Update contrib/restricted/aws/s2n to 1.3.29

1 files changed, 22 insertions, 16 deletions

diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
index b57ae8a73c..eefdf0c56d 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
@@ -14,14 +14,13 @@
  */
 
 #include "tls/extensions/s2n_server_key_share.h"
+
+#include "pq-crypto/s2n_pq.h"
 #include "tls/s2n_security_policies.h"
 #include "tls/s2n_tls.h"
 #include "tls/s2n_tls13.h"
-
 #include "utils/s2n_safety.h"
 
-#include "pq-crypto/s2n_pq.h"
-
 static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out);
 static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
 
@@ -35,7 +34,8 @@ const s2n_extension_type s2n_server_key_share_extension = {
     .if_missing = s2n_extension_noop_if_missing,
 };
 
-static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out) {
+static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out)
+{
     POSIX_ENSURE_REF(out);
     POSIX_ENSURE_REF(conn);
 
@@ -68,7 +68,8 @@ static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn,
 }
 
 /* Check that client has sent a corresponding key share for the server's KEM group */
-int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) {
+int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn)
+{
     POSIX_ENSURE_REF(conn);
 
     POSIX_ENSURE(s2n_pq_is_enabled(), S2N_ERR_PQ_DISABLED);
@@ -100,7 +101,8 @@ int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) {
 }
 
 /* Check that client has sent a corresponding key share for the server's EC curve */
-int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) {
+int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn)
+{
     POSIX_ENSURE_REF(conn);
 
     const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -117,7 +119,8 @@ int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) {
     return S2N_SUCCESS;
 }
 
-static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out) {
+static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out)
+{
     POSIX_ENSURE_REF(conn);
     POSIX_ENSURE_REF(out);
 
@@ -153,7 +156,8 @@ static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stu
 }
 
 static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint16_t named_group_iana,
-        struct s2n_stuffer *extension) {
+        struct s2n_stuffer *extension)
+{
     POSIX_ENSURE_REF(conn);
     POSIX_ENSURE_REF(extension);
 
@@ -191,7 +195,7 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint
 
     /* Ensure that the server's key share corresponds with a key share previously sent by the client */
     struct s2n_kem_group_params *client_kem_group_params = &conn->kex_params.client_kem_group_params;
-    POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data,  S2N_ERR_BAD_KEY_SHARE);
+    POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data, S2N_ERR_BAD_KEY_SHARE);
     POSIX_ENSURE(client_kem_group_params->ecc_params.evp_pkey, S2N_ERR_BAD_KEY_SHARE);
     POSIX_ENSURE(client_kem_group_params->kem_group == server_kem_group_params->kem_group, S2N_ERR_BAD_KEY_SHARE);
 
@@ -216,7 +220,8 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint
 }
 
 static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t named_group_iana,
-        struct s2n_stuffer *extension) {
+        struct s2n_stuffer *extension)
+{
     POSIX_ENSURE_REF(conn);
     POSIX_ENSURE_REF(extension);
 
@@ -252,7 +257,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n
         POSIX_ENSURE_REF(server_ecc_evp_params->negotiated_curve);
         const struct s2n_ecc_named_curve *previous_negotiated_curve = server_ecc_evp_params->negotiated_curve;
         POSIX_ENSURE(negotiated_curve == previous_negotiated_curve,
-                     S2N_ERR_BAD_MESSAGE);
+                S2N_ERR_BAD_MESSAGE);
     }
 
     server_ecc_evp_params->negotiated_curve = negotiated_curve;
@@ -281,7 +286,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n
 
     /* Proceed to parse share */
     struct s2n_blob point_blob;
-    S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size,  &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE);
+    S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size, &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE);
     S2N_ERROR_IF(s2n_ecc_evp_parse_params_point(&point_blob, server_ecc_evp_params) < 0, S2N_ERR_BAD_KEY_SHARE);
     S2N_ERROR_IF(server_ecc_evp_params->evp_pkey == NULL, S2N_ERR_BAD_KEY_SHARE);
 
@@ -325,7 +330,8 @@ static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stu
 }
 
 /* Selects highest priority mutually supported key share, or indicates need for HRR */
-int s2n_extensions_server_key_share_select(struct s2n_connection *conn) {
+int s2n_extensions_server_key_share_select(struct s2n_connection *conn)
+{
     POSIX_ENSURE_REF(conn);
 
     const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -391,10 +397,10 @@ int s2n_extensions_server_key_share_select(struct s2n_connection *conn) {
  */
 int s2n_extensions_server_key_share_send_size(struct s2n_connection *conn)
 {
-    const struct s2n_ecc_named_curve* curve = conn->kex_params.server_ecc_evp_params.negotiated_curve;
+    const struct s2n_ecc_named_curve *curve = conn->kex_params.server_ecc_evp_params.negotiated_curve;
     int key_share_size = S2N_SIZE_OF_EXTENSION_TYPE
-        + S2N_SIZE_OF_EXTENSION_DATA_SIZE
-        + S2N_SIZE_OF_NAMED_GROUP;
+            + S2N_SIZE_OF_EXTENSION_DATA_SIZE
+            + S2N_SIZE_OF_NAMED_GROUP;
 
     /* If this is a KeyShareHelloRetryRequest we don't include the share size */
     if (s2n_is_hello_retry_message(conn)) {