Update contrib/restricted/aws/s2n to 1.3.19

2 files changed, 11 insertions, 1 deletions

diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
index 36ec3d339f..0fd8d83c5d 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
@@ -52,6 +52,16 @@ static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *
     return S2N_SUCCESS;
 }
 
+/**
+ *= https://www.rfc-editor.org/rfc/rfc7627#section-5.3
+ *= type=exception
+ *# When offering an abbreviated handshake, the client MUST send the
+ *# "extended_master_secret" extension in its ClientHello.
+ *
+ *  We added an exception here in order to prevent a drop in 
+ *  session resumption rates during deployment. Eventually clients
+ *  will be forced to do a full handshake as sessions expire and pick up EMS at that point.
+ **/
 static bool s2n_client_ems_should_send(struct s2n_connection *conn)
 {
     /* Don't send this extension if the previous session did not negotiate EMS */
diff --git a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c
index fc60767bb6..0d3f05b2c9 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_server_key_exchange.c
@@ -100,7 +100,7 @@ int s2n_ecdhe_server_key_recv_read_data(struct s2n_connection *conn, struct s2n_
 
 int s2n_ecdhe_server_key_recv_parse_data(struct s2n_connection *conn, struct s2n_kex_raw_server_data *raw_server_data)
 {
-    POSIX_GUARD(s2n_ecc_evp_parse_params(&raw_server_data->ecdhe_data, &conn->kex_params.server_ecc_evp_params));
+    POSIX_GUARD(s2n_ecc_evp_parse_params(conn, &raw_server_data->ecdhe_data, &conn->kex_params.server_ecc_evp_params));
 
     return 0;
 }