fix: SSLv3 handshake with openssl-1.0.2-fips fails

error/s2n_errno.c

@@ -292,6 +292,7 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_LIBCRYPTO_VERSION_NUMBER_MISMATCH, "The libcrypto major version number seen at compile-time is different from the major version number seen at run-time") \
     ERR_ENTRY(S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH, "The libcrypto major version name seen at compile-time is different from the major version name seen at run-time") \
     ERR_ENTRY(S2N_ERR_OSSL_PROVIDER, "Failed to load or unload an openssl provider") \
+    ERR_ENTRY(S2N_ERR_SSLV3_HANDSHAKE_WITH_OSSL_FIPS_NOT_SUPPORTED, "SSLv3 handshake is not supported when built with OpenSSL-FIPS") \
     ERR_ENTRY(S2N_ERR_CERT_OWNERSHIP, "The ownership of the certificate chain is incompatible with the operation") \
     ERR_ENTRY(S2N_ERR_INTERNAL_LIBCRYPTO_ERROR, "An internal error has occurred in the libcrypto API") \
     ERR_ENTRY(S2N_ERR_NO_RENEGOTIATION, "Only secure, server-initiated renegotiation is supported") \

error/s2n_errno.h

@@ -237,6 +237,7 @@ typedef enum {
     S2N_ERR_LIBCRYPTO_VERSION_NUMBER_MISMATCH,
     S2N_ERR_LIBCRYPTO_VERSION_NAME_MISMATCH,
     S2N_ERR_OSSL_PROVIDER,
+    S2N_ERR_SSLV3_HANDSHAKE_WITH_OSSL_FIPS_NOT_SUPPORTED,
     S2N_ERR_TEST_ASSERTION,
     S2N_ERR_T_INTERNAL_END,
 

tests/unit/s2n_connection_protocol_versions_test.c

@@ -14,6 +14,7 @@
 */
 
 #include "api/s2n.h"
+#include "crypto/s2n_fips.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"
 #include "tls/s2n_tls.h"
@@ -249,6 +250,12 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair));
         EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair));
 
+        /* SSLv3 handshake is not supported when built with openssl-fips */
+        if (s2n_is_in_fips_mode() && client->client_protocol_version == S2N_SSLv3 && !s2n_libcrypto_is_awslc()) {
+            EXPECT_ERROR_WITH_ERRNO(s2n_negotiate_test_server_and_client_until_message(server, client, SERVER_CERT),
+                    S2N_ERR_SSLV3_HANDSHAKE_WITH_OSSL_FIPS_NOT_SUPPORTED);
+            continue;
+        }
         EXPECT_OK(s2n_negotiate_test_server_and_client_until_message(server, client, SERVER_CERT));
 
         EXPECT_EQUAL(s2n_connection_get_server_protocol_version(client), server_version);

tests/unit/s2n_crypto_test.c

@@ -127,7 +127,32 @@ int main()
              * Retrieving the master secret won't vary between FIPS and non-FIPS,
              * so this testing limitation is not a concern.
              */
-            if (s2n_is_in_fips_mode() && version == S2N_SSLv3) {
+            if (s2n_is_in_fips_mode() && version == S2N_SSLv3 && !s2n_libcrypto_is_awslc()) {
+                DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+                EXPECT_NOT_NULL(config);
+                EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, ecdsa_chain_and_key));
+                EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
+                EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "test_all"));
+
+                DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT),
+                        s2n_connection_ptr_free);
+                EXPECT_NOT_NULL(client);
+                EXPECT_SUCCESS(s2n_connection_set_config(client, config));
+                client->client_protocol_version = version;
+
+                DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER),
+                        s2n_connection_ptr_free);
+                EXPECT_NOT_NULL(server);
+                EXPECT_SUCCESS(s2n_connection_set_config(server, config));
+                memset(server->secrets.version.tls12.master_secret, 1, S2N_TLS_SECRET_LEN);
+
+                struct s2n_test_io_pair io_pair = { 0 };
+                EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair));
+                EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair));
+
+                /* SSLv3 Handshake is not supported when built with OpenSSL-1.0.2-FIPS */
+                EXPECT_FAILURE_WITH_ERRNO(s2n_negotiate_test_server_and_client(server, client),
+                        S2N_ERR_SSLV3_HANDSHAKE_WITH_OSSL_FIPS_NOT_SUPPORTED);
                 continue;
             }
 

tls/s2n_handshake_io.c

@@ -1608,6 +1608,11 @@ int s2n_negotiate_impl(struct s2n_connection *conn, s2n_blocked_status *blocked)
     POSIX_ENSURE_REF(conn);
     POSIX_ENSURE_REF(blocked);
 
+    /* SSLv3 handshake is not supported when built with openssl-fips */
+    if (s2n_is_in_fips_mode() && conn->client_protocol_version == S2N_SSLv3 && !s2n_libcrypto_is_awslc()) {
+        POSIX_BAIL(S2N_ERR_SSLV3_HANDSHAKE_WITH_OSSL_FIPS_NOT_SUPPORTED);
+    }
+
     while (!s2n_handshake_is_complete(conn) && ACTIVE_MESSAGE(conn) != conn->handshake.end_of_messages) {
         errno = 0;
         s2n_errno = S2N_ERR_OK;