diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-29 11:19:28 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-29 11:19:28 +0300 |
| commit | fed8d432668e1993b6d0d429398d65aa40f3f5fe (patch) | |
| tree | 5b837c62d01f3fcdafb6a31ae4914f530053c5b9 /contrib/restricted/aws/s2n/tls/s2n_psk.c | |
| parent | d6e1a495bd3ea25012ef907b23327e085f36be1c (diff) | |
| download | ydb-fed8d432668e1993b6d0d429398d65aa40f3f5fe.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.31
Diffstat (limited to 'contrib/restricted/aws/s2n/tls/s2n_psk.c')
| -rw-r--r-- | contrib/restricted/aws/s2n/tls/s2n_psk.c | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/contrib/restricted/aws/s2n/tls/s2n_psk.c b/contrib/restricted/aws/s2n/tls/s2n_psk.c index 7a1c4a295d..ebefe6c7bd 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_psk.c +++ b/contrib/restricted/aws/s2n/tls/s2n_psk.c @@ -16,13 +16,11 @@ #include <sys/param.h> #include "crypto/s2n_tls13_keys.h" - +#include "tls/extensions/s2n_extension_type.h" #include "tls/s2n_handshake.h" -#include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls.h" -#include "tls/extensions/s2n_extension_type.h" +#include "tls/s2n_tls13_handshake.h" #include "tls/s2n_tls13_secrets.h" - #include "utils/s2n_array.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -40,12 +38,12 @@ S2N_RESULT s2n_psk_init(struct s2n_psk *psk, s2n_psk_type type) return S2N_RESULT_OK; } -struct s2n_psk* s2n_external_psk_new() +struct s2n_psk *s2n_external_psk_new() { DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_psk))); - struct s2n_psk *psk = (struct s2n_psk*)(void*) mem.data; + struct s2n_psk *psk = (struct s2n_psk *) (void *) mem.data; PTR_GUARD_RESULT(s2n_psk_init(psk, S2N_PSK_TYPE_EXTERNAL)); ZERO_TO_DISABLE_DEFER_CLEANUP(mem); @@ -135,9 +133,9 @@ S2N_RESULT s2n_psk_parameters_init(struct s2n_psk_parameters *params) static S2N_RESULT s2n_psk_offered_psk_size(struct s2n_psk *psk, uint32_t *size) { - *size = sizeof(uint16_t) /* identity size */ - + sizeof(uint32_t) /* obfuscated ticket age */ - + sizeof(uint8_t) /* binder size */; + *size = sizeof(uint16_t) /* identity size */ + + sizeof(uint32_t) /* obfuscated ticket age */ + + sizeof(uint8_t); /* binder size */ RESULT_GUARD_POSIX(s2n_add_overflow(*size, psk->identity.size, size)); @@ -153,12 +151,12 @@ S2N_RESULT s2n_psk_parameters_offered_psks_size(struct s2n_psk_parameters *param RESULT_ENSURE_REF(params); RESULT_ENSURE_REF(size); - *size = sizeof(uint16_t) /* identity list size */ - + sizeof(uint16_t) /* binder list size */; + *size = sizeof(uint16_t) /* identity list size */ + + sizeof(uint16_t) /* binder list size */; for (uint32_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); uint32_t psk_size = 0; @@ -174,7 +172,7 @@ S2N_CLEANUP_RESULT s2n_psk_parameters_wipe(struct s2n_psk_parameters *params) for (size_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_GUARD(s2n_psk_wipe(psk)); } RESULT_GUARD_POSIX(s2n_free(¶ms->psk_list.mem)); @@ -189,7 +187,7 @@ S2N_CLEANUP_RESULT s2n_psk_parameters_wipe_secrets(struct s2n_psk_parameters *pa for (size_t i = 0; i < params->psk_list.len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(¶ms->psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); RESULT_GUARD_POSIX(s2n_free(&psk->early_secret)); RESULT_GUARD_POSIX(s2n_free(&psk->secret)); @@ -273,13 +271,13 @@ static S2N_RESULT s2n_match_psk_identity(struct s2n_array *known_psks, const str *match = NULL; for (size_t i = 0; i < known_psks->len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(known_psks, i, (void**)&psk)); + RESULT_GUARD(s2n_array_get(known_psks, i, (void **) &psk)); RESULT_ENSURE_REF(psk); RESULT_ENSURE_REF(psk->identity.data); RESULT_ENSURE_REF(wire_identity->data); uint32_t compare_size = MIN(wire_identity->size, psk->identity.size); if (s2n_constant_time_equals(psk->identity.data, wire_identity->data, compare_size) - & (psk->identity.size == wire_identity->size) & (!*match)) { + & (psk->identity.size == wire_identity->size) & (!*match)) { *match = psk; } } @@ -294,7 +292,7 @@ static S2N_RESULT s2n_match_psk_identity(struct s2n_array *known_psks, const str *# modulo 2^32) is within a small tolerance of the time since the ticket *# was issued (see Section 8). **/ -static S2N_RESULT s2n_validate_ticket_lifetime(struct s2n_connection *conn, uint32_t obfuscated_ticket_age, uint32_t ticket_age_add) +static S2N_RESULT s2n_validate_ticket_lifetime(struct s2n_connection *conn, uint32_t obfuscated_ticket_age, uint32_t ticket_age_add) { RESULT_ENSURE_REF(conn); @@ -342,13 +340,13 @@ int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_list, struc return S2N_SUCCESS; } -struct s2n_offered_psk* s2n_offered_psk_new() +struct s2n_offered_psk *s2n_offered_psk_new() { DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free); PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_offered_psk))); PTR_GUARD_POSIX(s2n_blob_zero(&mem)); - struct s2n_offered_psk *psk = (struct s2n_offered_psk*)(void*) mem.data; + struct s2n_offered_psk *psk = (struct s2n_offered_psk *) (void *) mem.data; ZERO_TO_DISABLE_DEFER_CLEANUP(mem); return psk; @@ -362,7 +360,7 @@ int s2n_offered_psk_free(struct s2n_offered_psk **psk) return s2n_free_object((uint8_t **) psk, sizeof(struct s2n_offered_psk)); } -int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t** identity, uint16_t *size) +int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size) { POSIX_ENSURE_REF(psk); POSIX_ENSURE_REF(identity); @@ -494,7 +492,7 @@ static S2N_RESULT s2n_psk_write_binder_list(struct s2n_connection *conn, const s /* Write binder for every psk */ for (size_t i = 0; i < psk_list->len; i++) { struct s2n_psk *psk = NULL; - RESULT_GUARD(s2n_array_get(psk_list, i, (void**) &psk)); + RESULT_GUARD(s2n_array_get(psk_list, i, (void **) &psk)); RESULT_ENSURE_REF(psk); /** @@ -562,9 +560,13 @@ S2N_RESULT s2n_finish_psk_extension(struct s2n_connection *conn) int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac) { POSIX_ENSURE_REF(psk); - switch(hmac) { - case S2N_PSK_HMAC_SHA256: psk->hmac_alg = S2N_HMAC_SHA256; break; - case S2N_PSK_HMAC_SHA384: psk->hmac_alg = S2N_HMAC_SHA384; break; + switch (hmac) { + case S2N_PSK_HMAC_SHA256: + psk->hmac_alg = S2N_HMAC_SHA256; + break; + case S2N_PSK_HMAC_SHA384: + psk->hmac_alg = S2N_HMAC_SHA384; + break; default: POSIX_BAIL(S2N_ERR_HMAC_INVALID_ALGORITHM); } @@ -588,11 +590,11 @@ int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *input POSIX_GUARD_RESULT(s2n_connection_set_psk_type(conn, input_psk->type)); struct s2n_array *psk_list = &conn->psk_params.psk_list; - + /* Check for duplicate identities */ for (uint32_t j = 0; j < psk_list->len; j++) { struct s2n_psk *existing_psk = NULL; - POSIX_GUARD_RESULT(s2n_array_get(psk_list, j, (void**) &existing_psk)); + POSIX_GUARD_RESULT(s2n_array_get(psk_list, j, (void **) &existing_psk)); POSIX_ENSURE_REF(existing_psk); bool duplicate = existing_psk->identity.size == input_psk->identity.size @@ -630,7 +632,7 @@ int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode) { POSIX_ENSURE_REF(conn); s2n_psk_type type = 0; - switch(mode) { + switch (mode) { case S2N_PSK_MODE_RESUMPTION: type = S2N_PSK_TYPE_RESUMPTION; break; @@ -663,7 +665,7 @@ int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *con } int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, - uint16_t max_identity_length) + uint16_t max_identity_length) { POSIX_ENSURE_REF(conn); POSIX_ENSURE_REF(identity); |