diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-14 15:26:54 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-12-14 15:26:54 +0300 |
| commit | 4925d989167591a367baa018abd3dde8b24ce47f (patch) | |
| tree | 1853212a7f126028a55f7ba871105c081089256d /contrib/restricted/aws/s2n/utils | |
| parent | 6aec14798ad91ed132f3da681c3d5b9c6fb2240d (diff) | |
| download | ydb-4925d989167591a367baa018abd3dde8b24ce47f.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.29
Diffstat (limited to 'contrib/restricted/aws/s2n/utils')
30 files changed, 377 insertions, 362 deletions
diff --git a/contrib/restricted/aws/s2n/utils/s2n_array.c b/contrib/restricted/aws/s2n/utils/s2n_array.c index 4d65b19924..0ac68131b8 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_array.c +++ b/contrib/restricted/aws/s2n/utils/s2n_array.c @@ -13,12 +13,13 @@ * permissions and limitations under the License. */ +#include "utils/s2n_array.h" + #include <sys/param.h> #include "utils/s2n_blob.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" -#include "utils/s2n_array.h" S2N_RESULT s2n_array_validate(const struct s2n_array *array) { @@ -86,7 +87,7 @@ S2N_RESULT s2n_array_init_with_capacity(struct s2n_array *array, uint32_t elemen { RESULT_ENSURE_REF(array); - *array = (struct s2n_array) { .element_size = element_size }; + *array = (struct s2n_array){ .element_size = element_size }; RESULT_GUARD(s2n_array_enlarge(array, capacity)); @@ -109,9 +110,9 @@ S2N_RESULT s2n_array_get(struct s2n_array *array, uint32_t idx, void **element) return S2N_RESULT_OK; } -S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void* element) +S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void *element) { - void* insert_location = NULL; + void *insert_location = NULL; RESULT_GUARD(s2n_array_insert(array, idx, &insert_location)); RESULT_CHECKED_MEMCPY(insert_location, element, array->element_size); return S2N_RESULT_OK; @@ -170,8 +171,8 @@ S2N_RESULT s2n_array_remove(struct s2n_array *array, uint32_t idx) /* After shifting, zero the last element */ RESULT_CHECKED_MEMSET(array->mem.data + array->element_size * array->len, - 0, - array->element_size); + 0, + array->element_size); RESULT_POSTCONDITION(s2n_array_validate(array)); return S2N_RESULT_OK; @@ -210,7 +211,7 @@ S2N_CLEANUP_RESULT s2n_array_free_p(struct s2n_array **parray) RESULT_GUARD_POSIX(s2n_free(&array->mem)); /* And finally the array */ - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)parray, sizeof(struct s2n_array))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) parray, sizeof(struct s2n_array))); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c index 7a4396da82..3185799105 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c +++ b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c @@ -14,11 +14,12 @@ */ #include "utils/s2n_asn1_time.h" -#include "utils/s2n_result.h" -#include "utils/s2n_safety.h" -#include <time.h> #include <ctype.h> +#include <time.h> + +#include "utils/s2n_result.h" +#include "utils/s2n_safety.h" typedef enum parser_state { ON_YEAR_DIGIT_1 = 0, @@ -45,18 +46,20 @@ typedef enum parser_state { PARSE_ERROR } parser_state; -static inline long get_gmt_offset(struct tm *t) { - +static inline long get_gmt_offset(struct tm *t) +{ /* See: https://sourceware.org/git/?p=glibc.git;a=blob;f=include/features.h;h=ba272078cf2263ec88e039fda7524c136a4a7953;hb=HEAD */ -#if defined(__USE_MISC) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__ANDROID__) || defined(ANDROID) || defined(__APPLE__) && defined(__MACH__) +#if defined(__USE_MISC) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__ANDROID__) \ + || defined(ANDROID) || defined(__APPLE__) && defined(__MACH__) return t->tm_gmtoff; #else return t->tm_gmtoff; #endif } -static inline void get_current_timesettings(long *gmt_offset, int *is_dst) { - struct tm time_ptr = {0}; +static inline void get_current_timesettings(long *gmt_offset, int *is_dst) +{ + struct tm time_ptr = { 0 }; time_t raw_time; time(&raw_time); localtime_r(&raw_time, &time_ptr); @@ -64,13 +67,18 @@ static inline void get_current_timesettings(long *gmt_offset, int *is_dst) { *is_dst = time_ptr.tm_isdst; } -#define PARSE_DIGIT(c, d) do { RESULT_ENSURE(isdigit(c), S2N_ERR_SAFETY); d = c - '0'; } while(0) +#define PARSE_DIGIT(c, d) \ + do { \ + RESULT_ENSURE(isdigit(c), S2N_ERR_SAFETY); \ + d = c - '0'; \ + } while (0) /* this is just a standard state machine for ASN1 date format... nothing special. * just do a character at a time and change the state per character encountered. * when finished the above time structure should be filled in along with some * crazy timezone info we'll need shortly afterwards.*/ -static S2N_RESULT process_state(parser_state *state, char current_char, struct parser_args *args) { +static S2N_RESULT process_state(parser_state *state, char current_char, struct parser_args *args) +{ switch (*state) { case ON_YEAR_DIGIT_1: PARSE_DIGIT(current_char, args->current_digit); @@ -232,8 +240,8 @@ static S2N_RESULT process_state(parser_state *state, char current_char, struct p } } -S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks) { - +S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks) +{ /* figure out if we are on something other than UTC since timegm is not supported everywhere. */ long gmt_offset_current = 0; int is_dst = 0; @@ -243,14 +251,22 @@ S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32 parser_state state = ON_YEAR_DIGIT_1; struct parser_args args = { - .time = {.tm_hour = 0, .tm_isdst = -1, .tm_mday = 0, .tm_min = 0, .tm_mon = 0, - .tm_sec = 0, .tm_wday = 0, .tm_yday = 0, .tm_year = 0, + .time = { + .tm_hour = 0, + .tm_isdst = -1, + .tm_mday = 0, + .tm_min = 0, + .tm_mon = 0, + .tm_sec = 0, + .tm_wday = 0, + .tm_yday = 0, + .tm_year = 0, }, - .current_digit = 0, - .local_time_assumed = 1, - .offset_hours = 0, - .offset_minutes = 0, - .offset_negative = 0 + .current_digit = 0, + .local_time_assumed = 1, + .offset_hours = 0, + .offset_minutes = 0, + .offset_negative = 0 }; size_t current_pos = 0; diff --git a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h index e7f88a81b4..1a30e1c4d6 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h +++ b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h @@ -34,4 +34,3 @@ struct parser_args { * ticks is an output parameter. Returns 0 on success and -1 on failure. */ S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks); - diff --git a/contrib/restricted/aws/s2n/utils/s2n_bitmap.h b/contrib/restricted/aws/s2n/utils/s2n_bitmap.h index f13a7fd911..d4ce95f783 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_bitmap.h +++ b/contrib/restricted/aws/s2n/utils/s2n_bitmap.h @@ -15,8 +15,8 @@ #pragma once /* bit operations on a char[] mask of arbitrary length */ -#define S2N_CBIT_BIT(bit) (1 << ((bit) % 8)) -#define S2N_CBIT_BIN(mask, bit) (mask)[(bit) >> 3] -#define S2N_CBIT_SET(mask, bit) ((void)(S2N_CBIT_BIN(mask, bit) |= S2N_CBIT_BIT(bit))) -#define S2N_CBIT_CLR(mask, bit) ((void)(S2N_CBIT_BIN(mask, bit) &= ~S2N_CBIT_BIT(bit))) -#define S2N_CBIT_TEST(mask, bit) ((S2N_CBIT_BIN(mask, bit) & S2N_CBIT_BIT(bit)) != 0) +#define S2N_CBIT_BIT(bit) (1 << ((bit) % 8)) +#define S2N_CBIT_BIN(mask, bit) (mask)[(bit) >> 3] +#define S2N_CBIT_SET(mask, bit) ((void) (S2N_CBIT_BIN(mask, bit) |= S2N_CBIT_BIT(bit))) +#define S2N_CBIT_CLR(mask, bit) ((void) (S2N_CBIT_BIN(mask, bit) &= ~S2N_CBIT_BIT(bit))) +#define S2N_CBIT_TEST(mask, bit) ((S2N_CBIT_BIN(mask, bit) & S2N_CBIT_BIT(bit)) != 0) diff --git a/contrib/restricted/aws/s2n/utils/s2n_blob.c b/contrib/restricted/aws/s2n/utils/s2n_blob.c index f76e7208cb..2c3997ae74 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_blob.c +++ b/contrib/restricted/aws/s2n/utils/s2n_blob.c @@ -13,18 +13,17 @@ * permissions and limitations under the License. */ -#include <string.h> +#include "utils/s2n_blob.h" + #include <ctype.h> +#include <string.h> #include <sys/param.h> +#include "api/s2n.h" #include "error/s2n_errno.h" - #include "utils/s2n_safety.h" -#include "utils/s2n_blob.h" - -#include "api/s2n.h" -S2N_RESULT s2n_blob_validate(const struct s2n_blob* b) +S2N_RESULT s2n_blob_validate(const struct s2n_blob *b) { RESULT_ENSURE_REF(b); RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->data == NULL, b->size == 0), S2N_ERR_SAFETY); @@ -36,11 +35,11 @@ S2N_RESULT s2n_blob_validate(const struct s2n_blob* b) return S2N_RESULT_OK; } -int s2n_blob_init(struct s2n_blob *b, uint8_t * data, uint32_t size) +int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size) { POSIX_ENSURE_REF(b); POSIX_ENSURE(S2N_MEM_IS_READABLE(data, size), S2N_ERR_SAFETY); - *b = (struct s2n_blob) {.data = data, .size = size, .allocated = 0, .growable = 0}; + *b = (struct s2n_blob){ .data = data, .size = size, .allocated = 0, .growable = 0 }; POSIX_POSTCONDITION(s2n_blob_validate(b)); return S2N_SUCCESS; } @@ -83,6 +82,7 @@ int s2n_blob_char_to_lower(struct s2n_blob *b) /* An inverse map from an ascii value to a hexidecimal nibble value * accounts for all possible char values, where 255 is invalid value */ static const uint8_t hex_inverse[256] = { + /* clang-format off */ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, @@ -99,6 +99,7 @@ static const uint8_t hex_inverse[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 + /* clang-format on */ }; /* takes a hex string and writes values in the s2n_blob @@ -107,7 +108,7 @@ int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob) { POSIX_ENSURE_REF(str); POSIX_PRECONDITION(s2n_blob_validate(blob)); - uint32_t len_with_spaces = strlen((const char*)str); + uint32_t len_with_spaces = strlen((const char *) str); size_t i = 0, j = 0; while (j < len_with_spaces) { @@ -126,7 +127,7 @@ int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob) blob->data[i] = high_nibble << 4 | low_nibble; i++; - j+=2; + j += 2; } blob->size = i; diff --git a/contrib/restricted/aws/s2n/utils/s2n_blob.h b/contrib/restricted/aws/s2n/utils/s2n_blob.h index 028e0156a2..ee7fdc3cd9 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_blob.h +++ b/contrib/restricted/aws/s2n/utils/s2n_blob.h @@ -17,7 +17,7 @@ #include <stdbool.h> #include <stdint.h> -#include <stdbool.h> + #include "utils/s2n_result.h" struct s2n_blob { @@ -35,31 +35,30 @@ struct s2n_blob { uint32_t allocated; /* Can this blob be resized */ - unsigned growable :1; + unsigned growable : 1; }; - -extern bool s2n_blob_is_growable(const struct s2n_blob* b); -extern S2N_RESULT s2n_blob_validate(const struct s2n_blob* b); -extern int s2n_blob_init(struct s2n_blob *b, uint8_t * data, uint32_t size); +extern bool s2n_blob_is_growable(const struct s2n_blob *b); +extern S2N_RESULT s2n_blob_validate(const struct s2n_blob *b); +extern int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size); extern int s2n_blob_zero(struct s2n_blob *b); extern int s2n_blob_char_to_lower(struct s2n_blob *b); extern int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob); extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size); -#define s2n_stack_blob(name, requested_size, maximum) \ - size_t name ## _requested_size = (requested_size); \ - uint8_t name ## _buf[(maximum)] = {0}; \ - POSIX_ENSURE_LTE(name ## _requested_size, (maximum)); \ - struct s2n_blob name = {0}; \ - POSIX_GUARD(s2n_blob_init(&name, name ## _buf, name ## _requested_size)) +#define s2n_stack_blob(name, requested_size, maximum) \ + size_t name##_requested_size = (requested_size); \ + uint8_t name##_buf[(maximum)] = { 0 }; \ + POSIX_ENSURE_LTE(name##_requested_size, (maximum)); \ + struct s2n_blob name = { 0 }; \ + POSIX_GUARD(s2n_blob_init(&name, name##_buf, name##_requested_size)) -#define RESULT_STACK_BLOB(name, requested_size, maximum) \ - size_t name ## _requested_size = (requested_size); \ - uint8_t name ## _buf[(maximum)] = {0}; \ - RESULT_ENSURE_LTE(name ## _requested_size, (maximum)); \ - struct s2n_blob name = {0}; \ - RESULT_GUARD_POSIX(s2n_blob_init(&name, name ## _buf, name ## _requested_size)) +#define RESULT_STACK_BLOB(name, requested_size, maximum) \ + size_t name##_requested_size = (requested_size); \ + uint8_t name##_buf[(maximum)] = { 0 }; \ + RESULT_ENSURE_LTE(name##_requested_size, (maximum)); \ + struct s2n_blob name = { 0 }; \ + RESULT_GUARD_POSIX(s2n_blob_init(&name, name##_buf, name##_requested_size)) #define S2N_BLOB_LABEL(name, str) \ static uint8_t name##_data[] = str; \ @@ -69,6 +68,6 @@ extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint * It is allocated on a stack so there no need to free after use. * hex should be a const char[]. This function checks against using char*, * because sizeof needs to refer to the buffer length rather than a pointer size */ -#define S2N_BLOB_FROM_HEX( name, hex ) \ +#define S2N_BLOB_FROM_HEX(name, hex) \ s2n_stack_blob(name, (sizeof(hex) - 1) / 2, (sizeof(hex) - 1) / 2); \ - POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t*)hex, &name)); + POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t *) hex, &name)); diff --git a/contrib/restricted/aws/s2n/utils/s2n_compiler.h b/contrib/restricted/aws/s2n/utils/s2n_compiler.h index 989fe266f2..3ef493f087 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_compiler.h +++ b/contrib/restricted/aws/s2n/utils/s2n_compiler.h @@ -15,10 +15,7 @@ #pragma once -#define S2N_GCC_VERSION (__GNUC__ * 10000 \ - + __GNUC_MINOR__ * 100 \ - + __GNUC_PATCHLEVEL__) +#define S2N_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #define S2N_GCC_VERSION_AT_LEAST(major, minor, patch_level) \ - ((S2N_GCC_VERSION) >= ((major) * 10000 + (minor) * 100 + (patch_level))) - + ((S2N_GCC_VERSION) >= ((major) *10000 + (minor) *100 + (patch_level))) diff --git a/contrib/restricted/aws/s2n/utils/s2n_ensure.c b/contrib/restricted/aws/s2n/utils/s2n_ensure.c index 910844ae9e..ccaf013309 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_ensure.c +++ b/contrib/restricted/aws/s2n/utils/s2n_ensure.c @@ -15,7 +15,7 @@ #include "utils/s2n_safety.h" -void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str) +void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str) { if (to == NULL || from == NULL) { s2n_errno = S2N_ERR_NULL; diff --git a/contrib/restricted/aws/s2n/utils/s2n_ensure.h b/contrib/restricted/aws/s2n/utils/s2n_ensure.h index 872f208df1..83db60201e 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_ensure.h +++ b/contrib/restricted/aws/s2n/utils/s2n_ensure.h @@ -15,7 +15,7 @@ #pragma once -#define s2n_likely(x) __builtin_expect(!!(x), 1) +#define s2n_likely(x) __builtin_expect(!!(x), 1) #define s2n_unlikely(x) __builtin_expect(!!(x), 0) /** @@ -30,42 +30,54 @@ /** * Ensures `cond` is true, otherwise `action` will be performed */ -#define __S2N_ENSURE( cond, action ) do {if ( !(cond) ) { action; }} while (0) +#define __S2N_ENSURE(cond, action) \ + do { \ + if (!(cond)) { \ + action; \ + } \ + } while (0) -#define __S2N_ENSURE_LIKELY( cond, action ) do {if ( s2n_unlikely( !(cond) ) ) { action; }} while (0) +#define __S2N_ENSURE_LIKELY(cond, action) \ + do { \ + if (s2n_unlikely(!(cond))) { \ + action; \ + } \ + } while (0) #ifdef NDEBUG -#define __S2N_ENSURE_DEBUG( cond, action ) do {} while (0) + #define __S2N_ENSURE_DEBUG(cond, action) \ + do { \ + } while (0) #else -#define __S2N_ENSURE_DEBUG( cond, action ) __S2N_ENSURE_LIKELY((cond), action) + #define __S2N_ENSURE_DEBUG(cond, action) __S2N_ENSURE_LIKELY((cond), action) #endif -#define __S2N_ENSURE_PRECONDITION( result ) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR) +#define __S2N_ENSURE_PRECONDITION(result) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR) #ifdef NDEBUG -#define __S2N_ENSURE_POSTCONDITION( result ) (S2N_RESULT_OK) + #define __S2N_ENSURE_POSTCONDITION(result) (S2N_RESULT_OK) #else -#define __S2N_ENSURE_POSTCONDITION( result ) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR) + #define __S2N_ENSURE_POSTCONDITION(result) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR) #endif -#define __S2N_ENSURE_SAFE_MEMCPY( d , s , n , guard ) \ - do { \ - __typeof( n ) __tmp_n = ( n ); \ - if ( s2n_likely( __tmp_n ) ) { \ - void *r = s2n_ensure_memcpy_trace( (d), (s) , (__tmp_n), _S2N_DEBUG_LINE); \ - guard(r); \ - } \ - } while(0) +#define __S2N_ENSURE_SAFE_MEMCPY(d, s, n, guard) \ + do { \ + __typeof(n) __tmp_n = (n); \ + if (s2n_likely(__tmp_n)) { \ + void *r = s2n_ensure_memcpy_trace((d), (s), (__tmp_n), _S2N_DEBUG_LINE); \ + guard(r); \ + } \ + } while (0) -#define __S2N_ENSURE_SAFE_MEMSET( d , c , n , guard ) \ - do { \ - __typeof( n ) __tmp_n = ( n ); \ - if ( s2n_likely( __tmp_n ) ) { \ - __typeof( d ) __tmp_d = ( d ); \ - guard( __tmp_d ); \ - memset( __tmp_d, (c), __tmp_n); \ - } \ - } while(0) +#define __S2N_ENSURE_SAFE_MEMSET(d, c, n, guard) \ + do { \ + __typeof(n) __tmp_n = (n); \ + if (s2n_likely(__tmp_n)) { \ + __typeof(d) __tmp_d = (d); \ + guard(__tmp_d); \ + memset(__tmp_d, (c), __tmp_n); \ + } \ + } while (0) /** * `restrict` is a part of the c99 standard and will work with any C compiler. If you're trying to @@ -80,9 +92,9 @@ * */ #if defined(S2N___RESTRICT__SUPPORTED) -extern void* s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str); +extern void *s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str); #else -extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str); +extern void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str); #endif /** @@ -96,20 +108,20 @@ extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict fro * Violations of these properties are undefined behaviour. */ #ifdef CBMC -# define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || __CPROVER_r_ok((base), (len))) -# define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || __CPROVER_w_ok((base), (len))) + #define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || __CPROVER_r_ok((base), (len))) + #define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || __CPROVER_w_ok((base), (len))) #else -/* the C runtime does not give a way to check these properties, + /* the C runtime does not give a way to check these properties, * but we can at least check for nullness. */ -# define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || (base) != NULL) -# define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || (base) != NULL) + #define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || (base) != NULL) + #define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || (base) != NULL) #endif /* CBMC */ /** * These macros can safely be used in validate functions. */ -#define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base) != NULL) -#define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base) != NULL) +#define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base) != NULL) +#define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base) != NULL) #define S2N_OBJECT_PTR_IS_READABLE(ptr) ((ptr) != NULL) #define S2N_OBJECT_PTR_IS_WRITABLE(ptr) ((ptr) != NULL) @@ -128,17 +140,17 @@ extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict fro * Violations of the function contracts are undefined behaviour. */ #ifdef CBMC -# define CONTRACT_ASSIGNS(...) __CPROVER_assigns(__VA_ARGS__) -# define CONTRACT_ASSIGNS_ERR(...) CONTRACT_ASSIGNS(__VA_ARGS__, s2n_debug_str, s2n_errno) -# define CONTRACT_REQUIRES(...) __CPROVER_requires(__VA_ARGS__) -# define CONTRACT_ENSURES(...) __CPROVER_ensures(__VA_ARGS__) -# define CONTRACT_INVARIANT(...) __CPROVER_loop_invariant(__VA_ARGS__) -# define CONTRACT_RETURN_VALUE (__CPROVER_return_value) + #define CONTRACT_ASSIGNS(...) __CPROVER_assigns(__VA_ARGS__) + #define CONTRACT_ASSIGNS_ERR(...) CONTRACT_ASSIGNS(__VA_ARGS__, s2n_debug_str, s2n_errno) + #define CONTRACT_REQUIRES(...) __CPROVER_requires(__VA_ARGS__) + #define CONTRACT_ENSURES(...) __CPROVER_ensures(__VA_ARGS__) + #define CONTRACT_INVARIANT(...) __CPROVER_loop_invariant(__VA_ARGS__) + #define CONTRACT_RETURN_VALUE (__CPROVER_return_value) #else -# define CONTRACT_ASSIGNS(...) -# define CONTRACT_ASSIGNS_ERR(...) -# define CONTRACT_REQUIRES(...) -# define CONTRACT_ENSURES(...) -# define CONTRACT_INVARIANT(...) -# define CONTRACT_RETURN_VALUE + #define CONTRACT_ASSIGNS(...) + #define CONTRACT_ASSIGNS_ERR(...) + #define CONTRACT_REQUIRES(...) + #define CONTRACT_ENSURES(...) + #define CONTRACT_INVARIANT(...) + #define CONTRACT_RETURN_VALUE #endif diff --git a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c index d9826ad08d..546a7a82c6 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c +++ b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c @@ -17,8 +17,8 @@ * Here we also capture varius required feature test macros. */ #if defined(__APPLE__) - typedef struct _opaque_pthread_once_t __darwin_pthread_once_t; - typedef __darwin_pthread_once_t pthread_once_t; +typedef struct _opaque_pthread_once_t __darwin_pthread_once_t; +typedef __darwin_pthread_once_t pthread_once_t; #define _DARWIN_C_SOURCE #elif defined(__FreeBSD__) /* FreeBSD requires POSIX compatibility off for its syscalls (enables __BSD_VISIBLE) @@ -36,22 +36,21 @@ #define MAP_ANONYMOUS MAP_ANON #endif -#include "error/s2n_errno.h" -#include "utils/s2n_fork_detection.h" -#include "utils/s2n_safety.h" - #include <pthread.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> +#include "error/s2n_errno.h" +#include "utils/s2n_fork_detection.h" +#include "utils/s2n_safety.h" #if defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK) -#if (MADV_WIPEONFORK != 18) -#error "MADV_WIPEONFORK is not 18" -#endif + #if (MADV_WIPEONFORK != 18) + #error "MADV_WIPEONFORK is not 18" + #endif #else /* defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK) */ -#define MADV_WIPEONFORK 18 + #define MADV_WIPEONFORK 18 #endif /* These variables are used to disable all fork detection mechanisms or at the @@ -61,7 +60,7 @@ static bool ignore_wipeonfork_or_inherit_zero_method_for_testing = false; static bool ignore_pthread_atfork_method_for_testing = false; static bool ignore_fork_detection_for_testing = false; -#define S2N_FORK_EVENT 0 +#define S2N_FORK_EVENT 0 #define S2N_NO_FORK_EVENT 1 struct FGN_STATE { @@ -92,7 +91,6 @@ static struct FGN_STATE fgn_state = { .fork_detection_rw_lock = PTHREAD_RWLOCK_INITIALIZER, }; - /* Can currently never fail. See initialise_fork_detection_methods() for * motivation. */ @@ -196,13 +194,13 @@ static S2N_RESULT s2n_initialise_fork_detection_methods_try(void *addr, long pag return S2N_RESULT_OK; } -static S2N_RESULT s2n_setup_mapping(void **addr, long *page_size) { - +static S2N_RESULT s2n_setup_mapping(void **addr, long *page_size) +{ *page_size = sysconf(_SC_PAGESIZE); RESULT_ENSURE_GT(*page_size, 0); *addr = mmap(NULL, (size_t) *page_size, PROT_READ | PROT_WRITE, - MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); RESULT_ENSURE_NE(*addr, MAP_FAILED); return S2N_RESULT_OK; @@ -214,9 +212,7 @@ static void s2n_initialise_fork_detection_methods(void) long page_size = 0; /* Only used to disable fork detection mechanisms during testing. */ - if (ignore_wipeonfork_or_inherit_zero_method_for_testing == true && - ignore_pthread_atfork_method_for_testing == true) { - + if (ignore_wipeonfork_or_inherit_zero_method_for_testing == true && ignore_pthread_atfork_method_for_testing == true) { ignore_fork_detection_for_testing = true; return; } @@ -306,8 +302,8 @@ static void s2n_cleanup_cb_munmap(void **probe_addr) /* Run-time probe checking whether the system supports the MADV_WIPEONFORK fork * detection mechanism. */ -static S2N_RESULT s2n_probe_madv_wipeonfork_support(void) { - +static S2N_RESULT s2n_probe_madv_wipeonfork_support(void) +{ bool result = false; /* It is not an error to call munmap on a range that does not contain any @@ -349,7 +345,8 @@ bool s2n_is_map_inherit_zero_supported(void) } /* Use for testing only */ -S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) { +S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) +{ RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST); ignore_wipeonfork_or_inherit_zero_method_for_testing = true; @@ -357,11 +354,11 @@ S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) { return S2N_RESULT_OK; } -S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void) { +S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void) +{ RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST); ignore_pthread_atfork_method_for_testing = true; return S2N_RESULT_OK; } - diff --git a/contrib/restricted/aws/s2n/utils/s2n_init.c b/contrib/restricted/aws/s2n/utils/s2n_init.c index a6d8219a54..0fc2849143 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_init.c +++ b/contrib/restricted/aws/s2n/utils/s2n_init.c @@ -12,35 +12,31 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ +#include <pthread.h> + #include "crypto/s2n_fips.h" #include "crypto/s2n_libcrypto.h" #include "crypto/s2n_locking.h" - #include "error/s2n_errno.h" - -#include "tls/s2n_cipher_suites.h" +#include "openssl/opensslv.h" +#include "pq-crypto/s2n_pq.h" +#include "tls/extensions/s2n_client_key_share.h" #include "tls/extensions/s2n_extension_type.h" +#include "tls/s2n_cipher_suites.h" #include "tls/s2n_security_policies.h" -#include "tls/extensions/s2n_client_key_share.h" #include "tls/s2n_tls13_secrets.h" - #include "utils/s2n_mem.h" #include "utils/s2n_random.h" #include "utils/s2n_safety.h" #include "utils/s2n_safety_macros.h" -#include "openssl/opensslv.h" - -#include "pq-crypto/s2n_pq.h" - -#include <pthread.h> - static void s2n_cleanup_atexit(void); static pthread_t main_thread = 0; static bool initialized = false; static bool atexit_cleanup = true; -int s2n_disable_atexit(void) { +int s2n_disable_atexit(void) +{ POSIX_ENSURE(!initialized, S2N_ERR_INITIALIZED); atexit_cleanup = false; return S2N_SUCCESS; @@ -95,13 +91,12 @@ static bool s2n_cleanup_atexit_impl(void) /* the configs need to be wiped before resetting the memory callbacks */ s2n_wipe_static_configs(); - bool cleaned_up = - s2n_result_is_ok(s2n_cipher_suites_cleanup()) && - s2n_result_is_ok(s2n_rand_cleanup_thread()) && - s2n_result_is_ok(s2n_rand_cleanup()) && - s2n_result_is_ok(s2n_libcrypto_cleanup()) && - s2n_result_is_ok(s2n_locking_cleanup()) && - (s2n_mem_cleanup() == S2N_SUCCESS); + bool cleaned_up = s2n_result_is_ok(s2n_cipher_suites_cleanup()) + && s2n_result_is_ok(s2n_rand_cleanup_thread()) + && s2n_result_is_ok(s2n_rand_cleanup()) + && s2n_result_is_ok(s2n_libcrypto_cleanup()) + && s2n_result_is_ok(s2n_locking_cleanup()) + && (s2n_mem_cleanup() == S2N_SUCCESS); initialized = !cleaned_up; return cleaned_up; @@ -126,5 +121,5 @@ int s2n_cleanup(void) static void s2n_cleanup_atexit(void) { - (void)s2n_cleanup_atexit_impl(); + (void) s2n_cleanup_atexit_impl(); } diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.c b/contrib/restricted/aws/s2n/utils/s2n_map.c index 1b3d9eaa9c..ad0cabcaa2 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_map.c +++ b/contrib/restricted/aws/s2n/utils/s2n_map.c @@ -13,21 +13,19 @@ * permissions and limitations under the License. */ -#include <string.h> -#include <stdio.h> +#include "utils/s2n_map.h" -#include "error/s2n_errno.h" +#include <stdio.h> +#include <string.h> +#include "api/s2n.h" #include "crypto/s2n_hash.h" - -#include "utils/s2n_safety.h" -#include "utils/s2n_result.h" +#include "error/s2n_errno.h" #include "utils/s2n_blob.h" -#include "utils/s2n_mem.h" -#include "utils/s2n_map.h" #include "utils/s2n_map_internal.h" - -#include "api/s2n.h" +#include "utils/s2n_mem.h" +#include "utils/s2n_result.h" +#include "utils/s2n_safety.h" #define S2N_INITIAL_TABLE_SIZE 1024 @@ -39,7 +37,7 @@ static S2N_RESULT s2n_map_slot(const struct s2n_map *map, struct s2n_blob *key, uint32_t u32[8]; } digest; - DEFER_CLEANUP(struct s2n_hash_state sha256 = {0}, s2n_hash_free); + DEFER_CLEANUP(struct s2n_hash_state sha256 = { 0 }, s2n_hash_free); RESULT_GUARD_POSIX(s2n_hash_new(&sha256)); RESULT_GUARD_POSIX(s2n_hash_init(&sha256, S2N_HASH_SHA256)); RESULT_GUARD_POSIX(s2n_hash_update(&sha256, key->data, key->size)); @@ -52,8 +50,8 @@ static S2N_RESULT s2n_map_slot(const struct s2n_map *map, struct s2n_blob *key, static S2N_RESULT s2n_map_embiggen(struct s2n_map *map, uint32_t capacity) { RESULT_ENSURE_REF(map); - struct s2n_blob mem = {0}; - struct s2n_map tmp = {0}; + struct s2n_blob mem = { 0 }; + struct s2n_map tmp = { 0 }; RESULT_ENSURE(!map->immutable, S2N_ERR_MAP_IMMUTABLE); @@ -72,7 +70,7 @@ static S2N_RESULT s2n_map_embiggen(struct s2n_map *map, uint32_t capacity) RESULT_GUARD_POSIX(s2n_free(&map->table[i].value)); } } - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map->table, map->capacity * sizeof(struct s2n_map_entry))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map->table, map->capacity * sizeof(struct s2n_map_entry))); /* Clone the temporary map */ map->capacity = tmp.capacity; @@ -91,7 +89,7 @@ struct s2n_map *s2n_map_new() struct s2n_map *s2n_map_new_with_initial_capacity(uint32_t capacity) { PTR_ENSURE(capacity != 0, S2N_ERR_MAP_INVALID_MAP_SIZE); - struct s2n_blob mem = {0}; + struct s2n_blob mem = { 0 }; struct s2n_map *map; PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_map))); @@ -121,9 +119,8 @@ S2N_RESULT s2n_map_add(struct s2n_map *map, struct s2n_blob *key, struct s2n_blo RESULT_GUARD(s2n_map_slot(map, key, &slot)); /* Linear probing until we find an empty slot */ - while(map->table[slot].key.size) { - if (key->size != map->table[slot].key.size || - memcmp(key->data, map->table[slot].key.data, key->size)) { + while (map->table[slot].key.size) { + if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) { slot++; slot %= map->capacity; continue; @@ -154,9 +151,8 @@ S2N_RESULT s2n_map_put(struct s2n_map *map, struct s2n_blob *key, struct s2n_blo RESULT_GUARD(s2n_map_slot(map, key, &slot)); /* Linear probing until we find an empty slot */ - while(map->table[slot].key.size) { - if (key->size != map->table[slot].key.size || - memcmp(key->data, map->table[slot].key.data, key->size)) { + while (map->table[slot].key.size) { + if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) { slot++; slot %= map->capacity; continue; @@ -201,9 +197,8 @@ S2N_RESULT s2n_map_lookup(const struct s2n_map *map, struct s2n_blob *key, struc RESULT_GUARD(s2n_map_slot(map, key, &slot)); const uint32_t initial_slot = slot; - while(map->table[slot].key.size) { - if (key->size != map->table[slot].key.size || - memcmp(key->data, map->table[slot].key.data, key->size)) { + while (map->table[slot].key.size) { + if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) { slot++; slot %= map->capacity; /* We went over all the slots but found no match */ @@ -244,10 +239,10 @@ S2N_RESULT s2n_map_free(struct s2n_map *map) } /* Free the table */ - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map->table, map->capacity * sizeof(struct s2n_map_entry))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map->table, map->capacity * sizeof(struct s2n_map_entry))); /* And finally the map */ - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map, sizeof(struct s2n_map))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map, sizeof(struct s2n_map))); return S2N_RESULT_OK; } diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.h b/contrib/restricted/aws/s2n/utils/s2n_map.h index afde6a8514..13987188d6 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_map.h +++ b/contrib/restricted/aws/s2n/utils/s2n_map.h @@ -17,7 +17,6 @@ #include <string.h> #include "crypto/s2n_hash.h" - #include "utils/s2n_blob.h" #include "utils/s2n_result.h" diff --git a/contrib/restricted/aws/s2n/utils/s2n_mem.c b/contrib/restricted/aws/s2n/utils/s2n_mem.c index d2084c363c..fc0b3a8f19 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_mem.c +++ b/contrib/restricted/aws/s2n/utils/s2n_mem.c @@ -13,18 +13,17 @@ * permissions and limitations under the License. */ -#define _DEFAULT_SOURCE 1 +#define _DEFAULT_SOURCE 1 #if defined(S2N_FEATURES_AVAILABLE) -#include <features.h> + #include <features.h> #endif #include <stdint.h> -#include <unistd.h> #include <stdlib.h> #include <sys/mman.h> +#include <unistd.h> #include "error/s2n_errno.h" - #include "utils/s2n_blob.h" #include "utils/s2n_mem.h" #include "utils/s2n_safety.h" @@ -131,7 +130,7 @@ static int s2n_mem_malloc_no_mlock_impl(void **ptr, uint32_t requested, uint32_t } int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback, - s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback) + s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback) { POSIX_ENSURE(!initialized, S2N_ERR_INITIALIZED); @@ -152,14 +151,14 @@ int s2n_alloc(struct s2n_blob *b, uint32_t size) { POSIX_ENSURE(initialized, S2N_ERR_NOT_INITIALIZED); POSIX_ENSURE_REF(b); - const struct s2n_blob temp = {0}; + const struct s2n_blob temp = { 0 }; *b = temp; POSIX_GUARD(s2n_realloc(b, size)); return S2N_SUCCESS; } /* A blob is growable if it is either explicitly marked as such, or if it contains no data */ -bool s2n_blob_is_growable(const struct s2n_blob* b) +bool s2n_blob_is_growable(const struct s2n_blob *b) { return b && (b->growable || (b->data == NULL && b->size == 0 && b->allocated == 0)); } @@ -179,10 +178,9 @@ int s2n_realloc(struct s2n_blob *b, uint32_t size) /* blob already has space for the request */ if (size <= b->allocated) { - if (size < b->size) { /* Zero the existing blob memory before the we release it */ - struct s2n_blob slice = {0}; + struct s2n_blob slice = { 0 }; POSIX_GUARD(s2n_blob_slice(b, &slice, size, b->size - size)); POSIX_GUARD(s2n_blob_zero(&slice)); } @@ -191,7 +189,7 @@ int s2n_realloc(struct s2n_blob *b, uint32_t size) return S2N_SUCCESS; } - struct s2n_blob new_memory = {.data = NULL, .size = size, .allocated = 0, .growable = 1}; + struct s2n_blob new_memory = { .data = NULL, .size = size, .allocated = 0, .growable = 1 }; if (s2n_mem_malloc_cb((void **) &new_memory.data, new_memory.size, &new_memory.allocated) != 0) { S2N_ERROR_PRESERVE_ERRNO(); } @@ -220,7 +218,7 @@ int s2n_free_object(uint8_t **p_data, uint32_t size) } POSIX_ENSURE(initialized, S2N_ERR_NOT_INITIALIZED); - struct s2n_blob b = {.data = *p_data, .allocated = size, .size = size, .growable = 1}; + struct s2n_blob b = { .data = *p_data, .allocated = size, .size = size, .growable = 1 }; /* s2n_free() will call free() even if it returns error (for a growable blob). ** This makes sure *p_data is not used after free() */ @@ -293,12 +291,13 @@ int s2n_free_without_wipe(struct s2n_blob *b) POSIX_ENSURE(s2n_mem_free_cb(b->data, b->allocated) >= S2N_SUCCESS, S2N_ERR_CANCELLED); } - *b = (struct s2n_blob) {0}; + *b = (struct s2n_blob){ 0 }; return S2N_SUCCESS; } -int s2n_free_or_wipe(struct s2n_blob *b) { +int s2n_free_or_wipe(struct s2n_blob *b) +{ POSIX_ENSURE_REF(b); int zero_rc = s2n_blob_zero(b); if (b->allocated) { diff --git a/contrib/restricted/aws/s2n/utils/s2n_mem.h b/contrib/restricted/aws/s2n/utils/s2n_mem.h index 75f74a0a87..adccd6b4bf 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_mem.h +++ b/contrib/restricted/aws/s2n/utils/s2n_mem.h @@ -15,10 +15,10 @@ #pragma once -#include "utils/s2n_blob.h" - #include <stdint.h> +#include "utils/s2n_blob.h" + int s2n_mem_init(void); bool s2n_mem_is_init(void); uint32_t s2n_mem_get_page_size(void); diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.c b/contrib/restricted/aws/s2n/utils/s2n_random.c index 5d79f061d2..73fad07834 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_random.c +++ b/contrib/restricted/aws/s2n/utils/s2n_random.c @@ -13,24 +13,23 @@ * permissions and limitations under the License. */ +#include <errno.h> +#include <fcntl.h> +#include <limits.h> #include <openssl/engine.h> #include <openssl/rand.h> - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <unistd.h> #include <pthread.h> -#include <limits.h> -#include <fcntl.h> -#include <string.h> #include <stdint.h> #include <stdlib.h> -#include <errno.h> +#include <string.h> +#include <sys/param.h> +#include <sys/stat.h> +#include <sys/types.h> #include <time.h> +#include <unistd.h> #if defined(S2N_CPUID_AVAILABLE) -#include <cpuid.h> + #include <cpuid.h> #endif #include "api/s2n.h" @@ -38,18 +37,18 @@ #include "error/s2n_errno.h" #include "stuffer/s2n_stuffer.h" #include "utils/s2n_fork_detection.h" +#include "utils/s2n_mem.h" +#include "utils/s2n_random.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" -#include "utils/s2n_random.h" -#include "utils/s2n_mem.h" #define ENTROPY_SOURCE "/dev/urandom" /* See https://en.wikipedia.org/wiki/CPUID */ -#define RDRAND_ECX_FLAG 0x40000000 +#define RDRAND_ECX_FLAG 0x40000000 /* One second in nanoseconds */ -#define ONE_S INT64_C(1000000000) +#define ONE_S INT64_C(1000000000) /* Placeholder value for an uninitialized entropy file descriptor */ #define UNINITIALIZED_ENTROPY_FD -1 @@ -65,8 +64,8 @@ struct s2n_rand_state { static __thread struct s2n_rand_state s2n_per_thread_rand_state = { .cached_fork_generation_number = 0, - .public_drbg = {0}, - .private_drbg = {0}, + .public_drbg = { 0 }, + .private_drbg = { 0 }, .drbgs_initialized = false }; @@ -81,7 +80,8 @@ static s2n_rand_seed_callback s2n_rand_seed_cb = s2n_rand_urandom_impl; static s2n_rand_mix_callback s2n_rand_mix_cb = s2n_rand_urandom_impl; /* non-static for SAW proof */ -bool s2n_cpu_supports_rdrand() { +bool s2n_cpu_supports_rdrand() +{ #if defined(S2N_CPUID_AVAILABLE) uint32_t eax, ebx, ecx, edx; if (!__get_cpuid(1, &eax, &ebx, &ecx, &edx)) { @@ -96,9 +96,9 @@ bool s2n_cpu_supports_rdrand() { } int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback, - s2n_rand_cleanup_callback rand_cleanup_callback, - s2n_rand_seed_callback rand_seed_callback, - s2n_rand_mix_callback rand_mix_callback) + s2n_rand_cleanup_callback rand_cleanup_callback, + s2n_rand_seed_callback rand_seed_callback, + s2n_rand_mix_callback rand_mix_callback) { POSIX_ENSURE_REF(rand_init_callback); POSIX_ENSURE_REF(rand_cleanup_callback); @@ -171,7 +171,6 @@ static S2N_RESULT s2n_ensure_uniqueness(void) RESULT_GUARD(s2n_get_fork_generation_number(&returned_fork_generation_number)); if (returned_fork_generation_number != s2n_per_thread_rand_state.cached_fork_generation_number) { - /* This assumes that s2n_rand_cleanup_thread() doesn't mutate any other * state than the drbg states and it resets the drbg initialization * boolean to false. s2n_ensure_initialized_drbgs() will cache the new @@ -185,7 +184,7 @@ static S2N_RESULT s2n_ensure_uniqueness(void) } static S2N_RESULT s2n_get_random_data(struct s2n_blob *out_blob, - struct s2n_drbg *drbg_state) + struct s2n_drbg *drbg_state) { RESULT_GUARD(s2n_ensure_initialized_drbgs()); RESULT_GUARD(s2n_ensure_uniqueness()); @@ -193,7 +192,7 @@ static S2N_RESULT s2n_get_random_data(struct s2n_blob *out_blob, uint32_t offset = 0; uint32_t remaining = out_blob->size; - while(remaining) { + while (remaining) { struct s2n_blob slice = { 0 }; RESULT_GUARD_POSIX(s2n_blob_slice(out_blob, &slice, offset, MIN(remaining, S2N_DRBG_GENERATE_LIMIT))); @@ -238,7 +237,7 @@ static int s2n_rand_urandom_impl(void *ptr, uint32_t size) uint8_t *data = ptr; uint32_t n = size; - struct timespec sleep_time = {.tv_sec = 0, .tv_nsec = 0 }; + struct timespec sleep_time = { .tv_sec = 0, .tv_nsec = 0 }; long backoff = 1; while (n) { @@ -268,8 +267,7 @@ static int s2n_rand_urandom_impl(void *ptr, uint32_t size) sleep_time.tv_nsec = backoff; do { r = nanosleep(&sleep_time, &sleep_time); - } - while (r != 0); + } while (r != 0); } continue; @@ -292,7 +290,7 @@ S2N_RESULT s2n_public_random(int64_t bound, uint64_t *output) RESULT_ENSURE_GT(bound, 0); while (1) { - struct s2n_blob blob = {.data = (void *)&r, sizeof(r) }; + struct s2n_blob blob = { .data = (void *) &r, sizeof(r) }; RESULT_GUARD(s2n_get_public_random_data(&blob)); /* Imagine an int was one byte and UINT_MAX was 256. If the @@ -317,11 +315,11 @@ S2N_RESULT s2n_public_random(int64_t bound, uint64_t *output) #if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND -#define S2N_RAND_ENGINE_ID "s2n_rand" + #define S2N_RAND_ENGINE_ID "s2n_rand" int s2n_openssl_compat_rand(unsigned char *buf, int num) { - struct s2n_blob out = {.data = buf,.size = num }; + struct s2n_blob out = { .data = buf, .size = num }; if (s2n_result_is_error(s2n_get_private_random_data(&out))) { return 0; @@ -334,7 +332,7 @@ int s2n_openssl_compat_status(void) return 1; } -int s2n_openssl_compat_init(ENGINE * unused) +int s2n_openssl_compat_init(ENGINE *unused) { return 1; } @@ -351,7 +349,7 @@ RAND_METHOD s2n_openssl_rand_method = { static int s2n_rand_init_impl(void) { - OPEN: +OPEN: entropy_fd = open(ENTROPY_SOURCE, O_RDONLY); if (entropy_fd == -1) { if (errno == EINTR) { @@ -361,7 +359,7 @@ static int s2n_rand_init_impl(void) } if (s2n_cpu_supports_rdrand()) { - s2n_rand_mix_cb = s2n_rand_rdrand_impl; + s2n_rand_mix_cb = s2n_rand_rdrand_impl; } return S2N_SUCCESS; @@ -369,7 +367,7 @@ static int s2n_rand_init_impl(void) S2N_RESULT s2n_rand_init(void) { - RESULT_ENSURE(s2n_rand_init_cb() >=S2N_SUCCESS, S2N_ERR_CANCELLED); + RESULT_ENSURE(s2n_rand_init_cb() >= S2N_SUCCESS, S2N_ERR_CANCELLED); RESULT_GUARD(s2n_ensure_initialized_drbgs()); @@ -384,7 +382,7 @@ S2N_RESULT s2n_rand_init(void) RESULT_GUARD_OSSL(ENGINE_set_init_function(e, s2n_openssl_compat_init), S2N_ERR_OPEN_RANDOM); RESULT_GUARD_OSSL(ENGINE_set_RAND(e, &s2n_openssl_rand_method), S2N_ERR_OPEN_RANDOM); RESULT_GUARD_OSSL(ENGINE_add(e), S2N_ERR_OPEN_RANDOM); - RESULT_GUARD_OSSL(ENGINE_free(e) , S2N_ERR_OPEN_RANDOM); + RESULT_GUARD_OSSL(ENGINE_free(e), S2N_ERR_OPEN_RANDOM); /* Use that engine for rand() */ e = ENGINE_by_id(S2N_RAND_ENGINE_ID); @@ -469,16 +467,16 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) #if defined(__x86_64__) || defined(__i386__) struct s2n_blob out = { .data = data, .size = size }; int space_remaining = 0; - struct s2n_stuffer stuffer = {0}; + struct s2n_stuffer stuffer = { 0 }; union { uint64_t u64; -#if defined(__i386__) + #if defined(__i386__) struct { /* since we check first that we're on intel, we can safely assume little endian. */ uint32_t u_low; uint32_t u_high; } i386_fields; -#endif /* defined(__i386__) */ + #endif /* defined(__i386__) */ uint8_t u8[8]; } output; @@ -488,7 +486,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) output.u64 = 0; for (int tries = 0; tries < 10; tries++) { -#if defined(__i386__) + #if defined(__i386__) /* execute the rdrand instruction, store the result in a general purpose register (it's assigned to * output.i386_fields.u_low). Check the carry bit, which will be set on success. Then clober the register and reset * the carry bit. Due to needing to support an ancient assembler we use the opcode syntax. @@ -498,25 +496,29 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) * 0xf0 (store the result in eax). */ unsigned char success_high = 0, success_low = 0; - __asm__ __volatile__(".byte 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.i386_fields.u_low), "=qm"(success_low) - : - :"cc"); - - __asm__ __volatile__(".byte 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.i386_fields.u_high), "=qm"(success_high) - : - :"cc"); + __asm__ __volatile__( + ".byte 0x0f, 0xc7, 0xf0;\n" + "setc %b1;\n" + : "=a"(output.i386_fields.u_low), "=qm"(success_low) + : + : "cc"); + + __asm__ __volatile__( + ".byte 0x0f, 0xc7, 0xf0;\n" + "setc %b1;\n" + : "=a"(output.i386_fields.u_high), "=qm"(success_high) + : + : "cc"); /* cppcheck-suppress knownConditionTrueFalse */ success = success_high & success_low; /* Treat either all 1 or all 0 bits in either the high or low order * bits as failure */ - if (output.i386_fields.u_low == 0 || - output.i386_fields.u_low == UINT32_MAX || - output.i386_fields.u_high == 0 || - output.i386_fields.u_high == UINT32_MAX) { + if (output.i386_fields.u_low == 0 || output.i386_fields.u_low == UINT32_MAX + || output.i386_fields.u_high == 0 || output.i386_fields.u_high == UINT32_MAX) { success = 0; } -#else + #else /* execute the rdrand instruction, store the result in a general purpose register (it's assigned to * output.u64). Check the carry bit, which will be set on success. Then clober the carry bit. * Due to needing to support an ancient assembler we use the opcode syntax. @@ -525,10 +527,13 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) * 0x48 (pick a 64-bit register it does more too, but that's all that matters there) * 0x0fc7 (rdrand) * 0xf0 (store the result in rax). */ - __asm__ __volatile__(".byte 0x48, 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.u64), "=qm"(success) - : - :"cc"); -#endif /* defined(__i386__) */ + __asm__ __volatile__( + ".byte 0x48, 0x0f, 0xc7, 0xf0;\n" + "setc %b1;\n" + : "=a"(output.u64), "=qm"(success) + : + : "cc"); + #endif /* defined(__i386__) */ /* Some AMD CPUs will find that RDRAND "sticks" on all 1s but still reports success. * Some other very old CPUs use all 0s as an error condition while still reporting success. @@ -541,8 +546,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size) * negligible (1/2^63). Finally, adding processor specific logic would greatly * increase the complexity and would cause us to "miss" any unknown processors with * similar bugs. */ - if (output.u64 == UINT64_MAX || - output.u64 == 0) { + if (output.u64 == UINT64_MAX || output.u64 == 0) { success = 0; } diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.h b/contrib/restricted/aws/s2n/utils/s2n_random.h index 1d316328b9..fd5ca4b9d7 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_random.h +++ b/contrib/restricted/aws/s2n/utils/s2n_random.h @@ -16,7 +16,6 @@ #pragma once #include "crypto/s2n_drbg.h" - #include "utils/s2n_blob.h" #include "utils/s2n_result.h" diff --git a/contrib/restricted/aws/s2n/utils/s2n_result.c b/contrib/restricted/aws/s2n/utils/s2n_result.c index a270f6ec1a..47d53f27fb 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_result.c +++ b/contrib/restricted/aws/s2n/utils/s2n_result.c @@ -76,10 +76,12 @@ * `warn_unused_result` attribute, which ensures they are GUARDed. */ -#include "api/s2n.h" -#include <stdbool.h> #include "utils/s2n_result.h" +#include <stdbool.h> + +#include "api/s2n.h" + /* returns true when the result is S2N_RESULT_OK */ inline bool s2n_result_is_ok(s2n_result result) { diff --git a/contrib/restricted/aws/s2n/utils/s2n_result.h b/contrib/restricted/aws/s2n/utils/s2n_result.h index d16635429b..32120a8847 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_result.h +++ b/contrib/restricted/aws/s2n/utils/s2n_result.h @@ -15,24 +15,25 @@ #pragma once -#include "api/s2n.h" #include <stdbool.h> +#include "api/s2n.h" + /* A value which indicates the outcome of a function */ typedef struct { int __error_signal; } s2n_result; /* used to signal a successful function return */ -#define S2N_RESULT_OK ((s2n_result) { S2N_SUCCESS }) +#define S2N_RESULT_OK ((s2n_result){ S2N_SUCCESS }) /* used to signal an error while executing a function */ -#define S2N_RESULT_ERROR ((s2n_result) { S2N_FAILURE }) +#define S2N_RESULT_ERROR ((s2n_result){ S2N_FAILURE }) #if defined(__clang__) || defined(__GNUC__) -#define S2N_RESULT_MUST_USE __attribute__((warn_unused_result)) + #define S2N_RESULT_MUST_USE __attribute__((warn_unused_result)) #else -#define S2N_RESULT_MUST_USE + #define S2N_RESULT_MUST_USE #endif /* returns true when the result is S2N_RESULT_OK */ diff --git a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c index ef49e4aa7c..cf6cf9f1d3 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c +++ b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c @@ -13,13 +13,13 @@ * permissions and limitations under the License. */ -#include <sys/types.h> -#include <sys/socket.h> +#include "utils/s2n_rfc5952.h" + #include <stdio.h> +#include <sys/socket.h> +#include <sys/types.h> #include "error/s2n_errno.h" - -#include "utils/s2n_rfc5952.h" #include "utils/s2n_safety.h" static uint8_t dec[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; @@ -77,8 +77,7 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst) if (octets[i]) { current_run_length = 0; - } - else { + } else { current_run_length++; } @@ -88,10 +87,8 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst) } } - for (int i = 0; i < 8; i++) { if (i == longest_run_start && longest_run_length > 1) { - if (i == 0) { *cursor++ = ':'; } @@ -102,12 +99,11 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst) i += longest_run_length - 1; - } - else { + } else { uint8_t nibbles[4] = { (octets[i] & 0xF000) >> 12, - (octets[i] & 0x0F00) >> 8, - (octets[i] & 0x00F0) >> 4, - (octets[i] & 0x000F) }; + (octets[i] & 0x0F00) >> 8, + (octets[i] & 0x00F0) >> 4, + (octets[i] & 0x000F) }; /* Skip up to three leading zeroes */ int j; @@ -118,9 +114,8 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst) } for (; j < 4; j++) { - *cursor++ = hex[ nibbles[j] ]; + *cursor++ = hex[nibbles[j]]; } - } *cursor++ = ':'; diff --git a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h index 724c923128..0c9652ffc2 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h +++ b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h @@ -21,4 +21,3 @@ * representation. Returns 0 on success and -1 on failure. */ extern S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst); - diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.c b/contrib/restricted/aws/s2n/utils/s2n_safety.c index b26e2d9c41..dad46f8ded 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety.c +++ b/contrib/restricted/aws/s2n/utils/s2n_safety.c @@ -13,11 +13,12 @@ * permissions and limitations under the License. */ +#include "utils/s2n_safety.h" + #include <stdint.h> #include <stdio.h> #include "utils/s2n_annotations.h" -#include "utils/s2n_safety.h" /** * Given arrays "a" and "b" of length "len", determine whether they @@ -87,7 +88,7 @@ bool s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, const uint32_t * will affect the timing of this function). * */ -int s2n_constant_time_copy_or_dont(uint8_t * dest, const uint8_t * src, uint32_t len, uint8_t dont) +int s2n_constant_time_copy_or_dont(uint8_t *dest, const uint8_t *src, uint32_t len, uint8_t dont) { S2N_PUBLIC_INPUT(dest); S2N_PUBLIC_INPUT(src); @@ -113,7 +114,7 @@ int s2n_constant_time_copy_or_dont(uint8_t * dest, const uint8_t * src, uint32_t * * Normally, one would fill dst with random bytes before calling this function. */ -int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, uint32_t srclen, uint32_t expectlen) +int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t *dst, const uint8_t *src, uint32_t srclen, uint32_t expectlen) { S2N_PUBLIC_INPUT(dst); S2N_PUBLIC_INPUT(src); @@ -137,7 +138,7 @@ int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, ui dont_copy |= src[0] ^ 0x00; dont_copy |= src[1] ^ 0x02; - dont_copy |= *(start_of_data-1) ^ 0x00; + dont_copy |= *(start_of_data - 1) ^ 0x00; for (uint32_t i = 2; i < srclen - expectlen - 1; i++) { /* Note! We avoid using logical NOT (!) here; while in practice @@ -169,7 +170,7 @@ int s2n_in_unit_test_set(bool newval) return S2N_SUCCESS; } -int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out) +int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t *out) { POSIX_ENSURE_REF(out); POSIX_ENSURE(alignment != 0, S2N_ERR_SAFETY); @@ -185,7 +186,7 @@ int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out) return S2N_SUCCESS; } -int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out) +int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t *out) { POSIX_ENSURE_REF(out); const uint64_t result = ((uint64_t) a) * ((uint64_t) b); @@ -194,7 +195,7 @@ int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out) return S2N_SUCCESS; } -int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out) +int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t *out) { POSIX_ENSURE_REF(out); uint64_t result = ((uint64_t) a) + ((uint64_t) b); @@ -203,7 +204,7 @@ int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out) return S2N_SUCCESS; } -int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t* out) +int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t *out) { POSIX_ENSURE_REF(out); POSIX_ENSURE(a >= b, S2N_ERR_INTEGER_OVERFLOW); diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.h b/contrib/restricted/aws/s2n/utils/s2n_safety.h index 438ee2c9d6..e4a037d0fc 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety.h +++ b/contrib/restricted/aws/s2n/utils/s2n_safety.h @@ -15,10 +15,10 @@ #pragma once -#include <string.h> -#include <stdint.h> #include <stdbool.h> +#include <stdint.h> #include <stdlib.h> +#include <string.h> #include "error/s2n_errno.h" #include "utils/s2n_ensure.h" @@ -34,9 +34,9 @@ * Marks a case of a switch statement as able to fall through to the next case */ #if defined(S2N_FALL_THROUGH_SUPPORTED) -# define FALL_THROUGH __attribute__((fallthrough)) + #define FALL_THROUGH __attribute__((fallthrough)) #else -# define FALL_THROUGH ((void)0) + #define FALL_THROUGH ((void) 0) #endif /* Returns `true` if s2n is in unit test mode, `false` otherwise */ @@ -45,25 +45,25 @@ bool s2n_in_unit_test(); /* Sets whether s2n is in unit test mode */ int s2n_in_unit_test_set(bool newval); -#define S2N_IN_INTEG_TEST ( getenv("S2N_INTEG_TEST") != NULL ) -#define S2N_IN_TEST ( s2n_in_unit_test() || S2N_IN_INTEG_TEST ) +#define S2N_IN_INTEG_TEST (getenv("S2N_INTEG_TEST") != NULL) +#define S2N_IN_TEST (s2n_in_unit_test() || S2N_IN_INTEG_TEST) /* Returns 1 if a and b are equal, in constant time */ -extern bool s2n_constant_time_equals(const uint8_t * a, const uint8_t * b, const uint32_t len); +extern bool s2n_constant_time_equals(const uint8_t* a, const uint8_t* b, const uint32_t len); /* Copy src to dst, or don't copy it, in constant time */ -extern int s2n_constant_time_copy_or_dont(uint8_t * dst, const uint8_t * src, uint32_t len, uint8_t dont); +extern int s2n_constant_time_copy_or_dont(uint8_t* dst, const uint8_t* src, uint32_t len, uint8_t dont); /* If src contains valid PKCS#1 v1.5 padding of exactly expectlen bytes, decode * it into dst, otherwise leave dst alone, in constant time. * Always returns zero. */ -extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, uint32_t srclen, uint32_t expectlen); +extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t* dst, const uint8_t* src, uint32_t srclen, uint32_t expectlen); /** * Runs _thecleanup function on _thealloc once _thealloc went out of scope */ #define DEFER_CLEANUP(_thealloc, _thecleanup) \ - __attribute__((cleanup(_thecleanup))) _thealloc + __attribute__((cleanup(_thecleanup))) _thealloc /** * Often we want to free memory on an error, but not on a success. * We do this by declaring a variable with DEFER_CLEANUP, then zeroing @@ -79,25 +79,27 @@ extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * * Instead, let's rely on the consistent error handling behavior of returning from a method early on error * and apply blinding if our tracking variable goes out of scope early. */ -S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **conn); -#define WITH_ERROR_BLINDING(conn, action) do { \ - DEFER_CLEANUP(struct s2n_connection *_conn_to_blind = conn, s2n_connection_apply_error_blinding); \ - action; \ - /* The `if` here is to avoid a redundantInitialization warning from cppcheck */ \ - if (_conn_to_blind) { \ - _conn_to_blind = NULL; \ - } \ -} while (0) +S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection** conn); +#define WITH_ERROR_BLINDING(conn, action) \ + do { \ + DEFER_CLEANUP(struct s2n_connection* _conn_to_blind = conn, s2n_connection_apply_error_blinding); \ + action; \ + /* The `if` here is to avoid a redundantInitialization warning from cppcheck */ \ + if (_conn_to_blind) { \ + _conn_to_blind = NULL; \ + } \ + } while (0) /* Creates cleanup function for pointers from function func which accepts a pointer. * This is useful for DEFER_CLEANUP as it passes &_thealloc into _thecleanup function, * so if _thealloc is a pointer _thecleanup will receive a pointer to a pointer.*/ -#define DEFINE_POINTER_CLEANUP_FUNC(type, func) \ - static inline void func##_pointer(type *p) { \ - if (p && *p) \ - func(*p); \ - } \ - struct __useless_struct_to_allow_trailing_semicolon__ +#define DEFINE_POINTER_CLEANUP_FUNC(type, func) \ + static inline void func##_pointer(type* p) \ + { \ + if (p && *p) \ + func(*p); \ + } \ + struct __useless_struct_to_allow_trailing_semicolon__ #define s2n_array_len(array) ((array != NULL) ? (sizeof(array) / sizeof(array[0])) : 0) diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h index e478724da0..553e49ad83 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h +++ b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h @@ -23,6 +23,8 @@ * should be in there. */ +/* clang-format off */ + #include "error/s2n_errno.h" #include "utils/s2n_ensure.h" #include "utils/s2n_result.h" diff --git a/contrib/restricted/aws/s2n/utils/s2n_set.c b/contrib/restricted/aws/s2n/utils/s2n_set.c index 65c854a73c..cc88b029cc 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_set.c +++ b/contrib/restricted/aws/s2n/utils/s2n_set.c @@ -12,12 +12,13 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ +#include "utils/s2n_set.h" + +#include "utils/s2n_array.h" #include "utils/s2n_blob.h" #include "utils/s2n_mem.h" #include "utils/s2n_result.h" #include "utils/s2n_safety.h" -#include "utils/s2n_set.h" -#include "utils/s2n_array.h" #define S2N_INITIAL_SET_SIZE 16 @@ -30,13 +31,13 @@ S2N_RESULT s2n_set_validate(const struct s2n_set *set) /* Sets "out" to the index at which the element should be inserted. * Returns an error if the element already exists */ -static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint32_t* out) +static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint32_t *out) { RESULT_GUARD(s2n_set_validate(set)); RESULT_ENSURE(S2N_MEM_IS_READABLE(element, set->data->element_size), S2N_ERR_NULL); RESULT_ENSURE_REF(out); struct s2n_array *array = set->data; - int (*comparator)(const void*, const void*) = set->comparator; + int (*comparator)(const void *, const void *) = set->comparator; uint32_t len = 0; RESULT_GUARD(s2n_array_num_elements(array, &len)); @@ -52,7 +53,7 @@ static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint while (low <= top) { int64_t mid = low + ((top - low) / 2); - void* array_element = NULL; + void *array_element = NULL; RESULT_GUARD(s2n_array_get(array, mid, &array_element)); int m = comparator(array_element, element); @@ -72,14 +73,14 @@ static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint return S2N_RESULT_OK; } -struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void*, const void*)) +struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *)) { PTR_ENSURE_REF(comparator); - struct s2n_blob mem = {0}; + struct s2n_blob mem = { 0 }; PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_set))); struct s2n_set *set = (void *) mem.data; - *set = (struct s2n_set) {.data = s2n_array_new(element_size), .comparator = comparator}; - if(set->data == NULL) { + *set = (struct s2n_set){ .data = s2n_array_new(element_size), .comparator = comparator }; + if (set->data == NULL) { PTR_GUARD_POSIX(s2n_free(&mem)); return NULL; } @@ -124,10 +125,9 @@ S2N_RESULT s2n_set_free_p(struct s2n_set **pset) RESULT_GUARD(s2n_array_free(set->data)); /* And finally the set object. */ - RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)pset, sizeof(struct s2n_set))); + RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) pset, sizeof(struct s2n_set))); return S2N_RESULT_OK; - } S2N_RESULT s2n_set_free(struct s2n_set *set) @@ -136,7 +136,6 @@ S2N_RESULT s2n_set_free(struct s2n_set *set) return s2n_set_free_p(&set); } - S2N_RESULT s2n_set_len(struct s2n_set *set, uint32_t *len) { RESULT_GUARD(s2n_set_validate(set)); diff --git a/contrib/restricted/aws/s2n/utils/s2n_set.h b/contrib/restricted/aws/s2n/utils/s2n_set.h index 917123a076..263cf86964 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_set.h +++ b/contrib/restricted/aws/s2n/utils/s2n_set.h @@ -15,16 +15,16 @@ #pragma once #include "api/s2n.h" -#include "utils/s2n_result.h" #include "utils/s2n_array.h" +#include "utils/s2n_result.h" struct s2n_set { - struct s2n_array *data; - int (*comparator)(const void*, const void*); + struct s2n_array *data; + int (*comparator)(const void *, const void *); }; extern S2N_RESULT s2n_set_validate(const struct s2n_set *set); -extern struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void*, const void*)); +extern struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *)); extern S2N_RESULT s2n_set_add(struct s2n_set *set, void *element); extern S2N_RESULT s2n_set_get(struct s2n_set *set, uint32_t idx, void **element); extern S2N_RESULT s2n_set_remove(struct s2n_set *set, uint32_t idx); diff --git a/contrib/restricted/aws/s2n/utils/s2n_socket.c b/contrib/restricted/aws/s2n/utils/s2n_socket.c index 4c809f4cf5..6928f1e015 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_socket.c +++ b/contrib/restricted/aws/s2n/utils/s2n_socket.c @@ -13,28 +13,28 @@ * permissions and limitations under the License. */ -#include "tls/s2n_connection.h" - #include "utils/s2n_socket.h" -#include "utils/s2n_safety.h" -#include <netinet/tcp.h> #include <netinet/in.h> +#include <netinet/tcp.h> #include <sys/socket.h> #include <unistd.h> +#include "tls/s2n_connection.h" +#include "utils/s2n_safety.h" + #if TCP_CORK - #define S2N_CORK TCP_CORK - #define S2N_CORK_ON 1 - #define S2N_CORK_OFF 0 + #define S2N_CORK TCP_CORK + #define S2N_CORK_ON 1 + #define S2N_CORK_OFF 0 #elif TCP_NOPUSH - #define S2N_CORK TCP_NOPUSH - #define S2N_CORK_ON 1 - #define S2N_CORK_OFF 0 + #define S2N_CORK TCP_NOPUSH + #define S2N_CORK_ON 1 + #define S2N_CORK_OFF 0 #elif TCP_NODELAY - #define S2N_CORK TCP_NODELAY - #define S2N_CORK_ON 0 - #define S2N_CORK_OFF 1 + #define S2N_CORK TCP_NODELAY + #define S2N_CORK_ON 0 + #define S2N_CORK_OFF 1 #endif int s2n_socket_quickack(struct s2n_connection *conn) @@ -190,14 +190,14 @@ int s2n_socket_read(void *io_context, uint8_t *buf, uint32_t len) { POSIX_ENSURE_REF(io_context); POSIX_ENSURE_REF(buf); - int rfd = ((struct s2n_socket_read_io_context*) io_context)->fd; + int rfd = ((struct s2n_socket_read_io_context *) io_context)->fd; if (rfd < 0) { errno = EBADF; POSIX_BAIL(S2N_ERR_BAD_FD); } /* Clear the quickack flag so we know to reset it */ - ((struct s2n_socket_read_io_context*) io_context)->tcp_quickack_set = 0; + ((struct s2n_socket_read_io_context *) io_context)->tcp_quickack_set = 0; /* On success, the number of bytes read is returned. On failure, -1 is * returned and errno is set appropriately. */ @@ -210,7 +210,7 @@ int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len) { POSIX_ENSURE_REF(io_context); POSIX_ENSURE_REF(buf); - int wfd = ((struct s2n_socket_write_io_context*) io_context)->fd; + int wfd = ((struct s2n_socket_write_io_context *) io_context)->fd; if (wfd < 0) { errno = EBADF; POSIX_BAIL(S2N_ERR_BAD_FD); @@ -223,19 +223,19 @@ int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len) return result; } -int s2n_socket_is_ipv6(int fd, uint8_t *ipv6) +int s2n_socket_is_ipv6(int fd, uint8_t *ipv6) { POSIX_ENSURE_REF(ipv6); socklen_t len; struct sockaddr_storage addr; - len = sizeof (addr); - POSIX_GUARD(getpeername(fd, (struct sockaddr*)&addr, &len)); - + len = sizeof(addr); + POSIX_GUARD(getpeername(fd, (struct sockaddr *) &addr, &len)); + *ipv6 = 0; if (AF_INET6 == addr.ss_family) { - *ipv6 = 1; + *ipv6 = 1; } - + return 0; } diff --git a/contrib/restricted/aws/s2n/utils/s2n_socket.h b/contrib/restricted/aws/s2n/utils/s2n_socket.h index 693ac758a3..d7f34a25ee 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_socket.h +++ b/contrib/restricted/aws/s2n/utils/s2n_socket.h @@ -23,9 +23,9 @@ struct s2n_socket_read_io_context { int fd; /* Has TCP_QUICKACK been set since the last read */ - unsigned int tcp_quickack_set:1; + unsigned int tcp_quickack_set : 1; /* Original SO_RCVLOWAT socket option settings before s2n takes over the fd */ - unsigned int original_rcvlowat_is_set:1; + unsigned int original_rcvlowat_is_set : 1; int original_rcvlowat_val; }; @@ -33,9 +33,9 @@ struct s2n_socket_read_io_context { struct s2n_socket_write_io_context { /* The peer's fd */ int fd; - + /* Original TCP_CORK socket option settings before s2n takes over the fd */ - unsigned int original_cork_is_set:1; + unsigned int original_cork_is_set : 1; int original_cork_val; }; diff --git a/contrib/restricted/aws/s2n/utils/s2n_timer.c b/contrib/restricted/aws/s2n/utils/s2n_timer.c index 4b834ef6ad..3017d4af9c 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_timer.c +++ b/contrib/restricted/aws/s2n/utils/s2n_timer.c @@ -13,33 +13,33 @@ * permissions and limitations under the License. */ -#include "utils/s2n_result.h" -#include "utils/s2n_safety.h" #include "utils/s2n_timer.h" #include "tls/s2n_config.h" +#include "utils/s2n_result.h" +#include "utils/s2n_safety.h" S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer) { RESULT_ENSURE(config->monotonic_clock(config->monotonic_clock_ctx, &timer->time) >= S2N_SUCCESS, - S2N_ERR_CANCELLED); + S2N_ERR_CANCELLED); return S2N_RESULT_OK; } -S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds) +S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds) { uint64_t current_time; RESULT_ENSURE(config->monotonic_clock(config->monotonic_clock_ctx, ¤t_time) >= S2N_SUCCESS, - S2N_ERR_CANCELLED); + S2N_ERR_CANCELLED); *nanoseconds = current_time - timer->time; return S2N_RESULT_OK; } -S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds) +S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds) { uint64_t previous_time = timer->time; diff --git a/contrib/restricted/aws/s2n/utils/s2n_timer.h b/contrib/restricted/aws/s2n/utils/s2n_timer.h index 8bd2b262c3..dbf4a3efcd 100644 --- a/contrib/restricted/aws/s2n/utils/s2n_timer.h +++ b/contrib/restricted/aws/s2n/utils/s2n_timer.h @@ -16,6 +16,7 @@ #pragma once #include <stdint.h> + #include "utils/s2n_result.h" struct s2n_timer { @@ -23,5 +24,5 @@ struct s2n_timer { }; extern S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer); -extern S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds); -extern S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds); +extern S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); +extern S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds); |