Update contrib/restricted/aws/s2n to 1.3.12

ref:f8279d764b4c00974a63543a1364c91e2b81b7a6

1 files changed, 20 insertions, 17 deletions

diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
index 904976e4cc..0e69283a2c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
@@ -39,47 +39,50 @@ const s2n_extension_type s2n_client_server_name_extension = {
 
 static bool s2n_client_server_name_should_send(struct s2n_connection *conn)
 {
-    return conn && strlen(conn->server_name) > 0;
+    return conn && conn->server_name[0] != '\0';
 }
 
 static int s2n_client_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out)
 {
     struct s2n_stuffer_reservation server_name_list_size = {0};
-    GUARD(s2n_stuffer_reserve_uint16(out, &server_name_list_size));
+    POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &server_name_list_size));
 
     /* NameType, as described by RFC6066.
      * host_name is currently the only possible NameType defined. */
-    GUARD(s2n_stuffer_write_uint8(out, S2N_NAME_TYPE_HOST_NAME));
+    POSIX_GUARD(s2n_stuffer_write_uint8(out, S2N_NAME_TYPE_HOST_NAME));
 
-    GUARD(s2n_stuffer_write_uint16(out, strlen(conn->server_name)));
-    GUARD(s2n_stuffer_write_bytes(out, (const uint8_t *) conn->server_name, strlen(conn->server_name)));
+    POSIX_GUARD(s2n_stuffer_write_uint16(out, strlen(conn->server_name)));
+    POSIX_GUARD(s2n_stuffer_write_bytes(out, (const uint8_t *) conn->server_name, strlen(conn->server_name)));
 
-    GUARD(s2n_stuffer_write_vector_size(&server_name_list_size));
+    POSIX_GUARD(s2n_stuffer_write_vector_size(&server_name_list_size));
     return S2N_SUCCESS;
 }
 
+/* Read the extension up to the first item in ServerNameList. Store the first entry's length in server_name_len.
+ * For now s2n ignores all subsequent items in ServerNameList.
+ */
 static int s2n_client_server_name_check(struct s2n_connection *conn, struct s2n_stuffer *extension, uint16_t *server_name_len)
 {
-    notnull_check(conn);
+    POSIX_ENSURE_REF(conn);
 
     uint16_t size_of_all;
-    GUARD(s2n_stuffer_read_uint16(extension, &size_of_all));
-    lte_check(size_of_all, s2n_stuffer_data_available(extension));
+    POSIX_GUARD(s2n_stuffer_read_uint16(extension, &size_of_all));
+    POSIX_ENSURE_LTE(size_of_all, s2n_stuffer_data_available(extension));
 
     uint8_t server_name_type;
-    GUARD(s2n_stuffer_read_uint8(extension, &server_name_type));
-    eq_check(server_name_type, S2N_NAME_TYPE_HOST_NAME);
+    POSIX_GUARD(s2n_stuffer_read_uint8(extension, &server_name_type));
+    POSIX_ENSURE_EQ(server_name_type, S2N_NAME_TYPE_HOST_NAME);
 
-    GUARD(s2n_stuffer_read_uint16(extension, server_name_len));
-    lt_check(*server_name_len, sizeof(conn->server_name));
-    lte_check(*server_name_len, s2n_stuffer_data_available(extension));
+    POSIX_GUARD(s2n_stuffer_read_uint16(extension, server_name_len));
+    POSIX_ENSURE_LT(*server_name_len, sizeof(conn->server_name));
+    POSIX_ENSURE_LTE(*server_name_len, s2n_stuffer_data_available(extension));
 
     return S2N_SUCCESS;
 }
 
 static int s2n_client_server_name_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
 {
-    notnull_check(conn);
+    POSIX_ENSURE_REF(conn);
 
     /* Exit early if we've already parsed the server name */
     if (conn->server_name[0]) {
@@ -93,8 +96,8 @@ static int s2n_client_server_name_recv(struct s2n_connection *conn, struct s2n_s
     }
 
     uint8_t *server_name;
-    notnull_check(server_name = s2n_stuffer_raw_read(extension, server_name_len));
-    memcpy_check(conn->server_name, server_name, server_name_len);
+    POSIX_ENSURE_REF(server_name = s2n_stuffer_raw_read(extension, server_name_len));
+    POSIX_CHECKED_MEMCPY(conn->server_name, server_name, server_name_len);
 
     return S2N_SUCCESS;
 }