Update contrib/restricted/aws/s2n to 1.3.28

author: robot-contrib <robot-contrib@yandex-team.com> 2022-11-30 20:07:11 +0300
committer: robot-contrib <robot-contrib@yandex-team.com> 2022-11-30 20:07:11 +0300
commit: 3dfe99f4cc702156a58dce52df0cf2100c626241 (patch)
tree: 73ae0e2d09d6ffc5bbb24123bd97592ca45cfde0 /contrib/restricted/aws/s2n/crypto
parent: 5941cbae8a1b816d4743f50c20c7a5631af4e8e1 (diff)
download: ydb-3dfe99f4cc702156a58dce52df0cf2100c626241.tar.gz
4 files changed, 11 insertions, 7 deletions
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
index 0768451c1b..f044352b6d 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
@@ -32,7 +32,7 @@
  * AWS-LC define OPENSSL_VERSION_NUMBER. */
 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 #define S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC
-#elif (S2N_OPENSSL_VERSION_AT_LEAST(1,1,0))
+#elif (S2N_OPENSSL_VERSION_AT_LEAST(1,1,0) && !defined(LIBRESSL_VERSION_NUMBER))
 #define S2N_CHACHA20_POLY1305_AVAILABLE_OSSL
 #endif
 
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_dhe.c b/contrib/restricted/aws/s2n/crypto/s2n_dhe.c
index 9f6bc31249..513b6d09ed 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_dhe.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_dhe.c
@@ -37,7 +37,7 @@ static const BIGNUM *s2n_get_Ys_dh_param(struct s2n_dh_params *dh_params)
     const BIGNUM *Ys;
 
 /* DH made opaque in Openssl 1.1.0 */
-#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)
+#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
     DH_get0_key(dh_params->dh, &Ys, NULL);
 #else
     Ys                     = dh_params->dh->pub_key;
@@ -49,7 +49,7 @@ static const BIGNUM *s2n_get_Ys_dh_param(struct s2n_dh_params *dh_params)
 static const BIGNUM *s2n_get_p_dh_param(struct s2n_dh_params *dh_params)
 {
     const BIGNUM *p;
-#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)
+#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
     DH_get0_pqg(dh_params->dh, &p, NULL, NULL);
 #else
     p                      = dh_params->dh->p;
@@ -61,7 +61,7 @@ static const BIGNUM *s2n_get_p_dh_param(struct s2n_dh_params *dh_params)
 static const BIGNUM *s2n_get_g_dh_param(struct s2n_dh_params *dh_params)
 {
     const BIGNUM *g;
-#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)
+#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
     DH_get0_pqg(dh_params->dh, NULL, NULL, &g);
 #else
     g                      = dh_params->dh->g;
@@ -109,7 +109,7 @@ static int s2n_set_p_g_Ys_dh_params(struct s2n_dh_params *dh_params, struct s2n_
     BIGNUM *bn_g  = BN_bin2bn(( const unsigned char * )g->data, g->size, NULL);
     BIGNUM *bn_Ys = BN_bin2bn(( const unsigned char * )Ys->data, Ys->size, NULL);
 
-#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)
+#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
     /* Per https://www.openssl.org/docs/man1.1.0/crypto/DH_get0_pqg.html:
 	* values that have been passed in should not be freed directly after this function has been called
 	*/
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_openssl.h b/contrib/restricted/aws/s2n/crypto/s2n_openssl.h
index a6cebf982f..d0d2b2d2b2 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_openssl.h
+++ b/contrib/restricted/aws/s2n/crypto/s2n_openssl.h
@@ -25,7 +25,11 @@
  */
 #if defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x20000000L)
 #undef OPENSSL_VERSION_NUMBER
+#if LIBRESSL_VERSION_NUMBER < 0x3050000fL
 #define OPENSSL_VERSION_NUMBER 0x1000107fL
+#else
+#define OPENSSL_VERSION_NUMBER 0x1010000fL
+#endif
 #endif
 
 /* Per https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
@@ -38,7 +42,7 @@
 #define S2N_OPENSSL_VERSION_AT_LEAST(major, minor, fix) \
     (OPENSSL_VERSION_NUMBER >= ((major << 28) + (minor << 20) + (fix << 12)))
 
-#if (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)) && (!defined(OPENSSL_IS_BORINGSSL)) && (!defined(OPENSSL_IS_AWSLC))
+#if (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)) && (!defined(OPENSSL_IS_BORINGSSL)) && (!defined(OPENSSL_IS_AWSLC)) && (!defined(LIBRESSL_VERSION_NUMBER))
 #define s2n_evp_ctx_init(ctx) POSIX_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG)
 #define RESULT_EVP_CTX_INIT(ctx) RESULT_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG)
 #else
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c
index 27d2f7c32c..ff6b5340b7 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_rsa.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_rsa.c
@@ -52,7 +52,7 @@ RSA *s2n_unsafe_rsa_get_non_const(const struct s2n_rsa_key *rsa_key) {
 static S2N_RESULT s2n_rsa_modulus_check(const RSA *rsa)
 {
 /* RSA was made opaque starting in Openssl 1.1.0 */
-#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER)
+#if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
     const BIGNUM *n = NULL;
     /* RSA still owns the memory for n */
     RSA_get0_key(rsa, &n, NULL, NULL);
author	robot-contrib <robot-contrib@yandex-team.com>	2022-11-30 20:07:11 +0300
committer	robot-contrib <robot-contrib@yandex-team.com>	2022-11-30 20:07:11 +0300
commit	3dfe99f4cc702156a58dce52df0cf2100c626241 (patch)
tree	73ae0e2d09d6ffc5bbb24123bd97592ca45cfde0 /contrib/restricted/aws/s2n/crypto
parent	5941cbae8a1b816d4743f50c20c7a5631af4e8e1 (diff)
download	ydb-3dfe99f4cc702156a58dce52df0cf2100c626241.tar.gz