey); + DEFER_CLEANUP(EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(client_params.evp_pkey), + EC_KEY_free_pointer); EXPECT_NOT_NULL(ec_key); const EC_GROUP* group = EC_KEY_get0_group(ec_key); EXPECT_NOT_NULL(group); @@ -464,7 +468,8 @@ int main(int argc, char** argv) EXPECT_NOT_NULL(public_key); /* Invalidate the public key by setting the coordinate to infinity. */ - EC_POINT* invalid_public_key = EC_POINT_dup(public_key, group); + DEFER_CLEANUP(EC_POINT* invalid_public_key = EC_POINT_dup(public_key, group), + EC_POINT_free_pointer); EXPECT_NOT_NULL(invalid_public_key); EXPECT_EQUAL(EC_POINT_set_to_infinity(group, invalid_public_key), 1); EXPECT_EQUAL(EC_KEY_set_public_key(ec_key, invalid_public_key), 1); @@ -477,7 +482,7 @@ int main(int argc, char** argv) /* If s2n-tls is in FIPS mode and the libcrypto supports the EC_KEY_check_fips API, * ensure that this API is called by checking for the correct error. */ - if (s2n_is_in_fips_mode() && s2n_libcrypto_supports_ec_key_check_fips()) { + if (s2n_is_in_fips_mode() && s2n_ecc_evp_supports_fips_check()) { EXPECT_FAILURE_WITH_ERRNO(ret, S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS); } else { EXPECT_FAILURE_WITH_ERRNO(ret, S2N_ERR_ECDHE_INVALID_PUBLIC_KEY); From 10c038bd5849e63068ffeda336e6e4a3c7af665e Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 14 Mar 2024 21:26:10 -0400 Subject: [PATCH 5/5] clang format --- tests/unit/s2n_ecc_evp_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/unit/s2n_ecc_evp_test.c b/tests/unit/s2n_ecc_evp_test.c index 162f183724d..2ddda616f7a 100644 --- a/tests/unit/s2n_ecc_evp_test.c +++ b/tests/unit/s2n_ecc_evp_test.c @@ -29,8 +29,8 @@ extern const struct s2n_ecc_named_curve s2n_unsupported_curve; -DEFINE_POINTER_CLEANUP_FUNC(EC_KEY *, EC_KEY_free); -DEFINE_POINTER_CLEANUP_FUNC(EC_POINT *, EC_POINT_free); +DEFINE_POINTER_CLEANUP_FUNC(EC_KEY*, EC_KEY_free); +DEFINE_POINTER_CLEANUP_FUNC(EC_POINT*, EC_POINT_free); int main(int argc, char** argv) {