diff options
| author | thegeorg <thegeorg@yandex-team.ru> | 2022-05-10 22:16:03 +0300 |
|---|---|---|
| committer | thegeorg <thegeorg@yandex-team.ru> | 2022-05-10 22:16:03 +0300 |
| commit | 09c71d918d4d0b0ebf67e1ab41aa90ddf587a3f2 (patch) | |
| tree | dd44d2cb68e2845c2d4c367b66893f3e043a6e8e /contrib/restricted/aws/s2n/tls/s2n_server_cert.c | |
| parent | 5eb4a8a2d487411924e1d1b27c454223dcf35005 (diff) | |
| download | ydb-09c71d918d4d0b0ebf67e1ab41aa90ddf587a3f2.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.12
ref:f8279d764b4c00974a63543a1364c91e2b81b7a6
Diffstat (limited to 'contrib/restricted/aws/s2n/tls/s2n_server_cert.c')
| -rw-r--r-- | contrib/restricted/aws/s2n/tls/s2n_server_cert.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_cert.c b/contrib/restricted/aws/s2n/tls/s2n_server_cert.c index 0188505ae1..6be1ac6202 100644 --- a/contrib/restricted/aws/s2n/tls/s2n_server_cert.c +++ b/contrib/restricted/aws/s2n/tls/s2n_server_cert.c @@ -13,7 +13,7 @@ * permissions and limitations under the License. */ -#include <s2n.h> +#include "api/s2n.h" #include "error/s2n_errno.h" @@ -27,30 +27,30 @@ int s2n_server_cert_recv(struct s2n_connection *conn) { if (conn->actual_protocol_version == S2N_TLS13) { uint8_t certificate_request_context_len; - GUARD(s2n_stuffer_read_uint8(&conn->handshake.io, &certificate_request_context_len)); + POSIX_GUARD(s2n_stuffer_read_uint8(&conn->handshake.io, &certificate_request_context_len)); S2N_ERROR_IF(certificate_request_context_len != 0, S2N_ERR_BAD_MESSAGE); } uint32_t size_of_all_certificates; - GUARD(s2n_stuffer_read_uint24(&conn->handshake.io, &size_of_all_certificates)); + POSIX_GUARD(s2n_stuffer_read_uint24(&conn->handshake.io, &size_of_all_certificates)); S2N_ERROR_IF(size_of_all_certificates > s2n_stuffer_data_available(&conn->handshake.io) || size_of_all_certificates < 3, S2N_ERR_BAD_MESSAGE); s2n_cert_public_key public_key; - GUARD(s2n_pkey_zero_init(&public_key)); + POSIX_GUARD(s2n_pkey_zero_init(&public_key)); s2n_pkey_type actual_cert_pkey_type; struct s2n_blob cert_chain = {0}; cert_chain.size = size_of_all_certificates; cert_chain.data = s2n_stuffer_raw_read(&conn->handshake.io, size_of_all_certificates); - notnull_check(cert_chain.data); + POSIX_ENSURE_REF(cert_chain.data); - GUARD(s2n_x509_validator_validate_cert_chain(&conn->x509_validator, conn, cert_chain.data, - cert_chain.size, &actual_cert_pkey_type, &public_key)); + POSIX_ENSURE(s2n_x509_validator_validate_cert_chain(&conn->x509_validator, conn, cert_chain.data, + cert_chain.size, &actual_cert_pkey_type, &public_key) == S2N_CERT_OK, S2N_ERR_CERT_UNTRUSTED); - GUARD(s2n_is_cert_type_valid_for_auth(conn, actual_cert_pkey_type)); - GUARD(s2n_pkey_setup_for_type(&public_key, actual_cert_pkey_type)); - conn->secure.server_public_key = public_key; + POSIX_GUARD(s2n_is_cert_type_valid_for_auth(conn, actual_cert_pkey_type)); + POSIX_GUARD(s2n_pkey_setup_for_type(&public_key, actual_cert_pkey_type)); + conn->handshake_params.server_public_key = public_key; return 0; } @@ -62,10 +62,10 @@ int s2n_server_cert_send(struct s2n_connection *conn) /* server's certificate request context should always be of zero length */ /* https://tools.ietf.org/html/rfc8446#section-4.4.2 */ uint8_t certificate_request_context_len = 0; - GUARD(s2n_stuffer_write_uint8(&conn->handshake.io, certificate_request_context_len)); + POSIX_GUARD(s2n_stuffer_write_uint8(&conn->handshake.io, certificate_request_context_len)); } - GUARD(s2n_send_cert_chain(conn, &conn->handshake.io, conn->handshake_params.our_chain_and_key)); + POSIX_GUARD(s2n_send_cert_chain(conn, &conn->handshake.io, conn->handshake_params.our_chain_and_key)); return 0; } |