diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2023-01-20 09:22:36 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-01-20 09:22:36 +0300 |
| commit | 321d55cfb52f2cd190b43b9ccafd467a936bcfc6 (patch) | |
| tree | 2fca49ada66849d623974cc8db5e7c730cd6f102 | |
| parent | 284f4572c3f7ace1bfe951c3242e0676e29d3690 (diff) | |
| download | ydb-321d55cfb52f2cd190b43b9ccafd467a936bcfc6.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.32
62 files changed, 464 insertions, 385 deletions
diff --git a/contrib/restricted/aws/s2n/api/s2n.h b/contrib/restricted/aws/s2n/api/s2n.h index b14494c5b6f..19dc7d46df9 100644 --- a/contrib/restricted/aws/s2n/api/s2n.h +++ b/contrib/restricted/aws/s2n/api/s2n.h @@ -854,7 +854,7 @@ S2N_API extern int s2n_config_set_verify_after_sign(struct s2n_config *config, s * * Less memory can be allocated for the send buffer, but this will result in * smaller, more fragmented records and increased overhead. While the absolute - * minimum size required is 1031 bytes, at least 2K bytes is recommended for + * minimum size required is 1034 bytes, at least 2K bytes is recommended for * reasonable record sizes. * * More memory can be allocated for the send buffer. This will result in s2n-tls diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c index 0dde774d892..d7127efc721 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c +++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c @@ -210,7 +210,7 @@ static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key) static int s2n_aead_cipher_aes_gcm_encrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *aad, struct s2n_blob *in, struct s2n_blob *out) { - /* The size of the |in| blob includes the size of the data and the size of the ChaCha20-Poly1305 tag */ + /* The size of the |in| blob includes the size of the data and the size of the AES-GCM tag */ POSIX_ENSURE_GTE(in->size, S2N_TLS_GCM_TAG_LEN); POSIX_ENSURE_GTE(out->size, in->size); POSIX_ENSURE_EQ(iv->size, S2N_TLS_GCM_IV_LEN); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h index ac0baa6fba2..fe728e4f5d2 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h @@ -88,8 +88,8 @@ struct s2n_cipher { int (*destroy_key)(struct s2n_session_key *key); }; -extern int s2n_session_key_alloc(struct s2n_session_key *key); -extern int s2n_session_key_free(struct s2n_session_key *key); +int s2n_session_key_alloc(struct s2n_session_key *key); +int s2n_session_key_free(struct s2n_session_key *key); extern const struct s2n_cipher s2n_null_cipher; extern const struct s2n_cipher s2n_rc4; diff --git a/contrib/restricted/aws/s2n/crypto/s2n_dhe.h b/contrib/restricted/aws/s2n/crypto/s2n_dhe.h index c5c940c090b..54019014b15 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_dhe.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_dhe.h @@ -24,12 +24,12 @@ struct s2n_dh_params { DH *dh; }; -extern int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkcs3); -extern int s2n_dh_p_g_Ys_to_dh_params(struct s2n_dh_params *server_dh_params, struct s2n_blob *p, struct s2n_blob *g, struct s2n_blob *ys); -extern int s2n_dh_params_to_p_g_Ys(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *out, struct s2n_blob *output); -extern int s2n_dh_compute_shared_secret_as_server(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key); -extern int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key); -extern int s2n_dh_params_copy(struct s2n_dh_params *from, struct s2n_dh_params *to); -extern int s2n_dh_params_check(struct s2n_dh_params *dh_params); -extern int s2n_dh_generate_ephemeral_key(struct s2n_dh_params *dh_params); -extern int s2n_dh_params_free(struct s2n_dh_params *dh_params); +int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkcs3); +int s2n_dh_p_g_Ys_to_dh_params(struct s2n_dh_params *server_dh_params, struct s2n_blob *p, struct s2n_blob *g, struct s2n_blob *ys); +int s2n_dh_params_to_p_g_Ys(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *out, struct s2n_blob *output); +int s2n_dh_compute_shared_secret_as_server(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key); +int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key); +int s2n_dh_params_copy(struct s2n_dh_params *from, struct s2n_dh_params *to); +int s2n_dh_params_check(struct s2n_dh_params *dh_params); +int s2n_dh_generate_ephemeral_key(struct s2n_dh_params *dh_params); +int s2n_dh_params_free(struct s2n_dh_params *dh_params); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h index e5fe8efe315..53d32aea51c 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_ecdsa.h @@ -43,8 +43,8 @@ struct s2n_ecdsa_key { typedef struct s2n_ecdsa_key s2n_ecdsa_public_key; typedef struct s2n_ecdsa_key s2n_ecdsa_private_key; -extern int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey); -extern int s2n_ecdsa_pkey_matches_curve(const struct s2n_ecdsa_key *ecdsa_key, const struct s2n_ecc_named_curve *curve); +int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey); +int s2n_ecdsa_pkey_matches_curve(const struct s2n_ecdsa_key *ecdsa_key, const struct s2n_ecc_named_curve *curve); -extern int s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *pkey); -extern int s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *pkey); +int s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *pkey); +int s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *pkey); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_evp.h b/contrib/restricted/aws/s2n/crypto/s2n_evp.h index e28c40b8618..088deb888c7 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_evp.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_evp.h @@ -52,5 +52,5 @@ struct s2n_evp_hmac_state { #define S2N_EVP_PKEY_CTX_set_signature_md(ctx, md) \ EVP_PKEY_CTX_set_signature_md(ctx, (EVP_MD *) (uintptr_t) md) -extern int s2n_digest_allow_md5_for_fips(struct s2n_evp_digest *evp_digest); -extern S2N_RESULT s2n_digest_is_md5_allowed_for_fips(struct s2n_evp_digest *evp_digest, bool *out); +int s2n_digest_allow_md5_for_fips(struct s2n_evp_digest *evp_digest); +S2N_RESULT s2n_digest_is_md5_allowed_for_fips(struct s2n_evp_digest *evp_digest, bool *out); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_fips.h b/contrib/restricted/aws/s2n/crypto/s2n_fips.h index 2f6bfb7f746..e082e34f3b0 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_fips.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_fips.h @@ -19,6 +19,6 @@ #pragma once -extern int s2n_fips_init(void); -extern int s2n_is_in_fips_mode(void); +int s2n_fips_init(void); +int s2n_is_in_fips_mode(void); bool s2n_libcrypto_is_fips(void); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hash.h b/contrib/restricted/aws/s2n/crypto/s2n_hash.h index 6746358c8c2..5b4b20d6534 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hash.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hash.h @@ -88,18 +88,18 @@ struct s2n_hash { bool s2n_hash_evp_fully_supported(); const EVP_MD *s2n_hash_alg_to_evp_md(s2n_hash_algorithm alg); -extern int s2n_hash_digest_size(s2n_hash_algorithm alg, uint8_t *out); -extern int s2n_hash_block_size(s2n_hash_algorithm alg, uint64_t *block_size); -extern bool s2n_hash_is_available(s2n_hash_algorithm alg); -extern int s2n_hash_is_ready_for_input(struct s2n_hash_state *state); -extern int s2n_hash_new(struct s2n_hash_state *state); +int s2n_hash_digest_size(s2n_hash_algorithm alg, uint8_t *out); +int s2n_hash_block_size(s2n_hash_algorithm alg, uint64_t *block_size); +bool s2n_hash_is_available(s2n_hash_algorithm alg); +int s2n_hash_is_ready_for_input(struct s2n_hash_state *state); +int s2n_hash_new(struct s2n_hash_state *state); S2N_RESULT s2n_hash_state_validate(struct s2n_hash_state *state); -extern int s2n_hash_allow_md5_for_fips(struct s2n_hash_state *state); -extern int s2n_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg); -extern int s2n_hash_update(struct s2n_hash_state *state, const void *data, uint32_t size); -extern int s2n_hash_digest(struct s2n_hash_state *state, void *out, uint32_t size); -extern int s2n_hash_copy(struct s2n_hash_state *to, struct s2n_hash_state *from); -extern int s2n_hash_reset(struct s2n_hash_state *state); -extern int s2n_hash_free(struct s2n_hash_state *state); -extern int s2n_hash_get_currently_in_hash_total(struct s2n_hash_state *state, uint64_t *out); -extern int s2n_hash_const_time_get_currently_in_hash_block(struct s2n_hash_state *state, uint64_t *out); +int s2n_hash_allow_md5_for_fips(struct s2n_hash_state *state); +int s2n_hash_init(struct s2n_hash_state *state, s2n_hash_algorithm alg); +int s2n_hash_update(struct s2n_hash_state *state, const void *data, uint32_t size); +int s2n_hash_digest(struct s2n_hash_state *state, void *out, uint32_t size); +int s2n_hash_copy(struct s2n_hash_state *to, struct s2n_hash_state *from); +int s2n_hash_reset(struct s2n_hash_state *state); +int s2n_hash_free(struct s2n_hash_state *state); +int s2n_hash_get_currently_in_hash_total(struct s2n_hash_state *state, uint64_t *out); +int s2n_hash_const_time_get_currently_in_hash_block(struct s2n_hash_state *state, uint64_t *out); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h index 1d3b98303d4..cb9424e7d7e 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hkdf.h @@ -20,11 +20,11 @@ #include "crypto/s2n_hmac.h" #include "utils/s2n_blob.h" -extern int s2n_hkdf(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, +int s2n_hkdf(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, const struct s2n_blob *key, const struct s2n_blob *info, struct s2n_blob *output); -extern int s2n_hkdf_extract(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, +int s2n_hkdf_extract(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *salt, const struct s2n_blob *key, struct s2n_blob *pseudo_rand_key); -extern int s2n_hkdf_expand_label(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *secret, const struct s2n_blob *label, +int s2n_hkdf_expand_label(struct s2n_hmac_state *hmac, s2n_hmac_algorithm alg, const struct s2n_blob *secret, const struct s2n_blob *label, const struct s2n_blob *context, struct s2n_blob *output); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_hmac.h b/contrib/restricted/aws/s2n/crypto/s2n_hmac.h index 08ff779d067..fe532ca5c81 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_hmac.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_hmac.h @@ -60,20 +60,20 @@ struct s2n_hmac_evp_backup { struct s2n_hash_evp_digest outer_just_key; }; -extern int s2n_hmac_digest_size(s2n_hmac_algorithm alg, uint8_t *out); -extern bool s2n_hmac_is_available(s2n_hmac_algorithm alg); -extern int s2n_hmac_hash_alg(s2n_hmac_algorithm hmac_alg, s2n_hash_algorithm *out); -extern int s2n_hash_hmac_alg(s2n_hash_algorithm hash_alg, s2n_hmac_algorithm *out); +int s2n_hmac_digest_size(s2n_hmac_algorithm alg, uint8_t *out); +bool s2n_hmac_is_available(s2n_hmac_algorithm alg); +int s2n_hmac_hash_alg(s2n_hmac_algorithm hmac_alg, s2n_hash_algorithm *out); +int s2n_hash_hmac_alg(s2n_hash_algorithm hash_alg, s2n_hmac_algorithm *out); -extern int s2n_hmac_new(struct s2n_hmac_state *state); +int s2n_hmac_new(struct s2n_hmac_state *state); S2N_RESULT s2n_hmac_state_validate(struct s2n_hmac_state *state); -extern int s2n_hmac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen); -extern int s2n_hmac_update(struct s2n_hmac_state *state, const void *in, uint32_t size); -extern int s2n_hmac_digest(struct s2n_hmac_state *state, void *out, uint32_t size); -extern int s2n_hmac_digest_two_compression_rounds(struct s2n_hmac_state *state, void *out, uint32_t size); -extern int s2n_hmac_digest_verify(const void *a, const void *b, uint32_t len); -extern int s2n_hmac_free(struct s2n_hmac_state *state); -extern int s2n_hmac_reset(struct s2n_hmac_state *state); -extern int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from); -extern int s2n_hmac_save_evp_hash_state(struct s2n_hmac_evp_backup* backup, struct s2n_hmac_state* hmac); -extern int s2n_hmac_restore_evp_hash_state(struct s2n_hmac_evp_backup* backup, struct s2n_hmac_state* hmac); +int s2n_hmac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen); +int s2n_hmac_update(struct s2n_hmac_state *state, const void *in, uint32_t size); +int s2n_hmac_digest(struct s2n_hmac_state *state, void *out, uint32_t size); +int s2n_hmac_digest_two_compression_rounds(struct s2n_hmac_state *state, void *out, uint32_t size); +int s2n_hmac_digest_verify(const void *a, const void *b, uint32_t len); +int s2n_hmac_free(struct s2n_hmac_state *state); +int s2n_hmac_reset(struct s2n_hmac_state *state); +int s2n_hmac_copy(struct s2n_hmac_state *to, struct s2n_hmac_state *from); +int s2n_hmac_save_evp_hash_state(struct s2n_hmac_evp_backup* backup, struct s2n_hmac_state* hmac); +int s2n_hmac_restore_evp_hash_state(struct s2n_hmac_evp_backup* backup, struct s2n_hmac_state* hmac); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa.h b/contrib/restricted/aws/s2n/crypto/s2n_rsa.h index d928ad03f5c..480cc62294f 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_rsa.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa.h @@ -43,7 +43,7 @@ RSA *s2n_unsafe_rsa_get_non_const(const struct s2n_rsa_key *rsa_key); typedef struct s2n_rsa_key s2n_rsa_public_key; typedef struct s2n_rsa_key s2n_rsa_private_key; -extern int s2n_rsa_pkey_init(struct s2n_pkey *pkey); +int s2n_rsa_pkey_init(struct s2n_pkey *pkey); -extern int s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *pkey); -extern int s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *pkey); +int s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *pkey); +int s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *pkey); diff --git a/contrib/restricted/aws/s2n/crypto/s2n_sequence.h b/contrib/restricted/aws/s2n/crypto/s2n_sequence.h index 1ac58f38c33..d74541c0aee 100644 --- a/contrib/restricted/aws/s2n/crypto/s2n_sequence.h +++ b/contrib/restricted/aws/s2n/crypto/s2n_sequence.h @@ -18,5 +18,5 @@ #include "crypto/s2n_sequence.h" #include "utils/s2n_blob.h" -extern int s2n_increment_sequence_number(struct s2n_blob *sequence_number); +int s2n_increment_sequence_number(struct s2n_blob *sequence_number); int s2n_sequence_number_to_uint64(struct s2n_blob *sequence_number, uint64_t *output); diff --git a/contrib/restricted/aws/s2n/error/s2n_errno.h b/contrib/restricted/aws/s2n/error/s2n_errno.h index f391c7150a6..160f6262489 100644 --- a/contrib/restricted/aws/s2n/error/s2n_errno.h +++ b/contrib/restricted/aws/s2n/error/s2n_errno.h @@ -355,10 +355,10 @@ struct s2n_stacktrace { int trace_size; }; -extern bool s2n_stack_traces_enabled(); -extern int s2n_stack_traces_enabled_set(bool newval); +bool s2n_stack_traces_enabled(); +int s2n_stack_traces_enabled_set(bool newval); -extern int s2n_calculate_stacktrace(void); -extern int s2n_print_stacktrace(FILE *fptr); -extern int s2n_free_stacktrace(void); -extern int s2n_get_stacktrace(struct s2n_stacktrace *trace); +int s2n_calculate_stacktrace(void); +int s2n_print_stacktrace(FILE *fptr); +int s2n_free_stacktrace(void); +int s2n_get_stacktrace(struct s2n_stacktrace *trace); diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h index 9f496e09a0a..d283cb25f55 100644 --- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h +++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h @@ -61,67 +61,67 @@ struct s2n_stuffer { #define s2n_stuffer_is_wiped(s) ((s)->high_water_mark == 0) #define s2n_stuffer_is_freed(s) ((s)->blob.data == NULL) /* Check basic validity constraints on the stuffer: e.g. that cursors point within the blob */ -extern S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer *stuffer); +S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer *stuffer); /* Initialize and destroying stuffers */ -extern int s2n_stuffer_init(struct s2n_stuffer *stuffer, struct s2n_blob *in); -extern int s2n_stuffer_alloc(struct s2n_stuffer *stuffer, const uint32_t size); -extern int s2n_stuffer_growable_alloc(struct s2n_stuffer *stuffer, const uint32_t size); -extern int s2n_stuffer_free(struct s2n_stuffer *stuffer); +int s2n_stuffer_init(struct s2n_stuffer *stuffer, struct s2n_blob *in); +int s2n_stuffer_alloc(struct s2n_stuffer *stuffer, const uint32_t size); +int s2n_stuffer_growable_alloc(struct s2n_stuffer *stuffer, const uint32_t size); +int s2n_stuffer_free(struct s2n_stuffer *stuffer); /** * Frees the stuffer without zeroizing the contained data. * * This should only be used in scenarios where the data is encrypted or has been * cleared with `s2n_stuffer_erase_and_read`. In most cases, prefer `s2n_stuffer_free`. */ -extern int s2n_stuffer_free_without_wipe(struct s2n_stuffer *stuffer); -extern int s2n_stuffer_resize(struct s2n_stuffer *stuffer, const uint32_t size); -extern int s2n_stuffer_resize_if_empty(struct s2n_stuffer *stuffer, const uint32_t size); -extern int s2n_stuffer_rewind_read(struct s2n_stuffer *stuffer, const uint32_t size); -extern int s2n_stuffer_reread(struct s2n_stuffer *stuffer); -extern int s2n_stuffer_rewrite(struct s2n_stuffer *stuffer); -extern int s2n_stuffer_wipe(struct s2n_stuffer *stuffer); -extern int s2n_stuffer_wipe_n(struct s2n_stuffer *stuffer, const uint32_t n); -extern bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer); +int s2n_stuffer_free_without_wipe(struct s2n_stuffer *stuffer); +int s2n_stuffer_resize(struct s2n_stuffer *stuffer, const uint32_t size); +int s2n_stuffer_resize_if_empty(struct s2n_stuffer *stuffer, const uint32_t size); +int s2n_stuffer_rewind_read(struct s2n_stuffer *stuffer, const uint32_t size); +int s2n_stuffer_reread(struct s2n_stuffer *stuffer); +int s2n_stuffer_rewrite(struct s2n_stuffer *stuffer); +int s2n_stuffer_wipe(struct s2n_stuffer *stuffer); +int s2n_stuffer_wipe_n(struct s2n_stuffer *stuffer, const uint32_t n); +bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer); /* Basic read and write */ -extern int s2n_stuffer_read(struct s2n_stuffer *stuffer, struct s2n_blob *out); -extern int s2n_stuffer_erase_and_read(struct s2n_stuffer *stuffer, struct s2n_blob *out); -extern int s2n_stuffer_write(struct s2n_stuffer *stuffer, const struct s2n_blob *in); -extern int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t *out, uint32_t n); -extern int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size); -extern int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t *in, const uint32_t n); -extern int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *iov, size_t iov_count, +int s2n_stuffer_read(struct s2n_stuffer *stuffer, struct s2n_blob *out); +int s2n_stuffer_erase_and_read(struct s2n_stuffer *stuffer, struct s2n_blob *out); +int s2n_stuffer_write(struct s2n_stuffer *stuffer, const struct s2n_blob *in); +int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t *out, uint32_t n); +int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size); +int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t *in, const uint32_t n); +int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *iov, size_t iov_count, uint32_t offs, uint32_t size); -extern int s2n_stuffer_skip_read(struct s2n_stuffer *stuffer, uint32_t n); -extern int s2n_stuffer_skip_write(struct s2n_stuffer *stuffer, const uint32_t n); +int s2n_stuffer_skip_read(struct s2n_stuffer *stuffer, uint32_t n); +int s2n_stuffer_skip_write(struct s2n_stuffer *stuffer, const uint32_t n); /* Tries to reserve enough space to write n additional bytes into the stuffer.*/ -extern int s2n_stuffer_reserve_space(struct s2n_stuffer *stuffer, uint32_t n); +int s2n_stuffer_reserve_space(struct s2n_stuffer *stuffer, uint32_t n); /* Raw read/write move the cursor along and give you a pointer you can * read/write data_len bytes from/to in-place. */ -extern void *s2n_stuffer_raw_write(struct s2n_stuffer *stuffer, const uint32_t data_len); -extern void *s2n_stuffer_raw_read(struct s2n_stuffer *stuffer, uint32_t data_len); +void *s2n_stuffer_raw_write(struct s2n_stuffer *stuffer, const uint32_t data_len); +void *s2n_stuffer_raw_read(struct s2n_stuffer *stuffer, uint32_t data_len); /* Send/receive stuffer to/from a file descriptor */ -extern int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const uint32_t len, +int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const uint32_t len, uint32_t *bytes_written); -extern int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent); +int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent); /* Read and write integers in network order */ -extern int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t *u); -extern int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t *u); -extern int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t *u); -extern int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t *u); -extern int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t *u); - -extern int s2n_stuffer_write_uint8(struct s2n_stuffer *stuffer, const uint8_t u); -extern int s2n_stuffer_write_uint16(struct s2n_stuffer *stuffer, const uint16_t u); -extern int s2n_stuffer_write_uint24(struct s2n_stuffer *stuffer, const uint32_t u); -extern int s2n_stuffer_write_uint32(struct s2n_stuffer *stuffer, const uint32_t u); -extern int s2n_stuffer_write_uint64(struct s2n_stuffer *stuffer, const uint64_t u); +int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t *u); +int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t *u); +int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t *u); +int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t *u); +int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t *u); + +int s2n_stuffer_write_uint8(struct s2n_stuffer *stuffer, const uint8_t u); +int s2n_stuffer_write_uint16(struct s2n_stuffer *stuffer, const uint16_t u); +int s2n_stuffer_write_uint24(struct s2n_stuffer *stuffer, const uint32_t u); +int s2n_stuffer_write_uint32(struct s2n_stuffer *stuffer, const uint32_t u); +int s2n_stuffer_write_uint64(struct s2n_stuffer *stuffer, const uint64_t u); /* Allocate space now for network order integers that will be written later. * These are primarily intended to handle the vector type defined in the RFC: @@ -132,18 +132,18 @@ struct s2n_stuffer_reservation { uint8_t length; }; /* Check basic validity constraints on the s2n_stuffer_reservation: e.g. stuffer validity. */ -extern S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation *reservation); +S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation *reservation); int s2n_stuffer_reserve_uint8(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation); -extern int s2n_stuffer_reserve_uint16(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation); -extern int s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation); -extern int s2n_stuffer_write_vector_size(struct s2n_stuffer_reservation *reservation); +int s2n_stuffer_reserve_uint16(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation); +int s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation); +int s2n_stuffer_write_vector_size(struct s2n_stuffer_reservation *reservation); /* Copy one stuffer to another */ -extern int s2n_stuffer_copy(struct s2n_stuffer *from, struct s2n_stuffer *to, uint32_t len); +int s2n_stuffer_copy(struct s2n_stuffer *from, struct s2n_stuffer *to, uint32_t len); /* Read and write base64 */ -extern int s2n_stuffer_read_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *out); -extern int s2n_stuffer_write_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *in); +int s2n_stuffer_read_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *out); +int s2n_stuffer_write_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *in); /* Useful for text manipulation ... */ #define s2n_stuffer_write_char(stuffer, c) s2n_stuffer_write_uint8((stuffer), (uint8_t) (c)) @@ -151,35 +151,35 @@ extern int s2n_stuffer_write_base64(struct s2n_stuffer *stuffer, struct s2n_stuf #define s2n_stuffer_write_str(stuffer, c) s2n_stuffer_write_bytes((stuffer), (const uint8_t *) (c), strlen((c))) #define s2n_stuffer_write_text(stuffer, c, n) s2n_stuffer_write_bytes((stuffer), (const uint8_t *) (c), (n)) #define s2n_stuffer_read_text(stuffer, c, n) s2n_stuffer_read_bytes((stuffer), (uint8_t *) (c), (n)) -extern int s2n_stuffer_read_expected_str(struct s2n_stuffer *stuffer, const char *expected); -extern int s2n_stuffer_peek_char(struct s2n_stuffer *stuffer, char *c); -extern int s2n_stuffer_read_token(struct s2n_stuffer *stuffer, struct s2n_stuffer *token, char delim); -extern int s2n_stuffer_read_line(struct s2n_stuffer *stuffer, struct s2n_stuffer *token); -extern int s2n_stuffer_peek_check_for_str(struct s2n_stuffer *s2n_stuffer, const char *expected); -extern int s2n_stuffer_skip_whitespace(struct s2n_stuffer *stuffer, uint32_t *skipped); -extern int s2n_stuffer_skip_to_char(struct s2n_stuffer *stuffer, char target); -extern int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min, +int s2n_stuffer_read_expected_str(struct s2n_stuffer *stuffer, const char *expected); +int s2n_stuffer_peek_char(struct s2n_stuffer *stuffer, char *c); +int s2n_stuffer_read_token(struct s2n_stuffer *stuffer, struct s2n_stuffer *token, char delim); +int s2n_stuffer_read_line(struct s2n_stuffer *stuffer, struct s2n_stuffer *token); +int s2n_stuffer_peek_check_for_str(struct s2n_stuffer *s2n_stuffer, const char *expected); +int s2n_stuffer_skip_whitespace(struct s2n_stuffer *stuffer, uint32_t *skipped); +int s2n_stuffer_skip_to_char(struct s2n_stuffer *stuffer, char target); +int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min, const uint32_t max, uint32_t *skipped); -extern int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char *target); -extern int s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *str); -extern int s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length); +int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char *target); +int s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *str); +int s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length); /* Read a private key from a PEM encoded stuffer to an ASN1/DER encoded one */ -extern int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); +int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); /* Read a certificate from a PEM encoded stuffer to an ASN1/DER encoded one */ -extern int s2n_stuffer_certificate_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); +int s2n_stuffer_certificate_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); /* Read a CRL from a PEM encoded stuffer to an ASN1/DER encoded one */ -extern int s2n_stuffer_crl_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); +int s2n_stuffer_crl_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1); /* Read DH parameters om a PEM encoded stuffer to a PKCS3 encoded one */ -extern int s2n_stuffer_dhparams_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *pkcs3); +int s2n_stuffer_dhparams_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *pkcs3); -extern bool s2n_is_base64_char(unsigned char c); +bool s2n_is_base64_char(unsigned char c); /* Copies all valid data from "stuffer" into "out". * The old blob "out" pointed to is freed. * It is the responsibility of the caller to free the free "out". */ -extern int s2n_stuffer_extract_blob(struct s2n_stuffer *stuffer, struct s2n_blob *out); +int s2n_stuffer_extract_blob(struct s2n_stuffer *stuffer, struct s2n_blob *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h index 6e7cd8d67ad..50ac98575a3 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h @@ -24,5 +24,5 @@ bool s2n_client_alpn_should_send(struct s2n_connection *conn); /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_alpn_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_recv_client_alpn(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_alpn_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_recv_client_alpn(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h index 2e1b4c4a500..8129ea32650 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h @@ -21,6 +21,6 @@ extern const s2n_extension_type s2n_client_key_share_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); -extern uint32_t s2n_extensions_client_key_share_size(struct s2n_connection *conn); -extern int s2n_extensions_client_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_extensions_client_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); +uint32_t s2n_extensions_client_key_share_size(struct s2n_connection *conn); +int s2n_extensions_client_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h index 39b3a007317..b58b055978c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h @@ -22,5 +22,5 @@ extern const s2n_extension_type s2n_client_max_frag_len_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_max_frag_len_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_recv_client_max_frag_len(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_max_frag_len_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_recv_client_max_frag_len(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h index fb775d27a8d..5e089b7567a 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h @@ -23,5 +23,5 @@ extern const s2n_extension_type s2n_client_pq_kem_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_pq_kem_send(struct s2n_connection *conn, struct s2n_stuffer *out, uint16_t pq_kem_list_size); -extern int s2n_recv_pq_kem_extension(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_pq_kem_send(struct s2n_connection *conn, struct s2n_stuffer *out, uint16_t pq_kem_list_size); +int s2n_recv_pq_kem_extension(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h index a49c46cad13..cd2be3b1d96 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h @@ -22,5 +22,5 @@ extern const s2n_extension_type s2n_client_sct_list_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_sct_list_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_recv_client_sct_list(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_sct_list_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_recv_client_sct_list(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h index b3961500bc3..4e26b33b8a4 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h @@ -22,5 +22,5 @@ extern const s2n_extension_type s2n_client_server_name_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_parse_client_hello_server_name(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_parse_client_hello_server_name(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h index 781b1a95a25..58964aaa440 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h @@ -21,5 +21,5 @@ extern const s2n_extension_type s2n_client_session_ticket_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_recv_client_session_ticket_ext(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_session_ticket_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_recv_client_session_ticket_ext(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h index 12b8c07cbed..61ee7aea091 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h @@ -22,5 +22,5 @@ extern const s2n_extension_type s2n_client_status_request_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_recv_client_status_request(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_status_request_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_recv_client_status_request(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h index cbf39cebfff..df6a7c41ffd 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h @@ -21,6 +21,6 @@ extern const s2n_extension_type s2n_client_supported_versions_extension; /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); -extern int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn); -extern int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn); +int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h index a2884dd1198..3987756773d 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h @@ -21,9 +21,9 @@ extern const s2n_extension_type s2n_server_key_share_extension; -extern int s2n_extensions_server_key_share_select(struct s2n_connection *conn); +int s2n_extensions_server_key_share_select(struct s2n_connection *conn); /* Old-style extension functions -- remove after extensions refactor is complete */ -extern int s2n_extensions_server_key_share_send_size(struct s2n_connection *conn); -extern int s2n_extensions_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); -extern int s2n_extensions_server_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); +int s2n_extensions_server_key_share_send_size(struct s2n_connection *conn); +int s2n_extensions_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); +int s2n_extensions_server_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/s2n_alerts.h b/contrib/restricted/aws/s2n/tls/s2n_alerts.h index eec1dde6fa1..d745ce30330 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_alerts.h +++ b/contrib/restricted/aws/s2n/tls/s2n_alerts.h @@ -102,9 +102,9 @@ typedef enum { S2N_TLS_ALERT_NO_APPLICATION_PROTOCOL = 120, } s2n_tls_alert_code; -extern int s2n_process_alert_fragment(struct s2n_connection *conn); -extern int s2n_queue_writer_close_alert_warning(struct s2n_connection *conn); -extern int s2n_queue_reader_unsupported_protocol_version_alert(struct s2n_connection *conn); -extern int s2n_queue_reader_handshake_failure_alert(struct s2n_connection *conn); +int s2n_process_alert_fragment(struct s2n_connection *conn); +int s2n_queue_writer_close_alert_warning(struct s2n_connection *conn); +int s2n_queue_reader_unsupported_protocol_version_alert(struct s2n_connection *conn); +int s2n_queue_reader_handshake_failure_alert(struct s2n_connection *conn); S2N_RESULT s2n_queue_reader_no_renegotiation_alert(struct s2n_connection *conn); S2N_RESULT s2n_alerts_close_if_fatal(struct s2n_connection *conn, struct s2n_blob *alert); diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c index e77ca8cadb2..fc17e958916 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.c @@ -993,6 +993,33 @@ const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_1_2016 = .allow_chacha20_boosting = false, }; +struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2017[] = { + S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, + &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_rsa_with_aes_128_gcm_sha256, + &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_rsa_with_aes_128_cbc_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_rsa_with_aes_256_gcm_sha384, + &s2n_ecdhe_ecdsa_with_chacha20_poly1305_sha256, + &s2n_ecdhe_rsa_with_chacha20_poly1305_sha256, + &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384, + &s2n_ecdhe_rsa_with_aes_256_cbc_sha384, + &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha, + &s2n_ecdhe_rsa_with_aes_256_cbc_sha, + &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha, + &s2n_ecdhe_rsa_with_aes_128_cbc_sha, + &s2n_rsa_with_aes_128_gcm_sha256, + &s2n_rsa_with_aes_256_gcm_sha384, + &s2n_rsa_with_aes_128_cbc_sha256 +}; + +const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2017 = { + .count = s2n_array_len(cipher_suites_cloudfront_tls_1_2_2017), + .suites = cipher_suites_cloudfront_tls_1_2_2017, + .allow_chacha20_boosting = false, +}; + struct s2n_cipher_suite *cipher_suites_cloudfront_tls_1_2_2018[] = { S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716, &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h index b52143623d3..54b5f2fe099 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_preferences.h @@ -88,6 +88,7 @@ extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_ssl_v_3 extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2014; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_0_2016; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_1_2016; +extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2017; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2018; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2019; extern const struct s2n_cipher_preferences cipher_preferences_cloudfront_tls_1_2_2021; diff --git a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h index 0d51eefb33d..7fe87dd9910 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h +++ b/contrib/restricted/aws/s2n/tls/s2n_cipher_suites.h @@ -157,12 +157,12 @@ extern struct s2n_cipher_suite s2n_tls13_aes_256_gcm_sha384; extern struct s2n_cipher_suite s2n_tls13_aes_128_gcm_sha256; extern struct s2n_cipher_suite s2n_tls13_chacha20_poly1305_sha256; -extern int s2n_cipher_suites_init(void); +int s2n_cipher_suites_init(void); S2N_RESULT s2n_cipher_suites_cleanup(void); S2N_RESULT s2n_cipher_suite_from_iana(const uint8_t *iana, size_t iana_len, struct s2n_cipher_suite **cipher_suite); bool s2n_cipher_suite_uses_chacha20_alg(struct s2n_cipher_suite *cipher_suite); -extern int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_CIPHER_SUITE_LEN]); -extern int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); -extern int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); +int s2n_set_cipher_as_client(struct s2n_connection *conn, uint8_t wire[S2N_TLS_CIPHER_SUITE_LEN]); +int s2n_set_cipher_as_sslv2_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); +int s2n_set_cipher_as_tls_server(struct s2n_connection *conn, uint8_t *wire, uint16_t count); bool s2n_cipher_suite_requires_ecc_extension(struct s2n_cipher_suite *cipher); bool s2n_cipher_suite_requires_pq_extension(struct s2n_cipher_suite *cipher); diff --git a/contrib/restricted/aws/s2n/tls/s2n_client_hello.h b/contrib/restricted/aws/s2n/tls/s2n_client_hello.h index 07a0cbf4786..cef7f8175dc 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_client_hello.h +++ b/contrib/restricted/aws/s2n/tls/s2n_client_hello.h @@ -47,13 +47,13 @@ struct s2n_client_hello { int s2n_client_hello_free(struct s2n_client_hello *client_hello); -extern struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn); +struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn); -extern ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch); -extern ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); +ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch); +ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); -extern ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch); -extern ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); +ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch); +ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); -extern ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch); -extern ssize_t s2n_client_hello_get_extensions(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); +ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch); +ssize_t s2n_client_hello_get_extensions(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length); diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c index 6d6d2c1b4f1..02593a25a27 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.c +++ b/contrib/restricted/aws/s2n/tls/s2n_config.c @@ -625,7 +625,7 @@ int s2n_config_add_dhparams(struct s2n_config *config, const char *dhparams_pem) return 0; } -extern int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx) +int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx) { POSIX_ENSURE_REF(clock_fn); @@ -635,7 +635,7 @@ extern int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_n return 0; } -extern int s2n_config_set_monotonic_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx) +int s2n_config_set_monotonic_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx) { POSIX_ENSURE_REF(clock_fn); @@ -998,7 +998,7 @@ int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size) { POSIX_ENSURE_REF(config); - POSIX_ENSURE(size >= S2N_TLS_MAX_RECORD_LEN_FOR(S2N_MAX_FRAGMENT_LENGTH_MIN), S2N_ERR_INVALID_ARGUMENT); + POSIX_ENSURE(size >= S2N_MIN_SEND_BUFFER_SIZE, S2N_ERR_INVALID_ARGUMENT); config->send_buffer_size_override = size; return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.h b/contrib/restricted/aws/s2n/tls/s2n_config.h index 96969be9710..86bdd77d8d1 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_config.h +++ b/contrib/restricted/aws/s2n/tls/s2n_config.h @@ -15,13 +15,18 @@ #pragma once +#include <sys/param.h> + #include "api/s2n.h" #include "crypto/s2n_certificate.h" #include "crypto/s2n_dhe.h" #include "tls/s2n_crl.h" +#include "tls/s2n_key_update.h" #include "tls/s2n_psk.h" +#include "tls/s2n_record.h" #include "tls/s2n_renegotiate.h" #include "tls/s2n_resume.h" +#include "tls/s2n_tls_parameters.h" #include "tls/s2n_x509_validator.h" #include "utils/s2n_blob.h" #include "utils/s2n_set.h" @@ -29,6 +34,18 @@ #define S2N_MAX_TICKET_KEYS 48 #define S2N_MAX_TICKET_KEY_HASHES 500 /* 10KB */ +/* + * TLS1.3 does not allow alert messages to be fragmented, and some TLS + * implementations (for example, GnuTLS) reject fragmented TLS1.2 alerts. + * The send buffer must be able to hold an unfragmented alert message. + * + * We choose not to fragment KeyUpdate messages to keep our post-handshake + * fragmentation logic simple and consistent across message types. + * The send buffer must be able to hold an unfragmented KeyUpdate message. + */ +#define S2N_MIN_SEND_BUFFER_FRAGMENT_SIZE MAX(S2N_KEY_UPDATE_MESSAGE_SIZE, S2N_ALERT_LENGTH) +#define S2N_MIN_SEND_BUFFER_SIZE S2N_TLS_MAX_RECORD_LEN_FOR(S2N_MIN_SEND_BUFFER_FRAGMENT_SIZE) + struct s2n_cipher_preferences; typedef enum { @@ -180,13 +197,13 @@ struct s2n_config { S2N_CLEANUP_RESULT s2n_config_ptr_free(struct s2n_config **config); int s2n_config_defaults_init(void); -extern struct s2n_config *s2n_fetch_default_config(void); +struct s2n_config *s2n_fetch_default_config(void); int s2n_config_set_unsafe_for_testing(struct s2n_config *config); int s2n_config_init_session_ticket_keys(struct s2n_config *config); int s2n_config_free_session_ticket_keys(struct s2n_config *config); void s2n_wipe_static_configs(void); -extern struct s2n_cert_chain_and_key *s2n_config_get_single_default_cert(struct s2n_config *config); +struct s2n_cert_chain_and_key *s2n_config_get_single_default_cert(struct s2n_config *config); int s2n_config_get_num_default_certs(struct s2n_config *config); S2N_RESULT s2n_config_wall_clock(struct s2n_config *config, uint64_t *output); diff --git a/contrib/restricted/aws/s2n/tls/s2n_connection.h b/contrib/restricted/aws/s2n/tls/s2n_connection.h index 555efe0af51..b0d002693d4 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_connection.h +++ b/contrib/restricted/aws/s2n/tls/s2n_connection.h @@ -35,6 +35,7 @@ #include "tls/s2n_prf.h" #include "tls/s2n_quic_support.h" #include "tls/s2n_record.h" +#include "tls/s2n_resume.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls_parameters.h" #include "tls/s2n_x509_validator.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_crypto.h b/contrib/restricted/aws/s2n/tls/s2n_crypto.h index ac2e268e9bf..2e72224f3c4 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_crypto.h +++ b/contrib/restricted/aws/s2n/tls/s2n_crypto.h @@ -24,7 +24,6 @@ #include "crypto/s2n_pkey.h" #include "crypto/s2n_signature.h" #include "crypto/s2n_tls13_keys.h" -#include "tls/s2n_config.h" #include "tls/s2n_crypto_constants.h" #include "tls/s2n_kem.h" #include "tls/s2n_signature_scheme.h" diff --git a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c index 08656c98b1c..d73e3edbc8d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c +++ b/contrib/restricted/aws/s2n/tls/s2n_handshake_io.c @@ -1203,7 +1203,7 @@ static int s2n_handshake_write_io(struct s2n_connection *conn) if (s2n_connection_is_quic_enabled(conn)) { POSIX_GUARD_RESULT(s2n_quic_write_handshake_message(conn, &out)); } else { - POSIX_GUARD(s2n_record_write(conn, record_type, &out)); + POSIX_GUARD_RESULT(s2n_record_write(conn, record_type, &out)); } /* MD5 and SHA sum the handshake data too */ diff --git a/contrib/restricted/aws/s2n/tls/s2n_internal.h b/contrib/restricted/aws/s2n/tls/s2n_internal.h index 111231397de..2f6e70cab02 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_internal.h +++ b/contrib/restricted/aws/s2n/tls/s2n_internal.h @@ -43,7 +43,7 @@ struct s2n_connection; * Caution: A config can be associated with multiple connections and should not be * modified after it has been built. Doing so is undefined behavior. */ -S2N_PRIVATE_API extern int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); +S2N_PRIVATE_API int s2n_connection_get_config(struct s2n_connection *conn, struct s2n_config **config); /* * Enable polling the async client_hello callback to make progress. @@ -51,4 +51,4 @@ S2N_PRIVATE_API extern int s2n_connection_get_config(struct s2n_connection *conn * `s2n_negotiate` must be called multiple times to poll the callback function * and make progress. */ -S2N_PRIVATE_API extern int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config); +S2N_PRIVATE_API int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config); diff --git a/contrib/restricted/aws/s2n/tls/s2n_kem.h b/contrib/restricted/aws/s2n/tls/s2n_kem.h index 17ec8fe1051..7424fa15f6f 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kem.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kem.h @@ -89,24 +89,24 @@ extern const struct s2n_kem_group s2n_secp256r1_kyber_512_r3; /* x25519 KEM Groups */ extern const struct s2n_kem_group s2n_x25519_kyber_512_r3; -extern S2N_RESULT s2n_kem_generate_keypair(struct s2n_kem_params *kem_params); -extern S2N_RESULT s2n_kem_encapsulate(struct s2n_kem_params *kem_params, struct s2n_blob *ciphertext); -extern S2N_RESULT s2n_kem_decapsulate(struct s2n_kem_params *kem_params, const struct s2n_blob *ciphertext); -extern int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], +S2N_RESULT s2n_kem_generate_keypair(struct s2n_kem_params *kem_params); +S2N_RESULT s2n_kem_encapsulate(struct s2n_kem_params *kem_params, struct s2n_blob *ciphertext); +S2N_RESULT s2n_kem_decapsulate(struct s2n_kem_params *kem_params, const struct s2n_blob *ciphertext); +int s2n_choose_kem_with_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], struct s2n_blob *client_kem_ids, const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem); -extern int s2n_choose_kem_without_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], +int s2n_choose_kem_without_peer_pref_list(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_kem *server_kem_pref_list[], const uint8_t num_server_supported_kems, const struct s2n_kem **chosen_kem); -extern int s2n_kem_free(struct s2n_kem_params *kem_params); -extern int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params); -extern int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], +int s2n_kem_free(struct s2n_kem_params *kem_params); +int s2n_kem_group_free(struct s2n_kem_group_params *kem_group_params); +int s2n_cipher_suite_to_kem(const uint8_t iana_value[S2N_TLS_CIPHER_SUITE_LEN], const struct s2n_iana_to_kem **supported_params); -extern int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem); -extern int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); -extern int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params); -extern int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); -extern int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_params); +int s2n_get_kem_from_extension_id(kem_extension_size kem_id, const struct s2n_kem **kem); +int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); +int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params); +int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params); +int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_params); /* The following are API signatures for PQ KEMs as defined by NIST. All functions return 0 * on success, and !0 on failure. Avoid calling these functions directly within s2n. Instead, diff --git a/contrib/restricted/aws/s2n/tls/s2n_kex.h b/contrib/restricted/aws/s2n/tls/s2n_kex.h index 436123964c4..9f31b0bd2a5 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_kex.h +++ b/contrib/restricted/aws/s2n/tls/s2n_kex.h @@ -41,17 +41,17 @@ extern const struct s2n_kex s2n_dhe; extern const struct s2n_kex s2n_ecdhe; extern const struct s2n_kex s2n_hybrid_ecdhe_kem; -extern S2N_RESULT s2n_kex_supported(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported); -extern S2N_RESULT s2n_configure_kex(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn); -extern S2N_RESULT s2n_kex_is_ephemeral(const struct s2n_kex *kex, bool *is_ephemeral); +S2N_RESULT s2n_kex_supported(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn, bool *is_supported); +S2N_RESULT s2n_configure_kex(const struct s2n_cipher_suite *cipher_suite, struct s2n_connection *conn); +S2N_RESULT s2n_kex_is_ephemeral(const struct s2n_kex *kex, bool *is_ephemeral); -extern S2N_RESULT s2n_kex_server_key_recv_read_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_verify, +S2N_RESULT s2n_kex_server_key_recv_read_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_verify, struct s2n_kex_raw_server_data *raw_server_data); -extern S2N_RESULT s2n_kex_server_key_recv_parse_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); -extern S2N_RESULT s2n_kex_server_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_sign); -extern S2N_RESULT s2n_kex_client_key_recv(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key); -extern S2N_RESULT s2n_kex_client_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key); +S2N_RESULT s2n_kex_server_key_recv_parse_data(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data); +S2N_RESULT s2n_kex_server_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *data_to_sign); +S2N_RESULT s2n_kex_client_key_recv(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key); +S2N_RESULT s2n_kex_client_key_send(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *shared_key); -extern S2N_RESULT s2n_kex_tls_prf(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *premaster_secret); +S2N_RESULT s2n_kex_tls_prf(const struct s2n_kex *kex, struct s2n_connection *conn, struct s2n_blob *premaster_secret); -extern bool s2n_kex_includes(const struct s2n_kex *kex, const struct s2n_kex *query); +bool s2n_kex_includes(const struct s2n_kex *kex, const struct s2n_kex *query); diff --git a/contrib/restricted/aws/s2n/tls/s2n_key_update.c b/contrib/restricted/aws/s2n/tls/s2n_key_update.c index 355f908c36a..c5990484bb8 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_key_update.c +++ b/contrib/restricted/aws/s2n/tls/s2n_key_update.c @@ -80,7 +80,7 @@ int s2n_key_update_send(struct s2n_connection *conn, s2n_blocked_status *blocked POSIX_GUARD(s2n_key_update_write(&key_update_blob)); /* Encrypt the message */ - POSIX_GUARD(s2n_record_write(conn, TLS_HANDSHAKE, &key_update_blob)); + POSIX_GUARD_RESULT(s2n_record_write(conn, TLS_HANDSHAKE, &key_update_blob)); /* Update encryption key */ POSIX_GUARD(s2n_update_application_traffic_keys(conn, conn->mode, SENDING)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h index cb70af7ee2f..57a4f2b4e72 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h +++ b/contrib/restricted/aws/s2n/tls/s2n_post_handshake.h @@ -14,6 +14,12 @@ */ #pragma once +#include <stdint.h> + +#include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_result.h" struct s2n_connection; diff --git a/contrib/restricted/aws/s2n/tls/s2n_prf.h b/contrib/restricted/aws/s2n/tls/s2n_prf.h index ea23d20cf6a..dae7e10da12 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_prf.h +++ b/contrib/restricted/aws/s2n/tls/s2n_prf.h @@ -55,10 +55,10 @@ S2N_RESULT s2n_prf_wipe(struct s2n_connection *conn); S2N_RESULT s2n_prf_free(struct s2n_connection *conn); int s2n_prf_calculate_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret); -extern int s2n_tls_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret); -extern int s2n_hybrid_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret); +int s2n_tls_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret); +int s2n_hybrid_prf_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret); S2N_RESULT s2n_tls_prf_extended_master_secret(struct s2n_connection *conn, struct s2n_blob *premaster_secret, struct s2n_blob *session_hash, struct s2n_blob *sha1_hash); S2N_RESULT s2n_prf_get_digest_for_ems(struct s2n_connection *conn, struct s2n_blob *message, s2n_hash_algorithm hash_alg, struct s2n_blob *output); -extern int s2n_prf_key_expansion(struct s2n_connection *conn); -extern int s2n_prf_server_finished(struct s2n_connection *conn); -extern int s2n_prf_client_finished(struct s2n_connection *conn); +int s2n_prf_key_expansion(struct s2n_connection *conn); +int s2n_prf_server_finished(struct s2n_connection *conn); +int s2n_prf_client_finished(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/s2n_record.h b/contrib/restricted/aws/s2n/tls/s2n_record.h index 6b8762915a0..70da62f3d0d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record.h +++ b/contrib/restricted/aws/s2n/tls/s2n_record.h @@ -40,18 +40,6 @@ */ #define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14) -/* - * The minimum amount of space we need to reserve for a message - * fragment. We cannot fragment alert messages because not all peer - * implementations accept them, even in TLS1.2 where it is not - * disallowed by RFC5246. - * - * Specificity we found that GnuTLS rejects fragmented alert messages. - * This is a simple solution for the Alert Attack, although it is - * strictly speaking a violation of the standard. - */ -#define S2N_MAX_FRAGMENT_LENGTH_MIN 2 - /* The TLS1.2 record length allows for 1024 bytes of compression expansion and * 1024 bytes of encryption expansion and padding. * Since S2N does not support compression, we can ignore the compression overhead. @@ -79,14 +67,14 @@ #define S2N_TLS_MAXIMUM_RECORD_LENGTH S2N_TLS_MAX_RECORD_LEN_FOR(S2N_TLS_MAXIMUM_FRAGMENT_LENGTH) S2N_RESULT s2n_record_max_write_size(struct s2n_connection *conn, uint16_t max_fragment_size, uint16_t *max_record_size); -extern S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size); -extern S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16_t *payload_size); -extern int s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in); -extern int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write); -extern int s2n_record_parse(struct s2n_connection *conn); -extern int s2n_record_header_parse(struct s2n_connection *conn, uint8_t *content_type, uint16_t *fragment_length); -extern int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t *record_type); -extern int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t *record_type, uint8_t *client_protocol_version, uint16_t *fragment_length); -extern int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted); -extern S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad); -extern S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad); +S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16_t *max_fragment_size); +S2N_RESULT s2n_record_min_write_payload_size(struct s2n_connection *conn, uint16_t *payload_size); +S2N_RESULT s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in); +int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const struct iovec *in, int in_count, size_t offs, size_t to_write); +int s2n_record_parse(struct s2n_connection *conn); +int s2n_record_header_parse(struct s2n_connection *conn, uint8_t *content_type, uint16_t *fragment_length); +int s2n_tls13_parse_record_type(struct s2n_stuffer *stuffer, uint8_t *record_type); +int s2n_sslv2_record_header_parse(struct s2n_connection *conn, uint8_t *record_type, uint8_t *client_protocol_version, uint16_t *fragment_length); +int s2n_verify_cbc(struct s2n_connection *conn, struct s2n_hmac_state *hmac, struct s2n_blob *decrypted); +S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad); +S2N_RESULT s2n_tls13_aead_aad_init(uint16_t record_length, uint8_t tag_length, struct s2n_blob *ad); diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_write.c b/contrib/restricted/aws/s2n/tls/s2n_record_write.c index e1cea42cd69..580218e5307 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_record_write.c +++ b/contrib/restricted/aws/s2n/tls/s2n_record_write.c @@ -72,6 +72,7 @@ S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16 RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(conn->config); RESULT_ENSURE_MUT(max_fragment_size); + RESULT_ENSURE(conn->max_outgoing_fragment_length > 0, S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL); *max_fragment_size = MIN(conn->max_outgoing_fragment_length, S2N_TLS_MAXIMUM_FRAGMENT_LENGTH); @@ -89,9 +90,6 @@ S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16 } } - /* Ensure that we don't reserve too little space. */ - RESULT_ENSURE(*max_fragment_size >= S2N_MAX_FRAGMENT_LENGTH_MIN, S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL); - return S2N_RESULT_OK; } @@ -519,10 +517,13 @@ int s2n_record_writev(struct s2n_connection *conn, uint8_t content_type, const s return data_bytes_to_take; } -int s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in) +S2N_RESULT s2n_record_write(struct s2n_connection *conn, uint8_t content_type, struct s2n_blob *in) { struct iovec iov; iov.iov_base = in->data; iov.iov_len = in->size; - return s2n_record_writev(conn, content_type, &iov, 1, 0, in->size); + int written = s2n_record_writev(conn, content_type, &iov, 1, 0, in->size); + RESULT_GUARD_POSIX(written); + RESULT_ENSURE(written == in->size, S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE); + return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/tls/s2n_resume.h b/contrib/restricted/aws/s2n/tls/s2n_resume.h index 2d3f9b6b36b..2e258a09726 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_resume.h +++ b/contrib/restricted/aws/s2n/tls/s2n_resume.h @@ -70,15 +70,15 @@ struct s2n_session_ticket { uint32_t session_lifetime; }; -extern struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint8_t name[S2N_TICKET_KEY_NAME_LEN]); -extern int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *to); -extern int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *from); -extern int s2n_encrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *to); -extern int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *from); -extern int s2n_config_is_encrypt_decrypt_key_available(struct s2n_config *config); -extern int s2n_verify_unique_ticket_key(struct s2n_config *config, uint8_t *hash, uint16_t *insert_index); -extern int s2n_config_wipe_expired_ticket_crypto_keys(struct s2n_config *config, int8_t expired_key_index); -extern int s2n_config_store_ticket_key(struct s2n_config *config, struct s2n_ticket_key *key); +struct s2n_ticket_key *s2n_find_ticket_key(struct s2n_config *config, const uint8_t name[S2N_TICKET_KEY_NAME_LEN]); +int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *to); +int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer *from); +int s2n_encrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *to); +int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *from); +int s2n_config_is_encrypt_decrypt_key_available(struct s2n_config *config); +int s2n_verify_unique_ticket_key(struct s2n_config *config, uint8_t *hash, uint16_t *insert_index); +int s2n_config_wipe_expired_ticket_crypto_keys(struct s2n_config *config, int8_t expired_key_index); +int s2n_config_store_ticket_key(struct s2n_config *config, struct s2n_ticket_key *key); typedef enum { S2N_STATE_WITH_SESSION_ID = 0, @@ -92,8 +92,8 @@ typedef enum { S2N_SERIALIZED_FORMAT_TLS12_V3, } s2n_serial_format_version; -extern int s2n_allowed_to_cache_connection(struct s2n_connection *conn); -extern int s2n_resume_from_cache(struct s2n_connection *conn); +int s2n_allowed_to_cache_connection(struct s2n_connection *conn); +int s2n_resume_from_cache(struct s2n_connection *conn); S2N_RESULT s2n_store_to_cache(struct s2n_connection *conn); S2N_RESULT s2n_connection_get_session_state_size(struct s2n_connection *conn, size_t *state_size); S2N_RESULT s2n_deserialize_resumption_state(struct s2n_connection *conn, struct s2n_blob *psk_identity, diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c index 56eeec09bf6..924de6fa6ab 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.c +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.c @@ -231,6 +231,14 @@ const struct s2n_security_policy security_policy_cloudfront_tls_1_1_2016 = { .ecc_preferences = &s2n_ecc_preferences_20200310, }; +const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2017 = { + .minimum_protocol_version = S2N_TLS12, + .cipher_preferences = &cipher_preferences_cloudfront_tls_1_2_2017, + .kem_preferences = &kem_preferences_null, + .signature_preferences = &s2n_signature_preferences_20200207, + .ecc_preferences = &s2n_ecc_preferences_20200310, +}; + const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2018 = { .minimum_protocol_version = S2N_TLS12, .cipher_preferences = &cipher_preferences_cloudfront_tls_1_2_2018, @@ -791,6 +799,7 @@ struct s2n_security_policy_selection security_policy_selection[] = { { .version = "CloudFront-TLS-1-0-2014", .security_policy = &security_policy_cloudfront_tls_1_0_2014, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "CloudFront-TLS-1-0-2016", .security_policy = &security_policy_cloudfront_tls_1_0_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "CloudFront-TLS-1-1-2016", .security_policy = &security_policy_cloudfront_tls_1_1_2016, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "CloudFront-TLS-1-2-2017", .security_policy = &security_policy_cloudfront_tls_1_2_2017, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "CloudFront-TLS-1-2-2018", .security_policy = &security_policy_cloudfront_tls_1_2_2018, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "CloudFront-TLS-1-2-2019", .security_policy = &security_policy_cloudfront_tls_1_2_2019, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "CloudFront-TLS-1-2-2021", .security_policy = &security_policy_cloudfront_tls_1_2_2021, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, diff --git a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h index 901259ca147..c049d81bf6e 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_security_policies.h +++ b/contrib/restricted/aws/s2n/tls/s2n_security_policies.h @@ -115,6 +115,7 @@ extern const struct s2n_security_policy security_policy_cloudfront_ssl_v_3; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_0_2014; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_0_2016; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_1_2016; +extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2017; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2018; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2019; extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021; diff --git a/contrib/restricted/aws/s2n/tls/s2n_send.c b/contrib/restricted/aws/s2n/tls/s2n_send.c index 0b49330bedc..65b3e07813d 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_send.c +++ b/contrib/restricted/aws/s2n/tls/s2n_send.c @@ -29,6 +29,16 @@ #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" +/* + * Determine whether there is currently sufficient space in the send buffer to construct + * another record, or if we need to flush now. + * + * We only buffer multiple records when sending application data, NOT when + * sending handshake messages or alerts. If the next record is a post-handshake message + * or an alert, then the send buffer will be flushed regardless of the result of this method. + * Therefore we don't need to consider the size of any potential KeyUpdate messages, + * NewSessionTicket messages, or Alerts. + */ bool s2n_should_flush(struct s2n_connection *conn, ssize_t total_message_size) { /* Always flush if not buffering multiple records. */ @@ -98,7 +108,7 @@ WRITE: struct s2n_blob alert = { 0 }; alert.data = conn->reader_alert_out.blob.data; alert.size = 2; - POSIX_GUARD(s2n_record_write(conn, TLS_ALERT, &alert)); + POSIX_GUARD_RESULT(s2n_record_write(conn, TLS_ALERT, &alert)); POSIX_GUARD(s2n_stuffer_rewrite(&conn->reader_alert_out)); POSIX_GUARD_RESULT(s2n_alerts_close_if_fatal(conn, &alert)); @@ -111,7 +121,7 @@ WRITE: struct s2n_blob alert = { 0 }; alert.data = conn->writer_alert_out.blob.data; alert.size = 2; - POSIX_GUARD(s2n_record_write(conn, TLS_ALERT, &alert)); + POSIX_GUARD_RESULT(s2n_record_write(conn, TLS_ALERT, &alert)); POSIX_GUARD(s2n_stuffer_rewrite(&conn->writer_alert_out)); POSIX_GUARD_RESULT(s2n_alerts_close_if_fatal(conn, &alert)); diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c index 484f2782bd8..23805b191ff 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_new_session_ticket.c @@ -182,7 +182,7 @@ S2N_RESULT s2n_tls13_server_nst_send(struct s2n_connection *conn, s2n_blocked_st RESULT_ENSURE_REF(nst_data); RESULT_GUARD_POSIX(s2n_blob_init(&nst_blob, nst_data, nst_size)); - RESULT_GUARD_POSIX(s2n_record_write(conn, TLS_HANDSHAKE, &nst_blob)); + RESULT_GUARD(s2n_record_write(conn, TLS_HANDSHAKE, &nst_blob)); RESULT_GUARD_POSIX(s2n_flush(conn, blocked)); RESULT_GUARD_POSIX(s2n_stuffer_wipe(nst_stuffer)); } diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls.h b/contrib/restricted/aws/s2n/tls/s2n_tls.h index 63650dcc026..b2d70ef5649 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls.h @@ -23,67 +23,67 @@ extern uint8_t s2n_unknown_protocol_version; extern uint8_t s2n_highest_protocol_version; -extern int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *more); +int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *more); S2N_RESULT s2n_client_hello_request_validate(struct s2n_connection *conn); S2N_RESULT s2n_client_hello_request_recv(struct s2n_connection *conn); -extern int s2n_client_hello_send(struct s2n_connection *conn); -extern int s2n_client_hello_recv(struct s2n_connection *conn); -extern int s2n_establish_session(struct s2n_connection *conn); -extern int s2n_sslv2_client_hello_recv(struct s2n_connection *conn); -extern int s2n_server_hello_retry_send(struct s2n_connection *conn); -extern int s2n_server_hello_retry_recv(struct s2n_connection *conn); -extern int s2n_server_hello_write_message(struct s2n_connection *conn); -extern int s2n_server_hello_send(struct s2n_connection *conn); -extern int s2n_server_hello_recv(struct s2n_connection *conn); -extern int s2n_encrypted_extensions_send(struct s2n_connection *conn); -extern int s2n_encrypted_extensions_recv(struct s2n_connection *conn); -extern int s2n_next_protocol_send(struct s2n_connection *conn); -extern int s2n_next_protocol_recv(struct s2n_connection *conn); -extern int s2n_server_cert_send(struct s2n_connection *conn); -extern int s2n_server_cert_recv(struct s2n_connection *conn); -extern int s2n_server_status_send(struct s2n_connection *conn); -extern int s2n_server_status_recv(struct s2n_connection *conn); -extern int s2n_server_key_send(struct s2n_connection *conn); -extern int s2n_server_key_recv(struct s2n_connection *conn); -extern int s2n_cert_req_recv(struct s2n_connection *conn); -extern int s2n_cert_req_send(struct s2n_connection *conn); -extern int s2n_tls13_cert_req_send(struct s2n_connection *conn); -extern int s2n_tls13_cert_req_recv(struct s2n_connection *conn); -extern int s2n_server_done_send(struct s2n_connection *conn); -extern int s2n_server_done_recv(struct s2n_connection *conn); -extern int s2n_client_cert_recv(struct s2n_connection *conn); -extern int s2n_client_cert_send(struct s2n_connection *conn); -extern int s2n_client_key_send(struct s2n_connection *conn); -extern int s2n_client_key_recv(struct s2n_connection *conn); -extern int s2n_client_cert_verify_recv(struct s2n_connection *conn); -extern int s2n_client_cert_verify_send(struct s2n_connection *conn); -extern int s2n_tls13_cert_verify_recv(struct s2n_connection *conn); -extern int s2n_tls13_cert_verify_send(struct s2n_connection *conn); -extern int s2n_server_nst_send(struct s2n_connection *conn); -extern int s2n_server_nst_recv(struct s2n_connection *conn); +int s2n_client_hello_send(struct s2n_connection *conn); +int s2n_client_hello_recv(struct s2n_connection *conn); +int s2n_establish_session(struct s2n_connection *conn); +int s2n_sslv2_client_hello_recv(struct s2n_connection *conn); +int s2n_server_hello_retry_send(struct s2n_connection *conn); +int s2n_server_hello_retry_recv(struct s2n_connection *conn); +int s2n_server_hello_write_message(struct s2n_connection *conn); +int s2n_server_hello_send(struct s2n_connection *conn); +int s2n_server_hello_recv(struct s2n_connection *conn); +int s2n_encrypted_extensions_send(struct s2n_connection *conn); +int s2n_encrypted_extensions_recv(struct s2n_connection *conn); +int s2n_next_protocol_send(struct s2n_connection *conn); +int s2n_next_protocol_recv(struct s2n_connection *conn); +int s2n_server_cert_send(struct s2n_connection *conn); +int s2n_server_cert_recv(struct s2n_connection *conn); +int s2n_server_status_send(struct s2n_connection *conn); +int s2n_server_status_recv(struct s2n_connection *conn); +int s2n_server_key_send(struct s2n_connection *conn); +int s2n_server_key_recv(struct s2n_connection *conn); +int s2n_cert_req_recv(struct s2n_connection *conn); +int s2n_cert_req_send(struct s2n_connection *conn); +int s2n_tls13_cert_req_send(struct s2n_connection *conn); +int s2n_tls13_cert_req_recv(struct s2n_connection *conn); +int s2n_server_done_send(struct s2n_connection *conn); +int s2n_server_done_recv(struct s2n_connection *conn); +int s2n_client_cert_recv(struct s2n_connection *conn); +int s2n_client_cert_send(struct s2n_connection *conn); +int s2n_client_key_send(struct s2n_connection *conn); +int s2n_client_key_recv(struct s2n_connection *conn); +int s2n_client_cert_verify_recv(struct s2n_connection *conn); +int s2n_client_cert_verify_send(struct s2n_connection *conn); +int s2n_tls13_cert_verify_recv(struct s2n_connection *conn); +int s2n_tls13_cert_verify_send(struct s2n_connection *conn); +int s2n_server_nst_send(struct s2n_connection *conn); +int s2n_server_nst_recv(struct s2n_connection *conn); S2N_RESULT s2n_tls13_server_nst_send(struct s2n_connection *conn, s2n_blocked_status *blocked); S2N_RESULT s2n_tls13_server_nst_write(struct s2n_connection *conn, struct s2n_stuffer *output); S2N_RESULT s2n_tls13_server_nst_recv(struct s2n_connection *conn, struct s2n_stuffer *input); -extern int s2n_ccs_send(struct s2n_connection *conn); -extern int s2n_basic_ccs_recv(struct s2n_connection *conn); -extern int s2n_server_ccs_recv(struct s2n_connection *conn); -extern int s2n_client_ccs_recv(struct s2n_connection *conn); -extern int s2n_client_finished_send(struct s2n_connection *conn); -extern int s2n_client_finished_recv(struct s2n_connection *conn); -extern int s2n_server_finished_send(struct s2n_connection *conn); -extern int s2n_server_finished_recv(struct s2n_connection *conn); -extern int s2n_tls13_client_finished_send(struct s2n_connection *conn); -extern int s2n_tls13_client_finished_recv(struct s2n_connection *conn); -extern int s2n_tls13_server_finished_send(struct s2n_connection *conn); -extern int s2n_tls13_server_finished_recv(struct s2n_connection *conn); -extern int s2n_end_of_early_data_send(struct s2n_connection *conn); -extern int s2n_end_of_early_data_recv(struct s2n_connection *conn); -extern int s2n_process_client_hello(struct s2n_connection *conn); -extern int s2n_handshake_write_header(struct s2n_stuffer *out, uint8_t message_type); -extern int s2n_handshake_finish_header(struct s2n_stuffer *out); +int s2n_ccs_send(struct s2n_connection *conn); +int s2n_basic_ccs_recv(struct s2n_connection *conn); +int s2n_server_ccs_recv(struct s2n_connection *conn); +int s2n_client_ccs_recv(struct s2n_connection *conn); +int s2n_client_finished_send(struct s2n_connection *conn); +int s2n_client_finished_recv(struct s2n_connection *conn); +int s2n_server_finished_send(struct s2n_connection *conn); +int s2n_server_finished_recv(struct s2n_connection *conn); +int s2n_tls13_client_finished_send(struct s2n_connection *conn); +int s2n_tls13_client_finished_recv(struct s2n_connection *conn); +int s2n_tls13_server_finished_send(struct s2n_connection *conn); +int s2n_tls13_server_finished_recv(struct s2n_connection *conn); +int s2n_end_of_early_data_send(struct s2n_connection *conn); +int s2n_end_of_early_data_recv(struct s2n_connection *conn); +int s2n_process_client_hello(struct s2n_connection *conn); +int s2n_handshake_write_header(struct s2n_stuffer *out, uint8_t message_type); +int s2n_handshake_finish_header(struct s2n_stuffer *out); S2N_RESULT s2n_handshake_parse_header(struct s2n_stuffer *io, uint8_t *message_type, uint32_t *length); -extern int s2n_read_full_record(struct s2n_connection *conn, uint8_t *record_type, int *isSSLv2); -extern int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status *blocked); +int s2n_read_full_record(struct s2n_connection *conn, uint8_t *record_type, int *isSSLv2); +int s2n_recv_close_notify(struct s2n_connection *conn, s2n_blocked_status *blocked); extern uint16_t mfl_code_to_length[5]; diff --git a/contrib/restricted/aws/s2n/tls/s2n_tls13.h b/contrib/restricted/aws/s2n/tls/s2n_tls13.h index a5924ced64a..d13fe3a355a 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_tls13.h +++ b/contrib/restricted/aws/s2n/tls/s2n_tls13.h @@ -24,9 +24,9 @@ extern "C" { #endif #if S2N_GCC_VERSION_AT_LEAST(4, 5, 0) -S2N_API __attribute__((deprecated("The use of TLS1.3 is configured through security policies"))) extern int s2n_enable_tls13(); +S2N_API __attribute__((deprecated("The use of TLS1.3 is configured through security policies"))) int s2n_enable_tls13(); #else -S2N_API __attribute__((deprecated)) extern int s2n_enable_tls13(); +S2N_API __attribute__((deprecated)) int s2n_enable_tls13(); #endif #ifdef __cplusplus diff --git a/contrib/restricted/aws/s2n/utils/s2n_array.h b/contrib/restricted/aws/s2n/utils/s2n_array.h index f41eb5c1d25..f3a55c84c80 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_array.h +++ b/contrib/restricted/aws/s2n/utils/s2n_array.h @@ -31,17 +31,17 @@ struct s2n_array { uint32_t element_size; }; -extern S2N_RESULT s2n_array_validate(const struct s2n_array *array); -extern struct s2n_array *s2n_array_new(uint32_t element_size); -extern struct s2n_array *s2n_array_new_with_capacity(uint32_t element_size, uint32_t capacity); -extern S2N_RESULT s2n_array_init(struct s2n_array *array, uint32_t element_size); -extern S2N_RESULT s2n_array_init_with_capacity(struct s2n_array *array, uint32_t element_size, uint32_t capacity); -extern S2N_RESULT s2n_array_pushback(struct s2n_array *array, void **element); -extern S2N_RESULT s2n_array_get(struct s2n_array *array, uint32_t idx, void **element); -extern S2N_RESULT s2n_array_insert(struct s2n_array *array, uint32_t idx, void **element); -extern S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void *element); -extern S2N_RESULT s2n_array_num_elements(struct s2n_array *array, uint32_t *len); -extern S2N_RESULT s2n_array_capacity(struct s2n_array *array, uint32_t *capacity); -extern S2N_RESULT s2n_array_remove(struct s2n_array *array, uint32_t idx); -extern S2N_CLEANUP_RESULT s2n_array_free_p(struct s2n_array **parray); -extern S2N_RESULT s2n_array_free(struct s2n_array *array); +S2N_RESULT s2n_array_validate(const struct s2n_array *array); +struct s2n_array *s2n_array_new(uint32_t element_size); +struct s2n_array *s2n_array_new_with_capacity(uint32_t element_size, uint32_t capacity); +S2N_RESULT s2n_array_init(struct s2n_array *array, uint32_t element_size); +S2N_RESULT s2n_array_init_with_capacity(struct s2n_array *array, uint32_t element_size, uint32_t capacity); +S2N_RESULT s2n_array_pushback(struct s2n_array *array, void **element); +S2N_RESULT s2n_array_get(struct s2n_array *array, uint32_t idx, void **element); +S2N_RESULT s2n_array_insert(struct s2n_array *array, uint32_t idx, void **element); +S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void *element); +S2N_RESULT s2n_array_num_elements(struct s2n_array *array, uint32_t *len); +S2N_RESULT s2n_array_capacity(struct s2n_array *array, uint32_t *capacity); +S2N_RESULT s2n_array_remove(struct s2n_array *array, uint32_t idx); +S2N_CLEANUP_RESULT s2n_array_free_p(struct s2n_array **parray); +S2N_RESULT s2n_array_free(struct s2n_array *array); diff --git a/contrib/restricted/aws/s2n/utils/s2n_blob.h b/contrib/restricted/aws/s2n/utils/s2n_blob.h index ee7fdc3cd9b..fd1c84f1240 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_blob.h +++ b/contrib/restricted/aws/s2n/utils/s2n_blob.h @@ -38,13 +38,13 @@ struct s2n_blob { unsigned growable : 1; }; -extern bool s2n_blob_is_growable(const struct s2n_blob *b); -extern S2N_RESULT s2n_blob_validate(const struct s2n_blob *b); -extern int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size); -extern int s2n_blob_zero(struct s2n_blob *b); -extern int s2n_blob_char_to_lower(struct s2n_blob *b); -extern int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob); -extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size); +bool s2n_blob_is_growable(const struct s2n_blob *b); +S2N_RESULT s2n_blob_validate(const struct s2n_blob *b); +int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size); +int s2n_blob_zero(struct s2n_blob *b); +int s2n_blob_char_to_lower(struct s2n_blob *b); +int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob); +int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size); #define s2n_stack_blob(name, requested_size, maximum) \ size_t name##_requested_size = (requested_size); \ diff --git a/contrib/restricted/aws/s2n/utils/s2n_ensure.h b/contrib/restricted/aws/s2n/utils/s2n_ensure.h index 83db60201e1..54b208a35b3 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_ensure.h +++ b/contrib/restricted/aws/s2n/utils/s2n_ensure.h @@ -92,9 +92,9 @@ * */ #if defined(S2N___RESTRICT__SUPPORTED) -extern void *s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str); +void *s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str); #else -extern void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str); +void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str); #endif /** diff --git a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c index 681d10493d9..184ce8f7adf 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c +++ b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c @@ -153,10 +153,12 @@ static void s2n_pthread_atfork_on_fork(void) static S2N_RESULT s2n_inititalise_pthread_atfork(void) { - /* Register the fork handler pthread_atfork_on_fork that is excuted in the + /* Register the fork handler pthread_atfork_on_fork that is executed in the * child process after a fork. */ - RESULT_ENSURE(pthread_atfork(NULL, NULL, s2n_pthread_atfork_on_fork) == 0, S2N_ERR_FORK_DETECTION_INIT); + if (s2n_is_pthread_atfork_supported() == true) { + RESULT_ENSURE(pthread_atfork(NULL, NULL, s2n_pthread_atfork_on_fork) == 0, S2N_ERR_FORK_DETECTION_INIT); + } return S2N_RESULT_OK; } @@ -349,6 +351,22 @@ bool s2n_is_map_inherit_zero_supported(void) #endif } +bool s2n_is_pthread_atfork_supported(void) +{ + /* + * There is a bug in OpenBSD's libc which is triggered by + * multi-generational forking of multi-threaded processes which call + * pthread_atfork(3). Under these conditions, a grandchild process will + * deadlock when trying to fork a great-grandchild. + * https://marc.info/?l=openbsd-tech&m=167047636422884&w=2 + */ +#if defined(__OpenBSD__) + return false; +#else + return true; +#endif +} + /* Use for testing only */ S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) { diff --git a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.h b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.h index d27ae95201f..c1faf84bf67 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.h +++ b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.h @@ -22,6 +22,7 @@ S2N_RESULT s2n_get_fork_generation_number(uint64_t *return_fork_generation_number); bool s2n_is_madv_wipeonfork_supported(void); bool s2n_is_map_inherit_zero_supported(void); +bool s2n_is_pthread_atfork_supported(void); /* Use for testing only */ S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void); diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.h b/contrib/restricted/aws/s2n/utils/s2n_map.h index 13987188d6c..259082936cf 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_map.h +++ b/contrib/restricted/aws/s2n/utils/s2n_map.h @@ -22,11 +22,11 @@ struct s2n_map; -extern struct s2n_map *s2n_map_new(); -extern struct s2n_map *s2n_map_new_with_initial_capacity(uint32_t capacity); -extern S2N_RESULT s2n_map_add(struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value); -extern S2N_RESULT s2n_map_put(struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value); -extern S2N_RESULT s2n_map_complete(struct s2n_map *map); -extern S2N_RESULT s2n_map_unlock(struct s2n_map *map); -extern S2N_RESULT s2n_map_lookup(const struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value, bool *key_found); -extern S2N_RESULT s2n_map_free(struct s2n_map *map); +struct s2n_map *s2n_map_new(); +struct s2n_map *s2n_map_new_with_initial_capacity(uint32_t capacity); +S2N_RESULT s2n_map_add(struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value); +S2N_RESULT s2n_map_put(struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value); +S2N_RESULT s2n_map_complete(struct s2n_map *map); +S2N_RESULT s2n_map_unlock(struct s2n_map *map); +S2N_RESULT s2n_map_lookup(const struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value, bool *key_found); +S2N_RESULT s2n_map_free(struct s2n_map *map); diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.h b/contrib/restricted/aws/s2n/utils/s2n_random.h index fd5ca4b9d7b..c0ad048bf27 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_random.h +++ b/contrib/restricted/aws/s2n/utils/s2n_random.h @@ -19,15 +19,15 @@ #include "utils/s2n_blob.h" #include "utils/s2n_result.h" -extern S2N_RESULT s2n_rand_init(void); -extern S2N_RESULT s2n_rand_cleanup(void); -extern S2N_RESULT s2n_get_seed_entropy(struct s2n_blob *blob); -extern S2N_RESULT s2n_get_mix_entropy(struct s2n_blob *blob); +S2N_RESULT s2n_rand_init(void); +S2N_RESULT s2n_rand_cleanup(void); +S2N_RESULT s2n_get_seed_entropy(struct s2n_blob *blob); +S2N_RESULT s2n_get_mix_entropy(struct s2n_blob *blob); -extern S2N_RESULT s2n_rand_cleanup_thread(void); -extern S2N_RESULT s2n_set_private_drbg_for_test(struct s2n_drbg drbg); -extern S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob); -extern S2N_RESULT s2n_get_public_random_bytes_used(uint64_t *bytes_used); -extern S2N_RESULT s2n_get_private_random_data(struct s2n_blob *blob); -extern S2N_RESULT s2n_get_private_random_bytes_used(uint64_t *bytes_used); -extern S2N_RESULT s2n_public_random(int64_t max, uint64_t *output); +S2N_RESULT s2n_rand_cleanup_thread(void); +S2N_RESULT s2n_set_private_drbg_for_test(struct s2n_drbg drbg); +S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob); +S2N_RESULT s2n_get_public_random_bytes_used(uint64_t *bytes_used); +S2N_RESULT s2n_get_private_random_data(struct s2n_blob *blob); +S2N_RESULT s2n_get_private_random_bytes_used(uint64_t *bytes_used); +S2N_RESULT s2n_public_random(int64_t max, uint64_t *output); diff --git a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h index 0c9652ffc2f..0afdb07c1cd 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h +++ b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h @@ -20,4 +20,4 @@ * Converts a binary representation of an ip address into its canonical string * representation. Returns 0 on success and -1 on failure. */ -extern S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst); +S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst); diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.h b/contrib/restricted/aws/s2n/utils/s2n_safety.h index e4a037d0fc2..f0955297334 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety.h +++ b/contrib/restricted/aws/s2n/utils/s2n_safety.h @@ -49,15 +49,15 @@ int s2n_in_unit_test_set(bool newval); #define S2N_IN_TEST (s2n_in_unit_test() || S2N_IN_INTEG_TEST) /* Returns 1 if a and b are equal, in constant time */ -extern bool s2n_constant_time_equals(const uint8_t* a, const uint8_t* b, const uint32_t len); +bool s2n_constant_time_equals(const uint8_t* a, const uint8_t* b, const uint32_t len); /* Copy src to dst, or don't copy it, in constant time */ -extern int s2n_constant_time_copy_or_dont(uint8_t* dst, const uint8_t* src, uint32_t len, uint8_t dont); +int s2n_constant_time_copy_or_dont(uint8_t* dst, const uint8_t* src, uint32_t len, uint8_t dont); /* If src contains valid PKCS#1 v1.5 padding of exactly expectlen bytes, decode * it into dst, otherwise leave dst alone, in constant time. * Always returns zero. */ -extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t* dst, const uint8_t* src, uint32_t srclen, uint32_t expectlen); +int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t* dst, const uint8_t* src, uint32_t srclen, uint32_t expectlen); /** * Runs _thecleanup function on _thealloc once _thealloc went out of scope @@ -103,13 +103,13 @@ S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection** c #define s2n_array_len(array) ((array != NULL) ? (sizeof(array) / sizeof(array[0])) : 0) -extern int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out); +int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out); /** * Rounds "initial" up to a multiple of "alignment", and stores the result in "out". * Raises an error if overflow would occur. * NOT CONSTANT TIME. */ -extern int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out); -extern int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out); -extern int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t* out); +int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out); +int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out); +int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t* out); diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h index 553e49ad83b..fb71ef21ee4 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h +++ b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h @@ -188,9 +188,9 @@ #define RESULT_GUARD_OSSL(result, error) __S2N_ENSURE((result) == _OSSL_SUCCESS, RESULT_BAIL(error)) /** - * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_RESULT_ERROR` + * Ensures `(result) > S2N_FAILURE`, otherwise the function will return `S2N_RESULT_ERROR` */ -#define RESULT_GUARD_POSIX(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_RESULT_ERROR) +#define RESULT_GUARD_POSIX(result) __S2N_ENSURE((result) > S2N_FAILURE, return S2N_RESULT_ERROR) /** * Ensures `(result) != NULL`, otherwise the function will return `S2N_RESULT_ERROR` @@ -226,11 +226,11 @@ /** * DEPRECATED: all methods (except those in s2n.h) should return s2n_result. * - * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will `POSIX_BAIL` with `error` + * Ensures `(result) > S2N_FAILURE`, otherwise the function will `POSIX_BAIL` with `error` * * This can be useful for overriding the global `s2n_errno` */ -#define POSIX_ENSURE_OK(result, error) __S2N_ENSURE((result) >= S2N_SUCCESS, POSIX_BAIL(error)) +#define POSIX_ENSURE_OK(result, error) __S2N_ENSURE((result) > S2N_FAILURE, POSIX_BAIL(error)) /** * DEPRECATED: all methods (except those in s2n.h) should return s2n_result. @@ -378,9 +378,9 @@ /** * DEPRECATED: all methods (except those in s2n.h) should return s2n_result. * - * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_FAILURE` + * Ensures `(result) > S2N_FAILURE`, otherwise the function will return `S2N_FAILURE` */ -#define POSIX_GUARD(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_FAILURE) +#define POSIX_GUARD(result) __S2N_ENSURE((result) > S2N_FAILURE, return S2N_FAILURE) /** * DEPRECATED: all methods (except those in s2n.h) should return s2n_result. @@ -605,7 +605,7 @@ /** * DEPRECATED: all methods (except those in s2n.h) should return s2n_result. * - * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `NULL` + * Ensures `(result) > S2N_FAILURE`, otherwise the function will return `NULL` */ -#define PTR_GUARD_POSIX(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return NULL) +#define PTR_GUARD_POSIX(result) __S2N_ENSURE((result) > S2N_FAILURE, return NULL) diff --git a/contrib/restricted/aws/s2n/utils/s2n_set.h b/contrib/restricted/aws/s2n/utils/s2n_set.h index 263cf869641..77fc6a81b40 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_set.h +++ b/contrib/restricted/aws/s2n/utils/s2n_set.h @@ -23,11 +23,11 @@ struct s2n_set { int (*comparator)(const void *, const void *); }; -extern S2N_RESULT s2n_set_validate(const struct s2n_set *set); -extern struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *)); -extern S2N_RESULT s2n_set_add(struct s2n_set *set, void *element); -extern S2N_RESULT s2n_set_get(struct s2n_set *set, uint32_t idx, void **element); -extern S2N_RESULT s2n_set_remove(struct s2n_set *set, uint32_t idx); -extern S2N_RESULT s2n_set_free_p(struct s2n_set **pset); -extern S2N_RESULT s2n_set_free(struct s2n_set *set); -extern S2N_RESULT s2n_set_len(struct s2n_set *set, uint32_t *len); +S2N_RESULT s2n_set_validate(const struct s2n_set *set); +struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *)); +S2N_RESULT s2n_set_add(struct s2n_set *set, void *element); +S2N_RESULT s2n_set_get(struct s2n_set *set, uint32_t idx, void **element); +S2N_RESULT s2n_set_remove(struct s2n_set *set, uint32_t idx); +S2N_RESULT s2n_set_free_p(struct s2n_set **pset); +S2N_RESULT s2n_set_free(struct s2n_set *set); +S2N_RESULT s2n_set_len(struct s2n_set *set, uint32_t *len); diff --git a/contrib/restricted/aws/s2n/utils/s2n_socket.h b/contrib/restricted/aws/s2n/utils/s2n_socket.h index d7f34a25ee2..cb72421302e 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_socket.h +++ b/contrib/restricted/aws/s2n/utils/s2n_socket.h @@ -39,15 +39,15 @@ struct s2n_socket_write_io_context { int original_cork_val; }; -extern int s2n_socket_quickack(struct s2n_connection *conn); -extern int s2n_socket_read_snapshot(struct s2n_connection *conn); -extern int s2n_socket_write_snapshot(struct s2n_connection *conn); -extern int s2n_socket_read_restore(struct s2n_connection *conn); -extern int s2n_socket_write_restore(struct s2n_connection *conn); -extern int s2n_socket_was_corked(struct s2n_connection *conn); -extern int s2n_socket_write_cork(struct s2n_connection *conn); -extern int s2n_socket_write_uncork(struct s2n_connection *conn); -extern int s2n_socket_set_read_size(struct s2n_connection *conn, int size); -extern int s2n_socket_read(void *io_context, uint8_t *buf, uint32_t len); -extern int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len); -extern int s2n_socket_is_ipv6(int fd, uint8_t *ipv6); +int s2n_socket_quickack(struct s2n_connection *conn); +int s2n_socket_read_snapshot(struct s2n_connection *conn); +int s2n_socket_write_snapshot(struct s2n_connection *conn); +int s2n_socket_read_restore(struct s2n_connection *conn); +int s2n_socket_write_restore(struct s2n_connection *conn); +int s2n_socket_was_corked(struct s2n_connection *conn); +int s2n_socket_write_cork(struct s2n_connection *conn); +int s2n_socket_write_uncork(struct s2n_connection *conn); +int s2n_socket_set_read_size(struct s2n_connection *conn, int size); +int s2n_socket_read(void *io_context, uint8_t *buf, uint32_t len); +int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len); +int s2n_socket_is_ipv6(int fd, uint8_t *ipv6); diff --git a/contrib/restricted/aws/s2n/utils/s2n_timer.h b/contrib/restricted/aws/s2n/utils/s2n_timer.h index dbf4a3efcd5..273c2bfd950 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_timer.h +++ b/contrib/restricted/aws/s2n/utils/s2n_timer.h @@ -23,6 +23,6 @@ struct s2n_timer { uint64_t time; }; -extern S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer); -extern S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); -extern S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); +S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer); +S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); +S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); |