Lindsay Stewart
Lindsay Stewart
### Resolved issues: Clean up of and resolves https://github.com/aws/s2n-tls/pull/3326 ### Description of changes: s2n-tls should buffer multiple records if the application wants to allocate sufficient space for multiple records. ###...
### Resolved issues: resolves https://github.com/aws/s2n-tls/issues/3433 ### Description of changes: If s2n_send blocks after sending at least one record but before sending all the data requested by the application, it returns...
### Problem: It looks like we only count early data bytes on a complete success: https://github.com/aws/s2n-tls/blob/main/tls/s2n_send.c#L204 I think this will result in not counting bytes on a partial write: https://github.com/aws/s2n-tls/blob/main/tls/s2n_send.c#L189...
### Problem: It looks like although [s2n_recv](https://github.com/aws/s2n-tls/blob/660091ff73029fc91c6578cdb450b85992ff9ef5/tls/s2n_recv.c#L117) has code paths that assume it might read multiple records and need to return previous bytes read if it encounters an error reading...
### Description of changes: Updates to the usage guide related to record sizes. The biggest change is the dynamic record sizing documentation. The old documentation claimed that it "provides a...
### Problem: The post-handshake message handlers don't consider the possibility that the messages they write will need to be fragmented due to max fragment length. [s2n_record_writev is treated as a...
To avoid leaking timing information when alerts are sent, we should probably implement some kind of error blinding. For example, S2N-TLS waits for a random period of time when a...
### Description of changes: Implement section 3.5 of RFC5746: https://www.rfc-editor.org/rfc/rfc5746#section-3.5 When we renegotiate, the client must include the client_verify_data in its renegotiation_info extension, and the server must include both the...
### Problem: TLS1.3 introduced a number of post-handshake messages which are sent by s2n_send and received by s2n_recv. This created a problem: if the application isn't calling s2n_send, or isn't...
### Problem: TLS1.3 record handling is more strict than TLS1.2, and I'm not sure we're enforcing all the MUSTs: https://datatracker.ietf.org/doc/html/rfc8446#section-5.1 In particular, I don't think we enforce that an alert...