diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-14 15:26:54 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-14 15:26:54 +0300 |
| commit | 4925d989167591a367baa018abd3dde8b24ce47f (patch) | |
| tree | 1853212a7f126028a55f7ba871105c081089256d /contrib/restricted/aws/s2n/tls/extensions | |
| parent | 6aec14798ad91ed132f3da681c3d5b9c6fb2240d (diff) | |
| download | ydb-4925d989167591a367baa018abd3dde8b24ce47f.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.29
Diffstat (limited to 'contrib/restricted/aws/s2n/tls/extensions')
65 files changed, 299 insertions, 308 deletions
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c index 0c85cc8389..5b1c2de5c5 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c @@ -13,16 +13,15 @@ * permissions and limitations under the License. */ -#include <sys/param.h> -#include <stdint.h> - #include "tls/extensions/s2n_client_alpn.h" +#include <stdint.h> +#include <sys/param.h> + #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_protocol_preferences.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" bool s2n_client_alpn_should_send(struct s2n_connection *conn); @@ -75,7 +74,7 @@ static int s2n_client_alpn_recv(struct s2n_connection *conn, struct s2n_stuffer /* Malformed length, ignore the extension */ return S2N_SUCCESS; } - + struct s2n_blob client_protocols = { 0 }; POSIX_GUARD(s2n_blob_init(&client_protocols, s2n_stuffer_raw_read(extension, wire_size), wire_size)); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h index bc0590b32a..6e7cd8d67a 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_alpn_extension; bool s2n_client_alpn_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c index 63de6d52f5..5063b82f00 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c @@ -14,10 +14,8 @@ */ #include "api/s2n.h" - -#include "tls/extensions/s2n_early_data_indication.h" - #include "tls/extensions/s2n_client_psk.h" +#include "tls/extensions/s2n_early_data_indication.h" #include "tls/s2n_cipher_suites.h" #include "tls/s2n_early_data.h" #include "tls/s2n_protocol_preferences.h" @@ -55,7 +53,7 @@ static S2N_RESULT s2n_early_data_config_is_possible(struct s2n_connection *conn) RESULT_ENSURE_REF(conn); struct s2n_psk *first_psk = NULL; - RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &first_psk)); + RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk)); RESULT_ENSURE_REF(first_psk); struct s2n_early_data_config *early_data_config = &first_psk->early_data_config; @@ -153,7 +151,7 @@ static int s2n_client_early_data_indication_send(struct s2n_connection *conn, st /* Set the cipher suite for early data */ struct s2n_psk *first_psk = NULL; - POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &first_psk)); + POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk)); POSIX_ENSURE_REF(first_psk); conn->secure->cipher_suite = first_psk->early_data_config.cipher_suite; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c index 64664a5abb..9ec2366d5f 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c @@ -13,12 +13,11 @@ * permissions and limitations under the License. */ -#include <sys/param.h> #include <stdint.h> +#include <sys/param.h> -#include "tls/s2n_tls.h" #include "tls/extensions/s2n_ems.h" - +#include "tls/s2n_tls.h" #include "utils/s2n_safety.h" static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c index 7e0ec41a82..739a499ba3 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c @@ -14,15 +14,15 @@ */ #include "tls/extensions/s2n_client_key_share.h" -#include "tls/extensions/s2n_key_share.h" -#include "tls/s2n_security_policies.h" -#include "tls/s2n_kem_preferences.h" #include "error/s2n_errno.h" +#include "pq-crypto/s2n_pq.h" #include "stuffer/s2n_stuffer.h" -#include "utils/s2n_safety.h" +#include "tls/extensions/s2n_key_share.h" +#include "tls/s2n_kem_preferences.h" +#include "tls/s2n_security_policies.h" #include "tls/s2n_tls13.h" -#include "pq-crypto/s2n_pq.h" +#include "utils/s2n_safety.h" /** * Specified in https://tools.ietf.org/html/rfc8446#section-4.2.8 @@ -120,7 +120,7 @@ static int s2n_generate_pq_hybrid_key_share(struct s2n_stuffer *out, struct s2n_ * || PQ key share (variable bytes) */ POSIX_GUARD(s2n_stuffer_write_uint16(out, kem_group->iana_id)); - struct s2n_stuffer_reservation total_share_size = {0}; + struct s2n_stuffer_reservation total_share_size = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &total_share_size)); struct s2n_ecc_evp_params *ecc_params = &kem_group_params->ecc_params; @@ -199,7 +199,7 @@ static int s2n_client_key_share_send(struct s2n_connection *conn, struct s2n_stu POSIX_ENSURE(server_curve != client_curve || server_group != client_group, S2N_ERR_BAD_KEY_SHARE); } - struct s2n_stuffer_reservation shares_size = {0}; + struct s2n_stuffer_reservation shares_size = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &shares_size)); POSIX_GUARD(s2n_generate_default_pq_hybrid_key_share(conn, out)); POSIX_GUARD(s2n_generate_default_ecc_key_share(conn, out)); @@ -401,13 +401,13 @@ static int s2n_client_key_share_recv(struct s2n_connection *conn, struct s2n_stu struct s2n_stuffer key_share = { 0 }; uint16_t keyshare_count = 0; - while(s2n_stuffer_data_available(extension) > 0) { + while (s2n_stuffer_data_available(extension) > 0) { POSIX_GUARD(s2n_stuffer_read_uint16(extension, &named_group)); POSIX_GUARD(s2n_stuffer_read_uint16(extension, &share_size)); POSIX_ENSURE(s2n_stuffer_data_available(extension) >= share_size, S2N_ERR_BAD_MESSAGE); POSIX_GUARD(s2n_blob_init(&key_share_blob, - s2n_stuffer_raw_read(extension, share_size), share_size)); + s2n_stuffer_raw_read(extension, share_size), share_size)); POSIX_GUARD(s2n_stuffer_init(&key_share, &key_share_blob)); POSIX_GUARD(s2n_stuffer_skip_write(&key_share, share_size)); keyshare_count++; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h index 9977625680..2e1b4c4a50 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_key_share_extension; @@ -24,4 +24,3 @@ extern const s2n_extension_type s2n_client_key_share_extension; extern int s2n_extensions_client_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); extern uint32_t s2n_extensions_client_key_share_size(struct s2n_connection *conn); extern int s2n_extensions_client_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); - diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c index df5d2e5088..634f507e8f 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_max_frag_len.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_max_frag_len.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" static bool s2n_client_max_frag_len_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h index 49bb3be845..39b3a00731 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_max_frag_len_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c index aae1fe8256..a2d0a98a02 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c @@ -13,16 +13,16 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_client_pq_kem.h" + #include <stdint.h> #include <sys/param.h> -#include "tls/extensions/s2n_client_pq_kem.h" +#include "pq-crypto/s2n_pq.h" #include "tls/s2n_kem.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "pq-crypto/s2n_pq.h" - #include "utils/s2n_safety.h" static bool s2n_client_pq_kem_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h index 91934773f3..fb775d27a8 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_pq_kem_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c index 800fce4aaf..992e2ca4e9 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c @@ -13,19 +13,19 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_psk.h" + #include <stdint.h> +#include <sys/param.h> #include "crypto/s2n_hash.h" -#include "tls/s2n_tls.h" #include "tls/s2n_psk.h" +#include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/extensions/s2n_client_psk.h" - #include "utils/s2n_bitmap.h" #include "utils/s2n_safety.h" -#define SIZE_OF_BINDER_SIZE sizeof(uint8_t) +#define SIZE_OF_BINDER_SIZE sizeof(uint8_t) #define SIZE_OF_BINDER_LIST_SIZE sizeof(uint16_t) /* To avoid a DoS attack triggered by decrypting too many session tickets, @@ -82,7 +82,7 @@ bool s2n_client_psk_should_send(struct s2n_connection *conn) */ for (size_t i = 0; i < conn->psk_params.psk_list.len; i++) { struct s2n_psk *psk = NULL; - if (s2n_result_is_ok(s2n_array_get(&conn->psk_params.psk_list, i, (void**) &psk)) + if (s2n_result_is_ok(s2n_array_get(&conn->psk_params.psk_list, i, (void **) &psk)) && psk != NULL && conn->secure->cipher_suite->prf_alg == psk->hmac_alg) { return true; @@ -146,7 +146,7 @@ static int s2n_client_psk_send(struct s2n_connection *conn, struct s2n_stuffer * for (size_t i = 0; i < psk_list->len; i++) { struct s2n_psk *psk = NULL; - POSIX_GUARD_RESULT(s2n_array_get(psk_list, i, (void**) &psk)); + POSIX_GUARD_RESULT(s2n_array_get(psk_list, i, (void **) &psk)); POSIX_ENSURE_REF(psk); /** @@ -162,7 +162,7 @@ static int s2n_client_psk_send(struct s2n_connection *conn, struct s2n_stuffer * /* Write the identity */ POSIX_GUARD(s2n_stuffer_write_uint16(out, psk->identity.size)); POSIX_GUARD(s2n_stuffer_write(out, &psk->identity)); - + /* Write obfuscated ticket age */ uint32_t obfuscated_ticket_age = 0; uint64_t current_time = 0; @@ -210,14 +210,14 @@ static S2N_RESULT s2n_select_external_psk(struct s2n_connection *conn, struct s2 for (size_t i = 0; i < server_psks->len; i++) { struct s2n_psk *server_psk = NULL; - RESULT_GUARD(s2n_array_get(server_psks, i, (void**) &server_psk)); + RESULT_GUARD(s2n_array_get(server_psks, i, (void **) &server_psk)); RESULT_ENSURE_REF(server_psk); struct s2n_offered_psk client_psk = { 0 }; uint16_t wire_index = 0; RESULT_GUARD_POSIX(s2n_offered_psk_list_reread(client_identity_list)); - while(s2n_offered_psk_list_has_next(client_identity_list)) { + while (s2n_offered_psk_list_has_next(client_identity_list)) { RESULT_GUARD_POSIX(s2n_offered_psk_list_next(client_identity_list, &client_psk)); uint16_t compare_size = MIN(client_psk.identity.size, server_psk->identity.size); if (s2n_constant_time_equals(client_psk.identity.data, server_psk->identity.data, compare_size) @@ -233,7 +233,8 @@ static S2N_RESULT s2n_select_external_psk(struct s2n_connection *conn, struct s2 return S2N_RESULT_OK; } -static S2N_RESULT s2n_select_resumption_psk(struct s2n_connection *conn, struct s2n_offered_psk_list *client_identity_list) { +static S2N_RESULT s2n_select_resumption_psk(struct s2n_connection *conn, struct s2n_offered_psk_list *client_identity_list) +{ RESULT_ENSURE_REF(conn); RESULT_ENSURE_REF(client_identity_list); @@ -266,9 +267,9 @@ static S2N_RESULT s2n_client_psk_recv_identity_list(struct s2n_connection *conn, if (conn->config->psk_selection_cb) { RESULT_GUARD_POSIX(conn->config->psk_selection_cb(conn, conn->config->psk_selection_ctx, &identity_list)); - } else if(conn->psk_params.type == S2N_PSK_TYPE_EXTERNAL) { + } else if (conn->psk_params.type == S2N_PSK_TYPE_EXTERNAL) { RESULT_GUARD(s2n_select_external_psk(conn, &identity_list)); - } else if(conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION) { + } else if (conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION) { RESULT_GUARD(s2n_select_resumption_psk(conn, &identity_list)); } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h index 1fdabff50d..ac20b6eea1 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_psk_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c index 187d5603dc..120caf47f9 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c @@ -13,12 +13,12 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_renegotiation_info.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_renegotiation_info.h" #include "tls/s2n_tls.h" - #include "utils/s2n_safety.h" static int s2n_client_renegotiation_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h index dbc98ddf80..f67c1bb896 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_renegotiation_info_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c index d3f699c8c3..98891e7017 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_sct_list.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_sct_list.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" static bool s2n_client_sct_list_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h index 2f03d9baff..a49c46cad1 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_sct_list_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c index 0e69283a2c..0fd0b1ca44 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_server_name.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_server_name.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" #define S2N_NAME_TYPE_HOST_NAME 0 @@ -44,7 +44,7 @@ static bool s2n_client_server_name_should_send(struct s2n_connection *conn) static int s2n_client_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out) { - struct s2n_stuffer_reservation server_name_list_size = {0}; + struct s2n_stuffer_reservation server_name_list_size = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &server_name_list_size)); /* NameType, as described by RFC6066. diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h index a6dde369dc..b3961500bc 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_server_name_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c index ca9c5e96e7..8155f35325 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c @@ -13,16 +13,15 @@ * permissions and limitations under the License. */ -#include <sys/param.h> -#include <stdint.h> - #include "tls/extensions/s2n_client_session_ticket.h" +#include <stdint.h> +#include <sys/param.h> + #include "tls/extensions/s2n_client_psk.h" +#include "tls/s2n_resume.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_resume.h" - #include "utils/s2n_safety.h" static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h index 4b3b045dcd..781b1a95a2 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_session_ticket_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c index 9986a2cad1..7ee72e6233 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c @@ -13,14 +13,14 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_signature_algorithms.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_signature_algorithms.h" +#include "tls/s2n_signature_algorithms.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_signature_algorithms.h" - #include "utils/s2n_safety.h" static bool s2n_client_signature_algorithms_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h index 0832d40460..2d2d00ff9b 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_signature_algorithms_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c index 608e8d0a55..e5d4b1a29a 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_status_request.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_status_request.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" static bool s2n_client_status_request_should_send(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h index b3862755fc..12b8c07cbe 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_status_request_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c index 1b8ead056d..f58cbd3a18 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c @@ -13,19 +13,18 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_supported_groups.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_supported_groups.h" +#include "pq-crypto/s2n_pq.h" #include "tls/extensions/s2n_ec_point_format.h" - +#include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" +#include "tls/s2n_tls13.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_security_policies.h" - #include "utils/s2n_safety.h" -#include "pq-crypto/s2n_pq.h" -#include "tls/s2n_tls13.h" static int s2n_client_supported_groups_send(struct s2n_connection *conn, struct s2n_stuffer *out); static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); @@ -82,7 +81,8 @@ static int s2n_client_supported_groups_send(struct s2n_connection *conn, struct /* Populates the appropriate index of either the mutually_supported_curves or * mutually_supported_kem_groups array based on the received IANA ID. Will * ignore unrecognized IANA IDs (and return success). */ -static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn, uint16_t iana_id) { +static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn, uint16_t iana_id) +{ POSIX_ENSURE_REF(conn); const struct s2n_ecc_preferences *ecc_pref = NULL; @@ -117,7 +117,8 @@ static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn, return S2N_SUCCESS; } -static int s2n_choose_supported_group(struct s2n_connection *conn) { +static int s2n_choose_supported_group(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); const struct s2n_ecc_preferences *ecc_pref = NULL; @@ -159,7 +160,8 @@ static int s2n_choose_supported_group(struct s2n_connection *conn) { return S2N_SUCCESS; } -static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) { +static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h index e5b798543e..611e392a76 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_client_supported_groups_extension; bool s2n_extension_should_send_if_ecc_enabled(struct s2n_connection *conn); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c index 067a9d3eaf..b7a8c72715 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c @@ -13,16 +13,16 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_client_supported_versions.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_client_supported_versions.h" #include "tls/extensions/s2n_supported_versions.h" #include "tls/s2n_alerts.h" #include "tls/s2n_cipher_preferences.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" /** @@ -74,7 +74,8 @@ static int s2n_client_supported_versions_send(struct s2n_connection *conn, struc return S2N_SUCCESS; } -static int s2n_extensions_client_supported_versions_process(struct s2n_connection *conn, struct s2n_stuffer *extension) { +static int s2n_extensions_client_supported_versions_process(struct s2n_connection *conn, struct s2n_stuffer *extension) +{ uint8_t highest_supported_version = conn->server_protocol_version; uint8_t minimum_supported_version = s2n_unknown_protocol_version; POSIX_GUARD_RESULT(s2n_connection_get_minimum_supported_version(conn, &minimum_supported_version)); @@ -138,7 +139,8 @@ static int s2n_client_supported_versions_recv(struct s2n_connection *conn, struc /* Old-style extension functions -- remove after extensions refactor is complete */ -int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn) { +int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn) +{ uint8_t minimum_supported_version = s2n_unknown_protocol_version; POSIX_GUARD_RESULT(s2n_connection_get_minimum_supported_version(conn, &minimum_supported_version)); uint8_t highest_supported_version = conn->client_protocol_version; @@ -148,10 +150,12 @@ int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn) { return version_list_length * S2N_TLS_PROTOCOL_VERSION_LEN + 5; } -int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) { +int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) +{ return s2n_extension_recv(&s2n_client_supported_versions_extension, conn, extension); } -int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out) { +int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out) +{ return s2n_extension_send(&s2n_client_supported_versions_extension, conn, out); } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h index b9deabe628..cbf39cebff 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h @@ -15,8 +15,8 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_client_supported_versions_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h index ae844cc7ab..8df4d582fc 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h @@ -13,7 +13,6 @@ * permissions and limitations under the License. */ - #pragma once #include "tls/extensions/s2n_extension_type.h" @@ -22,4 +21,3 @@ extern const s2n_extension_type s2n_client_cookie_extension; extern const s2n_extension_type s2n_server_cookie_extension; int s2n_cookie_send(struct s2n_connection *conn, struct s2n_stuffer *out); - diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c index 20a3acfa9a..755b2f59cf 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_ec_point_format.h" + #include <stdint.h> +#include <sys/param.h> #include "tls/extensions/s2n_client_supported_groups.h" -#include "tls/extensions/s2n_ec_point_format.h" #include "tls/s2n_tls.h" - #include "utils/s2n_safety.h" static int s2n_ec_point_format_send(struct s2n_connection *conn, struct s2n_stuffer *out); @@ -77,10 +77,10 @@ static int s2n_ec_point_format_recv(struct s2n_connection *conn, struct s2n_stuf int s2n_server_ecc_point_format_extension_size(struct s2n_connection *conn) { if (s2n_server_ec_point_format_extension.should_send(conn) && s2n_server_can_send_ec_point_formats(conn)) { - return sizeof(uint16_t) /* extension type */ - + sizeof(uint16_t) /* extension size */ - + sizeof(uint8_t) /* point list size */ - + sizeof(uint8_t); /* point */ + return sizeof(uint16_t) /* extension type */ + + sizeof(uint16_t) /* extension size */ + + sizeof(uint8_t) /* point list size */ + + sizeof(uint8_t); /* point */ } return 0; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h index 4e7cf3065d..e8c55d369e 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" #define TLS_EC_POINT_FORMAT_UNCOMPRESSED 0 diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c index 64b691abc3..bffbebf14b 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c @@ -14,12 +14,11 @@ */ #include "s2n_extension_list.h" -#include "s2n_extension_type.h" -#include "s2n_extension_type_lists.h" #include "api/s2n.h" - #include "error/s2n_errno.h" +#include "s2n_extension_type.h" +#include "s2n_extension_type_lists.h" #include "utils/s2n_safety.h" #define s2n_parsed_extension_is_empty(parsed_extension) ((parsed_extension)->extension.data == NULL) @@ -29,7 +28,7 @@ int s2n_extension_list_send(s2n_extension_list_id list_type, struct s2n_connecti s2n_extension_type_list *extension_type_list; POSIX_GUARD(s2n_extension_type_list_get(list_type, &extension_type_list)); - struct s2n_stuffer_reservation total_extensions_size = {0}; + struct s2n_stuffer_reservation total_extensions_size = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &total_extensions_size)); for (int i = 0; i < extension_type_list->count; i++) { @@ -161,7 +160,7 @@ int s2n_extension_list_parse(struct s2n_stuffer *in, s2n_parsed_extensions_list POSIX_ENSURE_REF(in); POSIX_ENSURE_REF(parsed_extension_list); - POSIX_CHECKED_MEMSET((s2n_parsed_extension*) parsed_extension_list->parsed_extensions, + POSIX_CHECKED_MEMSET((s2n_parsed_extension *) parsed_extension_list->parsed_extensions, 0, sizeof(parsed_extension_list->parsed_extensions)); uint16_t total_extensions_size; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h index cddddf4135..411c7e4d7c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h @@ -24,7 +24,7 @@ typedef struct { uint16_t extension_type; struct s2n_blob extension; uint16_t wire_index; - unsigned processed:1; + unsigned processed : 1; } s2n_parsed_extension; typedef struct { diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c index 4e4aa5d3bc..adf957a8eb 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c @@ -13,10 +13,10 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" +#include "tls/extensions/s2n_extension_type.h" +#include "api/s2n.h" #include "error/s2n_errno.h" -#include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls13.h" #include "utils/s2n_bitmap.h" @@ -90,8 +90,7 @@ int s2n_extension_send(const s2n_extension_type *extension_type, struct s2n_conn POSIX_GUARD(s2n_extension_supported_iana_value_to_id(extension_type->iana_value, &extension_id)); /* Do not send response if request not received. */ - if (extension_type->is_response && - !S2N_CBIT_TEST(conn->extension_requests_received, extension_id)) { + if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_received, extension_id)) { return S2N_SUCCESS; } @@ -109,7 +108,7 @@ int s2n_extension_send(const s2n_extension_type *extension_type, struct s2n_conn POSIX_GUARD(s2n_stuffer_write_uint16(out, extension_type->iana_value)); /* Reserve space for extension size */ - struct s2n_stuffer_reservation extension_size_bytes = {0}; + struct s2n_stuffer_reservation extension_size_bytes = { 0 }; POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &extension_size_bytes)); /* Write extension data */ @@ -154,8 +153,7 @@ int s2n_extension_recv(const s2n_extension_type *extension_type, struct s2n_conn *# ClientHello, with the exception of optionally the "cookie" (see *# Section 4.2.2) extension. **/ - if (extension_type->is_response && - !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) { + if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) { POSIX_BAIL(S2N_ERR_UNSUPPORTED_EXTENSION); } @@ -186,8 +184,7 @@ int s2n_extension_is_missing(const s2n_extension_type *extension_type, struct s2 POSIX_GUARD(s2n_extension_supported_iana_value_to_id(extension_type->iana_value, &extension_id)); /* Do not consider an extension missing if we did not send a request */ - if(extension_type->is_response && - !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) { + if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) { return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h index a5ecb36ce4..eec792dd8c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h @@ -20,31 +20,31 @@ #include "stuffer/s2n_stuffer.h" #include "tls/s2n_tls_parameters.h" -#define S2N_EXTENSION_TYPE_FIELD_LENGTH 2 -#define S2N_EXTENSION_LENGTH_FIELD_LENGTH 2 -#define S2N_EXTENSION_HEADER_LENGTH (S2N_EXTENSION_TYPE_FIELD_LENGTH + S2N_EXTENSION_LENGTH_FIELD_LENGTH) +#define S2N_EXTENSION_TYPE_FIELD_LENGTH 2 +#define S2N_EXTENSION_LENGTH_FIELD_LENGTH 2 +#define S2N_EXTENSION_HEADER_LENGTH (S2N_EXTENSION_TYPE_FIELD_LENGTH + S2N_EXTENSION_LENGTH_FIELD_LENGTH) /* The number of extensions supported by S2N */ -#define S2N_SUPPORTED_EXTENSIONS_COUNT (sizeof(s2n_supported_extensions) / sizeof(s2n_supported_extensions[0])) +#define S2N_SUPPORTED_EXTENSIONS_COUNT (sizeof(s2n_supported_extensions) / sizeof(s2n_supported_extensions[0])) /* The number of bytes needed to assign 1 bit to every supported extension. * The +1 is necessary to handle any remainder left over when dividing. */ -#define S2N_SUPPORTED_EXTENSIONS_BITFIELD_LEN ((S2N_SUPPORTED_EXTENSIONS_COUNT / sizeof(char)) + 1) +#define S2N_SUPPORTED_EXTENSIONS_BITFIELD_LEN ((S2N_SUPPORTED_EXTENSIONS_COUNT / sizeof(char)) + 1) struct s2n_connection; typedef struct { uint16_t iana_value; - unsigned is_response:1; + unsigned is_response : 1; uint16_t minimum_version; - int (*send) (struct s2n_connection *conn, struct s2n_stuffer *out); - int (*recv) (struct s2n_connection *conn, struct s2n_stuffer *in); + int (*send)(struct s2n_connection *conn, struct s2n_stuffer *out); + int (*recv)(struct s2n_connection *conn, struct s2n_stuffer *in); /* Returns true or false to indicate whether the extension should be sent */ - bool (*should_send) (struct s2n_connection *conn); + bool (*should_send)(struct s2n_connection *conn); /* Handler called if an extension is not received */ - int (*if_missing) (struct s2n_connection *conn); + int (*if_missing)(struct s2n_connection *conn); } s2n_extension_type; static const uint16_t s2n_supported_extensions[] = { diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c index e3513e00aa..b928f1bc38 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c @@ -13,88 +13,87 @@ * permissions and limitations under the License. */ -#include "api/s2n.h" - #include "tls/extensions/s2n_extension_type_lists.h" -#include "tls/s2n_connection.h" -#include "tls/extensions/s2n_cookie.h" -#include "tls/extensions/s2n_client_supported_versions.h" -#include "tls/extensions/s2n_client_signature_algorithms.h" -#include "tls/extensions/s2n_client_max_frag_len.h" -#include "tls/extensions/s2n_client_session_ticket.h" -#include "tls/extensions/s2n_client_server_name.h" +#include "api/s2n.h" #include "tls/extensions/s2n_client_alpn.h" -#include "tls/extensions/s2n_client_status_request.h" #include "tls/extensions/s2n_client_key_share.h" -#include "tls/extensions/s2n_client_sct_list.h" -#include "tls/extensions/s2n_client_supported_groups.h" +#include "tls/extensions/s2n_client_max_frag_len.h" #include "tls/extensions/s2n_client_pq_kem.h" #include "tls/extensions/s2n_client_psk.h" -#include "tls/extensions/s2n_ems.h" -#include "tls/extensions/s2n_early_data_indication.h" -#include "tls/extensions/s2n_psk_key_exchange_modes.h" #include "tls/extensions/s2n_client_renegotiation_info.h" +#include "tls/extensions/s2n_client_sct_list.h" +#include "tls/extensions/s2n_client_server_name.h" +#include "tls/extensions/s2n_client_session_ticket.h" +#include "tls/extensions/s2n_client_signature_algorithms.h" +#include "tls/extensions/s2n_client_status_request.h" +#include "tls/extensions/s2n_client_supported_groups.h" +#include "tls/extensions/s2n_client_supported_versions.h" +#include "tls/extensions/s2n_cookie.h" +#include "tls/extensions/s2n_early_data_indication.h" #include "tls/extensions/s2n_ec_point_format.h" +#include "tls/extensions/s2n_ems.h" +#include "tls/extensions/s2n_npn.h" +#include "tls/extensions/s2n_psk_key_exchange_modes.h" #include "tls/extensions/s2n_quic_transport_params.h" +#include "tls/extensions/s2n_server_alpn.h" #include "tls/extensions/s2n_server_certificate_status.h" +#include "tls/extensions/s2n_server_key_share.h" +#include "tls/extensions/s2n_server_max_fragment_length.h" +#include "tls/extensions/s2n_server_psk.h" #include "tls/extensions/s2n_server_renegotiation_info.h" -#include "tls/extensions/s2n_server_alpn.h" -#include "tls/extensions/s2n_server_status_request.h" #include "tls/extensions/s2n_server_sct_list.h" -#include "tls/extensions/s2n_server_max_fragment_length.h" -#include "tls/extensions/s2n_server_session_ticket.h" #include "tls/extensions/s2n_server_server_name.h" +#include "tls/extensions/s2n_server_session_ticket.h" #include "tls/extensions/s2n_server_signature_algorithms.h" +#include "tls/extensions/s2n_server_status_request.h" #include "tls/extensions/s2n_server_supported_versions.h" -#include "tls/extensions/s2n_server_key_share.h" -#include "tls/extensions/s2n_server_psk.h" -#include "tls/extensions/s2n_npn.h" +#include "tls/s2n_connection.h" static const s2n_extension_type *const client_hello_extensions[] = { - &s2n_client_supported_versions_extension, - - /* We MUST process key_share after supported_groups, - * because we need to choose the keyshare based on the - * mutually supported groups. */ - &s2n_client_supported_groups_extension, - &s2n_client_key_share_extension, - - &s2n_client_signature_algorithms_extension, - &s2n_client_server_name_extension, - - /* We MUST process the NPN extension after the ALPN extension - * because NPN is only negotiated if ALPN is not */ - &s2n_client_alpn_extension, - &s2n_client_npn_extension, - - &s2n_client_status_request_extension, - &s2n_client_sct_list_extension, - &s2n_client_max_frag_len_extension, - &s2n_client_session_ticket_extension, - &s2n_client_ec_point_format_extension, - &s2n_client_pq_kem_extension, - &s2n_client_renegotiation_info_extension, - &s2n_client_cookie_extension, - &s2n_quic_transport_parameters_extension, - &s2n_psk_key_exchange_modes_extension, - &s2n_client_early_data_indication_extension, - &s2n_client_ems_extension, - &s2n_client_psk_extension /* MUST be last */ + &s2n_client_supported_versions_extension, + + /* We MUST process key_share after supported_groups, + * because we need to choose the keyshare based on the + * mutually supported groups. */ + &s2n_client_supported_groups_extension, + &s2n_client_key_share_extension, + + &s2n_client_signature_algorithms_extension, + &s2n_client_server_name_extension, + + /* We MUST process the NPN extension after the ALPN extension + * because NPN is only negotiated if ALPN is not */ + &s2n_client_alpn_extension, + &s2n_client_npn_extension, + + &s2n_client_status_request_extension, + &s2n_client_sct_list_extension, + &s2n_client_max_frag_len_extension, + &s2n_client_session_ticket_extension, + &s2n_client_ec_point_format_extension, + &s2n_client_pq_kem_extension, + &s2n_client_renegotiation_info_extension, + &s2n_client_cookie_extension, + &s2n_quic_transport_parameters_extension, + &s2n_psk_key_exchange_modes_extension, + &s2n_client_early_data_indication_extension, + &s2n_client_ems_extension, + &s2n_client_psk_extension /* MUST be last */ }; static const s2n_extension_type *const tls12_server_hello_extensions[] = { - &s2n_server_supported_versions_extension, - &s2n_server_server_name_extension, - &s2n_server_ec_point_format_extension, - &s2n_server_renegotiation_info_extension, - &s2n_server_alpn_extension, - &s2n_server_status_request_extension, - &s2n_server_sct_list_extension, - &s2n_server_max_fragment_length_extension, - &s2n_server_session_ticket_extension, - &s2n_server_ems_extension, - &s2n_server_npn_extension, + &s2n_server_supported_versions_extension, + &s2n_server_server_name_extension, + &s2n_server_ec_point_format_extension, + &s2n_server_renegotiation_info_extension, + &s2n_server_alpn_extension, + &s2n_server_status_request_extension, + &s2n_server_sct_list_extension, + &s2n_server_max_fragment_length_extension, + &s2n_server_session_ticket_extension, + &s2n_server_ems_extension, + &s2n_server_npn_extension, }; /** @@ -109,50 +108,53 @@ static const s2n_extension_type *const tls12_server_hello_extensions[] = { *# - key_share (see Section 4.2.8) */ static const s2n_extension_type *const hello_retry_request_extensions[] = { - &s2n_server_supported_versions_extension, - &s2n_server_cookie_extension, - &s2n_server_key_share_extension, + &s2n_server_supported_versions_extension, + &s2n_server_cookie_extension, + &s2n_server_key_share_extension, }; static const s2n_extension_type *const tls13_server_hello_extensions[] = { - &s2n_server_supported_versions_extension, - &s2n_server_key_share_extension, - &s2n_server_psk_extension, /* MUST appear after keyshare extension */ + &s2n_server_supported_versions_extension, + &s2n_server_key_share_extension, + &s2n_server_psk_extension, /* MUST appear after keyshare extension */ }; static const s2n_extension_type *const encrypted_extensions[] = { - &s2n_server_server_name_extension, - &s2n_server_max_fragment_length_extension, - &s2n_server_alpn_extension, - &s2n_quic_transport_parameters_extension, - &s2n_server_early_data_indication_extension, + &s2n_server_server_name_extension, + &s2n_server_max_fragment_length_extension, + &s2n_server_alpn_extension, + &s2n_quic_transport_parameters_extension, + &s2n_server_early_data_indication_extension, }; static const s2n_extension_type *const cert_req_extensions[] = { - &s2n_server_signature_algorithms_extension, + &s2n_server_signature_algorithms_extension, }; static const s2n_extension_type *const certificate_extensions[] = { - &s2n_tls13_server_status_request_extension, - &s2n_server_sct_list_extension, + &s2n_tls13_server_status_request_extension, + &s2n_server_sct_list_extension, }; static const s2n_extension_type *const nst_extensions[] = { - &s2n_nst_early_data_indication_extension, + &s2n_nst_early_data_indication_extension, }; -#define S2N_EXTENSION_LIST(list) { .extension_types = (list), .count = s2n_array_len(list) } +#define S2N_EXTENSION_LIST(list) \ + { \ + .extension_types = (list), .count = s2n_array_len(list) \ + } static s2n_extension_type_list extension_lists[] = { - [S2N_EXTENSION_LIST_CLIENT_HELLO] = S2N_EXTENSION_LIST(client_hello_extensions), - [S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST] = S2N_EXTENSION_LIST(hello_retry_request_extensions), - [S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT] = S2N_EXTENSION_LIST(tls12_server_hello_extensions), - [S2N_EXTENSION_LIST_SERVER_HELLO_TLS13] = S2N_EXTENSION_LIST(tls13_server_hello_extensions), - [S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS] = S2N_EXTENSION_LIST(encrypted_extensions), - [S2N_EXTENSION_LIST_CERT_REQ] = S2N_EXTENSION_LIST(cert_req_extensions), - [S2N_EXTENSION_LIST_CERTIFICATE] = S2N_EXTENSION_LIST(certificate_extensions), - [S2N_EXTENSION_LIST_NST] = S2N_EXTENSION_LIST(nst_extensions), - [S2N_EXTENSION_LIST_EMPTY] = { .extension_types = NULL, .count = 0 }, + [S2N_EXTENSION_LIST_CLIENT_HELLO] = S2N_EXTENSION_LIST(client_hello_extensions), + [S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST] = S2N_EXTENSION_LIST(hello_retry_request_extensions), + [S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT] = S2N_EXTENSION_LIST(tls12_server_hello_extensions), + [S2N_EXTENSION_LIST_SERVER_HELLO_TLS13] = S2N_EXTENSION_LIST(tls13_server_hello_extensions), + [S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS] = S2N_EXTENSION_LIST(encrypted_extensions), + [S2N_EXTENSION_LIST_CERT_REQ] = S2N_EXTENSION_LIST(cert_req_extensions), + [S2N_EXTENSION_LIST_CERTIFICATE] = S2N_EXTENSION_LIST(certificate_extensions), + [S2N_EXTENSION_LIST_NST] = S2N_EXTENSION_LIST(nst_extensions), + [S2N_EXTENSION_LIST_EMPTY] = { .extension_types = NULL, .count = 0 }, }; int s2n_extension_type_list_get(s2n_extension_list_id list_type, s2n_extension_type_list **extension_list) diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c index 6b3f144b3a..7428eb9fd8 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c @@ -14,6 +14,7 @@ */ #include "tls/extensions/s2n_key_share.h" + #include "tls/s2n_tls.h" #include "utils/s2n_safety.h" diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h index daa464c2bd..c8c6f98950 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h @@ -16,14 +16,14 @@ #pragma once #include "crypto/s2n_ecc_evp.h" -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" -#define S2N_SIZE_OF_EXTENSION_TYPE 2 -#define S2N_SIZE_OF_EXTENSION_DATA_SIZE 2 -#define S2N_SIZE_OF_CLIENT_SHARES_SIZE 2 -#define S2N_SIZE_OF_NAMED_GROUP 2 -#define S2N_SIZE_OF_KEY_SHARE_SIZE 2 +#define S2N_SIZE_OF_EXTENSION_TYPE 2 +#define S2N_SIZE_OF_EXTENSION_DATA_SIZE 2 +#define S2N_SIZE_OF_CLIENT_SHARES_SIZE 2 +#define S2N_SIZE_OF_NAMED_GROUP 2 +#define S2N_SIZE_OF_KEY_SHARE_SIZE 2 S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out); int s2n_ecdhe_parameters_send(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c index 42e9905199..0d266ec0ac 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c @@ -14,12 +14,12 @@ */ #include "tls/extensions/s2n_npn.h" + #include "tls/extensions/s2n_client_alpn.h" #include "tls/extensions/s2n_server_alpn.h" +#include "tls/s2n_protocol_preferences.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_protocol_preferences.h" - #include "utils/s2n_safety.h" bool s2n_npn_should_send(struct s2n_connection *conn) diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c index 0f149ec2fe..f6802b3014 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c @@ -14,10 +14,8 @@ */ #include "api/s2n.h" - -#include "tls/extensions/s2n_early_data_indication.h" - #include "stuffer/s2n_stuffer.h" +#include "tls/extensions/s2n_early_data_indication.h" #include "tls/s2n_connection.h" #include "tls/s2n_early_data.h" #include "utils/s2n_safety.h" diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c index cf0c57ed8d..2062ffa58e 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c @@ -13,12 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_psk_key_exchange_modes.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/s2n_tls_parameters.h" #include "tls/extensions/s2n_client_psk.h" -#include "tls/extensions/s2n_psk_key_exchange_modes.h" +#include "tls/s2n_tls_parameters.h" #include "utils/s2n_safety.h" static bool s2n_psk_key_exchange_modes_should_send(struct s2n_connection *conn); @@ -67,7 +68,7 @@ static int s2n_psk_key_exchange_modes_recv(struct s2n_connection *conn, struct s for (size_t i = 0; i < psk_ke_mode_list_len; i++) { uint8_t wire_psk_ke_mode; POSIX_GUARD(s2n_stuffer_read_uint8(extension, &wire_psk_ke_mode)); - + /* s2n currently only supports pre-shared keys with (EC)DHE key establishment */ if (wire_psk_ke_mode == TLS_PSK_DHE_KE_MODE) { conn->psk_params.psk_ke_mode = S2N_PSK_DHE_KE; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h index 74c1fe9797..0a8b6a416e 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" #define PSK_KEY_EXCHANGE_MODE_SIZE sizeof(uint8_t) diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c index ab84388e7a..c4297df0d6 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c @@ -15,10 +15,9 @@ #include "tls/extensions/s2n_quic_transport_params.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - -#include "stuffer/s2n_stuffer.h" #include "utils/s2n_safety.h" /* diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c index a62f63c167..dd556bd85c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c @@ -13,14 +13,12 @@ * permissions and limitations under the License. */ -#include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" +#include "tls/extensions/s2n_server_alpn.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" - -#include "tls/extensions/s2n_server_alpn.h" +#include "utils/s2n_safety.h" bool s2n_server_alpn_should_send(struct s2n_connection *conn); static int s2n_alpn_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c index 243cd753ee..d58cc1f4b3 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c @@ -13,11 +13,12 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_server_certificate_status.h" + #include "tls/s2n_config.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_x509_validator.h" -#include "tls/extensions/s2n_server_certificate_status.h" #include "utils/s2n_safety.h" #define U24_SIZE 3 diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h index 0f5ef18742..60e28f4a24 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_tls13_server_status_request_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c index 80a8143a81..24064425ae 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c @@ -14,9 +14,7 @@ */ #include "api/s2n.h" - #include "tls/extensions/s2n_early_data_indication.h" - #include "tls/s2n_connection.h" #include "tls/s2n_early_data.h" #include "tls/s2n_handshake.h" diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c index c5170eb714..24dea1f8ab 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c @@ -13,12 +13,11 @@ * permissions and limitations under the License. */ -#include <sys/param.h> #include <stdint.h> +#include <sys/param.h> -#include "tls/s2n_tls.h" #include "tls/extensions/s2n_ems.h" - +#include "tls/s2n_tls.h" #include "utils/s2n_safety.h" static int s2n_server_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c index b57ae8a73c..eefdf0c56d 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c @@ -14,14 +14,13 @@ */ #include "tls/extensions/s2n_server_key_share.h" + +#include "pq-crypto/s2n_pq.h" #include "tls/s2n_security_policies.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls13.h" - #include "utils/s2n_safety.h" -#include "pq-crypto/s2n_pq.h" - static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out); static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); @@ -35,7 +34,8 @@ const s2n_extension_type s2n_server_key_share_extension = { .if_missing = s2n_extension_noop_if_missing, }; -static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out) { +static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out) +{ POSIX_ENSURE_REF(out); POSIX_ENSURE_REF(conn); @@ -68,7 +68,8 @@ static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, } /* Check that client has sent a corresponding key share for the server's KEM group */ -int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) { +int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE(s2n_pq_is_enabled(), S2N_ERR_PQ_DISABLED); @@ -100,7 +101,8 @@ int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) { } /* Check that client has sent a corresponding key share for the server's EC curve */ -int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) { +int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); const struct s2n_ecc_preferences *ecc_pref = NULL; @@ -117,7 +119,8 @@ int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) { return S2N_SUCCESS; } -static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out) { +static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(out); @@ -153,7 +156,8 @@ static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stu } static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint16_t named_group_iana, - struct s2n_stuffer *extension) { + struct s2n_stuffer *extension) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(extension); @@ -191,7 +195,7 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint /* Ensure that the server's key share corresponds with a key share previously sent by the client */ struct s2n_kem_group_params *client_kem_group_params = &conn->kex_params.client_kem_group_params; - POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data, S2N_ERR_BAD_KEY_SHARE); + POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data, S2N_ERR_BAD_KEY_SHARE); POSIX_ENSURE(client_kem_group_params->ecc_params.evp_pkey, S2N_ERR_BAD_KEY_SHARE); POSIX_ENSURE(client_kem_group_params->kem_group == server_kem_group_params->kem_group, S2N_ERR_BAD_KEY_SHARE); @@ -216,7 +220,8 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint } static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t named_group_iana, - struct s2n_stuffer *extension) { + struct s2n_stuffer *extension) +{ POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(extension); @@ -252,7 +257,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n POSIX_ENSURE_REF(server_ecc_evp_params->negotiated_curve); const struct s2n_ecc_named_curve *previous_negotiated_curve = server_ecc_evp_params->negotiated_curve; POSIX_ENSURE(negotiated_curve == previous_negotiated_curve, - S2N_ERR_BAD_MESSAGE); + S2N_ERR_BAD_MESSAGE); } server_ecc_evp_params->negotiated_curve = negotiated_curve; @@ -281,7 +286,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n /* Proceed to parse share */ struct s2n_blob point_blob; - S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size, &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE); + S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size, &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE); S2N_ERROR_IF(s2n_ecc_evp_parse_params_point(&point_blob, server_ecc_evp_params) < 0, S2N_ERR_BAD_KEY_SHARE); S2N_ERROR_IF(server_ecc_evp_params->evp_pkey == NULL, S2N_ERR_BAD_KEY_SHARE); @@ -325,7 +330,8 @@ static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stu } /* Selects highest priority mutually supported key share, or indicates need for HRR */ -int s2n_extensions_server_key_share_select(struct s2n_connection *conn) { +int s2n_extensions_server_key_share_select(struct s2n_connection *conn) +{ POSIX_ENSURE_REF(conn); const struct s2n_ecc_preferences *ecc_pref = NULL; @@ -391,10 +397,10 @@ int s2n_extensions_server_key_share_select(struct s2n_connection *conn) { */ int s2n_extensions_server_key_share_send_size(struct s2n_connection *conn) { - const struct s2n_ecc_named_curve* curve = conn->kex_params.server_ecc_evp_params.negotiated_curve; + const struct s2n_ecc_named_curve *curve = conn->kex_params.server_ecc_evp_params.negotiated_curve; int key_share_size = S2N_SIZE_OF_EXTENSION_TYPE - + S2N_SIZE_OF_EXTENSION_DATA_SIZE - + S2N_SIZE_OF_NAMED_GROUP; + + S2N_SIZE_OF_EXTENSION_DATA_SIZE + + S2N_SIZE_OF_NAMED_GROUP; /* If this is a KeyShareHelloRetryRequest we don't include the share size */ if (s2n_is_hello_retry_message(conn)) { diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h index 11a289d1de..a2884dd119 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h @@ -15,10 +15,9 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" - #include "tls/extensions/s2n_key_share.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_server_key_share_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c index e55e3f21e5..7ba3ddfdf9 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c @@ -13,19 +13,16 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_server_max_fragment_length.h" + #include <sys/param.h> #include "error/s2n_errno.h" - #include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" - +#include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_connection.h" - -#include "tls/extensions/s2n_server_max_fragment_length.h" +#include "utils/s2n_safety.h" static bool s2n_max_fragment_length_should_send(struct s2n_connection *conn); static int s2n_max_fragment_length_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c index 09e525fa93..afd604ade0 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c @@ -13,14 +13,14 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_server_psk.h" + #include <stdint.h> +#include <sys/param.h> #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_server_psk.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_bitmap.h" +#include "utils/s2n_safety.h" static bool s2n_server_psk_should_send(struct s2n_connection *conn); static int s2n_server_psk_send(struct s2n_connection *conn, struct s2n_stuffer *out); @@ -82,7 +82,7 @@ static int s2n_server_psk_recv(struct s2n_connection *conn, struct s2n_stuffer * conn->psk_params.chosen_psk_wire_index = chosen_psk_wire_index; POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, conn->psk_params.chosen_psk_wire_index, - (void **)&conn->psk_params.chosen_psk)); + (void **) &conn->psk_params.chosen_psk)); return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c index 5834412e10..7f972064c1 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c @@ -13,16 +13,14 @@ * permissions and limitations under the License. */ -#include "error/s2n_errno.h" +#include "tls/extensions/s2n_server_renegotiation_info.h" +#include "error/s2n_errno.h" #include "stuffer/s2n_stuffer.h" - -#include "utils/s2n_safety.h" - -#include "tls/s2n_tls_parameters.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_server_renegotiation_info.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_safety.h" /** * s2n-tls servers do NOT support renegotiation. diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h index b037b2182a..eb9a862de5 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_server_renegotiation_info_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c index cf28bef52b..d062c1975a 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_server_sct_list.h" + #include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_server_sct_list.h" - -#include "utils/s2n_safety.h" #include "utils/s2n_blob.h" +#include "utils/s2n_safety.h" static bool s2n_server_sct_list_should_send(struct s2n_connection *conn); static int s2n_server_sct_list_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c index 239c84f1fb..56e14e0de6 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c @@ -13,10 +13,10 @@ * permissions and limitations under the License. */ -#include "stuffer/s2n_stuffer.h" +#include "tls/extensions/s2n_server_server_name.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" -#include "tls/extensions/s2n_server_server_name.h" static bool s2n_server_name_should_send(struct s2n_connection *conn); static int s2n_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c index d4c9bf019f..187da6b831 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c @@ -13,12 +13,12 @@ * permissions and limitations under the License. */ -#include "stuffer/s2n_stuffer.h" +#include "tls/extensions/s2n_server_session_ticket.h" -#include "tls/s2n_tls_parameters.h" +#include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_server_session_ticket.h" +#include "tls/s2n_tls_parameters.h" static bool s2n_session_ticket_should_send(struct s2n_connection *conn); static int s2n_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h index 2e9ba959cb..d6c8ab35e9 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_server_session_ticket_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c index e7bd8a32cc..b8903f2da2 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c @@ -13,16 +13,15 @@ * permissions and limitations under the License. */ -#include <sys/param.h> #include <stdint.h> +#include <sys/param.h> +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_client_signature_algorithms.h" #include "tls/s2n_connection.h" +#include "tls/s2n_signature_algorithms.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/s2n_signature_algorithms.h" - -#include "stuffer/s2n_stuffer.h" #include "utils/s2n_safety.h" static int s2n_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c index c73b5c32a4..4248db8b7c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c @@ -13,11 +13,12 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_server_status_request.h" + #include "stuffer/s2n_stuffer.h" #include "tls/s2n_connection.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" -#include "tls/extensions/s2n_server_status_request.h" static bool s2n_server_status_request_should_send(struct s2n_connection *conn); static int s2n_server_status_request_recv(struct s2n_connection *conn, struct s2n_stuffer *extension); diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h index b43ff10ca8..4bb46dd4df 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h @@ -15,9 +15,9 @@ #pragma once +#include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_connection.h" -#include "stuffer/s2n_stuffer.h" extern const s2n_extension_type s2n_server_status_request_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c index 55a3e4ebd2..8dc4179683 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c @@ -13,16 +13,16 @@ * permissions and limitations under the License. */ -#include <sys/param.h> +#include "tls/extensions/s2n_server_supported_versions.h" + #include <stdint.h> +#include <sys/param.h> -#include "tls/extensions/s2n_server_supported_versions.h" #include "tls/extensions/s2n_supported_versions.h" #include "tls/s2n_alerts.h" #include "tls/s2n_cipher_preferences.h" #include "tls/s2n_tls.h" #include "tls/s2n_tls_parameters.h" - #include "utils/s2n_safety.h" /** @@ -79,7 +79,7 @@ static int s2n_extensions_server_supported_versions_process(struct s2n_connectio **/ if (s2n_is_hello_retry_handshake(conn) && !s2n_is_hello_retry_message(conn)) { POSIX_ENSURE(conn->server_protocol_version == server_version, - S2N_ERR_BAD_MESSAGE); + S2N_ERR_BAD_MESSAGE); } POSIX_ENSURE_GTE(server_version, S2N_TLS13); @@ -87,7 +87,7 @@ static int s2n_extensions_server_supported_versions_process(struct s2n_connectio POSIX_ENSURE_GTE(server_version, minimum_supported_version); conn->server_protocol_version = server_version; - + return S2N_SUCCESS; } diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h index c7312be137..8a5f74579c 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h @@ -13,11 +13,10 @@ * permissions and limitations under the License. */ - #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" extern const s2n_extension_type s2n_server_supported_versions_extension; diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c index 3f77789e31..86c40ecca0 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c @@ -13,12 +13,12 @@ * permissions and limitations under the License. */ +#include "tls/extensions/s2n_supported_versions.h" + #include <stdint.h> #include <sys/param.h> -#include "tls/extensions/s2n_supported_versions.h" #include "tls/s2n_security_policies.h" - #include "utils/s2n_safety.h" S2N_RESULT s2n_connection_get_minimum_supported_version(struct s2n_connection *conn, uint8_t *min_version) diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h index 6c1fdcea76..bcf3ccf105 100644 --- a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h +++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h @@ -15,7 +15,7 @@ #pragma once -#include "tls/s2n_connection.h" #include "stuffer/s2n_stuffer.h" +#include "tls/s2n_connection.h" S2N_RESULT s2n_connection_get_minimum_supported_version(struct s2n_connection *conn, uint8_t *min_version); |