aboutsummaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorrobot-contrib <robot-contrib@yandex-team.com>2022-12-14 15:26:54 +0300
committerrobot-contrib <robot-contrib@yandex-team.com>2022-12-14 15:26:54 +0300
commit4925d989167591a367baa018abd3dde8b24ce47f (patch)
tree1853212a7f126028a55f7ba871105c081089256d /contrib
parent6aec14798ad91ed132f3da681c3d5b9c6fb2240d (diff)
downloadydb-4925d989167591a367baa018abd3dde8b24ce47f.tar.gz
Update contrib/restricted/aws/s2n to 1.3.29
Diffstat (limited to 'contrib')
-rw-r--r--contrib/restricted/aws/s2n/api/s2n.h195
-rw-r--r--contrib/restricted/aws/s2n/api/unstable/crl.h181
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c8
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c2
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c2
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c4
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_cipher.h28
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c8
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c2
-rw-r--r--contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c2
-rw-r--r--contrib/restricted/aws/s2n/error/s2n_errno.c48
-rw-r--r--contrib/restricted/aws/s2n/error/s2n_errno.h65
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c61
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h59
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer_base64.c46
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c26
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c22
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c51
-rw-r--r--contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c20
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c9
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c8
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c5
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c18
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c27
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c8
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c9
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c8
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c22
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c18
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c14
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c9
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c15
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h20
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c176
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c1
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h12
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c4
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c4
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c9
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c8
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c5
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c38
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c11
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c10
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c10
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c4
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c6
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c7
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c10
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h3
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c4
-rw-r--r--contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h2
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_config.c10
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_crl.h15
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_record.h12
-rw-r--r--contrib/restricted/aws/s2n/tls/s2n_record_write.c4
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_array.c15
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_asn1_time.c54
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_asn1_time.h1
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_bitmap.h10
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_blob.c21
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_blob.h39
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_compiler.h7
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_ensure.c2
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_ensure.h104
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_fork_detection.c43
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_init.c35
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_map.c47
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_map.h1
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_mem.c25
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_mem.h4
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_random.c116
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_random.h1
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_result.c6
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_result.h11
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_rfc5952.c25
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_rfc5952.h1
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_safety.c17
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_safety.h52
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_safety_macros.h2
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_set.c23
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_set.h8
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_socket.c44
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_socket.h8
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_timer.c12
-rw-r--r--contrib/restricted/aws/s2n/utils/s2n_timer.h5
118 files changed, 1234 insertions, 983 deletions
diff --git a/contrib/restricted/aws/s2n/api/s2n.h b/contrib/restricted/aws/s2n/api/s2n.h
index eda5bdd7a2..90067edc2b 100644
--- a/contrib/restricted/aws/s2n/api/s2n.h
+++ b/contrib/restricted/aws/s2n/api/s2n.h
@@ -23,25 +23,25 @@
#pragma once
#if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS)
-/**
- * Marks a function as belonging to the public s2n API.
- */
-# define S2N_API __attribute__((visibility("default")))
+ /**
+ * Marks a function as belonging to the public s2n API.
+ */
+ #define S2N_API __attribute__((visibility("default")))
#else
-/**
- * Marks a function as belonging to the public s2n API.
- */
-# define S2N_API
+ /**
+ * Marks a function as belonging to the public s2n API.
+ */
+ #define S2N_API
#endif /* __GNUC__ >= 4 || defined(__clang__) */
#ifdef __cplusplus
extern "C" {
#endif
-#include <sys/types.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
+#include <sys/types.h>
#include <sys/uio.h>
/**
@@ -67,7 +67,7 @@ extern "C" {
* s2n maximum supported TLS record major version
*/
#define S2N_MAXIMUM_SUPPORTED_TLS_RECORD_MAJOR_VERSION 3
-
+
/**
* s2n SSL 2.0 Version Constant
*/
@@ -92,7 +92,7 @@ extern "C" {
* s2n TLS 1.2 Version Constant
*/
#define S2N_TLS12 33
-
+
/**
* s2n TLS 1.3 Version Constant
*/
@@ -146,22 +146,22 @@ extern int *s2n_errno_location(void);
* See the [Error Handling](https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md#error-handling) section for how the errors should be interpreted.
*/
typedef enum {
- /** No error */
- S2N_ERR_T_OK=0,
- /** Underlying I/O operation failed, check system errno */
- S2N_ERR_T_IO,
- /** EOF */
- S2N_ERR_T_CLOSED,
- /** Underlying I/O operation would block */
- S2N_ERR_T_BLOCKED,
- /** Incoming Alert */
- S2N_ERR_T_ALERT,
- /** Failure in some part of the TLS protocol. Ex: CBC verification failure */
- S2N_ERR_T_PROTO,
- /** Error internal to s2n-tls. A precondition could have failed. */
- S2N_ERR_T_INTERNAL,
- /** User input error. Ex: Providing an invalid cipher preference version */
- S2N_ERR_T_USAGE
+ /** No error */
+ S2N_ERR_T_OK = 0,
+ /** Underlying I/O operation failed, check system errno */
+ S2N_ERR_T_IO,
+ /** EOF */
+ S2N_ERR_T_CLOSED,
+ /** Underlying I/O operation would block */
+ S2N_ERR_T_BLOCKED,
+ /** Incoming Alert */
+ S2N_ERR_T_ALERT,
+ /** Failure in some part of the TLS protocol. Ex: CBC verification failure */
+ S2N_ERR_T_PROTO,
+ /** Error internal to s2n-tls. A precondition could have failed. */
+ S2N_ERR_T_INTERNAL,
+ /** User input error. Ex: Providing an invalid cipher preference version */
+ S2N_ERR_T_USAGE
} s2n_error_type;
/**
@@ -290,7 +290,7 @@ extern int s2n_config_free_cert_chain_and_key(struct s2n_config *config);
* @param uint64_t* A pointer that the callback will set to the time in nanoseconds
* The function should return 0 on success and -1 on failure.
*/
-typedef int (*s2n_clock_time_nanoseconds) (void *, uint64_t *);
+typedef int (*s2n_clock_time_nanoseconds)(void *, uint64_t *);
/**
* Cache callback function that allows the caller to retrieve SSL session data
@@ -312,7 +312,7 @@ typedef int (*s2n_clock_time_nanoseconds) (void *, uint64_t *);
*
* This will cause s2n_negotiate() to return S2N_BLOCKED_ON_APPLICATION_INPUT.
*/
-typedef int (*s2n_cache_retrieve_callback) (struct s2n_connection *conn, void *, const void *key, uint64_t key_size, void *value, uint64_t *value_size);
+typedef int (*s2n_cache_retrieve_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size, void *value, uint64_t *value_size);
/**
* Cache callback function that allows the caller to store SSL session data in a
@@ -327,7 +327,7 @@ typedef int (*s2n_cache_retrieve_callback) (struct s2n_connection *conn, void *,
* a pointer to a value which should be stored,
* and a 64 bit unsigned integer specified the size of this value.
*/
-typedef int (*s2n_cache_store_callback) (struct s2n_connection *conn, void *, uint64_t ttl_in_seconds, const void *key, uint64_t key_size, const void *value, uint64_t value_size);
+typedef int (*s2n_cache_store_callback)(struct s2n_connection *conn, void *, uint64_t ttl_in_seconds, const void *key, uint64_t key_size, const void *value, uint64_t value_size);
/**
* Cache callback function that allows the caller to set a callback function
@@ -338,8 +338,8 @@ typedef int (*s2n_cache_store_callback) (struct s2n_connection *conn, void *, ui
* a pointer to arbitrary data for use within the callback,
* a pointer to a key which can be used to delete the cached entry,
* and a 64 bit unsigned integer specifying the size of this key.
-*/
-typedef int (*s2n_cache_delete_callback) (struct s2n_connection *conn, void *, const void *key, uint64_t key_size);
+*/
+typedef int (*s2n_cache_delete_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size);
/**
* Allows the caller to set a callback function that will be used to get the
@@ -400,7 +400,7 @@ extern const char *s2n_strerror_debug(int error, const char *lang);
* @returns The error string
*/
S2N_API
-extern const char *s2n_strerror_name(int error);
+extern const char *s2n_strerror_name(int error);
/**
* Opaque stack trace structure.
@@ -533,7 +533,7 @@ typedef int (*s2n_mem_free_callback)(void *ptr, uint32_t size);
*/
S2N_API
extern int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback,
- s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback);
+ s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback);
/**
* A callback function that will be called when s2n-tls is initialized.
@@ -753,7 +753,7 @@ extern int s2n_cert_chain_and_key_set_sct_list(struct s2n_cert_chain_and_key *ch
* If NULL is returned, the first certificate will be used. Typically an application
* will use properties like trust and expiry to implement tiebreaking.
*/
-typedef struct s2n_cert_chain_and_key* (*s2n_cert_tiebreak_callback) (struct s2n_cert_chain_and_key *cert1, struct s2n_cert_chain_and_key *cert2, uint8_t *name, uint32_t name_len);
+typedef struct s2n_cert_chain_and_key *(*s2n_cert_tiebreak_callback)(struct s2n_cert_chain_and_key *cert1, struct s2n_cert_chain_and_key *cert2, uint8_t *name, uint32_t name_len);
/**
* Sets the `s2n_cert_tiebreak_callback` for resolving domain name conflicts.
@@ -825,8 +825,7 @@ extern int s2n_config_add_cert_chain_and_key_to_store(struct s2n_config *config,
*/
S2N_API
extern int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config,
- struct s2n_cert_chain_and_key **cert_key_pairs,
- uint32_t num_cert_key_pairs);
+ struct s2n_cert_chain_and_key **cert_key_pairs, uint32_t num_cert_key_pairs);
/**
* Adds to the trust store from a CA file or directory containing trusted certificates.
@@ -871,7 +870,10 @@ extern int s2n_config_add_pem_to_trust_store(struct s2n_config *config, const ch
S2N_API
extern int s2n_config_wipe_trust_store(struct s2n_config *config);
-typedef enum { S2N_VERIFY_AFTER_SIGN_DISABLED, S2N_VERIFY_AFTER_SIGN_ENABLED } s2n_verify_after_sign;
+typedef enum {
+ S2N_VERIFY_AFTER_SIGN_DISABLED,
+ S2N_VERIFY_AFTER_SIGN_ENABLED
+} s2n_verify_after_sign;
/**
* Toggle whether generated signatures are verified before being sent.
@@ -898,7 +900,7 @@ extern int s2n_config_set_verify_after_sign(struct s2n_config *config, s2n_verif
*
* Less memory can be allocated for the send buffer, but this will result in
* smaller, more fragmented records and increased overhead. While the absolute
- * minimum size required is 1025 bytes, at least 2K bytes is recommended for
+ * minimum size required is 1031 bytes, at least 2K bytes is recommended for
* reasonable record sizes.
*
* More memory can be allocated for the send buffer. This will result in s2n-tls
@@ -927,7 +929,7 @@ extern int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t s
*
* Data is a opaque user context set in s2n_config_set_verify_host_callback() or s2n_connection_set_verify_host_callback().
*/
-typedef uint8_t (*s2n_verify_host_fn) (const char *host_name, size_t host_name_len, void *data);
+typedef uint8_t (*s2n_verify_host_fn)(const char *host_name, size_t host_name_len, void *data);
/**
* Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted.
@@ -1034,14 +1036,17 @@ extern int s2n_config_append_protocol_preference(struct s2n_config *config, cons
* @returns S2N_SUCCESS on success. S2N_FAILURE on failure
*/
S2N_API
-extern int s2n_config_set_protocol_preferences(struct s2n_config *config, const char * const *protocols, int protocol_count);
+extern int s2n_config_set_protocol_preferences(struct s2n_config *config, const char *const *protocols, int protocol_count);
/**
* Enum used to define the type, if any, of certificate status request
* an S2N_CLIENT should make during the handshake. The only supported status request type is
* OCSP, `S2N_STATUS_REQUEST_OCSP`.
*/
-typedef enum { S2N_STATUS_REQUEST_NONE = 0, S2N_STATUS_REQUEST_OCSP = 1 } s2n_status_request_type;
+typedef enum {
+ S2N_STATUS_REQUEST_NONE = 0,
+ S2N_STATUS_REQUEST_OCSP = 1
+} s2n_status_request_type;
/**
* Sets up an S2N_CLIENT to request the server certificate status during an SSL handshake. If set
@@ -1057,7 +1062,10 @@ extern int s2n_config_set_status_request_type(struct s2n_config *config, s2n_sta
/**
* Enum to set Certificate Transparency Support level.
*/
-typedef enum { S2N_CT_SUPPORT_NONE = 0, S2N_CT_SUPPORT_REQUEST = 1 } s2n_ct_support_level;
+typedef enum {
+ S2N_CT_SUPPORT_NONE = 0,
+ S2N_CT_SUPPORT_REQUEST = 1
+} s2n_ct_support_level;
/**
* Set the Certificate Transparency Support level.
@@ -1079,7 +1087,10 @@ extern int s2n_config_set_ct_support_level(struct s2n_config *config, s2n_ct_sup
* @note TLS1.3 terminates a connection for all alerts except user_canceled.
* @warning S2N_ALERT_FAIL_ON_WARNINGS is the recommended behavior. Past TLS protocol vulnerabilities have involved downgrading alerts to warnings.
*/
-typedef enum { S2N_ALERT_FAIL_ON_WARNINGS = 0, S2N_ALERT_IGNORE_WARNINGS = 1 } s2n_alert_behavior;
+typedef enum {
+ S2N_ALERT_FAIL_ON_WARNINGS = 0,
+ S2N_ALERT_IGNORE_WARNINGS = 1
+} s2n_alert_behavior;
/**
* Sets the config's alert behavior based on the `s2n_alert_behavior` enum.
@@ -1194,7 +1205,6 @@ extern int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config
S2N_API
extern int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs);
-
/**
* Adds session ticket key on the server side. It would be ideal to add new keys after every
* (encrypt_decrypt_key_lifetime_in_nanos/2) nanos because this will allow for gradual and
@@ -1209,10 +1219,8 @@ extern int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config,
* @returns S2N_SUCCESS on success. S2N_FAILURE on failure
*/
S2N_API
-extern int s2n_config_add_ticket_crypto_key(struct s2n_config *config,
- const uint8_t *name, uint32_t name_len,
- uint8_t *key, uint32_t key_len,
- uint64_t intro_time_in_seconds_from_epoch);
+extern int s2n_config_add_ticket_crypto_key(struct s2n_config *config, const uint8_t *name, uint32_t name_len,
+ uint8_t *key, uint32_t key_len, uint64_t intro_time_in_seconds_from_epoch);
/**
* Sets user defined context on the `s2n_config` object.
*
@@ -1237,7 +1245,10 @@ extern int s2n_config_get_ctx(struct s2n_config *config, void **ctx);
/**
* Used to declare connections as server or client type, respectively.
*/
-typedef enum { S2N_SERVER, S2N_CLIENT } s2n_mode;
+typedef enum {
+ S2N_SERVER,
+ S2N_CLIENT
+} s2n_mode;
/**
* Creates a new connection object. Each s2n-tls SSL/TLS connection uses
@@ -1301,7 +1312,10 @@ typedef int s2n_client_hello_fn(struct s2n_connection *conn, void *ctx);
* - `S2N_CLIENT_HELLO_CB_NONBLOCKING`:
* - In non-blocking mode, s2n-tls expects the callback to not complete its work. If the callback returns a response code of 0 s2n-tls will return `S2N_FAILURE` with `S2N_ERR_T_BLOCKED` error type and `s2n_blocked_status` set to `S2N_BLOCKED_ON_APPLICATION_INPUT`. The handshake is paused and further calls to `s2n_negotiate` will continue to return the same error until `s2n_client_hello_cb_done` is invoked for the `s2n_connection` to resume the handshake. This allows s2n-tls clients to process client_hello without blocking and then resume the handshake at a later time. If any of the connection properties were changed on the basis of the server_name extension then `s2n_connection_server_name_extension_used` must be invoked before marking the callback done.
*/
-typedef enum { S2N_CLIENT_HELLO_CB_BLOCKING, S2N_CLIENT_HELLO_CB_NONBLOCKING } s2n_client_hello_cb_mode;
+typedef enum {
+ S2N_CLIENT_HELLO_CB_BLOCKING,
+ S2N_CLIENT_HELLO_CB_NONBLOCKING
+} s2n_client_hello_cb_mode;
/**
* Allows the caller to set a callback function that will be called after ClientHello was parsed.
@@ -1722,7 +1736,10 @@ extern int s2n_connection_set_verify_host_callback(struct s2n_connection *conn,
* activity on the connection for the specified number of nanoseconds before calling
* close() or shutdown().
*/
-typedef enum { S2N_BUILT_IN_BLINDING, S2N_SELF_SERVICE_BLINDING } s2n_blinding;
+typedef enum {
+ S2N_BUILT_IN_BLINDING,
+ S2N_SELF_SERVICE_BLINDING
+} s2n_blinding;
/**
* Used to configure s2n-tls to either use built-in blinding (set blinding to S2N_BUILT_IN_BLINDING) or
@@ -1777,7 +1794,7 @@ extern int s2n_connection_append_protocol_preference(struct s2n_connection *conn
* @returns S2N_SUCCESS on success. S2N_FAILURE on failure
*/
S2N_API
-extern int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char * const *protocols, int protocol_count);
+extern int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char *const *protocols, int protocol_count);
/**
* Sets the server name for the connection.
@@ -1960,7 +1977,7 @@ extern ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct i
* @returns number of bytes read. 0 if the connection was shutdown by peer.
*/
S2N_API
-extern ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked);
+extern ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked);
/**
* Allows users of s2n-tls to peek inside the data buffer of an s2n-tls connection to see if there more data to be read without actually reading it.
@@ -2047,7 +2064,11 @@ extern int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked
*
* Currently the default for s2n-tls is for neither the server side or the client side to use Client (aka Mutual) authentication.
*/
-typedef enum { S2N_CERT_AUTH_NONE, S2N_CERT_AUTH_REQUIRED, S2N_CERT_AUTH_OPTIONAL } s2n_cert_auth_type;
+typedef enum {
+ S2N_CERT_AUTH_NONE,
+ S2N_CERT_AUTH_REQUIRED,
+ S2N_CERT_AUTH_OPTIONAL
+} s2n_cert_auth_type;
/**
* Gets Client Certificate authentication method the s2n_config object is using.
@@ -2345,7 +2366,7 @@ typedef enum {
S2N_TLS_HASH_SHA256 = 4,
S2N_TLS_HASH_SHA384 = 5,
S2N_TLS_HASH_SHA512 = 6,
-
+
/* Use Private Range for MD5_SHA1 */
S2N_TLS_HASH_MD5_SHA1 = 224
} s2n_tls_hash_algorithm;
@@ -2487,7 +2508,7 @@ extern int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn,
* @param oid A null-terminated cstring that contains the OID of the X.509 certificate extension to be read.
* @param ext_value_len This return value contains the length of DER encoded extension value of the ASN.1 X.509 certificate extension.
*/
-S2N_API
+S2N_API
extern int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const uint8_t *oid, uint32_t *ext_value_len);
/**
@@ -2501,7 +2522,7 @@ extern int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const
* When used as an output parameter, `ext_value_len` holds the actual length of the DER encoding of the ASN.1 X.509 certificate extension value returned.
* @param critical This return value contains the boolean value for `critical`.
*/
-S2N_API
+S2N_API
extern int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_t *oid, uint8_t *ext_value, uint32_t *ext_value_len, bool *critical);
/**
@@ -2511,7 +2532,7 @@ extern int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_
* @param extension_len represents the length of the input buffer `extension_data`.
* @param utf8_str_len This return value contains the UTF8 String length of the ASN.1 X.509 certificate extension data.
*/
-S2N_API
+S2N_API
extern int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *extension_data, uint32_t extension_len, uint32_t *utf8_str_len);
/**
@@ -2525,7 +2546,7 @@ extern int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *ex
* When used as an input parameter, the caller must use this parameter to convey the maximum length of `out_data`.
* When used as an output parameter, `out_len` holds the actual length of UTF8 String returned.
*/
-S2N_API
+S2N_API
extern int s2n_cert_get_utf8_string_from_extension_data(const uint8_t *extension_data, uint32_t extension_len, uint8_t *out_data, uint32_t *out_len);
/**
@@ -2550,14 +2571,14 @@ struct s2n_psk;
* @returns struct s2n_psk* Returns a pointer to the newly created external PSK object.
*/
S2N_API
-struct s2n_psk* s2n_external_psk_new(void);
+struct s2n_psk *s2n_external_psk_new(void);
/**
* Frees the memory associated with the external PSK object.
*
* @param psk Pointer to the PSK object to be freed.
*/
-S2N_API
+S2N_API
int s2n_psk_free(struct s2n_psk **psk);
/**
@@ -2577,7 +2598,7 @@ int s2n_psk_free(struct s2n_psk **psk);
* @param identity The identity in raw bytes format to be copied.
* @param identity_size The length of the PSK identity being set.
*/
-S2N_API
+S2N_API
int s2n_psk_set_identity(struct s2n_psk *psk, const uint8_t *identity, uint16_t identity_size);
/**
@@ -2596,7 +2617,7 @@ int s2n_psk_set_identity(struct s2n_psk *psk, const uint8_t *identity, uint16_t
* @param secret The secret in raw bytes format to be copied.
* @param secret_size The length of the pre-shared secret being set.
*/
-S2N_API
+S2N_API
int s2n_psk_set_secret(struct s2n_psk *psk, const uint8_t *secret, uint16_t secret_size);
/**
@@ -2606,7 +2627,7 @@ int s2n_psk_set_secret(struct s2n_psk *psk, const uint8_t *secret, uint16_t secr
* @param psk A pointer to the external PSK object to be updated with the PSK hash algorithm.
* @param hmac The PSK hash algorithm being set.
*/
-S2N_API
+S2N_API
int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac);
/**
@@ -2618,7 +2639,7 @@ int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac);
* @param conn A pointer to the s2n_connection object that contains the list of PSKs supported.
* @param psk A pointer to the `s2n_psk` object to be appended to the list of PSKs on the s2n connection.
*/
-S2N_API
+S2N_API
int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *psk);
/**
@@ -2626,10 +2647,10 @@ int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *psk);
* Currently s2n-tls supports two modes - `S2N_PSK_MODE_RESUMPTION`, which represents the PSKs established
* using the previous connection via session resumption, and `S2N_PSK_MODE_EXTERNAL`, which represents PSKs
* established out-of-band/externally using a secure mutually agreed upon mechanism.
- */
+ */
typedef enum {
S2N_PSK_MODE_RESUMPTION,
- S2N_PSK_MODE_EXTERNAL
+ S2N_PSK_MODE_EXTERNAL
} s2n_psk_mode;
/**
@@ -2639,7 +2660,7 @@ typedef enum {
* @param config A pointer to the s2n_config object being updated.
* @param mode The PSK mode to be set.
*/
-S2N_API
+S2N_API
int s2n_config_set_psk_mode(struct s2n_config *config, s2n_psk_mode mode);
/**
@@ -2650,7 +2671,7 @@ int s2n_config_set_psk_mode(struct s2n_config *config, s2n_psk_mode mode);
* @param conn A pointer to the s2n_connection object being updated.
* @param mode The PSK mode to be set.
*/
-S2N_API
+S2N_API
int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode);
/**
@@ -2664,7 +2685,7 @@ int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode);
* @param conn A pointer to the s2n_connection object that successfully negotiated a PSK connection.
* @param identity_length The length of the negotiated PSK identity.
*/
-S2N_API
+S2N_API
int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *conn, uint16_t *identity_length);
/**
@@ -2683,7 +2704,7 @@ int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *con
* @param max_identity_length The maximum length for the PSK identity. If the negotiated psk_identity length is
* greater than this `max_identity_length` value an error will be returned.
*/
-S2N_API
+S2N_API
int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, uint16_t max_identity_length);
struct s2n_offered_psk;
@@ -2698,15 +2719,15 @@ struct s2n_offered_psk;
*
* @returns struct s2n_offered_psk* Returns a pointer to the newly created offered PSK object.
*/
-S2N_API
-struct s2n_offered_psk* s2n_offered_psk_new(void);
+S2N_API
+struct s2n_offered_psk *s2n_offered_psk_new(void);
/**
* Frees the memory associated with the `s2n_offered_psk` object.
*
* @param psk A pointer to the `s2n_offered_psk` object to be freed.
*/
-S2N_API
+S2N_API
int s2n_offered_psk_free(struct s2n_offered_psk **psk);
/**
@@ -2716,8 +2737,8 @@ int s2n_offered_psk_free(struct s2n_offered_psk **psk);
* @param identity The PSK identity being obtained.
* @param size The length of the PSK identity being obtained.
*/
-S2N_API
-int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t** identity, uint16_t *size);
+S2N_API
+int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size);
struct s2n_offered_psk_list;
@@ -2733,7 +2754,7 @@ struct s2n_offered_psk_list;
* @param psk_list A pointer to the offered PSK list being read.
* @returns bool A boolean value representing whether an offered psk object is present next in line in the offered PSK list.
*/
-S2N_API
+S2N_API
bool s2n_offered_psk_list_has_next(struct s2n_offered_psk_list *psk_list);
/**
@@ -2743,7 +2764,7 @@ bool s2n_offered_psk_list_has_next(struct s2n_offered_psk_list *psk_list);
* @param psk_list A pointer to the offered PSK list being read.
* @param psk A pointer to the next offered PSK object being obtained.
*/
-S2N_API
+S2N_API
int s2n_offered_psk_list_next(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk);
/**
@@ -2754,7 +2775,7 @@ int s2n_offered_psk_list_next(struct s2n_offered_psk_list *psk_list, struct s2n_
*
* @param psk_list A pointer to the offered PSK list being reread.
*/
-S2N_API
+S2N_API
int s2n_offered_psk_list_reread(struct s2n_offered_psk_list *psk_list);
/**
@@ -2785,7 +2806,7 @@ S2N_API int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_lis
* @param psk_list A pointer to the offered PSK list being read.
*/
typedef int (*s2n_psk_selection_callback)(struct s2n_connection *conn, void *context,
- struct s2n_offered_psk_list *psk_list);
+ struct s2n_offered_psk_list *psk_list);
/**
* Sets the callback to select the matching PSK.
@@ -2796,7 +2817,7 @@ typedef int (*s2n_psk_selection_callback)(struct s2n_connection *conn, void *con
* @param cb The function that should be called when the callback is triggered.
* @param context A pointer to a context for the caller to pass state to the callback, if needed.
*/
-S2N_API
+S2N_API
int s2n_config_set_psk_selection_callback(struct s2n_config *config, s2n_psk_selection_callback cb, void *context);
/**
@@ -2986,12 +3007,18 @@ struct s2n_async_pkey_op;
* - `S2N_ASYNC_PKEY_VALIDATION_FAST` - default behavior: s2n-tls will perform only the minimum validation required for safe use of the asyn pkey operation.
* - `S2N_ASYNC_PKEY_VALIDATION_STRICT` - in addition to the previous checks, s2n-tls will also ensure that the signature created as a result of the async private key sign operation matches the public key on the connection.
*/
-typedef enum { S2N_ASYNC_PKEY_VALIDATION_FAST, S2N_ASYNC_PKEY_VALIDATION_STRICT } s2n_async_pkey_validation_mode;
+typedef enum {
+ S2N_ASYNC_PKEY_VALIDATION_FAST,
+ S2N_ASYNC_PKEY_VALIDATION_STRICT
+} s2n_async_pkey_validation_mode;
/**
* The type of private key operation
*/
-typedef enum { S2N_ASYNC_DECRYPT, S2N_ASYNC_SIGN } s2n_async_pkey_op_type;
+typedef enum {
+ S2N_ASYNC_DECRYPT,
+ S2N_ASYNC_SIGN
+} s2n_async_pkey_op_type;
/**
* Callback function for handling private key operations
diff --git a/contrib/restricted/aws/s2n/api/unstable/crl.h b/contrib/restricted/aws/s2n/api/unstable/crl.h
new file mode 100644
index 0000000000..149dd84697
--- /dev/null
+++ b/contrib/restricted/aws/s2n/api/unstable/crl.h
@@ -0,0 +1,181 @@
+/*
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+* http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#pragma once
+
+#include <s2n.h>
+
+/**
+ * @file crl.h
+ *
+ * The following APIs enable applications to determine if a received certificate has been revoked by its CA, via
+ * Certificate Revocation Lists (CRLs). Please see the CRL Validation section in the usage guide for more information.
+ *
+ * The CRL APIs are currently considered unstable, since they have been recently added to s2n-tls. After gaining more
+ * confidence in the correctness and usability of these APIs, they will be made stable.
+ *
+ */
+
+struct s2n_crl_lookup;
+
+/**
+ * A callback which can be implemented to provide s2n-tls with CRLs to use for CRL validation.
+ *
+ * This callback is triggered once for each certificate received during the handshake. To provide s2n-tls with a CRL for
+ * the certificate, use `s2n_crl_lookup_set()`. To ignore the certificate and not provide a CRL, use
+ * `s2n_crl_lookup_ignore()`.
+ *
+ * This callback can be synchronous or asynchronous. For asynchronous behavior, return success without calling
+ * `s2n_crl_lookup_set()` or `s2n_crl_lookup_ignore()`. `s2n_negotiate()` will return S2N_BLOCKED_ON_APPLICATION_INPUT
+ * until one of these functions is called for each invoked callback.
+ *
+ * @param lookup The CRL lookup for the given certificate.
+ * @param context Context for the callback function.
+ * @returns 0 on success, -1 on failure.
+ */
+typedef int (*s2n_crl_lookup_callback)(struct s2n_crl_lookup *lookup, void *context);
+
+/**
+ * Set a callback to provide CRLs to use for CRL validation.
+ *
+ * @param config A pointer to the connection config
+ * @param s2n_crl_lookup_callback The function to be called for each received certificate.
+ * @param context Context to be passed to the callback function.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on failure
+ */
+S2N_API
+int s2n_config_set_crl_lookup_cb(struct s2n_config *config, s2n_crl_lookup_callback callback, void *context);
+
+/**
+ * Allocates a new `s2n_crl` struct.
+ *
+ * Use `s2n_crl_load_pem()` to load the struct with a CRL pem.
+ *
+ * The allocated struct must be freed with `s2n_crl_free()`.
+ *
+ * @return A pointer to the allocated `s2n_crl` struct.
+ */
+S2N_API
+struct s2n_crl *s2n_crl_new(void);
+
+/**
+ * Loads a CRL with pem data.
+ *
+ * @param crl The CRL to load with the PEM data.
+ * @param pem The PEM data to load `crl` with.
+ * @param len The length of the pem data.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on error.
+ */
+S2N_API
+int s2n_crl_load_pem(struct s2n_crl *crl, uint8_t *pem, size_t len);
+
+/**
+ * Frees a CRL.
+ *
+ * Frees an allocated `s2n_crl` and sets `crl` to NULL.
+ *
+ * @param crl The CRL to free.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on error.
+ */
+S2N_API
+int s2n_crl_free(struct s2n_crl **crl);
+
+/**
+ * Retrieves the issuer hash of a CRL.
+ *
+ * This function can be used to find the CRL associated with a certificate received in the s2n_crl_lookup callback. The
+ * hash value, `hash`, corresponds with the issuer hash of a certificate, retrieved via
+ * `s2n_crl_lookup_get_cert_issuer_hash()`.
+ *
+ * @param crl The CRL to obtain the hash value of.
+ * @param hash A pointer that will be set to the hash value.
+ * @return S2N_SUCCESS on success. S2N_FAILURE on failure
+ */
+S2N_API
+int s2n_crl_get_issuer_hash(struct s2n_crl *crl, uint64_t *hash);
+
+/**
+ * Determines if the CRL is currently active.
+ *
+ * CRLs contain a thisUpdate field, which specifies the date at which the CRL becomes valid. This function can be called
+ * to check thisUpdate relative to the current time. If the thisUpdate date is in the past, the CRL is considered
+ * active.
+ *
+ * @param crl The CRL to validate.
+ * @return S2N_SUCCESS if `crl` is active, S2N_FAILURE if `crl` is not active, or the active status cannot be determined.
+ */
+S2N_API
+int s2n_crl_validate_active(struct s2n_crl *crl);
+
+/**
+ * Determines if the CRL has expired.
+ *
+ * CRLs contain a nextUpdate field, which specifies the date at which the CRL becomes expired. This function can be
+ * called to check nextUpdate relative to the current time. If the nextUpdate date is in the future, the CRL has not
+ * expired.
+ *
+ * If the CRL does not contain a thisUpdate field, the CRL is assumed to never expire.
+ *
+ * @param crl The CRL to validate.
+ * @return S2N_SUCCESS if `crl` has not expired, S2N_FAILURE if `crl` has expired, or the expiration status cannot be determined.
+ */
+S2N_API
+int s2n_crl_validate_not_expired(struct s2n_crl *crl);
+
+/**
+ * Retrieves the issuer hash of the certificate.
+ *
+ * The CRL lookup callback is triggered once for each received certificate. This function is used to get the issuer hash
+ * of this certificate. The hash value, `hash`, corresponds with the issuer hash of the CRL, retrieved via
+ * `s2n_crl_get_issuer_hash()`.
+ *
+ * @param lookup The CRL lookup for the given certificate.
+ * @param hash A pointer that will be set to the hash value.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API
+int s2n_crl_lookup_get_cert_issuer_hash(struct s2n_crl_lookup *lookup, uint64_t *hash);
+
+/**
+ * Provide s2n-tls with a CRL from the CRL lookup callback.
+ *
+ * A return function for `s2n_crl_lookup_cb`. This function should be used from within the CRL lookup callback to
+ * provide s2n-tls with a CRL for the given certificate. The provided CRL will be included in the list of CRLs to use
+ * when validating the certificate chain.
+ *
+ * To skip providing a CRL from the callback, use `s2n_crl_lookup_ignore()`.
+ *
+ * @param lookup The CRL lookup for the given certificate.
+ * @param crl The CRL to include in the list of CRLs used to validate the certificate chain.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API
+int s2n_crl_lookup_set(struct s2n_crl_lookup *lookup, struct s2n_crl *crl);
+
+/**
+ * Skip providing a CRL from the CRL lookup callback.
+ *
+ * A return function for `s2n_crl_lookup_cb`. This function should be used from within the CRL lookup callback to ignore
+ * the certificate, and skip providing s2n-tls with a CRL.
+ *
+ * If a certificate is ignored, and is ultimately included in the chain of trust, certificate chain validation will
+ * fail with a S2N_ERR_CRL_LOOKUP_FAILED error. However, if the certificate is extraneous and not included in the chain
+ * of trust, validation is able to proceed.
+ *
+ * @param lookup The CRL lookup for the given certificate.
+ * @return S2N_SUCCESS on success, S2N_FAILURE on failure.
+ */
+S2N_API
+int s2n_crl_lookup_ignore(struct s2n_crl_lookup *lookup);
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c
index 914a44ceae..395c500994 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c
@@ -378,7 +378,7 @@ static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
#endif
-struct s2n_cipher s2n_aes128_gcm = {
+const struct s2n_cipher s2n_aes128_gcm = {
.key_material_size = S2N_TLS_AES_128_GCM_KEY_LEN,
.type = S2N_AEAD,
.io.aead = {
@@ -394,7 +394,7 @@ struct s2n_cipher s2n_aes128_gcm = {
.destroy_key = s2n_aead_cipher_aes_gcm_destroy_key,
};
-struct s2n_cipher s2n_aes256_gcm = {
+const struct s2n_cipher s2n_aes256_gcm = {
.key_material_size = S2N_TLS_AES_256_GCM_KEY_LEN,
.type = S2N_AEAD,
.io.aead = {
@@ -411,7 +411,7 @@ struct s2n_cipher s2n_aes256_gcm = {
};
/* TLS 1.3 GCM ciphers */
-struct s2n_cipher s2n_tls13_aes128_gcm = {
+const struct s2n_cipher s2n_tls13_aes128_gcm = {
.key_material_size = S2N_TLS_AES_128_GCM_KEY_LEN,
.type = S2N_AEAD,
.io.aead = {
@@ -427,7 +427,7 @@ struct s2n_cipher s2n_tls13_aes128_gcm = {
.destroy_key = s2n_aead_cipher_aes_gcm_destroy_key,
};
-struct s2n_cipher s2n_tls13_aes256_gcm = {
+const struct s2n_cipher s2n_tls13_aes256_gcm = {
.key_material_size = S2N_TLS_AES_256_GCM_KEY_LEN,
.type = S2N_AEAD,
.io.aead = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
index f044352b6d..0a119baac6 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_chacha20_poly1305.c
@@ -262,7 +262,7 @@ static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
#endif
-struct s2n_cipher s2n_chacha20_poly1305 = {
+const struct s2n_cipher s2n_chacha20_poly1305 = {
.key_material_size = S2N_TLS_CHACHA20_POLY1305_KEY_LEN,
.type = S2N_AEAD,
.io.aead = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c
index 2704a0deb3..f90d116f01 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_3des.c
@@ -90,7 +90,7 @@ static int s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
return 0;
}
-struct s2n_cipher s2n_3des = {
+const struct s2n_cipher s2n_3des = {
.key_material_size = 24,
.type = S2N_CBC,
.io.cbc = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c
index d4a49940d6..489a0e329f 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_cbc_cipher_aes.c
@@ -116,7 +116,7 @@ static int s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key)
return 0;
}
-struct s2n_cipher s2n_aes128 = {
+const struct s2n_cipher s2n_aes128 = {
.key_material_size = 16,
.type = S2N_CBC,
.io.cbc = {
@@ -131,7 +131,7 @@ struct s2n_cipher s2n_aes128 = {
.destroy_key = s2n_cbc_cipher_aes_destroy_key,
};
-struct s2n_cipher s2n_aes256 = {
+const struct s2n_cipher s2n_aes256 = {
.key_material_size = 32,
.type = S2N_CBC,
.io.cbc = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h
index 811f3e081d..460187ee10 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_cipher.h
+++ b/contrib/restricted/aws/s2n/crypto/s2n_cipher.h
@@ -87,18 +87,18 @@ struct s2n_cipher {
extern int s2n_session_key_alloc(struct s2n_session_key *key);
extern int s2n_session_key_free(struct s2n_session_key *key);
-extern struct s2n_cipher s2n_null_cipher;
-extern struct s2n_cipher s2n_rc4;
-extern struct s2n_cipher s2n_aes128;
-extern struct s2n_cipher s2n_aes256;
-extern struct s2n_cipher s2n_3des;
-extern struct s2n_cipher s2n_aes128_gcm;
-extern struct s2n_cipher s2n_aes256_gcm;
-extern struct s2n_cipher s2n_aes128_sha;
-extern struct s2n_cipher s2n_aes256_sha;
-extern struct s2n_cipher s2n_aes128_sha256;
-extern struct s2n_cipher s2n_aes256_sha256;
-extern struct s2n_cipher s2n_chacha20_poly1305;
+extern const struct s2n_cipher s2n_null_cipher;
+extern const struct s2n_cipher s2n_rc4;
+extern const struct s2n_cipher s2n_aes128;
+extern const struct s2n_cipher s2n_aes256;
+extern const struct s2n_cipher s2n_3des;
+extern const struct s2n_cipher s2n_aes128_gcm;
+extern const struct s2n_cipher s2n_aes256_gcm;
+extern const struct s2n_cipher s2n_aes128_sha;
+extern const struct s2n_cipher s2n_aes256_sha;
+extern const struct s2n_cipher s2n_aes128_sha256;
+extern const struct s2n_cipher s2n_aes256_sha256;
+extern const struct s2n_cipher s2n_chacha20_poly1305;
-extern struct s2n_cipher s2n_tls13_aes128_gcm;
-extern struct s2n_cipher s2n_tls13_aes256_gcm;
+extern const struct s2n_cipher s2n_tls13_aes128_gcm;
+extern const struct s2n_cipher s2n_tls13_aes256_gcm;
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c
index 7141f9ccf1..10bedf3941 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_composite_cipher_aes_sha.c
@@ -303,7 +303,7 @@ static int s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key)
return 0;
}
-struct s2n_cipher s2n_aes128_sha = {
+const struct s2n_cipher s2n_aes128_sha = {
.key_material_size = 16,
.type = S2N_COMPOSITE,
.io.comp = {
@@ -321,7 +321,7 @@ struct s2n_cipher s2n_aes128_sha = {
.destroy_key = s2n_composite_cipher_aes_sha_destroy_key,
};
-struct s2n_cipher s2n_aes256_sha = {
+const struct s2n_cipher s2n_aes256_sha = {
.key_material_size = 32,
.type = S2N_COMPOSITE,
.io.comp = {
@@ -339,7 +339,7 @@ struct s2n_cipher s2n_aes256_sha = {
.destroy_key = s2n_composite_cipher_aes_sha_destroy_key,
};
-struct s2n_cipher s2n_aes128_sha256 = {
+const struct s2n_cipher s2n_aes128_sha256 = {
.key_material_size = 16,
.type = S2N_COMPOSITE,
.io.comp = {
@@ -357,7 +357,7 @@ struct s2n_cipher s2n_aes128_sha256 = {
.destroy_key = s2n_composite_cipher_aes_sha_destroy_key,
};
-struct s2n_cipher s2n_aes256_sha256 = {
+const struct s2n_cipher s2n_aes256_sha256 = {
.key_material_size = 32,
.type = S2N_COMPOSITE,
.io.comp = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c
index 6e4681782b..48b6f0dbf5 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_null.c
@@ -50,7 +50,7 @@ static int s2n_stream_cipher_null_init(struct s2n_session_key *key)
return 0;
}
-struct s2n_cipher s2n_null_cipher = {
+const struct s2n_cipher s2n_null_cipher = {
.type = S2N_STREAM,
.key_material_size = 0,
.io.stream = {
diff --git a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c
index e5eab24391..ccbfbceee5 100644
--- a/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c
+++ b/contrib/restricted/aws/s2n/crypto/s2n_stream_cipher_rc4.c
@@ -125,7 +125,7 @@ static int s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
#endif /* S2N_LIBCRYPTO_SUPPORTS_EVP_RC4 */
-struct s2n_cipher s2n_rc4 = {
+const struct s2n_cipher s2n_rc4 = {
.type = S2N_STREAM,
.key_material_size = 16,
.io.stream = {
diff --git a/contrib/restricted/aws/s2n/error/s2n_errno.c b/contrib/restricted/aws/s2n/error/s2n_errno.c
index 4d64fc4531..f1059bd182 100644
--- a/contrib/restricted/aws/s2n/error/s2n_errno.c
+++ b/contrib/restricted/aws/s2n/error/s2n_errno.c
@@ -13,19 +13,20 @@
* permissions and limitations under the License.
*/
+#include "error/s2n_errno.h"
+
#include <errno.h>
-#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include "error/s2n_errno.h"
+#include <strings.h>
#include "api/s2n.h"
#include "utils/s2n_map.h"
#include "utils/s2n_safety.h"
#ifdef S2N_STACKTRACE
-# include <execinfo.h>
+ #include <execinfo.h>
#endif
__thread int s2n_errno;
@@ -287,10 +288,14 @@ static const char *no_such_error = "Internal s2n error";
ERR_ENTRY(S2N_ERR_INTERNAL_LIBCRYPTO_ERROR, "An internal error has occurred in the libcrypto API") \
ERR_ENTRY(S2N_ERR_NO_RENEGOTIATION, "Only secure, server-initiated renegotiation is supported") \
ERR_ENTRY(S2N_ERR_APP_DATA_BLOCKED, "Blocked on application data during handshake") \
-/* clang-format on */
+ /* clang-format on */
-#define ERR_STR_CASE(ERR, str) case ERR: return str;
-#define ERR_NAME_CASE(ERR, str) case ERR: return #ERR;
+#define ERR_STR_CASE(ERR, str) \
+ case ERR: \
+ return str;
+#define ERR_NAME_CASE(ERR, str) \
+ case ERR: \
+ return #ERR;
const char *s2n_strerror(int error, const char *lang)
{
@@ -317,7 +322,7 @@ const char *s2n_strerror(int error, const char *lang)
case S2N_ERR_T_USAGE_END:
break;
- /* No default to make compiler fail on missing values */
+ /* No default to make compiler fail on missing values */
}
return no_such_error;
@@ -340,7 +345,7 @@ const char *s2n_strerror_name(int error)
case S2N_ERR_T_USAGE_END:
break;
- /* No default to make compiler fail on missing values */
+ /* No default to make compiler fail on missing values */
}
return no_such_error;
@@ -369,7 +374,6 @@ int s2n_error_get_type(int error)
return (error >> S2N_ERR_NUM_VALUE_BITS);
}
-
/* https://www.gnu.org/software/libc/manual/html_node/Backtraces.html */
static bool s_s2n_stack_traces_enabled = false;
@@ -386,15 +390,15 @@ int s2n_stack_traces_enabled_set(bool newval)
#ifdef S2N_STACKTRACE
-#define MAX_BACKTRACE_DEPTH 20
-__thread struct s2n_stacktrace tl_stacktrace = {0};
+ #define MAX_BACKTRACE_DEPTH 20
+__thread struct s2n_stacktrace tl_stacktrace = { 0 };
int s2n_free_stacktrace(void)
{
if (tl_stacktrace.trace != NULL) {
free(tl_stacktrace.trace);
- struct s2n_stacktrace zero_stacktrace = {0};
- tl_stacktrace = zero_stacktrace;
+ struct s2n_stacktrace zero_stacktrace = { 0 };
+ tl_stacktrace = zero_stacktrace;
}
return S2N_SUCCESS;
}
@@ -414,7 +418,8 @@ int s2n_calculate_stacktrace(void)
return S2N_SUCCESS;
}
-int s2n_get_stacktrace(struct s2n_stacktrace *trace) {
+int s2n_get_stacktrace(struct s2n_stacktrace *trace)
+{
*trace = tl_stacktrace;
return S2N_SUCCESS;
}
@@ -422,20 +427,20 @@ int s2n_get_stacktrace(struct s2n_stacktrace *trace) {
int s2n_print_stacktrace(FILE *fptr)
{
if (!s_s2n_stack_traces_enabled) {
- fprintf(fptr, "%s\n%s\n",
- "NOTE: Some details are omitted, run with S2N_PRINT_STACKTRACE=1 for a verbose backtrace.",
- "See https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md");
+ fprintf(fptr, "%s\n%s\n",
+ "NOTE: Some details are omitted, run with S2N_PRINT_STACKTRACE=1 for a verbose backtrace.",
+ "See https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md");
return S2N_SUCCESS;
}
fprintf(fptr, "\nStacktrace is:\n");
- for (int i = 0; i < tl_stacktrace.trace_size; ++i){
- fprintf(fptr, "%s\n", tl_stacktrace.trace[i]);
+ for (int i = 0; i < tl_stacktrace.trace_size; ++i) {
+ fprintf(fptr, "%s\n", tl_stacktrace.trace[i]);
}
return S2N_SUCCESS;
}
-#else /* !S2N_STACKTRACE */
+#else /* !S2N_STACKTRACE */
int s2n_free_stacktrace(void)
{
S2N_ERROR(S2N_ERR_UNIMPLEMENTED);
@@ -443,8 +448,7 @@ int s2n_free_stacktrace(void)
int s2n_calculate_stacktrace(void)
{
- if (!s_s2n_stack_traces_enabled)
- {
+ if (!s_s2n_stack_traces_enabled) {
return S2N_SUCCESS;
}
diff --git a/contrib/restricted/aws/s2n/error/s2n_errno.h b/contrib/restricted/aws/s2n/error/s2n_errno.h
index 61e194891e..f391c7150a 100644
--- a/contrib/restricted/aws/s2n/error/s2n_errno.h
+++ b/contrib/restricted/aws/s2n/error/s2n_errno.h
@@ -15,9 +15,10 @@
#pragma once
-#include "api/s2n.h"
-#include <stdio.h>
#include <stdbool.h>
+#include <stdio.h>
+
+#include "api/s2n.h"
#include "utils/s2n_ensure.h"
/*
@@ -28,16 +29,15 @@
#define S2N_ERR_NUM_VALUE_BITS 26
/* Start value for each error type. */
-#define S2N_ERR_T_OK_START (S2N_ERR_T_OK << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_IO_START (S2N_ERR_T_IO << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_CLOSED_START (S2N_ERR_T_CLOSED << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_BLOCKED_START (S2N_ERR_T_BLOCKED << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_ALERT_START (S2N_ERR_T_ALERT << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_PROTO_START (S2N_ERR_T_PROTO << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_OK_START (S2N_ERR_T_OK << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_IO_START (S2N_ERR_T_IO << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_CLOSED_START (S2N_ERR_T_CLOSED << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_BLOCKED_START (S2N_ERR_T_BLOCKED << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_ALERT_START (S2N_ERR_T_ALERT << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_PROTO_START (S2N_ERR_T_PROTO << S2N_ERR_NUM_VALUE_BITS)
#define S2N_ERR_T_INTERNAL_START (S2N_ERR_T_INTERNAL << S2N_ERR_NUM_VALUE_BITS)
-#define S2N_ERR_T_USAGE_START (S2N_ERR_T_USAGE << S2N_ERR_NUM_VALUE_BITS)
+#define S2N_ERR_T_USAGE_START (S2N_ERR_T_USAGE << S2N_ERR_NUM_VALUE_BITS)
-/* clang-format off */
/* Order of values in this enum is important. New error values should be placed at the end of their respective category.
* For example, a new TLS protocol related error belongs in the S2N_ERR_T_PROTO category. It should be placed
* immediately before S2N_ERR_T_INTERNAL_START(the first value of he next category).
@@ -310,28 +310,49 @@ typedef enum {
#define S2N_DEBUG_STR_LEN 128
extern __thread const char *s2n_debug_str;
-#define TO_STRING(s) #s
-#define STRING_(s) TO_STRING(s)
+#define TO_STRING(s) #s
+#define STRING_(s) TO_STRING(s)
#define STRING__LINE__ STRING_(__LINE__)
-#define _S2N_DEBUG_LINE "Error encountered in " __FILE__ ":" STRING__LINE__
-#define _S2N_ERROR( x ) do { s2n_debug_str = _S2N_DEBUG_LINE; s2n_errno = ( x ); s2n_calculate_stacktrace(); } while (0)
-#define S2N_ERROR_PRESERVE_ERRNO() do { return -1; } while (0)
-#define S2N_ERROR_IS_BLOCKING( x ) ( s2n_error_get_type(x) == S2N_ERR_T_BLOCKED )
+#define _S2N_DEBUG_LINE "Error encountered in " __FILE__ ":" STRING__LINE__
+#define _S2N_ERROR(x) \
+ do { \
+ s2n_debug_str = _S2N_DEBUG_LINE; \
+ s2n_errno = (x); \
+ s2n_calculate_stacktrace(); \
+ } while (0)
+#define S2N_ERROR_PRESERVE_ERRNO() \
+ do { \
+ return -1; \
+ } while (0)
+#define S2N_ERROR_IS_BLOCKING(x) (s2n_error_get_type(x) == S2N_ERR_T_BLOCKED)
/* DEPRECATED: use POSIX_BAIL instead */
-#define S2N_ERROR( x ) do { _S2N_ERROR( ( x ) ); return -1; } while (0)
+#define S2N_ERROR(x) \
+ do { \
+ _S2N_ERROR((x)); \
+ return -1; \
+ } while (0)
/* DEPRECATED: use PTR_BAIL instead */
-#define S2N_ERROR_PTR( x ) do { _S2N_ERROR( ( x ) ); return NULL; } while (0)
+#define S2N_ERROR_PTR(x) \
+ do { \
+ _S2N_ERROR((x)); \
+ return NULL; \
+ } while (0)
/* DEPRECATED: use POSIX_ENSURE instead */
-#define S2N_ERROR_IF( cond , x ) do { if ( cond ) { S2N_ERROR( x ); }} while (0)
+#define S2N_ERROR_IF(cond, x) \
+ do { \
+ if (cond) { \
+ S2N_ERROR(x); \
+ } \
+ } while (0)
/** Calculate and print stacktraces */
struct s2n_stacktrace {
- char **trace;
- int trace_size;
+ char **trace;
+ int trace_size;
};
extern bool s2n_stack_traces_enabled();
@@ -341,5 +362,3 @@ extern int s2n_calculate_stacktrace(void);
extern int s2n_print_stacktrace(FILE *fptr);
extern int s2n_free_stacktrace(void);
extern int s2n_get_stacktrace(struct s2n_stacktrace *trace);
-
-/* clang-format on */
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c
index d1727d7fa9..ea46e0056f 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.c
@@ -13,17 +13,16 @@
* permissions and limitations under the License.
*/
+#include "stuffer/s2n_stuffer.h"
+
#include <sys/param.h>
#include "error/s2n_errno.h"
-
-#include "stuffer/s2n_stuffer.h"
-
-#include "utils/s2n_safety.h"
#include "utils/s2n_blob.h"
#include "utils/s2n_mem.h"
+#include "utils/s2n_safety.h"
-S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer* stuffer)
+S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer *stuffer)
{
/**
* Note that we do not assert any properties on the tainted field,
@@ -40,7 +39,7 @@ S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer* stuffer)
return S2N_RESULT_OK;
}
-S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation* reservation)
+S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation *reservation)
{
/**
* Note that we need two dereferences here to decrease proof complexity
@@ -55,10 +54,8 @@ S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation
if (reserve_obj.length > 0) {
RESULT_ENSURE(reserve_obj.write_cursor < stuffer_obj.write_cursor, S2N_ERR_SAFETY);
- RESULT_ENSURE(
- S2N_MEM_IS_WRITABLE(stuffer_obj.blob.data + reserve_obj.write_cursor, reserve_obj.length),
- S2N_ERR_SAFETY
- );
+ RESULT_ENSURE(S2N_MEM_IS_WRITABLE(stuffer_obj.blob.data + reserve_obj.write_cursor, reserve_obj.length),
+ S2N_ERR_SAFETY);
}
return S2N_RESULT_OK;
@@ -82,7 +79,7 @@ int s2n_stuffer_init(struct s2n_stuffer *stuffer, struct s2n_blob *in)
int s2n_stuffer_alloc(struct s2n_stuffer *stuffer, const uint32_t size)
{
POSIX_ENSURE_REF(stuffer);
- *stuffer = (struct s2n_stuffer) {0};
+ *stuffer = (struct s2n_stuffer){ 0 };
POSIX_GUARD(s2n_alloc(&stuffer->blob, size));
POSIX_GUARD(s2n_stuffer_init(stuffer, &stuffer->blob));
@@ -108,7 +105,7 @@ int s2n_stuffer_free(struct s2n_stuffer *stuffer)
if (stuffer->alloced) {
POSIX_GUARD(s2n_free(&stuffer->blob));
}
- *stuffer = (struct s2n_stuffer) {0};
+ *stuffer = (struct s2n_stuffer){ 0 };
return S2N_SUCCESS;
}
@@ -118,7 +115,7 @@ int s2n_stuffer_free_without_wipe(struct s2n_stuffer *stuffer)
if (stuffer->alloced) {
POSIX_GUARD(s2n_free_without_wipe(&stuffer->blob));
}
- *stuffer = (struct s2n_stuffer) {0};
+ *stuffer = (struct s2n_stuffer){ 0 };
return S2N_SUCCESS;
}
@@ -139,9 +136,15 @@ int s2n_stuffer_resize(struct s2n_stuffer *stuffer, const uint32_t size)
if (size < stuffer->blob.size) {
POSIX_CHECKED_MEMSET(stuffer->blob.data + size, S2N_WIPE_PATTERN, (stuffer->blob.size - size));
- if (stuffer->read_cursor > size) stuffer->read_cursor = size;
- if (stuffer->write_cursor > size) stuffer->write_cursor = size;
- if (stuffer->high_water_mark > size) stuffer->high_water_mark = size;
+ if (stuffer->read_cursor > size) {
+ stuffer->read_cursor = size;
+ }
+ if (stuffer->write_cursor > size) {
+ stuffer->write_cursor = size;
+ }
+ if (stuffer->high_water_mark > size) {
+ stuffer->high_water_mark = size;
+ }
stuffer->blob.size = size;
POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
return S2N_SUCCESS;
@@ -205,8 +208,9 @@ int s2n_stuffer_wipe_n(struct s2n_stuffer *stuffer, const uint32_t size)
return S2N_SUCCESS;
}
-bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer) {
- return stuffer && (stuffer->read_cursor == stuffer->write_cursor);
+bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer)
+{
+ return stuffer && (stuffer->read_cursor == stuffer->write_cursor);
}
int s2n_stuffer_wipe(struct s2n_stuffer *stuffer)
@@ -262,7 +266,7 @@ int s2n_stuffer_erase_and_read(struct s2n_stuffer *stuffer, struct s2n_blob *out
return S2N_SUCCESS;
}
-int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t * data, uint32_t size)
+int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size)
{
POSIX_ENSURE_REF(data);
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
@@ -275,7 +279,7 @@ int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t * data, uint32_t
return S2N_SUCCESS;
}
-int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t * data, uint32_t size)
+int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size)
{
POSIX_GUARD(s2n_stuffer_skip_read(stuffer, size));
POSIX_ENSURE_REF(stuffer->blob.data);
@@ -313,7 +317,7 @@ int s2n_stuffer_write(struct s2n_stuffer *stuffer, const struct s2n_blob *in)
return s2n_stuffer_write_bytes(stuffer, in->data, in->size);
}
-int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t * data, const uint32_t size)
+int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t *data, const uint32_t size)
{
POSIX_ENSURE(S2N_MEM_IS_READABLE(data, size), S2N_ERR_SAFETY);
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
@@ -333,7 +337,8 @@ int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t * data, c
return S2N_SUCCESS;
}
-int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec* iov, size_t iov_count, uint32_t offs, uint32_t size)
+int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *iov, size_t iov_count, uint32_t offs,
+ uint32_t size)
{
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
POSIX_ENSURE_REF(iov);
@@ -348,16 +353,16 @@ int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec* io
}
size_t iov_len_op = iov[i].iov_len - to_skip;
POSIX_ENSURE(iov_len_op <= UINT32_MAX, S2N_FAILURE);
- uint32_t iov_len = (uint32_t)iov_len_op;
+ uint32_t iov_len = (uint32_t) iov_len_op;
uint32_t iov_size_to_take = MIN(size_left, iov_len);
POSIX_ENSURE_REF(iov[i].iov_base);
POSIX_ENSURE(to_skip < iov[i].iov_len, S2N_FAILURE);
- POSIX_CHECKED_MEMCPY(ptr, ((uint8_t*)(iov[i].iov_base)) + to_skip, iov_size_to_take);
+ POSIX_CHECKED_MEMCPY(ptr, ((uint8_t *) (iov[i].iov_base)) + to_skip, iov_size_to_take);
size_left -= iov_size_to_take;
if (size_left == 0) {
break;
}
- ptr = (void*)((uint8_t*)ptr + iov_size_to_take);
+ ptr = (void *) ((uint8_t *) ptr + iov_size_to_take);
to_skip = 0;
}
@@ -413,12 +418,10 @@ int s2n_stuffer_extract_blob(struct s2n_stuffer *stuffer, struct s2n_blob *out)
{
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
POSIX_ENSURE_REF(out);
- POSIX_GUARD(s2n_realloc(out , s2n_stuffer_data_available(stuffer)));
+ POSIX_GUARD(s2n_realloc(out, s2n_stuffer_data_available(stuffer)));
if (s2n_stuffer_data_available(stuffer) > 0) {
- POSIX_CHECKED_MEMCPY(out->data,
- stuffer->blob.data + stuffer->read_cursor,
- s2n_stuffer_data_available(stuffer));
+ POSIX_CHECKED_MEMCPY(out->data, stuffer->blob.data + stuffer->read_cursor, s2n_stuffer_data_available(stuffer));
}
POSIX_POSTCONDITION(s2n_blob_validate(out));
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h
index 52b6761e54..9f496e09a0 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer.h
@@ -31,7 +31,7 @@
*/
#define S2N_WIPE_PATTERN 'w'
-#define SIZEOF_IN_BITS( t ) (sizeof(t) * CHAR_BIT)
+#define SIZEOF_IN_BITS(t) (sizeof(t) * CHAR_BIT)
#define SIZEOF_UINT24 3
@@ -45,23 +45,23 @@ struct s2n_stuffer {
uint32_t high_water_mark;
/* Was this stuffer alloc()'d ? */
- unsigned int alloced:1;
+ unsigned int alloced : 1;
/* Is this stuffer growable? */
- unsigned int growable:1;
+ unsigned int growable : 1;
/* Can this stuffer be safely resized?
* A growable stuffer can be temporarily tainted by a raw read/write,
* preventing it from resizing. */
- unsigned int tainted:1;
+ unsigned int tainted : 1;
};
-#define s2n_stuffer_data_available( s ) ((s)->write_cursor - (s)->read_cursor)
-#define s2n_stuffer_space_remaining( s ) ((s)->blob.size - (s)->write_cursor)
-#define s2n_stuffer_is_wiped( s ) ((s)->high_water_mark == 0)
-#define s2n_stuffer_is_freed( s ) ((s)->blob.data == NULL)
+#define s2n_stuffer_data_available(s) ((s)->write_cursor - (s)->read_cursor)
+#define s2n_stuffer_space_remaining(s) ((s)->blob.size - (s)->write_cursor)
+#define s2n_stuffer_is_wiped(s) ((s)->high_water_mark == 0)
+#define s2n_stuffer_is_freed(s) ((s)->blob.data == NULL)
/* Check basic validity constraints on the stuffer: e.g. that cursors point within the blob */
-extern S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer* stuffer);
+extern S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer *stuffer);
/* Initialize and destroying stuffers */
extern int s2n_stuffer_init(struct s2n_stuffer *stuffer, struct s2n_blob *in);
@@ -88,10 +88,11 @@ extern bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer);
extern int s2n_stuffer_read(struct s2n_stuffer *stuffer, struct s2n_blob *out);
extern int s2n_stuffer_erase_and_read(struct s2n_stuffer *stuffer, struct s2n_blob *out);
extern int s2n_stuffer_write(struct s2n_stuffer *stuffer, const struct s2n_blob *in);
-extern int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t * out, uint32_t n);
-extern int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t * data, uint32_t size);
-extern int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t * in, const uint32_t n);
-extern int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec* iov, size_t iov_count, uint32_t offs, uint32_t size);
+extern int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t *out, uint32_t n);
+extern int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size);
+extern int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t *in, const uint32_t n);
+extern int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *iov, size_t iov_count,
+ uint32_t offs, uint32_t size);
extern int s2n_stuffer_skip_read(struct s2n_stuffer *stuffer, uint32_t n);
extern int s2n_stuffer_skip_write(struct s2n_stuffer *stuffer, const uint32_t n);
@@ -105,15 +106,16 @@ extern void *s2n_stuffer_raw_write(struct s2n_stuffer *stuffer, const uint32_t d
extern void *s2n_stuffer_raw_read(struct s2n_stuffer *stuffer, uint32_t data_len);
/* Send/receive stuffer to/from a file descriptor */
-extern int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const uint32_t len, uint32_t *bytes_written);
+extern int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const uint32_t len,
+ uint32_t *bytes_written);
extern int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uint32_t len, uint32_t *bytes_sent);
/* Read and write integers in network order */
-extern int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t * u);
-extern int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t * u);
-extern int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t * u);
-extern int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t * u);
-extern int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t * u);
+extern int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t *u);
+extern int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t *u);
+extern int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t *u);
+extern int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t *u);
+extern int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t *u);
extern int s2n_stuffer_write_uint8(struct s2n_stuffer *stuffer, const uint8_t u);
extern int s2n_stuffer_write_uint16(struct s2n_stuffer *stuffer, const uint16_t u);
@@ -130,7 +132,7 @@ struct s2n_stuffer_reservation {
uint8_t length;
};
/* Check basic validity constraints on the s2n_stuffer_reservation: e.g. stuffer validity. */
-extern S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation* reservation);
+extern S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation *reservation);
int s2n_stuffer_reserve_uint8(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
extern int s2n_stuffer_reserve_uint16(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
extern int s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
@@ -144,20 +146,21 @@ extern int s2n_stuffer_read_base64(struct s2n_stuffer *stuffer, struct s2n_stuff
extern int s2n_stuffer_write_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *in);
/* Useful for text manipulation ... */
-#define s2n_stuffer_write_char( stuffer, c ) s2n_stuffer_write_uint8( (stuffer), (uint8_t) (c) )
-#define s2n_stuffer_read_char( stuffer, c ) s2n_stuffer_read_uint8( (stuffer), (uint8_t *) (c) )
-#define s2n_stuffer_write_str( stuffer, c ) s2n_stuffer_write_bytes( (stuffer), (const uint8_t *) (c), strlen((c)) )
-#define s2n_stuffer_write_text( stuffer, c, n ) s2n_stuffer_write_bytes( (stuffer), (const uint8_t *) (c), (n) )
-#define s2n_stuffer_read_text( stuffer, c, n ) s2n_stuffer_read_bytes( (stuffer), (uint8_t *) (c), (n) )
-extern int s2n_stuffer_read_expected_str(struct s2n_stuffer *stuffer, const char* expected);
+#define s2n_stuffer_write_char(stuffer, c) s2n_stuffer_write_uint8((stuffer), (uint8_t) (c))
+#define s2n_stuffer_read_char(stuffer, c) s2n_stuffer_read_uint8((stuffer), (uint8_t *) (c))
+#define s2n_stuffer_write_str(stuffer, c) s2n_stuffer_write_bytes((stuffer), (const uint8_t *) (c), strlen((c)))
+#define s2n_stuffer_write_text(stuffer, c, n) s2n_stuffer_write_bytes((stuffer), (const uint8_t *) (c), (n))
+#define s2n_stuffer_read_text(stuffer, c, n) s2n_stuffer_read_bytes((stuffer), (uint8_t *) (c), (n))
+extern int s2n_stuffer_read_expected_str(struct s2n_stuffer *stuffer, const char *expected);
extern int s2n_stuffer_peek_char(struct s2n_stuffer *stuffer, char *c);
extern int s2n_stuffer_read_token(struct s2n_stuffer *stuffer, struct s2n_stuffer *token, char delim);
extern int s2n_stuffer_read_line(struct s2n_stuffer *stuffer, struct s2n_stuffer *token);
extern int s2n_stuffer_peek_check_for_str(struct s2n_stuffer *s2n_stuffer, const char *expected);
extern int s2n_stuffer_skip_whitespace(struct s2n_stuffer *stuffer, uint32_t *skipped);
extern int s2n_stuffer_skip_to_char(struct s2n_stuffer *stuffer, char target);
-extern int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min, const uint32_t max, uint32_t *skipped);
-extern int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char* target);
+extern int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min,
+ const uint32_t max, uint32_t *skipped);
+extern int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char *target);
extern int s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *str);
extern int s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length);
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_base64.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_base64.c
index 526200d234..f87ccdc657 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_base64.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_base64.c
@@ -16,17 +16,13 @@
#include <string.h>
#include "error/s2n_errno.h"
-
#include "stuffer/s2n_stuffer.h"
-
#include "utils/s2n_safety.h"
-static const uint8_t b64[64] = {
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
- 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
- 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
-};
+static const uint8_t b64[64] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q',
+ 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+',
+ '/' };
/* Generated with this python:
*
@@ -43,28 +39,21 @@ static const uint8_t b64[64] = {
*
* Note that '=' maps to 64.
*/
-static const uint8_t b64_inverse[256] = {
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 62, 255, 255, 255, 63,
- 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, 255, 64, 255, 255,
- 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
- 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 255,
- 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
- 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255
-};
+static const uint8_t b64_inverse[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 62, 255, 255, 255, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, 255, 64, 255, 255,
+ 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 255, 255, 255,
+ 255, 255, 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
+ 51, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 };
bool s2n_is_base64_char(unsigned char c)
{
- return (b64_inverse[*((uint8_t*)(&c))] != 255);
+ return (b64_inverse[*((uint8_t *) (&c))] != 255);
}
/**
@@ -101,7 +90,8 @@ int s2n_stuffer_read_base64(struct s2n_stuffer *stuffer, struct s2n_stuffer *out
/* The first two characters can never be '=' and in general
* everything has to be a valid character.
*/
- POSIX_ENSURE(!(value1 == 64 || value2 == 64 || value2 == 255 || value3 == 255 || value4 == 255), S2N_ERR_INVALID_BASE64);
+ POSIX_ENSURE(!(value1 == 64 || value2 == 64 || value2 == 255 || value3 == 255 || value4 == 255),
+ S2N_ERR_INVALID_BASE64);
if (o.data[2] == '=') {
/* If there is only one output byte, then the second value
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c
index 4deb666250..ac2453041e 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_file.c
@@ -13,17 +13,15 @@
* permissions and limitations under the License.
*/
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
#include "error/s2n_errno.h"
-
#include "stuffer/s2n_stuffer.h"
-
#include "utils/s2n_safety.h"
int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const uint32_t len, uint32_t *bytes_written)
@@ -44,8 +42,10 @@ int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, const int rfd, const u
/* Record just how many bytes we have written */
POSIX_ENSURE(r <= UINT32_MAX, S2N_ERR_INTEGER_OVERFLOW);
- POSIX_GUARD(s2n_stuffer_skip_write(stuffer, (uint32_t)r));
- if (bytes_written != NULL) *bytes_written = r;
+ POSIX_GUARD(s2n_stuffer_skip_write(stuffer, (uint32_t) r));
+ if (bytes_written != NULL) {
+ *bytes_written = r;
+ }
return S2N_SUCCESS;
}
@@ -67,14 +67,16 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, const int wfd, const uin
POSIX_ENSURE(w <= UINT32_MAX - stuffer->read_cursor, S2N_ERR_INTEGER_OVERFLOW);
stuffer->read_cursor += w;
- if (bytes_sent != NULL) *bytes_sent = w;
+ if (bytes_sent != NULL) {
+ *bytes_sent = w;
+ }
return S2N_SUCCESS;
}
int s2n_stuffer_alloc_ro_from_fd(struct s2n_stuffer *stuffer, int rfd)
{
POSIX_ENSURE_MUT(stuffer);
- struct stat st = {0};
+ struct stat st = { 0 };
POSIX_ENSURE(fstat(rfd, &st) >= 0, S2N_ERR_FSTAT);
@@ -84,8 +86,8 @@ int s2n_stuffer_alloc_ro_from_fd(struct s2n_stuffer *stuffer, int rfd)
uint8_t *map = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, rfd, 0);
POSIX_ENSURE(map != MAP_FAILED, S2N_ERR_MMAP);
- struct s2n_blob b = {0};
- POSIX_ENSURE(s2n_blob_init(&b, map, (uint32_t)st.st_size), S2N_FAILURE);
+ struct s2n_blob b = { 0 };
+ POSIX_ENSURE(s2n_blob_init(&b, map, (uint32_t) st.st_size), S2N_FAILURE);
return s2n_stuffer_init(stuffer, &b);
}
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c
index 57cd149255..cae76ef5a2 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_network_order.c
@@ -14,9 +14,7 @@
*/
#include "error/s2n_errno.h"
-
#include "stuffer/s2n_stuffer.h"
-
#include "utils/s2n_annotations.h"
#include "utils/s2n_safety.h"
@@ -41,7 +39,9 @@ int s2n_stuffer_reserve(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservat
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
POSIX_ENSURE_REF(reservation);
- *reservation = (struct s2n_stuffer_reservation) {.stuffer = stuffer, .write_cursor = stuffer->write_cursor, .length = length};
+ *reservation = (struct s2n_stuffer_reservation){ .stuffer = stuffer,
+ .write_cursor = stuffer->write_cursor,
+ .length = length };
POSIX_GUARD(s2n_stuffer_skip_write(stuffer, reservation->length));
POSIX_CHECKED_MEMSET(stuffer->blob.data + reservation->write_cursor, S2N_WIPE_PATTERN, reservation->length);
@@ -49,7 +49,7 @@ int s2n_stuffer_reserve(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservat
return S2N_SUCCESS;
}
-int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t * u)
+int s2n_stuffer_read_uint8(struct s2n_stuffer *stuffer, uint8_t *u)
{
POSIX_GUARD(s2n_stuffer_read_bytes(stuffer, u, sizeof(uint8_t)));
@@ -68,7 +68,7 @@ int s2n_stuffer_reserve_uint8(struct s2n_stuffer *stuffer, struct s2n_stuffer_re
return s2n_stuffer_reserve(stuffer, reservation, sizeof(uint8_t));
}
-int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t * u)
+int s2n_stuffer_read_uint16(struct s2n_stuffer *stuffer, uint16_t *u)
{
POSIX_ENSURE_REF(u);
uint8_t data[sizeof(uint16_t)];
@@ -91,7 +91,7 @@ int s2n_stuffer_reserve_uint16(struct s2n_stuffer *stuffer, struct s2n_stuffer_r
return s2n_stuffer_reserve(stuffer, reservation, sizeof(uint16_t));
}
-int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t * u)
+int s2n_stuffer_read_uint24(struct s2n_stuffer *stuffer, uint32_t *u)
{
POSIX_ENSURE_REF(u);
uint8_t data[SIZEOF_UINT24];
@@ -115,7 +115,7 @@ int s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_r
return s2n_stuffer_reserve(stuffer, reservation, SIZEOF_UINT24);
}
-int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t * u)
+int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t *u)
{
POSIX_ENSURE_REF(u);
uint8_t data[sizeof(uint32_t)];
@@ -135,7 +135,7 @@ int s2n_stuffer_write_uint32(struct s2n_stuffer *stuffer, const uint32_t u)
return s2n_stuffer_write_network_order(stuffer, u, sizeof(u));
}
-int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t * u)
+int s2n_stuffer_read_uint64(struct s2n_stuffer *stuffer, uint64_t *u)
{
POSIX_ENSURE_REF(u);
uint8_t data[sizeof(uint64_t)];
@@ -172,7 +172,7 @@ static int length_matches_value_check(uint32_t value, uint8_t length)
return S2N_SUCCESS;
}
-static int s2n_stuffer_write_reservation_impl(struct s2n_stuffer_reservation* reservation, const uint32_t u)
+static int s2n_stuffer_write_reservation_impl(struct s2n_stuffer_reservation *reservation, const uint32_t u)
{
reservation->stuffer->write_cursor = reservation->write_cursor;
POSIX_PRECONDITION(s2n_stuffer_validate(reservation->stuffer));
@@ -183,7 +183,7 @@ static int s2n_stuffer_write_reservation_impl(struct s2n_stuffer_reservation* re
return S2N_SUCCESS;
}
-int s2n_stuffer_write_reservation(struct s2n_stuffer_reservation* reservation, const uint32_t u)
+int s2n_stuffer_write_reservation(struct s2n_stuffer_reservation *reservation, const uint32_t u)
{
POSIX_PRECONDITION(s2n_stuffer_reservation_validate(reservation));
uint32_t old_write_cursor = reservation->stuffer->write_cursor;
@@ -192,7 +192,7 @@ int s2n_stuffer_write_reservation(struct s2n_stuffer_reservation* reservation, c
return result;
}
-int s2n_stuffer_write_vector_size(struct s2n_stuffer_reservation* reservation)
+int s2n_stuffer_write_vector_size(struct s2n_stuffer_reservation *reservation)
{
POSIX_PRECONDITION(s2n_stuffer_reservation_validate(reservation));
uint32_t size = 0;
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c
index bd2f591fc6..9d54a123f3 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_pem.c
@@ -14,32 +14,33 @@
*/
#include <string.h>
-#include "error/s2n_errno.h"
+#include "error/s2n_errno.h"
#include "stuffer/s2n_stuffer.h"
-
#include "utils/s2n_safety.h"
-#define S2N_PEM_DELIMTER_CHAR '-'
-#define S2N_PEM_DELIMITER_MIN_COUNT 1
-#define S2N_PEM_DELIMITER_MAX_COUNT 64
-#define S2N_PEM_BEGIN_TOKEN "BEGIN "
-#define S2N_PEM_END_TOKEN "END "
-#define S2N_PEM_PKCS1_RSA_PRIVATE_KEY "RSA PRIVATE KEY"
-#define S2N_PEM_PKCS1_EC_PRIVATE_KEY "EC PRIVATE KEY"
-#define S2N_PEM_PKCS8_PRIVATE_KEY "PRIVATE KEY"
-#define S2N_PEM_DH_PARAMETERS "DH PARAMETERS"
-#define S2N_PEM_EC_PARAMETERS "EC PARAMETERS"
-#define S2N_PEM_CERTIFICATE "CERTIFICATE"
-#define S2N_PEM_CRL "X509 CRL"
-
-static int s2n_stuffer_pem_read_encapsulation_line(struct s2n_stuffer *pem, const char* encap_marker, const char *keyword) {
-
+#define S2N_PEM_DELIMTER_CHAR '-'
+#define S2N_PEM_DELIMITER_MIN_COUNT 1
+#define S2N_PEM_DELIMITER_MAX_COUNT 64
+#define S2N_PEM_BEGIN_TOKEN "BEGIN "
+#define S2N_PEM_END_TOKEN "END "
+#define S2N_PEM_PKCS1_RSA_PRIVATE_KEY "RSA PRIVATE KEY"
+#define S2N_PEM_PKCS1_EC_PRIVATE_KEY "EC PRIVATE KEY"
+#define S2N_PEM_PKCS8_PRIVATE_KEY "PRIVATE KEY"
+#define S2N_PEM_DH_PARAMETERS "DH PARAMETERS"
+#define S2N_PEM_EC_PARAMETERS "EC PARAMETERS"
+#define S2N_PEM_CERTIFICATE "CERTIFICATE"
+#define S2N_PEM_CRL "X509 CRL"
+
+static int s2n_stuffer_pem_read_encapsulation_line(struct s2n_stuffer *pem, const char *encap_marker,
+ const char *keyword)
+{
/* Skip any number of Chars until a "-" is reached */
POSIX_GUARD(s2n_stuffer_skip_to_char(pem, S2N_PEM_DELIMTER_CHAR));
/* Ensure between 1 and 64 '-' chars at start of line */
- POSIX_GUARD(s2n_stuffer_skip_expected_char(pem, S2N_PEM_DELIMTER_CHAR, S2N_PEM_DELIMITER_MIN_COUNT, S2N_PEM_DELIMITER_MAX_COUNT, NULL));
+ POSIX_GUARD(s2n_stuffer_skip_expected_char(pem, S2N_PEM_DELIMTER_CHAR, S2N_PEM_DELIMITER_MIN_COUNT,
+ S2N_PEM_DELIMITER_MAX_COUNT, NULL));
/* Ensure next string in stuffer is "BEGIN " or "END " */
POSIX_GUARD(s2n_stuffer_read_expected_str(pem, encap_marker));
@@ -48,7 +49,8 @@ static int s2n_stuffer_pem_read_encapsulation_line(struct s2n_stuffer *pem, cons
POSIX_GUARD(s2n_stuffer_read_expected_str(pem, keyword));
/* Ensure between 1 and 64 '-' chars at end of line */
- POSIX_GUARD(s2n_stuffer_skip_expected_char(pem, S2N_PEM_DELIMTER_CHAR, S2N_PEM_DELIMITER_MIN_COUNT, S2N_PEM_DELIMITER_MAX_COUNT, NULL));
+ POSIX_GUARD(s2n_stuffer_skip_expected_char(pem, S2N_PEM_DELIMTER_CHAR, S2N_PEM_DELIMITER_MIN_COUNT,
+ S2N_PEM_DELIMITER_MAX_COUNT, NULL));
/* Check for missing newline between dashes case: "-----END CERTIFICATE----------BEGIN CERTIFICATE-----" */
if (strncmp(encap_marker, S2N_PEM_END_TOKEN, strlen(S2N_PEM_END_TOKEN)) == 0
@@ -74,7 +76,7 @@ static int s2n_stuffer_pem_read_end(struct s2n_stuffer *pem, const char *keyword
static int s2n_stuffer_pem_read_contents(struct s2n_stuffer *pem, struct s2n_stuffer *asn1)
{
s2n_stack_blob(base64__blob, 64, 64);
- struct s2n_stuffer base64_stuffer = {0};
+ struct s2n_stuffer base64_stuffer = { 0 };
POSIX_GUARD(s2n_stuffer_init(&base64_stuffer, &base64__blob));
while (1) {
@@ -89,7 +91,7 @@ static int s2n_stuffer_pem_read_contents(struct s2n_stuffer *pem, struct s2n_stu
/* Else, move read pointer forward by 1 byte since we will be consuming it. */
pem->read_cursor += 1;
- /* Skip non-base64 characters */
+ /* Skip non-base64 characters */
if (!s2n_is_base64_char(c)) {
continue;
}
@@ -102,7 +104,6 @@ static int s2n_stuffer_pem_read_contents(struct s2n_stuffer *pem, struct s2n_stu
/* Copy next char to base64_stuffer */
POSIX_GUARD(s2n_stuffer_write_bytes(&base64_stuffer, (uint8_t *) &c, 1));
-
};
/* Flush any remaining bytes to asn1 */
@@ -126,7 +127,8 @@ static int s2n_stuffer_data_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer
return S2N_SUCCESS;
}
-int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1) {
+int s2n_stuffer_private_key_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1)
+{
POSIX_PRECONDITION(s2n_stuffer_validate(pem));
POSIX_PRECONDITION(s2n_stuffer_validate(asn1));
int rc;
@@ -166,7 +168,8 @@ int s2n_stuffer_certificate_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer
return s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_CERTIFICATE);
}
-int s2n_stuffer_crl_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1) {
+int s2n_stuffer_crl_from_pem(struct s2n_stuffer *pem, struct s2n_stuffer *asn1)
+{
return s2n_stuffer_data_from_pem(pem, asn1, S2N_PEM_CRL);
}
diff --git a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c
index 9372717c08..265bf90e56 100644
--- a/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c
+++ b/contrib/restricted/aws/s2n/stuffer/s2n_stuffer_text.c
@@ -16,9 +16,8 @@
#include <string.h>
#include "stuffer/s2n_stuffer.h"
-
-#include "utils/s2n_safety.h"
#include "utils/s2n_mem.h"
+#include "utils/s2n_safety.h"
int s2n_stuffer_peek_char(struct s2n_stuffer *s2n_stuffer, char *c)
{
@@ -54,7 +53,9 @@ int s2n_stuffer_skip_whitespace(struct s2n_stuffer *s2n_stuffer, uint32_t *skipp
break;
}
}
- if(skipped != NULL) *skipped = s2n_stuffer->read_cursor - initial_read_cursor;
+ if (skipped != NULL) {
+ *skipped = s2n_stuffer->read_cursor - initial_read_cursor;
+ }
POSIX_POSTCONDITION(s2n_stuffer_validate(s2n_stuffer));
return S2N_SUCCESS;
}
@@ -91,7 +92,7 @@ int s2n_stuffer_skip_read_until(struct s2n_stuffer *stuffer, const char *target)
uint8_t *actual = stuffer->blob.data + stuffer->read_cursor - len;
POSIX_ENSURE_REF(actual);
- if (strncmp((char*)actual, target, len) == 0){
+ if (strncmp((char *) actual, target, len) == 0) {
return S2N_SUCCESS;
} else {
/* If string doesn't match, rewind stuffer to 1 byte after last read */
@@ -118,14 +119,15 @@ int s2n_stuffer_skip_to_char(struct s2n_stuffer *stuffer, const char target)
}
/* Skips an expected character in the stuffer between min and max times */
-int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min, const uint32_t max, uint32_t *skipped)
+int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expected, const uint32_t min,
+ const uint32_t max, uint32_t *skipped)
{
POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
POSIX_ENSURE(min <= max, S2N_ERR_SAFETY);
uint32_t skip = 0;
while (stuffer->read_cursor < stuffer->write_cursor && skip < max) {
- if (stuffer->blob.data[stuffer->read_cursor] == expected){
+ if (stuffer->blob.data[stuffer->read_cursor] == expected) {
stuffer->read_cursor += 1;
skip += 1;
} else {
@@ -133,7 +135,9 @@ int s2n_stuffer_skip_expected_char(struct s2n_stuffer *stuffer, const char expec
}
}
POSIX_ENSURE(skip >= min, S2N_ERR_STUFFER_NOT_FOUND);
- if(skipped != NULL) *skipped = skip;
+ if (skipped != NULL) {
+ *skipped = skip;
+ }
POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
return S2N_SUCCESS;
}
@@ -186,7 +190,7 @@ int s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *st
POSIX_ENSURE_REF(str);
uint32_t length = strlen(str);
POSIX_GUARD(s2n_stuffer_alloc(stuffer, length + 1));
- return s2n_stuffer_write_bytes(stuffer, (const uint8_t *)str, length);
+ return s2n_stuffer_write_bytes(stuffer, (const uint8_t *) str, length);
}
int s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length)
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c
index 0c85cc8389..5b1c2de5c5 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.c
@@ -13,16 +13,15 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
-#include <stdint.h>
-
#include "tls/extensions/s2n_client_alpn.h"
+#include <stdint.h>
+#include <sys/param.h>
+
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_protocol_preferences.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
bool s2n_client_alpn_should_send(struct s2n_connection *conn);
@@ -75,7 +74,7 @@ static int s2n_client_alpn_recv(struct s2n_connection *conn, struct s2n_stuffer
/* Malformed length, ignore the extension */
return S2N_SUCCESS;
}
-
+
struct s2n_blob client_protocols = { 0 };
POSIX_GUARD(s2n_blob_init(&client_protocols, s2n_stuffer_raw_read(extension, wire_size), wire_size));
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h
index bc0590b32a..6e7cd8d67a 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_alpn.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_alpn_extension;
bool s2n_client_alpn_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c
index 63de6d52f5..5063b82f00 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_early_data_indication.c
@@ -14,10 +14,8 @@
*/
#include "api/s2n.h"
-
-#include "tls/extensions/s2n_early_data_indication.h"
-
#include "tls/extensions/s2n_client_psk.h"
+#include "tls/extensions/s2n_early_data_indication.h"
#include "tls/s2n_cipher_suites.h"
#include "tls/s2n_early_data.h"
#include "tls/s2n_protocol_preferences.h"
@@ -55,7 +53,7 @@ static S2N_RESULT s2n_early_data_config_is_possible(struct s2n_connection *conn)
RESULT_ENSURE_REF(conn);
struct s2n_psk *first_psk = NULL;
- RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &first_psk));
+ RESULT_GUARD(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk));
RESULT_ENSURE_REF(first_psk);
struct s2n_early_data_config *early_data_config = &first_psk->early_data_config;
@@ -153,7 +151,7 @@ static int s2n_client_early_data_indication_send(struct s2n_connection *conn, st
/* Set the cipher suite for early data */
struct s2n_psk *first_psk = NULL;
- POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void**) &first_psk));
+ POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, 0, (void **) &first_psk));
POSIX_ENSURE_REF(first_psk);
conn->secure->cipher_suite = first_psk->early_data_config.cipher_suite;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
index 64664a5abb..9ec2366d5f 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_ems.c
@@ -13,12 +13,11 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/s2n_tls.h"
#include "tls/extensions/s2n_ems.h"
-
+#include "tls/s2n_tls.h"
#include "utils/s2n_safety.h"
static int s2n_client_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c
index 7e0ec41a82..739a499ba3 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.c
@@ -14,15 +14,15 @@
*/
#include "tls/extensions/s2n_client_key_share.h"
-#include "tls/extensions/s2n_key_share.h"
-#include "tls/s2n_security_policies.h"
-#include "tls/s2n_kem_preferences.h"
#include "error/s2n_errno.h"
+#include "pq-crypto/s2n_pq.h"
#include "stuffer/s2n_stuffer.h"
-#include "utils/s2n_safety.h"
+#include "tls/extensions/s2n_key_share.h"
+#include "tls/s2n_kem_preferences.h"
+#include "tls/s2n_security_policies.h"
#include "tls/s2n_tls13.h"
-#include "pq-crypto/s2n_pq.h"
+#include "utils/s2n_safety.h"
/**
* Specified in https://tools.ietf.org/html/rfc8446#section-4.2.8
@@ -120,7 +120,7 @@ static int s2n_generate_pq_hybrid_key_share(struct s2n_stuffer *out, struct s2n_
* || PQ key share (variable bytes) */
POSIX_GUARD(s2n_stuffer_write_uint16(out, kem_group->iana_id));
- struct s2n_stuffer_reservation total_share_size = {0};
+ struct s2n_stuffer_reservation total_share_size = { 0 };
POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &total_share_size));
struct s2n_ecc_evp_params *ecc_params = &kem_group_params->ecc_params;
@@ -199,7 +199,7 @@ static int s2n_client_key_share_send(struct s2n_connection *conn, struct s2n_stu
POSIX_ENSURE(server_curve != client_curve || server_group != client_group, S2N_ERR_BAD_KEY_SHARE);
}
- struct s2n_stuffer_reservation shares_size = {0};
+ struct s2n_stuffer_reservation shares_size = { 0 };
POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &shares_size));
POSIX_GUARD(s2n_generate_default_pq_hybrid_key_share(conn, out));
POSIX_GUARD(s2n_generate_default_ecc_key_share(conn, out));
@@ -401,13 +401,13 @@ static int s2n_client_key_share_recv(struct s2n_connection *conn, struct s2n_stu
struct s2n_stuffer key_share = { 0 };
uint16_t keyshare_count = 0;
- while(s2n_stuffer_data_available(extension) > 0) {
+ while (s2n_stuffer_data_available(extension) > 0) {
POSIX_GUARD(s2n_stuffer_read_uint16(extension, &named_group));
POSIX_GUARD(s2n_stuffer_read_uint16(extension, &share_size));
POSIX_ENSURE(s2n_stuffer_data_available(extension) >= share_size, S2N_ERR_BAD_MESSAGE);
POSIX_GUARD(s2n_blob_init(&key_share_blob,
- s2n_stuffer_raw_read(extension, share_size), share_size));
+ s2n_stuffer_raw_read(extension, share_size), share_size));
POSIX_GUARD(s2n_stuffer_init(&key_share, &key_share_blob));
POSIX_GUARD(s2n_stuffer_skip_write(&key_share, share_size));
keyshare_count++;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h
index 9977625680..2e1b4c4a50 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_key_share.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_key_share_extension;
@@ -24,4 +24,3 @@ extern const s2n_extension_type s2n_client_key_share_extension;
extern int s2n_extensions_client_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
extern uint32_t s2n_extensions_client_key_share_size(struct s2n_connection *conn);
extern int s2n_extensions_client_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out);
-
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c
index df5d2e5088..634f507e8f 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_max_frag_len.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_max_frag_len.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_max_frag_len_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h
index 49bb3be845..39b3a00731 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_max_frag_len.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_max_frag_len_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c
index aae1fe8256..a2d0a98a02 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.c
@@ -13,16 +13,16 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_client_pq_kem.h"
+
#include <stdint.h>
#include <sys/param.h>
-#include "tls/extensions/s2n_client_pq_kem.h"
+#include "pq-crypto/s2n_pq.h"
#include "tls/s2n_kem.h"
#include "tls/s2n_security_policies.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "pq-crypto/s2n_pq.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_pq_kem_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h
index 91934773f3..fb775d27a8 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_pq_kem.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_pq_kem_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c
index 800fce4aaf..992e2ca4e9 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.c
@@ -13,19 +13,19 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_psk.h"
+
#include <stdint.h>
+#include <sys/param.h>
#include "crypto/s2n_hash.h"
-#include "tls/s2n_tls.h"
#include "tls/s2n_psk.h"
+#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/extensions/s2n_client_psk.h"
-
#include "utils/s2n_bitmap.h"
#include "utils/s2n_safety.h"
-#define SIZE_OF_BINDER_SIZE sizeof(uint8_t)
+#define SIZE_OF_BINDER_SIZE sizeof(uint8_t)
#define SIZE_OF_BINDER_LIST_SIZE sizeof(uint16_t)
/* To avoid a DoS attack triggered by decrypting too many session tickets,
@@ -82,7 +82,7 @@ bool s2n_client_psk_should_send(struct s2n_connection *conn)
*/
for (size_t i = 0; i < conn->psk_params.psk_list.len; i++) {
struct s2n_psk *psk = NULL;
- if (s2n_result_is_ok(s2n_array_get(&conn->psk_params.psk_list, i, (void**) &psk))
+ if (s2n_result_is_ok(s2n_array_get(&conn->psk_params.psk_list, i, (void **) &psk))
&& psk != NULL
&& conn->secure->cipher_suite->prf_alg == psk->hmac_alg) {
return true;
@@ -146,7 +146,7 @@ static int s2n_client_psk_send(struct s2n_connection *conn, struct s2n_stuffer *
for (size_t i = 0; i < psk_list->len; i++) {
struct s2n_psk *psk = NULL;
- POSIX_GUARD_RESULT(s2n_array_get(psk_list, i, (void**) &psk));
+ POSIX_GUARD_RESULT(s2n_array_get(psk_list, i, (void **) &psk));
POSIX_ENSURE_REF(psk);
/**
@@ -162,7 +162,7 @@ static int s2n_client_psk_send(struct s2n_connection *conn, struct s2n_stuffer *
/* Write the identity */
POSIX_GUARD(s2n_stuffer_write_uint16(out, psk->identity.size));
POSIX_GUARD(s2n_stuffer_write(out, &psk->identity));
-
+
/* Write obfuscated ticket age */
uint32_t obfuscated_ticket_age = 0;
uint64_t current_time = 0;
@@ -210,14 +210,14 @@ static S2N_RESULT s2n_select_external_psk(struct s2n_connection *conn, struct s2
for (size_t i = 0; i < server_psks->len; i++) {
struct s2n_psk *server_psk = NULL;
- RESULT_GUARD(s2n_array_get(server_psks, i, (void**) &server_psk));
+ RESULT_GUARD(s2n_array_get(server_psks, i, (void **) &server_psk));
RESULT_ENSURE_REF(server_psk);
struct s2n_offered_psk client_psk = { 0 };
uint16_t wire_index = 0;
RESULT_GUARD_POSIX(s2n_offered_psk_list_reread(client_identity_list));
- while(s2n_offered_psk_list_has_next(client_identity_list)) {
+ while (s2n_offered_psk_list_has_next(client_identity_list)) {
RESULT_GUARD_POSIX(s2n_offered_psk_list_next(client_identity_list, &client_psk));
uint16_t compare_size = MIN(client_psk.identity.size, server_psk->identity.size);
if (s2n_constant_time_equals(client_psk.identity.data, server_psk->identity.data, compare_size)
@@ -233,7 +233,8 @@ static S2N_RESULT s2n_select_external_psk(struct s2n_connection *conn, struct s2
return S2N_RESULT_OK;
}
-static S2N_RESULT s2n_select_resumption_psk(struct s2n_connection *conn, struct s2n_offered_psk_list *client_identity_list) {
+static S2N_RESULT s2n_select_resumption_psk(struct s2n_connection *conn, struct s2n_offered_psk_list *client_identity_list)
+{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(client_identity_list);
@@ -266,9 +267,9 @@ static S2N_RESULT s2n_client_psk_recv_identity_list(struct s2n_connection *conn,
if (conn->config->psk_selection_cb) {
RESULT_GUARD_POSIX(conn->config->psk_selection_cb(conn, conn->config->psk_selection_ctx, &identity_list));
- } else if(conn->psk_params.type == S2N_PSK_TYPE_EXTERNAL) {
+ } else if (conn->psk_params.type == S2N_PSK_TYPE_EXTERNAL) {
RESULT_GUARD(s2n_select_external_psk(conn, &identity_list));
- } else if(conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION) {
+ } else if (conn->psk_params.type == S2N_PSK_TYPE_RESUMPTION) {
RESULT_GUARD(s2n_select_resumption_psk(conn, &identity_list));
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h
index 1fdabff50d..ac20b6eea1 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_psk.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_psk_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c
index 187d5603dc..120caf47f9 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.c
@@ -13,12 +13,12 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_renegotiation_info.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_renegotiation_info.h"
#include "tls/s2n_tls.h"
-
#include "utils/s2n_safety.h"
static int s2n_client_renegotiation_send(struct s2n_connection *conn, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h
index dbc98ddf80..f67c1bb896 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_renegotiation_info.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_renegotiation_info_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c
index d3f699c8c3..98891e7017 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_sct_list.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_sct_list.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_sct_list_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h
index 2f03d9baff..a49c46cad1 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_sct_list.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_sct_list_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
index 0e69283a2c..0fd0b1ca44 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_server_name.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_server_name.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
#define S2N_NAME_TYPE_HOST_NAME 0
@@ -44,7 +44,7 @@ static bool s2n_client_server_name_should_send(struct s2n_connection *conn)
static int s2n_client_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out)
{
- struct s2n_stuffer_reservation server_name_list_size = {0};
+ struct s2n_stuffer_reservation server_name_list_size = { 0 };
POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &server_name_list_size));
/* NameType, as described by RFC6066.
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h
index a6dde369dc..b3961500bc 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_server_name.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_server_name_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c
index ca9c5e96e7..8155f35325 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.c
@@ -13,16 +13,15 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
-#include <stdint.h>
-
#include "tls/extensions/s2n_client_session_ticket.h"
+#include <stdint.h>
+#include <sys/param.h>
+
#include "tls/extensions/s2n_client_psk.h"
+#include "tls/s2n_resume.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_resume.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_session_ticket_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h
index 4b3b045dcd..781b1a95a2 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_session_ticket.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_session_ticket_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c
index 9986a2cad1..7ee72e6233 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.c
@@ -13,14 +13,14 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_signature_algorithms.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_signature_algorithms.h"
+#include "tls/s2n_signature_algorithms.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_signature_algorithms.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_signature_algorithms_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h
index 0832d40460..2d2d00ff9b 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_signature_algorithms.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_signature_algorithms_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c
index 608e8d0a55..e5d4b1a29a 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_status_request.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_status_request.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
static bool s2n_client_status_request_should_send(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h
index b3862755fc..12b8c07cbe 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_status_request.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_status_request_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c
index 1b8ead056d..f58cbd3a18 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.c
@@ -13,19 +13,18 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_supported_groups.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_supported_groups.h"
+#include "pq-crypto/s2n_pq.h"
#include "tls/extensions/s2n_ec_point_format.h"
-
+#include "tls/s2n_security_policies.h"
#include "tls/s2n_tls.h"
+#include "tls/s2n_tls13.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_security_policies.h"
-
#include "utils/s2n_safety.h"
-#include "pq-crypto/s2n_pq.h"
-#include "tls/s2n_tls13.h"
static int s2n_client_supported_groups_send(struct s2n_connection *conn, struct s2n_stuffer *out);
static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
@@ -82,7 +81,8 @@ static int s2n_client_supported_groups_send(struct s2n_connection *conn, struct
/* Populates the appropriate index of either the mutually_supported_curves or
* mutually_supported_kem_groups array based on the received IANA ID. Will
* ignore unrecognized IANA IDs (and return success). */
-static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn, uint16_t iana_id) {
+static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn, uint16_t iana_id)
+{
POSIX_ENSURE_REF(conn);
const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -117,7 +117,8 @@ static int s2n_client_supported_groups_recv_iana_id(struct s2n_connection *conn,
return S2N_SUCCESS;
}
-static int s2n_choose_supported_group(struct s2n_connection *conn) {
+static int s2n_choose_supported_group(struct s2n_connection *conn)
+{
POSIX_ENSURE_REF(conn);
const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -159,7 +160,8 @@ static int s2n_choose_supported_group(struct s2n_connection *conn) {
return S2N_SUCCESS;
}
-static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) {
+static int s2n_client_supported_groups_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
+{
POSIX_ENSURE_REF(conn);
POSIX_ENSURE_REF(extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h
index e5b798543e..611e392a76 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_groups.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_client_supported_groups_extension;
bool s2n_extension_should_send_if_ecc_enabled(struct s2n_connection *conn);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c
index 067a9d3eaf..b7a8c72715 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.c
@@ -13,16 +13,16 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_client_supported_versions.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_client_supported_versions.h"
#include "tls/extensions/s2n_supported_versions.h"
#include "tls/s2n_alerts.h"
#include "tls/s2n_cipher_preferences.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
/**
@@ -74,7 +74,8 @@ static int s2n_client_supported_versions_send(struct s2n_connection *conn, struc
return S2N_SUCCESS;
}
-static int s2n_extensions_client_supported_versions_process(struct s2n_connection *conn, struct s2n_stuffer *extension) {
+static int s2n_extensions_client_supported_versions_process(struct s2n_connection *conn, struct s2n_stuffer *extension)
+{
uint8_t highest_supported_version = conn->server_protocol_version;
uint8_t minimum_supported_version = s2n_unknown_protocol_version;
POSIX_GUARD_RESULT(s2n_connection_get_minimum_supported_version(conn, &minimum_supported_version));
@@ -138,7 +139,8 @@ static int s2n_client_supported_versions_recv(struct s2n_connection *conn, struc
/* Old-style extension functions -- remove after extensions refactor is complete */
-int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn) {
+int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn)
+{
uint8_t minimum_supported_version = s2n_unknown_protocol_version;
POSIX_GUARD_RESULT(s2n_connection_get_minimum_supported_version(conn, &minimum_supported_version));
uint8_t highest_supported_version = conn->client_protocol_version;
@@ -148,10 +150,12 @@ int s2n_extensions_client_supported_versions_size(struct s2n_connection *conn) {
return version_list_length * S2N_TLS_PROTOCOL_VERSION_LEN + 5;
}
-int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension) {
+int s2n_extensions_client_supported_versions_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
+{
return s2n_extension_recv(&s2n_client_supported_versions_extension, conn, extension);
}
-int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out) {
+int s2n_extensions_client_supported_versions_send(struct s2n_connection *conn, struct s2n_stuffer *out)
+{
return s2n_extension_send(&s2n_client_supported_versions_extension, conn, out);
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h
index b9deabe628..cbf39cebff 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_client_supported_versions.h
@@ -15,8 +15,8 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_client_supported_versions_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h
index ae844cc7ab..8df4d582fc 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_cookie.h
@@ -13,7 +13,6 @@
* permissions and limitations under the License.
*/
-
#pragma once
#include "tls/extensions/s2n_extension_type.h"
@@ -22,4 +21,3 @@ extern const s2n_extension_type s2n_client_cookie_extension;
extern const s2n_extension_type s2n_server_cookie_extension;
int s2n_cookie_send(struct s2n_connection *conn, struct s2n_stuffer *out);
-
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c
index 20a3acfa9a..755b2f59cf 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_ec_point_format.h"
+
#include <stdint.h>
+#include <sys/param.h>
#include "tls/extensions/s2n_client_supported_groups.h"
-#include "tls/extensions/s2n_ec_point_format.h"
#include "tls/s2n_tls.h"
-
#include "utils/s2n_safety.h"
static int s2n_ec_point_format_send(struct s2n_connection *conn, struct s2n_stuffer *out);
@@ -77,10 +77,10 @@ static int s2n_ec_point_format_recv(struct s2n_connection *conn, struct s2n_stuf
int s2n_server_ecc_point_format_extension_size(struct s2n_connection *conn)
{
if (s2n_server_ec_point_format_extension.should_send(conn) && s2n_server_can_send_ec_point_formats(conn)) {
- return sizeof(uint16_t) /* extension type */
- + sizeof(uint16_t) /* extension size */
- + sizeof(uint8_t) /* point list size */
- + sizeof(uint8_t); /* point */
+ return sizeof(uint16_t) /* extension type */
+ + sizeof(uint16_t) /* extension size */
+ + sizeof(uint8_t) /* point list size */
+ + sizeof(uint8_t); /* point */
}
return 0;
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h
index 4e7cf3065d..e8c55d369e 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_ec_point_format.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
#define TLS_EC_POINT_FORMAT_UNCOMPRESSED 0
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c
index 64b691abc3..bffbebf14b 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.c
@@ -14,12 +14,11 @@
*/
#include "s2n_extension_list.h"
-#include "s2n_extension_type.h"
-#include "s2n_extension_type_lists.h"
#include "api/s2n.h"
-
#include "error/s2n_errno.h"
+#include "s2n_extension_type.h"
+#include "s2n_extension_type_lists.h"
#include "utils/s2n_safety.h"
#define s2n_parsed_extension_is_empty(parsed_extension) ((parsed_extension)->extension.data == NULL)
@@ -29,7 +28,7 @@ int s2n_extension_list_send(s2n_extension_list_id list_type, struct s2n_connecti
s2n_extension_type_list *extension_type_list;
POSIX_GUARD(s2n_extension_type_list_get(list_type, &extension_type_list));
- struct s2n_stuffer_reservation total_extensions_size = {0};
+ struct s2n_stuffer_reservation total_extensions_size = { 0 };
POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &total_extensions_size));
for (int i = 0; i < extension_type_list->count; i++) {
@@ -161,7 +160,7 @@ int s2n_extension_list_parse(struct s2n_stuffer *in, s2n_parsed_extensions_list
POSIX_ENSURE_REF(in);
POSIX_ENSURE_REF(parsed_extension_list);
- POSIX_CHECKED_MEMSET((s2n_parsed_extension*) parsed_extension_list->parsed_extensions,
+ POSIX_CHECKED_MEMSET((s2n_parsed_extension *) parsed_extension_list->parsed_extensions,
0, sizeof(parsed_extension_list->parsed_extensions));
uint16_t total_extensions_size;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h
index cddddf4135..411c7e4d7c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_list.h
@@ -24,7 +24,7 @@ typedef struct {
uint16_t extension_type;
struct s2n_blob extension;
uint16_t wire_index;
- unsigned processed:1;
+ unsigned processed : 1;
} s2n_parsed_extension;
typedef struct {
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c
index 4e4aa5d3bc..adf957a8eb 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.c
@@ -13,10 +13,10 @@
* permissions and limitations under the License.
*/
-#include "api/s2n.h"
+#include "tls/extensions/s2n_extension_type.h"
+#include "api/s2n.h"
#include "error/s2n_errno.h"
-#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls13.h"
#include "utils/s2n_bitmap.h"
@@ -90,8 +90,7 @@ int s2n_extension_send(const s2n_extension_type *extension_type, struct s2n_conn
POSIX_GUARD(s2n_extension_supported_iana_value_to_id(extension_type->iana_value, &extension_id));
/* Do not send response if request not received. */
- if (extension_type->is_response &&
- !S2N_CBIT_TEST(conn->extension_requests_received, extension_id)) {
+ if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_received, extension_id)) {
return S2N_SUCCESS;
}
@@ -109,7 +108,7 @@ int s2n_extension_send(const s2n_extension_type *extension_type, struct s2n_conn
POSIX_GUARD(s2n_stuffer_write_uint16(out, extension_type->iana_value));
/* Reserve space for extension size */
- struct s2n_stuffer_reservation extension_size_bytes = {0};
+ struct s2n_stuffer_reservation extension_size_bytes = { 0 };
POSIX_GUARD(s2n_stuffer_reserve_uint16(out, &extension_size_bytes));
/* Write extension data */
@@ -154,8 +153,7 @@ int s2n_extension_recv(const s2n_extension_type *extension_type, struct s2n_conn
*# ClientHello, with the exception of optionally the "cookie" (see
*# Section 4.2.2) extension.
**/
- if (extension_type->is_response &&
- !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) {
+ if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) {
POSIX_BAIL(S2N_ERR_UNSUPPORTED_EXTENSION);
}
@@ -186,8 +184,7 @@ int s2n_extension_is_missing(const s2n_extension_type *extension_type, struct s2
POSIX_GUARD(s2n_extension_supported_iana_value_to_id(extension_type->iana_value, &extension_id));
/* Do not consider an extension missing if we did not send a request */
- if(extension_type->is_response &&
- !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) {
+ if (extension_type->is_response && !S2N_CBIT_TEST(conn->extension_requests_sent, extension_id)) {
return S2N_SUCCESS;
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h
index a5ecb36ce4..eec792dd8c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type.h
@@ -20,31 +20,31 @@
#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_tls_parameters.h"
-#define S2N_EXTENSION_TYPE_FIELD_LENGTH 2
-#define S2N_EXTENSION_LENGTH_FIELD_LENGTH 2
-#define S2N_EXTENSION_HEADER_LENGTH (S2N_EXTENSION_TYPE_FIELD_LENGTH + S2N_EXTENSION_LENGTH_FIELD_LENGTH)
+#define S2N_EXTENSION_TYPE_FIELD_LENGTH 2
+#define S2N_EXTENSION_LENGTH_FIELD_LENGTH 2
+#define S2N_EXTENSION_HEADER_LENGTH (S2N_EXTENSION_TYPE_FIELD_LENGTH + S2N_EXTENSION_LENGTH_FIELD_LENGTH)
/* The number of extensions supported by S2N */
-#define S2N_SUPPORTED_EXTENSIONS_COUNT (sizeof(s2n_supported_extensions) / sizeof(s2n_supported_extensions[0]))
+#define S2N_SUPPORTED_EXTENSIONS_COUNT (sizeof(s2n_supported_extensions) / sizeof(s2n_supported_extensions[0]))
/* The number of bytes needed to assign 1 bit to every supported extension.
* The +1 is necessary to handle any remainder left over when dividing. */
-#define S2N_SUPPORTED_EXTENSIONS_BITFIELD_LEN ((S2N_SUPPORTED_EXTENSIONS_COUNT / sizeof(char)) + 1)
+#define S2N_SUPPORTED_EXTENSIONS_BITFIELD_LEN ((S2N_SUPPORTED_EXTENSIONS_COUNT / sizeof(char)) + 1)
struct s2n_connection;
typedef struct {
uint16_t iana_value;
- unsigned is_response:1;
+ unsigned is_response : 1;
uint16_t minimum_version;
- int (*send) (struct s2n_connection *conn, struct s2n_stuffer *out);
- int (*recv) (struct s2n_connection *conn, struct s2n_stuffer *in);
+ int (*send)(struct s2n_connection *conn, struct s2n_stuffer *out);
+ int (*recv)(struct s2n_connection *conn, struct s2n_stuffer *in);
/* Returns true or false to indicate whether the extension should be sent */
- bool (*should_send) (struct s2n_connection *conn);
+ bool (*should_send)(struct s2n_connection *conn);
/* Handler called if an extension is not received */
- int (*if_missing) (struct s2n_connection *conn);
+ int (*if_missing)(struct s2n_connection *conn);
} s2n_extension_type;
static const uint16_t s2n_supported_extensions[] = {
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c
index e3513e00aa..b928f1bc38 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_extension_type_lists.c
@@ -13,88 +13,87 @@
* permissions and limitations under the License.
*/
-#include "api/s2n.h"
-
#include "tls/extensions/s2n_extension_type_lists.h"
-#include "tls/s2n_connection.h"
-#include "tls/extensions/s2n_cookie.h"
-#include "tls/extensions/s2n_client_supported_versions.h"
-#include "tls/extensions/s2n_client_signature_algorithms.h"
-#include "tls/extensions/s2n_client_max_frag_len.h"
-#include "tls/extensions/s2n_client_session_ticket.h"
-#include "tls/extensions/s2n_client_server_name.h"
+#include "api/s2n.h"
#include "tls/extensions/s2n_client_alpn.h"
-#include "tls/extensions/s2n_client_status_request.h"
#include "tls/extensions/s2n_client_key_share.h"
-#include "tls/extensions/s2n_client_sct_list.h"
-#include "tls/extensions/s2n_client_supported_groups.h"
+#include "tls/extensions/s2n_client_max_frag_len.h"
#include "tls/extensions/s2n_client_pq_kem.h"
#include "tls/extensions/s2n_client_psk.h"
-#include "tls/extensions/s2n_ems.h"
-#include "tls/extensions/s2n_early_data_indication.h"
-#include "tls/extensions/s2n_psk_key_exchange_modes.h"
#include "tls/extensions/s2n_client_renegotiation_info.h"
+#include "tls/extensions/s2n_client_sct_list.h"
+#include "tls/extensions/s2n_client_server_name.h"
+#include "tls/extensions/s2n_client_session_ticket.h"
+#include "tls/extensions/s2n_client_signature_algorithms.h"
+#include "tls/extensions/s2n_client_status_request.h"
+#include "tls/extensions/s2n_client_supported_groups.h"
+#include "tls/extensions/s2n_client_supported_versions.h"
+#include "tls/extensions/s2n_cookie.h"
+#include "tls/extensions/s2n_early_data_indication.h"
#include "tls/extensions/s2n_ec_point_format.h"
+#include "tls/extensions/s2n_ems.h"
+#include "tls/extensions/s2n_npn.h"
+#include "tls/extensions/s2n_psk_key_exchange_modes.h"
#include "tls/extensions/s2n_quic_transport_params.h"
+#include "tls/extensions/s2n_server_alpn.h"
#include "tls/extensions/s2n_server_certificate_status.h"
+#include "tls/extensions/s2n_server_key_share.h"
+#include "tls/extensions/s2n_server_max_fragment_length.h"
+#include "tls/extensions/s2n_server_psk.h"
#include "tls/extensions/s2n_server_renegotiation_info.h"
-#include "tls/extensions/s2n_server_alpn.h"
-#include "tls/extensions/s2n_server_status_request.h"
#include "tls/extensions/s2n_server_sct_list.h"
-#include "tls/extensions/s2n_server_max_fragment_length.h"
-#include "tls/extensions/s2n_server_session_ticket.h"
#include "tls/extensions/s2n_server_server_name.h"
+#include "tls/extensions/s2n_server_session_ticket.h"
#include "tls/extensions/s2n_server_signature_algorithms.h"
+#include "tls/extensions/s2n_server_status_request.h"
#include "tls/extensions/s2n_server_supported_versions.h"
-#include "tls/extensions/s2n_server_key_share.h"
-#include "tls/extensions/s2n_server_psk.h"
-#include "tls/extensions/s2n_npn.h"
+#include "tls/s2n_connection.h"
static const s2n_extension_type *const client_hello_extensions[] = {
- &s2n_client_supported_versions_extension,
-
- /* We MUST process key_share after supported_groups,
- * because we need to choose the keyshare based on the
- * mutually supported groups. */
- &s2n_client_supported_groups_extension,
- &s2n_client_key_share_extension,
-
- &s2n_client_signature_algorithms_extension,
- &s2n_client_server_name_extension,
-
- /* We MUST process the NPN extension after the ALPN extension
- * because NPN is only negotiated if ALPN is not */
- &s2n_client_alpn_extension,
- &s2n_client_npn_extension,
-
- &s2n_client_status_request_extension,
- &s2n_client_sct_list_extension,
- &s2n_client_max_frag_len_extension,
- &s2n_client_session_ticket_extension,
- &s2n_client_ec_point_format_extension,
- &s2n_client_pq_kem_extension,
- &s2n_client_renegotiation_info_extension,
- &s2n_client_cookie_extension,
- &s2n_quic_transport_parameters_extension,
- &s2n_psk_key_exchange_modes_extension,
- &s2n_client_early_data_indication_extension,
- &s2n_client_ems_extension,
- &s2n_client_psk_extension /* MUST be last */
+ &s2n_client_supported_versions_extension,
+
+ /* We MUST process key_share after supported_groups,
+ * because we need to choose the keyshare based on the
+ * mutually supported groups. */
+ &s2n_client_supported_groups_extension,
+ &s2n_client_key_share_extension,
+
+ &s2n_client_signature_algorithms_extension,
+ &s2n_client_server_name_extension,
+
+ /* We MUST process the NPN extension after the ALPN extension
+ * because NPN is only negotiated if ALPN is not */
+ &s2n_client_alpn_extension,
+ &s2n_client_npn_extension,
+
+ &s2n_client_status_request_extension,
+ &s2n_client_sct_list_extension,
+ &s2n_client_max_frag_len_extension,
+ &s2n_client_session_ticket_extension,
+ &s2n_client_ec_point_format_extension,
+ &s2n_client_pq_kem_extension,
+ &s2n_client_renegotiation_info_extension,
+ &s2n_client_cookie_extension,
+ &s2n_quic_transport_parameters_extension,
+ &s2n_psk_key_exchange_modes_extension,
+ &s2n_client_early_data_indication_extension,
+ &s2n_client_ems_extension,
+ &s2n_client_psk_extension /* MUST be last */
};
static const s2n_extension_type *const tls12_server_hello_extensions[] = {
- &s2n_server_supported_versions_extension,
- &s2n_server_server_name_extension,
- &s2n_server_ec_point_format_extension,
- &s2n_server_renegotiation_info_extension,
- &s2n_server_alpn_extension,
- &s2n_server_status_request_extension,
- &s2n_server_sct_list_extension,
- &s2n_server_max_fragment_length_extension,
- &s2n_server_session_ticket_extension,
- &s2n_server_ems_extension,
- &s2n_server_npn_extension,
+ &s2n_server_supported_versions_extension,
+ &s2n_server_server_name_extension,
+ &s2n_server_ec_point_format_extension,
+ &s2n_server_renegotiation_info_extension,
+ &s2n_server_alpn_extension,
+ &s2n_server_status_request_extension,
+ &s2n_server_sct_list_extension,
+ &s2n_server_max_fragment_length_extension,
+ &s2n_server_session_ticket_extension,
+ &s2n_server_ems_extension,
+ &s2n_server_npn_extension,
};
/**
@@ -109,50 +108,53 @@ static const s2n_extension_type *const tls12_server_hello_extensions[] = {
*# - key_share (see Section 4.2.8)
*/
static const s2n_extension_type *const hello_retry_request_extensions[] = {
- &s2n_server_supported_versions_extension,
- &s2n_server_cookie_extension,
- &s2n_server_key_share_extension,
+ &s2n_server_supported_versions_extension,
+ &s2n_server_cookie_extension,
+ &s2n_server_key_share_extension,
};
static const s2n_extension_type *const tls13_server_hello_extensions[] = {
- &s2n_server_supported_versions_extension,
- &s2n_server_key_share_extension,
- &s2n_server_psk_extension, /* MUST appear after keyshare extension */
+ &s2n_server_supported_versions_extension,
+ &s2n_server_key_share_extension,
+ &s2n_server_psk_extension, /* MUST appear after keyshare extension */
};
static const s2n_extension_type *const encrypted_extensions[] = {
- &s2n_server_server_name_extension,
- &s2n_server_max_fragment_length_extension,
- &s2n_server_alpn_extension,
- &s2n_quic_transport_parameters_extension,
- &s2n_server_early_data_indication_extension,
+ &s2n_server_server_name_extension,
+ &s2n_server_max_fragment_length_extension,
+ &s2n_server_alpn_extension,
+ &s2n_quic_transport_parameters_extension,
+ &s2n_server_early_data_indication_extension,
};
static const s2n_extension_type *const cert_req_extensions[] = {
- &s2n_server_signature_algorithms_extension,
+ &s2n_server_signature_algorithms_extension,
};
static const s2n_extension_type *const certificate_extensions[] = {
- &s2n_tls13_server_status_request_extension,
- &s2n_server_sct_list_extension,
+ &s2n_tls13_server_status_request_extension,
+ &s2n_server_sct_list_extension,
};
static const s2n_extension_type *const nst_extensions[] = {
- &s2n_nst_early_data_indication_extension,
+ &s2n_nst_early_data_indication_extension,
};
-#define S2N_EXTENSION_LIST(list) { .extension_types = (list), .count = s2n_array_len(list) }
+#define S2N_EXTENSION_LIST(list) \
+ { \
+ .extension_types = (list), .count = s2n_array_len(list) \
+ }
static s2n_extension_type_list extension_lists[] = {
- [S2N_EXTENSION_LIST_CLIENT_HELLO] = S2N_EXTENSION_LIST(client_hello_extensions),
- [S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST] = S2N_EXTENSION_LIST(hello_retry_request_extensions),
- [S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT] = S2N_EXTENSION_LIST(tls12_server_hello_extensions),
- [S2N_EXTENSION_LIST_SERVER_HELLO_TLS13] = S2N_EXTENSION_LIST(tls13_server_hello_extensions),
- [S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS] = S2N_EXTENSION_LIST(encrypted_extensions),
- [S2N_EXTENSION_LIST_CERT_REQ] = S2N_EXTENSION_LIST(cert_req_extensions),
- [S2N_EXTENSION_LIST_CERTIFICATE] = S2N_EXTENSION_LIST(certificate_extensions),
- [S2N_EXTENSION_LIST_NST] = S2N_EXTENSION_LIST(nst_extensions),
- [S2N_EXTENSION_LIST_EMPTY] = { .extension_types = NULL, .count = 0 },
+ [S2N_EXTENSION_LIST_CLIENT_HELLO] = S2N_EXTENSION_LIST(client_hello_extensions),
+ [S2N_EXTENSION_LIST_HELLO_RETRY_REQUEST] = S2N_EXTENSION_LIST(hello_retry_request_extensions),
+ [S2N_EXTENSION_LIST_SERVER_HELLO_DEFAULT] = S2N_EXTENSION_LIST(tls12_server_hello_extensions),
+ [S2N_EXTENSION_LIST_SERVER_HELLO_TLS13] = S2N_EXTENSION_LIST(tls13_server_hello_extensions),
+ [S2N_EXTENSION_LIST_ENCRYPTED_EXTENSIONS] = S2N_EXTENSION_LIST(encrypted_extensions),
+ [S2N_EXTENSION_LIST_CERT_REQ] = S2N_EXTENSION_LIST(cert_req_extensions),
+ [S2N_EXTENSION_LIST_CERTIFICATE] = S2N_EXTENSION_LIST(certificate_extensions),
+ [S2N_EXTENSION_LIST_NST] = S2N_EXTENSION_LIST(nst_extensions),
+ [S2N_EXTENSION_LIST_EMPTY] = { .extension_types = NULL, .count = 0 },
};
int s2n_extension_type_list_get(s2n_extension_list_id list_type, s2n_extension_type_list **extension_list)
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c
index 6b3f144b3a..7428eb9fd8 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.c
@@ -14,6 +14,7 @@
*/
#include "tls/extensions/s2n_key_share.h"
+
#include "tls/s2n_tls.h"
#include "utils/s2n_safety.h"
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h
index daa464c2bd..c8c6f98950 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_key_share.h
@@ -16,14 +16,14 @@
#pragma once
#include "crypto/s2n_ecc_evp.h"
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
-#define S2N_SIZE_OF_EXTENSION_TYPE 2
-#define S2N_SIZE_OF_EXTENSION_DATA_SIZE 2
-#define S2N_SIZE_OF_CLIENT_SHARES_SIZE 2
-#define S2N_SIZE_OF_NAMED_GROUP 2
-#define S2N_SIZE_OF_KEY_SHARE_SIZE 2
+#define S2N_SIZE_OF_EXTENSION_TYPE 2
+#define S2N_SIZE_OF_EXTENSION_DATA_SIZE 2
+#define S2N_SIZE_OF_CLIENT_SHARES_SIZE 2
+#define S2N_SIZE_OF_NAMED_GROUP 2
+#define S2N_SIZE_OF_KEY_SHARE_SIZE 2
S2N_RESULT s2n_ecdhe_send_public_key(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out);
int s2n_ecdhe_parameters_send(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c
index 42e9905199..0d266ec0ac 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_npn.c
@@ -14,12 +14,12 @@
*/
#include "tls/extensions/s2n_npn.h"
+
#include "tls/extensions/s2n_client_alpn.h"
#include "tls/extensions/s2n_server_alpn.h"
+#include "tls/s2n_protocol_preferences.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_protocol_preferences.h"
-
#include "utils/s2n_safety.h"
bool s2n_npn_should_send(struct s2n_connection *conn)
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c
index 0f149ec2fe..f6802b3014 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_nst_early_data_indication.c
@@ -14,10 +14,8 @@
*/
#include "api/s2n.h"
-
-#include "tls/extensions/s2n_early_data_indication.h"
-
#include "stuffer/s2n_stuffer.h"
+#include "tls/extensions/s2n_early_data_indication.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_early_data.h"
#include "utils/s2n_safety.h"
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c
index cf0c57ed8d..2062ffa58e 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.c
@@ -13,12 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_psk_key_exchange_modes.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/s2n_tls_parameters.h"
#include "tls/extensions/s2n_client_psk.h"
-#include "tls/extensions/s2n_psk_key_exchange_modes.h"
+#include "tls/s2n_tls_parameters.h"
#include "utils/s2n_safety.h"
static bool s2n_psk_key_exchange_modes_should_send(struct s2n_connection *conn);
@@ -67,7 +68,7 @@ static int s2n_psk_key_exchange_modes_recv(struct s2n_connection *conn, struct s
for (size_t i = 0; i < psk_ke_mode_list_len; i++) {
uint8_t wire_psk_ke_mode;
POSIX_GUARD(s2n_stuffer_read_uint8(extension, &wire_psk_ke_mode));
-
+
/* s2n currently only supports pre-shared keys with (EC)DHE key establishment */
if (wire_psk_ke_mode == TLS_PSK_DHE_KE_MODE) {
conn->psk_params.psk_ke_mode = S2N_PSK_DHE_KE;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h
index 74c1fe9797..0a8b6a416e 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_psk_key_exchange_modes.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
#define PSK_KEY_EXCHANGE_MODE_SIZE sizeof(uint8_t)
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c
index ab84388e7a..c4297df0d6 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_quic_transport_params.c
@@ -15,10 +15,9 @@
#include "tls/extensions/s2n_quic_transport_params.h"
+#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
-
-#include "stuffer/s2n_stuffer.h"
#include "utils/s2n_safety.h"
/*
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c
index a62f63c167..dd556bd85c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_alpn.c
@@ -13,14 +13,12 @@
* permissions and limitations under the License.
*/
-#include "stuffer/s2n_stuffer.h"
-
-#include "utils/s2n_safety.h"
+#include "tls/extensions/s2n_server_alpn.h"
+#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
-
-#include "tls/extensions/s2n_server_alpn.h"
+#include "utils/s2n_safety.h"
bool s2n_server_alpn_should_send(struct s2n_connection *conn);
static int s2n_alpn_send(struct s2n_connection *conn, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c
index 243cd753ee..d58cc1f4b3 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.c
@@ -13,11 +13,12 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_server_certificate_status.h"
+
#include "tls/s2n_config.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_x509_validator.h"
-#include "tls/extensions/s2n_server_certificate_status.h"
#include "utils/s2n_safety.h"
#define U24_SIZE 3
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h
index 0f5ef18742..60e28f4a24 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_certificate_status.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_tls13_server_status_request_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c
index 80a8143a81..24064425ae 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_early_data_indication.c
@@ -14,9 +14,7 @@
*/
#include "api/s2n.h"
-
#include "tls/extensions/s2n_early_data_indication.h"
-
#include "tls/s2n_connection.h"
#include "tls/s2n_early_data.h"
#include "tls/s2n_handshake.h"
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c
index c5170eb714..24dea1f8ab 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_ems.c
@@ -13,12 +13,11 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/s2n_tls.h"
#include "tls/extensions/s2n_ems.h"
-
+#include "tls/s2n_tls.h"
#include "utils/s2n_safety.h"
static int s2n_server_ems_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
index b57ae8a73c..eefdf0c56d 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.c
@@ -14,14 +14,13 @@
*/
#include "tls/extensions/s2n_server_key_share.h"
+
+#include "pq-crypto/s2n_pq.h"
#include "tls/s2n_security_policies.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls13.h"
-
#include "utils/s2n_safety.h"
-#include "pq-crypto/s2n_pq.h"
-
static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out);
static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
@@ -35,7 +34,8 @@ const s2n_extension_type s2n_server_key_share_extension = {
.if_missing = s2n_extension_noop_if_missing,
};
-static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out) {
+static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn, struct s2n_stuffer *out)
+{
POSIX_ENSURE_REF(out);
POSIX_ENSURE_REF(conn);
@@ -68,7 +68,8 @@ static int s2n_server_key_share_generate_pq_hybrid(struct s2n_connection *conn,
}
/* Check that client has sent a corresponding key share for the server's KEM group */
-int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) {
+int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn)
+{
POSIX_ENSURE_REF(conn);
POSIX_ENSURE(s2n_pq_is_enabled(), S2N_ERR_PQ_DISABLED);
@@ -100,7 +101,8 @@ int s2n_server_key_share_send_check_pq_hybrid(struct s2n_connection *conn) {
}
/* Check that client has sent a corresponding key share for the server's EC curve */
-int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) {
+int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn)
+{
POSIX_ENSURE_REF(conn);
const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -117,7 +119,8 @@ int s2n_server_key_share_send_check_ecdhe(struct s2n_connection *conn) {
return S2N_SUCCESS;
}
-static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out) {
+static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stuffer *out)
+{
POSIX_ENSURE_REF(conn);
POSIX_ENSURE_REF(out);
@@ -153,7 +156,8 @@ static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stu
}
static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint16_t named_group_iana,
- struct s2n_stuffer *extension) {
+ struct s2n_stuffer *extension)
+{
POSIX_ENSURE_REF(conn);
POSIX_ENSURE_REF(extension);
@@ -191,7 +195,7 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint
/* Ensure that the server's key share corresponds with a key share previously sent by the client */
struct s2n_kem_group_params *client_kem_group_params = &conn->kex_params.client_kem_group_params;
- POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data, S2N_ERR_BAD_KEY_SHARE);
+ POSIX_ENSURE(client_kem_group_params->kem_params.private_key.data, S2N_ERR_BAD_KEY_SHARE);
POSIX_ENSURE(client_kem_group_params->ecc_params.evp_pkey, S2N_ERR_BAD_KEY_SHARE);
POSIX_ENSURE(client_kem_group_params->kem_group == server_kem_group_params->kem_group, S2N_ERR_BAD_KEY_SHARE);
@@ -216,7 +220,8 @@ static int s2n_server_key_share_recv_pq_hybrid(struct s2n_connection *conn, uint
}
static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t named_group_iana,
- struct s2n_stuffer *extension) {
+ struct s2n_stuffer *extension)
+{
POSIX_ENSURE_REF(conn);
POSIX_ENSURE_REF(extension);
@@ -252,7 +257,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n
POSIX_ENSURE_REF(server_ecc_evp_params->negotiated_curve);
const struct s2n_ecc_named_curve *previous_negotiated_curve = server_ecc_evp_params->negotiated_curve;
POSIX_ENSURE(negotiated_curve == previous_negotiated_curve,
- S2N_ERR_BAD_MESSAGE);
+ S2N_ERR_BAD_MESSAGE);
}
server_ecc_evp_params->negotiated_curve = negotiated_curve;
@@ -281,7 +286,7 @@ static int s2n_server_key_share_recv_ecc(struct s2n_connection *conn, uint16_t n
/* Proceed to parse share */
struct s2n_blob point_blob;
- S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size, &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE);
+ S2N_ERROR_IF(s2n_ecc_evp_read_params_point(extension, share_size, &point_blob) < 0, S2N_ERR_BAD_KEY_SHARE);
S2N_ERROR_IF(s2n_ecc_evp_parse_params_point(&point_blob, server_ecc_evp_params) < 0, S2N_ERR_BAD_KEY_SHARE);
S2N_ERROR_IF(server_ecc_evp_params->evp_pkey == NULL, S2N_ERR_BAD_KEY_SHARE);
@@ -325,7 +330,8 @@ static int s2n_server_key_share_recv(struct s2n_connection *conn, struct s2n_stu
}
/* Selects highest priority mutually supported key share, or indicates need for HRR */
-int s2n_extensions_server_key_share_select(struct s2n_connection *conn) {
+int s2n_extensions_server_key_share_select(struct s2n_connection *conn)
+{
POSIX_ENSURE_REF(conn);
const struct s2n_ecc_preferences *ecc_pref = NULL;
@@ -391,10 +397,10 @@ int s2n_extensions_server_key_share_select(struct s2n_connection *conn) {
*/
int s2n_extensions_server_key_share_send_size(struct s2n_connection *conn)
{
- const struct s2n_ecc_named_curve* curve = conn->kex_params.server_ecc_evp_params.negotiated_curve;
+ const struct s2n_ecc_named_curve *curve = conn->kex_params.server_ecc_evp_params.negotiated_curve;
int key_share_size = S2N_SIZE_OF_EXTENSION_TYPE
- + S2N_SIZE_OF_EXTENSION_DATA_SIZE
- + S2N_SIZE_OF_NAMED_GROUP;
+ + S2N_SIZE_OF_EXTENSION_DATA_SIZE
+ + S2N_SIZE_OF_NAMED_GROUP;
/* If this is a KeyShareHelloRetryRequest we don't include the share size */
if (s2n_is_hello_retry_message(conn)) {
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h
index 11a289d1de..a2884dd119 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_key_share.h
@@ -15,10 +15,9 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
-
#include "tls/extensions/s2n_key_share.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_server_key_share_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c
index e55e3f21e5..7ba3ddfdf9 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_max_fragment_length.c
@@ -13,19 +13,16 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_server_max_fragment_length.h"
+
#include <sys/param.h>
#include "error/s2n_errno.h"
-
#include "stuffer/s2n_stuffer.h"
-
-#include "utils/s2n_safety.h"
-
+#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_connection.h"
-
-#include "tls/extensions/s2n_server_max_fragment_length.h"
+#include "utils/s2n_safety.h"
static bool s2n_max_fragment_length_should_send(struct s2n_connection *conn);
static int s2n_max_fragment_length_send(struct s2n_connection *conn, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c
index 09e525fa93..afd604ade0 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_psk.c
@@ -13,14 +13,14 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_server_psk.h"
+
#include <stdint.h>
+#include <sys/param.h>
#include "tls/s2n_tls.h"
-#include "tls/extensions/s2n_server_psk.h"
-
-#include "utils/s2n_safety.h"
#include "utils/s2n_bitmap.h"
+#include "utils/s2n_safety.h"
static bool s2n_server_psk_should_send(struct s2n_connection *conn);
static int s2n_server_psk_send(struct s2n_connection *conn, struct s2n_stuffer *out);
@@ -82,7 +82,7 @@ static int s2n_server_psk_recv(struct s2n_connection *conn, struct s2n_stuffer *
conn->psk_params.chosen_psk_wire_index = chosen_psk_wire_index;
POSIX_GUARD_RESULT(s2n_array_get(&conn->psk_params.psk_list, conn->psk_params.chosen_psk_wire_index,
- (void **)&conn->psk_params.chosen_psk));
+ (void **) &conn->psk_params.chosen_psk));
return S2N_SUCCESS;
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c
index 5834412e10..7f972064c1 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.c
@@ -13,16 +13,14 @@
* permissions and limitations under the License.
*/
-#include "error/s2n_errno.h"
+#include "tls/extensions/s2n_server_renegotiation_info.h"
+#include "error/s2n_errno.h"
#include "stuffer/s2n_stuffer.h"
-
-#include "utils/s2n_safety.h"
-
-#include "tls/s2n_tls_parameters.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
-#include "tls/extensions/s2n_server_renegotiation_info.h"
+#include "tls/s2n_tls_parameters.h"
+#include "utils/s2n_safety.h"
/**
* s2n-tls servers do NOT support renegotiation.
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h
index b037b2182a..eb9a862de5 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_renegotiation_info.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_server_renegotiation_info_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c
index cf28bef52b..d062c1975a 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_sct_list.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_server_sct_list.h"
+
#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
-#include "tls/extensions/s2n_server_sct_list.h"
-
-#include "utils/s2n_safety.h"
#include "utils/s2n_blob.h"
+#include "utils/s2n_safety.h"
static bool s2n_server_sct_list_should_send(struct s2n_connection *conn);
static int s2n_server_sct_list_send(struct s2n_connection *conn, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c
index 239c84f1fb..56e14e0de6 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_server_name.c
@@ -13,10 +13,10 @@
* permissions and limitations under the License.
*/
-#include "stuffer/s2n_stuffer.h"
+#include "tls/extensions/s2n_server_server_name.h"
+#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
-#include "tls/extensions/s2n_server_server_name.h"
static bool s2n_server_name_should_send(struct s2n_connection *conn);
static int s2n_server_name_send(struct s2n_connection *conn, struct s2n_stuffer *out);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c
index d4c9bf019f..187da6b831 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.c
@@ -13,12 +13,12 @@
* permissions and limitations under the License.
*/
-#include "stuffer/s2n_stuffer.h"
+#include "tls/extensions/s2n_server_session_ticket.h"
-#include "tls/s2n_tls_parameters.h"
+#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
-#include "tls/extensions/s2n_server_session_ticket.h"
+#include "tls/s2n_tls_parameters.h"
static bool s2n_session_ticket_should_send(struct s2n_connection *conn);
static int s2n_session_ticket_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h
index 2e9ba959cb..d6c8ab35e9 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_session_ticket.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_server_session_ticket_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c
index e7bd8a32cc..b8903f2da2 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_signature_algorithms.c
@@ -13,16 +13,15 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
#include <stdint.h>
+#include <sys/param.h>
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_client_signature_algorithms.h"
#include "tls/s2n_connection.h"
+#include "tls/s2n_signature_algorithms.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/s2n_signature_algorithms.h"
-
-#include "stuffer/s2n_stuffer.h"
#include "utils/s2n_safety.h"
static int s2n_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c
index c73b5c32a4..4248db8b7c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.c
@@ -13,11 +13,12 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_server_status_request.h"
+
#include "stuffer/s2n_stuffer.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-#include "tls/extensions/s2n_server_status_request.h"
static bool s2n_server_status_request_should_send(struct s2n_connection *conn);
static int s2n_server_status_request_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h
index b43ff10ca8..4bb46dd4df 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_status_request.h
@@ -15,9 +15,9 @@
#pragma once
+#include "stuffer/s2n_stuffer.h"
#include "tls/extensions/s2n_extension_type.h"
#include "tls/s2n_connection.h"
-#include "stuffer/s2n_stuffer.h"
extern const s2n_extension_type s2n_server_status_request_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c
index 55a3e4ebd2..8dc4179683 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.c
@@ -13,16 +13,16 @@
* permissions and limitations under the License.
*/
-#include <sys/param.h>
+#include "tls/extensions/s2n_server_supported_versions.h"
+
#include <stdint.h>
+#include <sys/param.h>
-#include "tls/extensions/s2n_server_supported_versions.h"
#include "tls/extensions/s2n_supported_versions.h"
#include "tls/s2n_alerts.h"
#include "tls/s2n_cipher_preferences.h"
#include "tls/s2n_tls.h"
#include "tls/s2n_tls_parameters.h"
-
#include "utils/s2n_safety.h"
/**
@@ -79,7 +79,7 @@ static int s2n_extensions_server_supported_versions_process(struct s2n_connectio
**/
if (s2n_is_hello_retry_handshake(conn) && !s2n_is_hello_retry_message(conn)) {
POSIX_ENSURE(conn->server_protocol_version == server_version,
- S2N_ERR_BAD_MESSAGE);
+ S2N_ERR_BAD_MESSAGE);
}
POSIX_ENSURE_GTE(server_version, S2N_TLS13);
@@ -87,7 +87,7 @@ static int s2n_extensions_server_supported_versions_process(struct s2n_connectio
POSIX_ENSURE_GTE(server_version, minimum_supported_version);
conn->server_protocol_version = server_version;
-
+
return S2N_SUCCESS;
}
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h
index c7312be137..8a5f74579c 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_server_supported_versions.h
@@ -13,11 +13,10 @@
* permissions and limitations under the License.
*/
-
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
extern const s2n_extension_type s2n_server_supported_versions_extension;
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c
index 3f77789e31..86c40ecca0 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.c
@@ -13,12 +13,12 @@
* permissions and limitations under the License.
*/
+#include "tls/extensions/s2n_supported_versions.h"
+
#include <stdint.h>
#include <sys/param.h>
-#include "tls/extensions/s2n_supported_versions.h"
#include "tls/s2n_security_policies.h"
-
#include "utils/s2n_safety.h"
S2N_RESULT s2n_connection_get_minimum_supported_version(struct s2n_connection *conn, uint8_t *min_version)
diff --git a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h
index 6c1fdcea76..bcf3ccf105 100644
--- a/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h
+++ b/contrib/restricted/aws/s2n/tls/extensions/s2n_supported_versions.h
@@ -15,7 +15,7 @@
#pragma once
-#include "tls/s2n_connection.h"
#include "stuffer/s2n_stuffer.h"
+#include "tls/s2n_connection.h"
S2N_RESULT s2n_connection_get_minimum_supported_version(struct s2n_connection *conn, uint8_t *min_version);
diff --git a/contrib/restricted/aws/s2n/tls/s2n_config.c b/contrib/restricted/aws/s2n/tls/s2n_config.c
index 01c15fc8c5..75ea75dd79 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_config.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_config.c
@@ -998,7 +998,7 @@ int s2n_config_client_hello_cb_enable_poll(struct s2n_config *config) {
int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size) {
POSIX_ENSURE_REF(config);
- POSIX_ENSURE(size > S2N_TLS_MAX_RECORD_LEN_FOR(0), S2N_ERR_INVALID_ARGUMENT);
+ POSIX_ENSURE(size >= S2N_TLS_MAX_RECORD_LEN_FOR(S2N_MAX_FRAGMENT_LENGTH_MIN), S2N_ERR_INVALID_ARGUMENT);
config->send_buffer_size_override = size;
return S2N_SUCCESS;
}
@@ -1050,3 +1050,11 @@ S2N_RESULT s2n_config_wall_clock(struct s2n_config *config, uint64_t *output)
RESULT_ENSURE(config->wall_clock(config->sys_clock_ctx, output) >= S2N_SUCCESS, S2N_ERR_CANCELLED);
return S2N_RESULT_OK;
}
+
+int s2n_config_set_crl_lookup_cb(struct s2n_config *config, s2n_crl_lookup_callback cb, void *ctx)
+{
+ POSIX_ENSURE_REF(config);
+ config->crl_lookup_cb = cb;
+ config->crl_lookup_ctx = ctx;
+ return S2N_SUCCESS;
+}
diff --git a/contrib/restricted/aws/s2n/tls/s2n_crl.h b/contrib/restricted/aws/s2n/tls/s2n_crl.h
index f905f853ba..b974ee1506 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_crl.h
+++ b/contrib/restricted/aws/s2n/tls/s2n_crl.h
@@ -17,6 +17,7 @@
#include "api/s2n.h"
#include "utils/s2n_result.h"
+#include "api/unstable/crl.h"
#include <openssl/x509v3.h>
@@ -38,20 +39,6 @@ struct s2n_crl_lookup {
struct s2n_crl *crl;
};
-typedef int (*s2n_crl_lookup_callback) (struct s2n_crl_lookup *lookup, void *context);
-
-/* TODO: APIs are part of an unfinished CRL validation feature and are temporarily hidden
- * https://github.com/aws/s2n-tls/issues/3499 */
-struct s2n_crl *s2n_crl_new(void);
-int s2n_crl_load_pem(struct s2n_crl *crl, uint8_t *pem, size_t len);
-int s2n_crl_free(struct s2n_crl **crl);
-int s2n_crl_get_issuer_hash(struct s2n_crl *crl, uint64_t *hash);
-int s2n_crl_validate_active(struct s2n_crl *crl);
-int s2n_crl_validate_not_expired(struct s2n_crl *crl);
-int s2n_crl_lookup_get_cert_issuer_hash(struct s2n_crl_lookup *lookup, uint64_t *hash);
-int s2n_crl_lookup_set(struct s2n_crl_lookup *lookup, struct s2n_crl *crl);
-int s2n_crl_lookup_ignore(struct s2n_crl_lookup *lookup);
-
S2N_RESULT s2n_crl_handle_lookup_callback_result(struct s2n_x509_validator *validator);
S2N_RESULT s2n_crl_invoke_lookup_callbacks(struct s2n_connection *conn, struct s2n_x509_validator *validator);
S2N_RESULT s2n_crl_get_crls_from_lookup_list(struct s2n_x509_validator *validator, STACK_OF(X509_CRL) *crl_stack);
diff --git a/contrib/restricted/aws/s2n/tls/s2n_record.h b/contrib/restricted/aws/s2n/tls/s2n_record.h
index 53aeba58bb..7e147f36b2 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_record.h
+++ b/contrib/restricted/aws/s2n/tls/s2n_record.h
@@ -39,6 +39,18 @@
*/
#define S2N_TLS_MAXIMUM_FRAGMENT_LENGTH (1 << 14)
+/*
+ * The minimum amount of space we need to reserve for a message
+ * fragment. We cannot fragment alert messages because not all peer
+ * implementations accept them, even in TLS1.2 where it is not
+ * disallowed by RFC5246.
+ *
+ * Specificity we found that GnuTLS rejects fragmented alert messages.
+ * This is a simple solution for the Alert Attack, although it is
+ * strictly speaking a violation of the standard.
+ */
+#define S2N_MAX_FRAGMENT_LENGTH_MIN 2
+
/* The TLS1.2 record length allows for 1024 bytes of compression expansion and
* 1024 bytes of encryption expansion and padding.
* Since S2N does not support compression, we can ignore the compression overhead.
diff --git a/contrib/restricted/aws/s2n/tls/s2n_record_write.c b/contrib/restricted/aws/s2n/tls/s2n_record_write.c
index c1ac2b9e78..41f6399793 100644
--- a/contrib/restricted/aws/s2n/tls/s2n_record_write.c
+++ b/contrib/restricted/aws/s2n/tls/s2n_record_write.c
@@ -76,7 +76,6 @@ S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(conn->config);
RESULT_ENSURE_MUT(max_fragment_size);
- RESULT_ENSURE(conn->max_outgoing_fragment_length > 0, S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL);
*max_fragment_size = MIN(conn->max_outgoing_fragment_length, S2N_TLS_MAXIMUM_FRAGMENT_LENGTH);
@@ -94,6 +93,9 @@ S2N_RESULT s2n_record_max_write_payload_size(struct s2n_connection *conn, uint16
}
}
+ /* Ensure that we don't reserve too little space. */
+ RESULT_ENSURE(*max_fragment_size >= S2N_MAX_FRAGMENT_LENGTH_MIN, S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL);
+
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_array.c b/contrib/restricted/aws/s2n/utils/s2n_array.c
index 4d65b19924..0ac68131b8 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_array.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_array.c
@@ -13,12 +13,13 @@
* permissions and limitations under the License.
*/
+#include "utils/s2n_array.h"
+
#include <sys/param.h>
#include "utils/s2n_blob.h"
#include "utils/s2n_mem.h"
#include "utils/s2n_safety.h"
-#include "utils/s2n_array.h"
S2N_RESULT s2n_array_validate(const struct s2n_array *array)
{
@@ -86,7 +87,7 @@ S2N_RESULT s2n_array_init_with_capacity(struct s2n_array *array, uint32_t elemen
{
RESULT_ENSURE_REF(array);
- *array = (struct s2n_array) { .element_size = element_size };
+ *array = (struct s2n_array){ .element_size = element_size };
RESULT_GUARD(s2n_array_enlarge(array, capacity));
@@ -109,9 +110,9 @@ S2N_RESULT s2n_array_get(struct s2n_array *array, uint32_t idx, void **element)
return S2N_RESULT_OK;
}
-S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void* element)
+S2N_RESULT s2n_array_insert_and_copy(struct s2n_array *array, uint32_t idx, void *element)
{
- void* insert_location = NULL;
+ void *insert_location = NULL;
RESULT_GUARD(s2n_array_insert(array, idx, &insert_location));
RESULT_CHECKED_MEMCPY(insert_location, element, array->element_size);
return S2N_RESULT_OK;
@@ -170,8 +171,8 @@ S2N_RESULT s2n_array_remove(struct s2n_array *array, uint32_t idx)
/* After shifting, zero the last element */
RESULT_CHECKED_MEMSET(array->mem.data + array->element_size * array->len,
- 0,
- array->element_size);
+ 0,
+ array->element_size);
RESULT_POSTCONDITION(s2n_array_validate(array));
return S2N_RESULT_OK;
@@ -210,7 +211,7 @@ S2N_CLEANUP_RESULT s2n_array_free_p(struct s2n_array **parray)
RESULT_GUARD_POSIX(s2n_free(&array->mem));
/* And finally the array */
- RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)parray, sizeof(struct s2n_array)));
+ RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) parray, sizeof(struct s2n_array)));
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c
index 7a4396da82..3185799105 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.c
@@ -14,11 +14,12 @@
*/
#include "utils/s2n_asn1_time.h"
-#include "utils/s2n_result.h"
-#include "utils/s2n_safety.h"
-#include <time.h>
#include <ctype.h>
+#include <time.h>
+
+#include "utils/s2n_result.h"
+#include "utils/s2n_safety.h"
typedef enum parser_state {
ON_YEAR_DIGIT_1 = 0,
@@ -45,18 +46,20 @@ typedef enum parser_state {
PARSE_ERROR
} parser_state;
-static inline long get_gmt_offset(struct tm *t) {
-
+static inline long get_gmt_offset(struct tm *t)
+{
/* See: https://sourceware.org/git/?p=glibc.git;a=blob;f=include/features.h;h=ba272078cf2263ec88e039fda7524c136a4a7953;hb=HEAD */
-#if defined(__USE_MISC) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__ANDROID__) || defined(ANDROID) || defined(__APPLE__) && defined(__MACH__)
+#if defined(__USE_MISC) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__ANDROID__) \
+ || defined(ANDROID) || defined(__APPLE__) && defined(__MACH__)
return t->tm_gmtoff;
#else
return t->tm_gmtoff;
#endif
}
-static inline void get_current_timesettings(long *gmt_offset, int *is_dst) {
- struct tm time_ptr = {0};
+static inline void get_current_timesettings(long *gmt_offset, int *is_dst)
+{
+ struct tm time_ptr = { 0 };
time_t raw_time;
time(&raw_time);
localtime_r(&raw_time, &time_ptr);
@@ -64,13 +67,18 @@ static inline void get_current_timesettings(long *gmt_offset, int *is_dst) {
*is_dst = time_ptr.tm_isdst;
}
-#define PARSE_DIGIT(c, d) do { RESULT_ENSURE(isdigit(c), S2N_ERR_SAFETY); d = c - '0'; } while(0)
+#define PARSE_DIGIT(c, d) \
+ do { \
+ RESULT_ENSURE(isdigit(c), S2N_ERR_SAFETY); \
+ d = c - '0'; \
+ } while (0)
/* this is just a standard state machine for ASN1 date format... nothing special.
* just do a character at a time and change the state per character encountered.
* when finished the above time structure should be filled in along with some
* crazy timezone info we'll need shortly afterwards.*/
-static S2N_RESULT process_state(parser_state *state, char current_char, struct parser_args *args) {
+static S2N_RESULT process_state(parser_state *state, char current_char, struct parser_args *args)
+{
switch (*state) {
case ON_YEAR_DIGIT_1:
PARSE_DIGIT(current_char, args->current_digit);
@@ -232,8 +240,8 @@ static S2N_RESULT process_state(parser_state *state, char current_char, struct p
}
}
-S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks) {
-
+S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks)
+{
/* figure out if we are on something other than UTC since timegm is not supported everywhere. */
long gmt_offset_current = 0;
int is_dst = 0;
@@ -243,14 +251,22 @@ S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32
parser_state state = ON_YEAR_DIGIT_1;
struct parser_args args = {
- .time = {.tm_hour = 0, .tm_isdst = -1, .tm_mday = 0, .tm_min = 0, .tm_mon = 0,
- .tm_sec = 0, .tm_wday = 0, .tm_yday = 0, .tm_year = 0,
+ .time = {
+ .tm_hour = 0,
+ .tm_isdst = -1,
+ .tm_mday = 0,
+ .tm_min = 0,
+ .tm_mon = 0,
+ .tm_sec = 0,
+ .tm_wday = 0,
+ .tm_yday = 0,
+ .tm_year = 0,
},
- .current_digit = 0,
- .local_time_assumed = 1,
- .offset_hours = 0,
- .offset_minutes = 0,
- .offset_negative = 0
+ .current_digit = 0,
+ .local_time_assumed = 1,
+ .offset_hours = 0,
+ .offset_minutes = 0,
+ .offset_negative = 0
};
size_t current_pos = 0;
diff --git a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h
index e7f88a81b4..1a30e1c4d6 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_asn1_time.h
@@ -34,4 +34,3 @@ struct parser_args {
* ticks is an output parameter. Returns 0 on success and -1 on failure.
*/
S2N_RESULT s2n_asn1_time_to_nano_since_epoch_ticks(const char *asn1_time, uint32_t len, uint64_t *ticks);
-
diff --git a/contrib/restricted/aws/s2n/utils/s2n_bitmap.h b/contrib/restricted/aws/s2n/utils/s2n_bitmap.h
index f13a7fd911..d4ce95f783 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_bitmap.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_bitmap.h
@@ -15,8 +15,8 @@
#pragma once
/* bit operations on a char[] mask of arbitrary length */
-#define S2N_CBIT_BIT(bit) (1 << ((bit) % 8))
-#define S2N_CBIT_BIN(mask, bit) (mask)[(bit) >> 3]
-#define S2N_CBIT_SET(mask, bit) ((void)(S2N_CBIT_BIN(mask, bit) |= S2N_CBIT_BIT(bit)))
-#define S2N_CBIT_CLR(mask, bit) ((void)(S2N_CBIT_BIN(mask, bit) &= ~S2N_CBIT_BIT(bit)))
-#define S2N_CBIT_TEST(mask, bit) ((S2N_CBIT_BIN(mask, bit) & S2N_CBIT_BIT(bit)) != 0)
+#define S2N_CBIT_BIT(bit) (1 << ((bit) % 8))
+#define S2N_CBIT_BIN(mask, bit) (mask)[(bit) >> 3]
+#define S2N_CBIT_SET(mask, bit) ((void) (S2N_CBIT_BIN(mask, bit) |= S2N_CBIT_BIT(bit)))
+#define S2N_CBIT_CLR(mask, bit) ((void) (S2N_CBIT_BIN(mask, bit) &= ~S2N_CBIT_BIT(bit)))
+#define S2N_CBIT_TEST(mask, bit) ((S2N_CBIT_BIN(mask, bit) & S2N_CBIT_BIT(bit)) != 0)
diff --git a/contrib/restricted/aws/s2n/utils/s2n_blob.c b/contrib/restricted/aws/s2n/utils/s2n_blob.c
index f76e7208cb..2c3997ae74 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_blob.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_blob.c
@@ -13,18 +13,17 @@
* permissions and limitations under the License.
*/
-#include <string.h>
+#include "utils/s2n_blob.h"
+
#include <ctype.h>
+#include <string.h>
#include <sys/param.h>
+#include "api/s2n.h"
#include "error/s2n_errno.h"
-
#include "utils/s2n_safety.h"
-#include "utils/s2n_blob.h"
-
-#include "api/s2n.h"
-S2N_RESULT s2n_blob_validate(const struct s2n_blob* b)
+S2N_RESULT s2n_blob_validate(const struct s2n_blob *b)
{
RESULT_ENSURE_REF(b);
RESULT_DEBUG_ENSURE(S2N_IMPLIES(b->data == NULL, b->size == 0), S2N_ERR_SAFETY);
@@ -36,11 +35,11 @@ S2N_RESULT s2n_blob_validate(const struct s2n_blob* b)
return S2N_RESULT_OK;
}
-int s2n_blob_init(struct s2n_blob *b, uint8_t * data, uint32_t size)
+int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size)
{
POSIX_ENSURE_REF(b);
POSIX_ENSURE(S2N_MEM_IS_READABLE(data, size), S2N_ERR_SAFETY);
- *b = (struct s2n_blob) {.data = data, .size = size, .allocated = 0, .growable = 0};
+ *b = (struct s2n_blob){ .data = data, .size = size, .allocated = 0, .growable = 0 };
POSIX_POSTCONDITION(s2n_blob_validate(b));
return S2N_SUCCESS;
}
@@ -83,6 +82,7 @@ int s2n_blob_char_to_lower(struct s2n_blob *b)
/* An inverse map from an ascii value to a hexidecimal nibble value
* accounts for all possible char values, where 255 is invalid value */
static const uint8_t hex_inverse[256] = {
+ /* clang-format off */
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
@@ -99,6 +99,7 @@ static const uint8_t hex_inverse[256] = {
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255
+ /* clang-format on */
};
/* takes a hex string and writes values in the s2n_blob
@@ -107,7 +108,7 @@ int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob)
{
POSIX_ENSURE_REF(str);
POSIX_PRECONDITION(s2n_blob_validate(blob));
- uint32_t len_with_spaces = strlen((const char*)str);
+ uint32_t len_with_spaces = strlen((const char *) str);
size_t i = 0, j = 0;
while (j < len_with_spaces) {
@@ -126,7 +127,7 @@ int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob)
blob->data[i] = high_nibble << 4 | low_nibble;
i++;
- j+=2;
+ j += 2;
}
blob->size = i;
diff --git a/contrib/restricted/aws/s2n/utils/s2n_blob.h b/contrib/restricted/aws/s2n/utils/s2n_blob.h
index 028e0156a2..ee7fdc3cd9 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_blob.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_blob.h
@@ -17,7 +17,7 @@
#include <stdbool.h>
#include <stdint.h>
-#include <stdbool.h>
+
#include "utils/s2n_result.h"
struct s2n_blob {
@@ -35,31 +35,30 @@ struct s2n_blob {
uint32_t allocated;
/* Can this blob be resized */
- unsigned growable :1;
+ unsigned growable : 1;
};
-
-extern bool s2n_blob_is_growable(const struct s2n_blob* b);
-extern S2N_RESULT s2n_blob_validate(const struct s2n_blob* b);
-extern int s2n_blob_init(struct s2n_blob *b, uint8_t * data, uint32_t size);
+extern bool s2n_blob_is_growable(const struct s2n_blob *b);
+extern S2N_RESULT s2n_blob_validate(const struct s2n_blob *b);
+extern int s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size);
extern int s2n_blob_zero(struct s2n_blob *b);
extern int s2n_blob_char_to_lower(struct s2n_blob *b);
extern int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob);
extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size);
-#define s2n_stack_blob(name, requested_size, maximum) \
- size_t name ## _requested_size = (requested_size); \
- uint8_t name ## _buf[(maximum)] = {0}; \
- POSIX_ENSURE_LTE(name ## _requested_size, (maximum)); \
- struct s2n_blob name = {0}; \
- POSIX_GUARD(s2n_blob_init(&name, name ## _buf, name ## _requested_size))
+#define s2n_stack_blob(name, requested_size, maximum) \
+ size_t name##_requested_size = (requested_size); \
+ uint8_t name##_buf[(maximum)] = { 0 }; \
+ POSIX_ENSURE_LTE(name##_requested_size, (maximum)); \
+ struct s2n_blob name = { 0 }; \
+ POSIX_GUARD(s2n_blob_init(&name, name##_buf, name##_requested_size))
-#define RESULT_STACK_BLOB(name, requested_size, maximum) \
- size_t name ## _requested_size = (requested_size); \
- uint8_t name ## _buf[(maximum)] = {0}; \
- RESULT_ENSURE_LTE(name ## _requested_size, (maximum)); \
- struct s2n_blob name = {0}; \
- RESULT_GUARD_POSIX(s2n_blob_init(&name, name ## _buf, name ## _requested_size))
+#define RESULT_STACK_BLOB(name, requested_size, maximum) \
+ size_t name##_requested_size = (requested_size); \
+ uint8_t name##_buf[(maximum)] = { 0 }; \
+ RESULT_ENSURE_LTE(name##_requested_size, (maximum)); \
+ struct s2n_blob name = { 0 }; \
+ RESULT_GUARD_POSIX(s2n_blob_init(&name, name##_buf, name##_requested_size))
#define S2N_BLOB_LABEL(name, str) \
static uint8_t name##_data[] = str; \
@@ -69,6 +68,6 @@ extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint
* It is allocated on a stack so there no need to free after use.
* hex should be a const char[]. This function checks against using char*,
* because sizeof needs to refer to the buffer length rather than a pointer size */
-#define S2N_BLOB_FROM_HEX( name, hex ) \
+#define S2N_BLOB_FROM_HEX(name, hex) \
s2n_stack_blob(name, (sizeof(hex) - 1) / 2, (sizeof(hex) - 1) / 2); \
- POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t*)hex, &name));
+ POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t *) hex, &name));
diff --git a/contrib/restricted/aws/s2n/utils/s2n_compiler.h b/contrib/restricted/aws/s2n/utils/s2n_compiler.h
index 989fe266f2..3ef493f087 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_compiler.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_compiler.h
@@ -15,10 +15,7 @@
#pragma once
-#define S2N_GCC_VERSION (__GNUC__ * 10000 \
- + __GNUC_MINOR__ * 100 \
- + __GNUC_PATCHLEVEL__)
+#define S2N_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
#define S2N_GCC_VERSION_AT_LEAST(major, minor, patch_level) \
- ((S2N_GCC_VERSION) >= ((major) * 10000 + (minor) * 100 + (patch_level)))
-
+ ((S2N_GCC_VERSION) >= ((major) *10000 + (minor) *100 + (patch_level)))
diff --git a/contrib/restricted/aws/s2n/utils/s2n_ensure.c b/contrib/restricted/aws/s2n/utils/s2n_ensure.c
index 910844ae9e..ccaf013309 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_ensure.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_ensure.c
@@ -15,7 +15,7 @@
#include "utils/s2n_safety.h"
-void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str)
+void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str)
{
if (to == NULL || from == NULL) {
s2n_errno = S2N_ERR_NULL;
diff --git a/contrib/restricted/aws/s2n/utils/s2n_ensure.h b/contrib/restricted/aws/s2n/utils/s2n_ensure.h
index 872f208df1..83db60201e 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_ensure.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_ensure.h
@@ -15,7 +15,7 @@
#pragma once
-#define s2n_likely(x) __builtin_expect(!!(x), 1)
+#define s2n_likely(x) __builtin_expect(!!(x), 1)
#define s2n_unlikely(x) __builtin_expect(!!(x), 0)
/**
@@ -30,42 +30,54 @@
/**
* Ensures `cond` is true, otherwise `action` will be performed
*/
-#define __S2N_ENSURE( cond, action ) do {if ( !(cond) ) { action; }} while (0)
+#define __S2N_ENSURE(cond, action) \
+ do { \
+ if (!(cond)) { \
+ action; \
+ } \
+ } while (0)
-#define __S2N_ENSURE_LIKELY( cond, action ) do {if ( s2n_unlikely( !(cond) ) ) { action; }} while (0)
+#define __S2N_ENSURE_LIKELY(cond, action) \
+ do { \
+ if (s2n_unlikely(!(cond))) { \
+ action; \
+ } \
+ } while (0)
#ifdef NDEBUG
-#define __S2N_ENSURE_DEBUG( cond, action ) do {} while (0)
+ #define __S2N_ENSURE_DEBUG(cond, action) \
+ do { \
+ } while (0)
#else
-#define __S2N_ENSURE_DEBUG( cond, action ) __S2N_ENSURE_LIKELY((cond), action)
+ #define __S2N_ENSURE_DEBUG(cond, action) __S2N_ENSURE_LIKELY((cond), action)
#endif
-#define __S2N_ENSURE_PRECONDITION( result ) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR)
+#define __S2N_ENSURE_PRECONDITION(result) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR)
#ifdef NDEBUG
-#define __S2N_ENSURE_POSTCONDITION( result ) (S2N_RESULT_OK)
+ #define __S2N_ENSURE_POSTCONDITION(result) (S2N_RESULT_OK)
#else
-#define __S2N_ENSURE_POSTCONDITION( result ) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR)
+ #define __S2N_ENSURE_POSTCONDITION(result) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR)
#endif
-#define __S2N_ENSURE_SAFE_MEMCPY( d , s , n , guard ) \
- do { \
- __typeof( n ) __tmp_n = ( n ); \
- if ( s2n_likely( __tmp_n ) ) { \
- void *r = s2n_ensure_memcpy_trace( (d), (s) , (__tmp_n), _S2N_DEBUG_LINE); \
- guard(r); \
- } \
- } while(0)
+#define __S2N_ENSURE_SAFE_MEMCPY(d, s, n, guard) \
+ do { \
+ __typeof(n) __tmp_n = (n); \
+ if (s2n_likely(__tmp_n)) { \
+ void *r = s2n_ensure_memcpy_trace((d), (s), (__tmp_n), _S2N_DEBUG_LINE); \
+ guard(r); \
+ } \
+ } while (0)
-#define __S2N_ENSURE_SAFE_MEMSET( d , c , n , guard ) \
- do { \
- __typeof( n ) __tmp_n = ( n ); \
- if ( s2n_likely( __tmp_n ) ) { \
- __typeof( d ) __tmp_d = ( d ); \
- guard( __tmp_d ); \
- memset( __tmp_d, (c), __tmp_n); \
- } \
- } while(0)
+#define __S2N_ENSURE_SAFE_MEMSET(d, c, n, guard) \
+ do { \
+ __typeof(n) __tmp_n = (n); \
+ if (s2n_likely(__tmp_n)) { \
+ __typeof(d) __tmp_d = (d); \
+ guard(__tmp_d); \
+ memset(__tmp_d, (c), __tmp_n); \
+ } \
+ } while (0)
/**
* `restrict` is a part of the c99 standard and will work with any C compiler. If you're trying to
@@ -80,9 +92,9 @@
*
*/
#if defined(S2N___RESTRICT__SUPPORTED)
-extern void* s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str);
+extern void *s2n_ensure_memcpy_trace(void *__restrict__ to, const void *__restrict__ from, size_t size, const char *debug_str);
#else
-extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str);
+extern void *s2n_ensure_memcpy_trace(void *restrict to, const void *restrict from, size_t size, const char *debug_str);
#endif
/**
@@ -96,20 +108,20 @@ extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict fro
* Violations of these properties are undefined behaviour.
*/
#ifdef CBMC
-# define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || __CPROVER_r_ok((base), (len)))
-# define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || __CPROVER_w_ok((base), (len)))
+ #define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || __CPROVER_r_ok((base), (len)))
+ #define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || __CPROVER_w_ok((base), (len)))
#else
-/* the C runtime does not give a way to check these properties,
+ /* the C runtime does not give a way to check these properties,
* but we can at least check for nullness. */
-# define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || (base) != NULL)
-# define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || (base) != NULL)
+ #define S2N_MEM_IS_READABLE_CHECK(base, len) (((len) == 0) || (base) != NULL)
+ #define S2N_MEM_IS_WRITABLE_CHECK(base, len) (((len) == 0) || (base) != NULL)
#endif /* CBMC */
/**
* These macros can safely be used in validate functions.
*/
-#define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base) != NULL)
-#define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base) != NULL)
+#define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base) != NULL)
+#define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base) != NULL)
#define S2N_OBJECT_PTR_IS_READABLE(ptr) ((ptr) != NULL)
#define S2N_OBJECT_PTR_IS_WRITABLE(ptr) ((ptr) != NULL)
@@ -128,17 +140,17 @@ extern void* s2n_ensure_memcpy_trace(void *restrict to, const void *restrict fro
* Violations of the function contracts are undefined behaviour.
*/
#ifdef CBMC
-# define CONTRACT_ASSIGNS(...) __CPROVER_assigns(__VA_ARGS__)
-# define CONTRACT_ASSIGNS_ERR(...) CONTRACT_ASSIGNS(__VA_ARGS__, s2n_debug_str, s2n_errno)
-# define CONTRACT_REQUIRES(...) __CPROVER_requires(__VA_ARGS__)
-# define CONTRACT_ENSURES(...) __CPROVER_ensures(__VA_ARGS__)
-# define CONTRACT_INVARIANT(...) __CPROVER_loop_invariant(__VA_ARGS__)
-# define CONTRACT_RETURN_VALUE (__CPROVER_return_value)
+ #define CONTRACT_ASSIGNS(...) __CPROVER_assigns(__VA_ARGS__)
+ #define CONTRACT_ASSIGNS_ERR(...) CONTRACT_ASSIGNS(__VA_ARGS__, s2n_debug_str, s2n_errno)
+ #define CONTRACT_REQUIRES(...) __CPROVER_requires(__VA_ARGS__)
+ #define CONTRACT_ENSURES(...) __CPROVER_ensures(__VA_ARGS__)
+ #define CONTRACT_INVARIANT(...) __CPROVER_loop_invariant(__VA_ARGS__)
+ #define CONTRACT_RETURN_VALUE (__CPROVER_return_value)
#else
-# define CONTRACT_ASSIGNS(...)
-# define CONTRACT_ASSIGNS_ERR(...)
-# define CONTRACT_REQUIRES(...)
-# define CONTRACT_ENSURES(...)
-# define CONTRACT_INVARIANT(...)
-# define CONTRACT_RETURN_VALUE
+ #define CONTRACT_ASSIGNS(...)
+ #define CONTRACT_ASSIGNS_ERR(...)
+ #define CONTRACT_REQUIRES(...)
+ #define CONTRACT_ENSURES(...)
+ #define CONTRACT_INVARIANT(...)
+ #define CONTRACT_RETURN_VALUE
#endif
diff --git a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c
index d9826ad08d..546a7a82c6 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_fork_detection.c
@@ -17,8 +17,8 @@
* Here we also capture varius required feature test macros.
*/
#if defined(__APPLE__)
- typedef struct _opaque_pthread_once_t __darwin_pthread_once_t;
- typedef __darwin_pthread_once_t pthread_once_t;
+typedef struct _opaque_pthread_once_t __darwin_pthread_once_t;
+typedef __darwin_pthread_once_t pthread_once_t;
#define _DARWIN_C_SOURCE
#elif defined(__FreeBSD__)
/* FreeBSD requires POSIX compatibility off for its syscalls (enables __BSD_VISIBLE)
@@ -36,22 +36,21 @@
#define MAP_ANONYMOUS MAP_ANON
#endif
-#include "error/s2n_errno.h"
-#include "utils/s2n_fork_detection.h"
-#include "utils/s2n_safety.h"
-
#include <pthread.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
+#include "error/s2n_errno.h"
+#include "utils/s2n_fork_detection.h"
+#include "utils/s2n_safety.h"
#if defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK)
-#if (MADV_WIPEONFORK != 18)
-#error "MADV_WIPEONFORK is not 18"
-#endif
+ #if (MADV_WIPEONFORK != 18)
+ #error "MADV_WIPEONFORK is not 18"
+ #endif
#else /* defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK) */
-#define MADV_WIPEONFORK 18
+ #define MADV_WIPEONFORK 18
#endif
/* These variables are used to disable all fork detection mechanisms or at the
@@ -61,7 +60,7 @@ static bool ignore_wipeonfork_or_inherit_zero_method_for_testing = false;
static bool ignore_pthread_atfork_method_for_testing = false;
static bool ignore_fork_detection_for_testing = false;
-#define S2N_FORK_EVENT 0
+#define S2N_FORK_EVENT 0
#define S2N_NO_FORK_EVENT 1
struct FGN_STATE {
@@ -92,7 +91,6 @@ static struct FGN_STATE fgn_state = {
.fork_detection_rw_lock = PTHREAD_RWLOCK_INITIALIZER,
};
-
/* Can currently never fail. See initialise_fork_detection_methods() for
* motivation.
*/
@@ -196,13 +194,13 @@ static S2N_RESULT s2n_initialise_fork_detection_methods_try(void *addr, long pag
return S2N_RESULT_OK;
}
-static S2N_RESULT s2n_setup_mapping(void **addr, long *page_size) {
-
+static S2N_RESULT s2n_setup_mapping(void **addr, long *page_size)
+{
*page_size = sysconf(_SC_PAGESIZE);
RESULT_ENSURE_GT(*page_size, 0);
*addr = mmap(NULL, (size_t) *page_size, PROT_READ | PROT_WRITE,
- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
RESULT_ENSURE_NE(*addr, MAP_FAILED);
return S2N_RESULT_OK;
@@ -214,9 +212,7 @@ static void s2n_initialise_fork_detection_methods(void)
long page_size = 0;
/* Only used to disable fork detection mechanisms during testing. */
- if (ignore_wipeonfork_or_inherit_zero_method_for_testing == true &&
- ignore_pthread_atfork_method_for_testing == true) {
-
+ if (ignore_wipeonfork_or_inherit_zero_method_for_testing == true && ignore_pthread_atfork_method_for_testing == true) {
ignore_fork_detection_for_testing = true;
return;
}
@@ -306,8 +302,8 @@ static void s2n_cleanup_cb_munmap(void **probe_addr)
/* Run-time probe checking whether the system supports the MADV_WIPEONFORK fork
* detection mechanism.
*/
-static S2N_RESULT s2n_probe_madv_wipeonfork_support(void) {
-
+static S2N_RESULT s2n_probe_madv_wipeonfork_support(void)
+{
bool result = false;
/* It is not an error to call munmap on a range that does not contain any
@@ -349,7 +345,8 @@ bool s2n_is_map_inherit_zero_supported(void)
}
/* Use for testing only */
-S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) {
+S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void)
+{
RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
ignore_wipeonfork_or_inherit_zero_method_for_testing = true;
@@ -357,11 +354,11 @@ S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) {
return S2N_RESULT_OK;
}
-S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void) {
+S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void)
+{
RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
ignore_pthread_atfork_method_for_testing = true;
return S2N_RESULT_OK;
}
-
diff --git a/contrib/restricted/aws/s2n/utils/s2n_init.c b/contrib/restricted/aws/s2n/utils/s2n_init.c
index a6d8219a54..0fc2849143 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_init.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_init.c
@@ -12,35 +12,31 @@
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
+#include <pthread.h>
+
#include "crypto/s2n_fips.h"
#include "crypto/s2n_libcrypto.h"
#include "crypto/s2n_locking.h"
-
#include "error/s2n_errno.h"
-
-#include "tls/s2n_cipher_suites.h"
+#include "openssl/opensslv.h"
+#include "pq-crypto/s2n_pq.h"
+#include "tls/extensions/s2n_client_key_share.h"
#include "tls/extensions/s2n_extension_type.h"
+#include "tls/s2n_cipher_suites.h"
#include "tls/s2n_security_policies.h"
-#include "tls/extensions/s2n_client_key_share.h"
#include "tls/s2n_tls13_secrets.h"
-
#include "utils/s2n_mem.h"
#include "utils/s2n_random.h"
#include "utils/s2n_safety.h"
#include "utils/s2n_safety_macros.h"
-#include "openssl/opensslv.h"
-
-#include "pq-crypto/s2n_pq.h"
-
-#include <pthread.h>
-
static void s2n_cleanup_atexit(void);
static pthread_t main_thread = 0;
static bool initialized = false;
static bool atexit_cleanup = true;
-int s2n_disable_atexit(void) {
+int s2n_disable_atexit(void)
+{
POSIX_ENSURE(!initialized, S2N_ERR_INITIALIZED);
atexit_cleanup = false;
return S2N_SUCCESS;
@@ -95,13 +91,12 @@ static bool s2n_cleanup_atexit_impl(void)
/* the configs need to be wiped before resetting the memory callbacks */
s2n_wipe_static_configs();
- bool cleaned_up =
- s2n_result_is_ok(s2n_cipher_suites_cleanup()) &&
- s2n_result_is_ok(s2n_rand_cleanup_thread()) &&
- s2n_result_is_ok(s2n_rand_cleanup()) &&
- s2n_result_is_ok(s2n_libcrypto_cleanup()) &&
- s2n_result_is_ok(s2n_locking_cleanup()) &&
- (s2n_mem_cleanup() == S2N_SUCCESS);
+ bool cleaned_up = s2n_result_is_ok(s2n_cipher_suites_cleanup())
+ && s2n_result_is_ok(s2n_rand_cleanup_thread())
+ && s2n_result_is_ok(s2n_rand_cleanup())
+ && s2n_result_is_ok(s2n_libcrypto_cleanup())
+ && s2n_result_is_ok(s2n_locking_cleanup())
+ && (s2n_mem_cleanup() == S2N_SUCCESS);
initialized = !cleaned_up;
return cleaned_up;
@@ -126,5 +121,5 @@ int s2n_cleanup(void)
static void s2n_cleanup_atexit(void)
{
- (void)s2n_cleanup_atexit_impl();
+ (void) s2n_cleanup_atexit_impl();
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.c b/contrib/restricted/aws/s2n/utils/s2n_map.c
index 1b3d9eaa9c..ad0cabcaa2 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_map.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_map.c
@@ -13,21 +13,19 @@
* permissions and limitations under the License.
*/
-#include <string.h>
-#include <stdio.h>
+#include "utils/s2n_map.h"
-#include "error/s2n_errno.h"
+#include <stdio.h>
+#include <string.h>
+#include "api/s2n.h"
#include "crypto/s2n_hash.h"
-
-#include "utils/s2n_safety.h"
-#include "utils/s2n_result.h"
+#include "error/s2n_errno.h"
#include "utils/s2n_blob.h"
-#include "utils/s2n_mem.h"
-#include "utils/s2n_map.h"
#include "utils/s2n_map_internal.h"
-
-#include "api/s2n.h"
+#include "utils/s2n_mem.h"
+#include "utils/s2n_result.h"
+#include "utils/s2n_safety.h"
#define S2N_INITIAL_TABLE_SIZE 1024
@@ -39,7 +37,7 @@ static S2N_RESULT s2n_map_slot(const struct s2n_map *map, struct s2n_blob *key,
uint32_t u32[8];
} digest;
- DEFER_CLEANUP(struct s2n_hash_state sha256 = {0}, s2n_hash_free);
+ DEFER_CLEANUP(struct s2n_hash_state sha256 = { 0 }, s2n_hash_free);
RESULT_GUARD_POSIX(s2n_hash_new(&sha256));
RESULT_GUARD_POSIX(s2n_hash_init(&sha256, S2N_HASH_SHA256));
RESULT_GUARD_POSIX(s2n_hash_update(&sha256, key->data, key->size));
@@ -52,8 +50,8 @@ static S2N_RESULT s2n_map_slot(const struct s2n_map *map, struct s2n_blob *key,
static S2N_RESULT s2n_map_embiggen(struct s2n_map *map, uint32_t capacity)
{
RESULT_ENSURE_REF(map);
- struct s2n_blob mem = {0};
- struct s2n_map tmp = {0};
+ struct s2n_blob mem = { 0 };
+ struct s2n_map tmp = { 0 };
RESULT_ENSURE(!map->immutable, S2N_ERR_MAP_IMMUTABLE);
@@ -72,7 +70,7 @@ static S2N_RESULT s2n_map_embiggen(struct s2n_map *map, uint32_t capacity)
RESULT_GUARD_POSIX(s2n_free(&map->table[i].value));
}
}
- RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map->table, map->capacity * sizeof(struct s2n_map_entry)));
+ RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map->table, map->capacity * sizeof(struct s2n_map_entry)));
/* Clone the temporary map */
map->capacity = tmp.capacity;
@@ -91,7 +89,7 @@ struct s2n_map *s2n_map_new()
struct s2n_map *s2n_map_new_with_initial_capacity(uint32_t capacity)
{
PTR_ENSURE(capacity != 0, S2N_ERR_MAP_INVALID_MAP_SIZE);
- struct s2n_blob mem = {0};
+ struct s2n_blob mem = { 0 };
struct s2n_map *map;
PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_map)));
@@ -121,9 +119,8 @@ S2N_RESULT s2n_map_add(struct s2n_map *map, struct s2n_blob *key, struct s2n_blo
RESULT_GUARD(s2n_map_slot(map, key, &slot));
/* Linear probing until we find an empty slot */
- while(map->table[slot].key.size) {
- if (key->size != map->table[slot].key.size ||
- memcmp(key->data, map->table[slot].key.data, key->size)) {
+ while (map->table[slot].key.size) {
+ if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) {
slot++;
slot %= map->capacity;
continue;
@@ -154,9 +151,8 @@ S2N_RESULT s2n_map_put(struct s2n_map *map, struct s2n_blob *key, struct s2n_blo
RESULT_GUARD(s2n_map_slot(map, key, &slot));
/* Linear probing until we find an empty slot */
- while(map->table[slot].key.size) {
- if (key->size != map->table[slot].key.size ||
- memcmp(key->data, map->table[slot].key.data, key->size)) {
+ while (map->table[slot].key.size) {
+ if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) {
slot++;
slot %= map->capacity;
continue;
@@ -201,9 +197,8 @@ S2N_RESULT s2n_map_lookup(const struct s2n_map *map, struct s2n_blob *key, struc
RESULT_GUARD(s2n_map_slot(map, key, &slot));
const uint32_t initial_slot = slot;
- while(map->table[slot].key.size) {
- if (key->size != map->table[slot].key.size ||
- memcmp(key->data, map->table[slot].key.data, key->size)) {
+ while (map->table[slot].key.size) {
+ if (key->size != map->table[slot].key.size || memcmp(key->data, map->table[slot].key.data, key->size)) {
slot++;
slot %= map->capacity;
/* We went over all the slots but found no match */
@@ -244,10 +239,10 @@ S2N_RESULT s2n_map_free(struct s2n_map *map)
}
/* Free the table */
- RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map->table, map->capacity * sizeof(struct s2n_map_entry)));
+ RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map->table, map->capacity * sizeof(struct s2n_map_entry)));
/* And finally the map */
- RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)&map, sizeof(struct s2n_map)));
+ RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) &map, sizeof(struct s2n_map)));
return S2N_RESULT_OK;
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_map.h b/contrib/restricted/aws/s2n/utils/s2n_map.h
index afde6a8514..13987188d6 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_map.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_map.h
@@ -17,7 +17,6 @@
#include <string.h>
#include "crypto/s2n_hash.h"
-
#include "utils/s2n_blob.h"
#include "utils/s2n_result.h"
diff --git a/contrib/restricted/aws/s2n/utils/s2n_mem.c b/contrib/restricted/aws/s2n/utils/s2n_mem.c
index d2084c363c..fc0b3a8f19 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_mem.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_mem.c
@@ -13,18 +13,17 @@
* permissions and limitations under the License.
*/
-#define _DEFAULT_SOURCE 1
+#define _DEFAULT_SOURCE 1
#if defined(S2N_FEATURES_AVAILABLE)
-#include <features.h>
+ #include <features.h>
#endif
#include <stdint.h>
-#include <unistd.h>
#include <stdlib.h>
#include <sys/mman.h>
+#include <unistd.h>
#include "error/s2n_errno.h"
-
#include "utils/s2n_blob.h"
#include "utils/s2n_mem.h"
#include "utils/s2n_safety.h"
@@ -131,7 +130,7 @@ static int s2n_mem_malloc_no_mlock_impl(void **ptr, uint32_t requested, uint32_t
}
int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback,
- s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback)
+ s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback)
{
POSIX_ENSURE(!initialized, S2N_ERR_INITIALIZED);
@@ -152,14 +151,14 @@ int s2n_alloc(struct s2n_blob *b, uint32_t size)
{
POSIX_ENSURE(initialized, S2N_ERR_NOT_INITIALIZED);
POSIX_ENSURE_REF(b);
- const struct s2n_blob temp = {0};
+ const struct s2n_blob temp = { 0 };
*b = temp;
POSIX_GUARD(s2n_realloc(b, size));
return S2N_SUCCESS;
}
/* A blob is growable if it is either explicitly marked as such, or if it contains no data */
-bool s2n_blob_is_growable(const struct s2n_blob* b)
+bool s2n_blob_is_growable(const struct s2n_blob *b)
{
return b && (b->growable || (b->data == NULL && b->size == 0 && b->allocated == 0));
}
@@ -179,10 +178,9 @@ int s2n_realloc(struct s2n_blob *b, uint32_t size)
/* blob already has space for the request */
if (size <= b->allocated) {
-
if (size < b->size) {
/* Zero the existing blob memory before the we release it */
- struct s2n_blob slice = {0};
+ struct s2n_blob slice = { 0 };
POSIX_GUARD(s2n_blob_slice(b, &slice, size, b->size - size));
POSIX_GUARD(s2n_blob_zero(&slice));
}
@@ -191,7 +189,7 @@ int s2n_realloc(struct s2n_blob *b, uint32_t size)
return S2N_SUCCESS;
}
- struct s2n_blob new_memory = {.data = NULL, .size = size, .allocated = 0, .growable = 1};
+ struct s2n_blob new_memory = { .data = NULL, .size = size, .allocated = 0, .growable = 1 };
if (s2n_mem_malloc_cb((void **) &new_memory.data, new_memory.size, &new_memory.allocated) != 0) {
S2N_ERROR_PRESERVE_ERRNO();
}
@@ -220,7 +218,7 @@ int s2n_free_object(uint8_t **p_data, uint32_t size)
}
POSIX_ENSURE(initialized, S2N_ERR_NOT_INITIALIZED);
- struct s2n_blob b = {.data = *p_data, .allocated = size, .size = size, .growable = 1};
+ struct s2n_blob b = { .data = *p_data, .allocated = size, .size = size, .growable = 1 };
/* s2n_free() will call free() even if it returns error (for a growable blob).
** This makes sure *p_data is not used after free() */
@@ -293,12 +291,13 @@ int s2n_free_without_wipe(struct s2n_blob *b)
POSIX_ENSURE(s2n_mem_free_cb(b->data, b->allocated) >= S2N_SUCCESS, S2N_ERR_CANCELLED);
}
- *b = (struct s2n_blob) {0};
+ *b = (struct s2n_blob){ 0 };
return S2N_SUCCESS;
}
-int s2n_free_or_wipe(struct s2n_blob *b) {
+int s2n_free_or_wipe(struct s2n_blob *b)
+{
POSIX_ENSURE_REF(b);
int zero_rc = s2n_blob_zero(b);
if (b->allocated) {
diff --git a/contrib/restricted/aws/s2n/utils/s2n_mem.h b/contrib/restricted/aws/s2n/utils/s2n_mem.h
index 75f74a0a87..adccd6b4bf 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_mem.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_mem.h
@@ -15,10 +15,10 @@
#pragma once
-#include "utils/s2n_blob.h"
-
#include <stdint.h>
+#include "utils/s2n_blob.h"
+
int s2n_mem_init(void);
bool s2n_mem_is_init(void);
uint32_t s2n_mem_get_page_size(void);
diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.c b/contrib/restricted/aws/s2n/utils/s2n_random.c
index 5d79f061d2..73fad07834 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_random.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_random.c
@@ -13,24 +13,23 @@
* permissions and limitations under the License.
*/
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <unistd.h>
#include <pthread.h>
-#include <limits.h>
-#include <fcntl.h>
-#include <string.h>
#include <stdint.h>
#include <stdlib.h>
-#include <errno.h>
+#include <string.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/types.h>
#include <time.h>
+#include <unistd.h>
#if defined(S2N_CPUID_AVAILABLE)
-#include <cpuid.h>
+ #include <cpuid.h>
#endif
#include "api/s2n.h"
@@ -38,18 +37,18 @@
#include "error/s2n_errno.h"
#include "stuffer/s2n_stuffer.h"
#include "utils/s2n_fork_detection.h"
+#include "utils/s2n_mem.h"
+#include "utils/s2n_random.h"
#include "utils/s2n_result.h"
#include "utils/s2n_safety.h"
-#include "utils/s2n_random.h"
-#include "utils/s2n_mem.h"
#define ENTROPY_SOURCE "/dev/urandom"
/* See https://en.wikipedia.org/wiki/CPUID */
-#define RDRAND_ECX_FLAG 0x40000000
+#define RDRAND_ECX_FLAG 0x40000000
/* One second in nanoseconds */
-#define ONE_S INT64_C(1000000000)
+#define ONE_S INT64_C(1000000000)
/* Placeholder value for an uninitialized entropy file descriptor */
#define UNINITIALIZED_ENTROPY_FD -1
@@ -65,8 +64,8 @@ struct s2n_rand_state {
static __thread struct s2n_rand_state s2n_per_thread_rand_state = {
.cached_fork_generation_number = 0,
- .public_drbg = {0},
- .private_drbg = {0},
+ .public_drbg = { 0 },
+ .private_drbg = { 0 },
.drbgs_initialized = false
};
@@ -81,7 +80,8 @@ static s2n_rand_seed_callback s2n_rand_seed_cb = s2n_rand_urandom_impl;
static s2n_rand_mix_callback s2n_rand_mix_cb = s2n_rand_urandom_impl;
/* non-static for SAW proof */
-bool s2n_cpu_supports_rdrand() {
+bool s2n_cpu_supports_rdrand()
+{
#if defined(S2N_CPUID_AVAILABLE)
uint32_t eax, ebx, ecx, edx;
if (!__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
@@ -96,9 +96,9 @@ bool s2n_cpu_supports_rdrand() {
}
int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback,
- s2n_rand_cleanup_callback rand_cleanup_callback,
- s2n_rand_seed_callback rand_seed_callback,
- s2n_rand_mix_callback rand_mix_callback)
+ s2n_rand_cleanup_callback rand_cleanup_callback,
+ s2n_rand_seed_callback rand_seed_callback,
+ s2n_rand_mix_callback rand_mix_callback)
{
POSIX_ENSURE_REF(rand_init_callback);
POSIX_ENSURE_REF(rand_cleanup_callback);
@@ -171,7 +171,6 @@ static S2N_RESULT s2n_ensure_uniqueness(void)
RESULT_GUARD(s2n_get_fork_generation_number(&returned_fork_generation_number));
if (returned_fork_generation_number != s2n_per_thread_rand_state.cached_fork_generation_number) {
-
/* This assumes that s2n_rand_cleanup_thread() doesn't mutate any other
* state than the drbg states and it resets the drbg initialization
* boolean to false. s2n_ensure_initialized_drbgs() will cache the new
@@ -185,7 +184,7 @@ static S2N_RESULT s2n_ensure_uniqueness(void)
}
static S2N_RESULT s2n_get_random_data(struct s2n_blob *out_blob,
- struct s2n_drbg *drbg_state)
+ struct s2n_drbg *drbg_state)
{
RESULT_GUARD(s2n_ensure_initialized_drbgs());
RESULT_GUARD(s2n_ensure_uniqueness());
@@ -193,7 +192,7 @@ static S2N_RESULT s2n_get_random_data(struct s2n_blob *out_blob,
uint32_t offset = 0;
uint32_t remaining = out_blob->size;
- while(remaining) {
+ while (remaining) {
struct s2n_blob slice = { 0 };
RESULT_GUARD_POSIX(s2n_blob_slice(out_blob, &slice, offset, MIN(remaining, S2N_DRBG_GENERATE_LIMIT)));
@@ -238,7 +237,7 @@ static int s2n_rand_urandom_impl(void *ptr, uint32_t size)
uint8_t *data = ptr;
uint32_t n = size;
- struct timespec sleep_time = {.tv_sec = 0, .tv_nsec = 0 };
+ struct timespec sleep_time = { .tv_sec = 0, .tv_nsec = 0 };
long backoff = 1;
while (n) {
@@ -268,8 +267,7 @@ static int s2n_rand_urandom_impl(void *ptr, uint32_t size)
sleep_time.tv_nsec = backoff;
do {
r = nanosleep(&sleep_time, &sleep_time);
- }
- while (r != 0);
+ } while (r != 0);
}
continue;
@@ -292,7 +290,7 @@ S2N_RESULT s2n_public_random(int64_t bound, uint64_t *output)
RESULT_ENSURE_GT(bound, 0);
while (1) {
- struct s2n_blob blob = {.data = (void *)&r, sizeof(r) };
+ struct s2n_blob blob = { .data = (void *) &r, sizeof(r) };
RESULT_GUARD(s2n_get_public_random_data(&blob));
/* Imagine an int was one byte and UINT_MAX was 256. If the
@@ -317,11 +315,11 @@ S2N_RESULT s2n_public_random(int64_t bound, uint64_t *output)
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
-#define S2N_RAND_ENGINE_ID "s2n_rand"
+ #define S2N_RAND_ENGINE_ID "s2n_rand"
int s2n_openssl_compat_rand(unsigned char *buf, int num)
{
- struct s2n_blob out = {.data = buf,.size = num };
+ struct s2n_blob out = { .data = buf, .size = num };
if (s2n_result_is_error(s2n_get_private_random_data(&out))) {
return 0;
@@ -334,7 +332,7 @@ int s2n_openssl_compat_status(void)
return 1;
}
-int s2n_openssl_compat_init(ENGINE * unused)
+int s2n_openssl_compat_init(ENGINE *unused)
{
return 1;
}
@@ -351,7 +349,7 @@ RAND_METHOD s2n_openssl_rand_method = {
static int s2n_rand_init_impl(void)
{
- OPEN:
+OPEN:
entropy_fd = open(ENTROPY_SOURCE, O_RDONLY);
if (entropy_fd == -1) {
if (errno == EINTR) {
@@ -361,7 +359,7 @@ static int s2n_rand_init_impl(void)
}
if (s2n_cpu_supports_rdrand()) {
- s2n_rand_mix_cb = s2n_rand_rdrand_impl;
+ s2n_rand_mix_cb = s2n_rand_rdrand_impl;
}
return S2N_SUCCESS;
@@ -369,7 +367,7 @@ static int s2n_rand_init_impl(void)
S2N_RESULT s2n_rand_init(void)
{
- RESULT_ENSURE(s2n_rand_init_cb() >=S2N_SUCCESS, S2N_ERR_CANCELLED);
+ RESULT_ENSURE(s2n_rand_init_cb() >= S2N_SUCCESS, S2N_ERR_CANCELLED);
RESULT_GUARD(s2n_ensure_initialized_drbgs());
@@ -384,7 +382,7 @@ S2N_RESULT s2n_rand_init(void)
RESULT_GUARD_OSSL(ENGINE_set_init_function(e, s2n_openssl_compat_init), S2N_ERR_OPEN_RANDOM);
RESULT_GUARD_OSSL(ENGINE_set_RAND(e, &s2n_openssl_rand_method), S2N_ERR_OPEN_RANDOM);
RESULT_GUARD_OSSL(ENGINE_add(e), S2N_ERR_OPEN_RANDOM);
- RESULT_GUARD_OSSL(ENGINE_free(e) , S2N_ERR_OPEN_RANDOM);
+ RESULT_GUARD_OSSL(ENGINE_free(e), S2N_ERR_OPEN_RANDOM);
/* Use that engine for rand() */
e = ENGINE_by_id(S2N_RAND_ENGINE_ID);
@@ -469,16 +467,16 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size)
#if defined(__x86_64__) || defined(__i386__)
struct s2n_blob out = { .data = data, .size = size };
int space_remaining = 0;
- struct s2n_stuffer stuffer = {0};
+ struct s2n_stuffer stuffer = { 0 };
union {
uint64_t u64;
-#if defined(__i386__)
+ #if defined(__i386__)
struct {
/* since we check first that we're on intel, we can safely assume little endian. */
uint32_t u_low;
uint32_t u_high;
} i386_fields;
-#endif /* defined(__i386__) */
+ #endif /* defined(__i386__) */
uint8_t u8[8];
} output;
@@ -488,7 +486,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size)
output.u64 = 0;
for (int tries = 0; tries < 10; tries++) {
-#if defined(__i386__)
+ #if defined(__i386__)
/* execute the rdrand instruction, store the result in a general purpose register (it's assigned to
* output.i386_fields.u_low). Check the carry bit, which will be set on success. Then clober the register and reset
* the carry bit. Due to needing to support an ancient assembler we use the opcode syntax.
@@ -498,25 +496,29 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size)
* 0xf0 (store the result in eax).
*/
unsigned char success_high = 0, success_low = 0;
- __asm__ __volatile__(".byte 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.i386_fields.u_low), "=qm"(success_low)
- :
- :"cc");
-
- __asm__ __volatile__(".byte 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.i386_fields.u_high), "=qm"(success_high)
- :
- :"cc");
+ __asm__ __volatile__(
+ ".byte 0x0f, 0xc7, 0xf0;\n"
+ "setc %b1;\n"
+ : "=a"(output.i386_fields.u_low), "=qm"(success_low)
+ :
+ : "cc");
+
+ __asm__ __volatile__(
+ ".byte 0x0f, 0xc7, 0xf0;\n"
+ "setc %b1;\n"
+ : "=a"(output.i386_fields.u_high), "=qm"(success_high)
+ :
+ : "cc");
/* cppcheck-suppress knownConditionTrueFalse */
success = success_high & success_low;
/* Treat either all 1 or all 0 bits in either the high or low order
* bits as failure */
- if (output.i386_fields.u_low == 0 ||
- output.i386_fields.u_low == UINT32_MAX ||
- output.i386_fields.u_high == 0 ||
- output.i386_fields.u_high == UINT32_MAX) {
+ if (output.i386_fields.u_low == 0 || output.i386_fields.u_low == UINT32_MAX
+ || output.i386_fields.u_high == 0 || output.i386_fields.u_high == UINT32_MAX) {
success = 0;
}
-#else
+ #else
/* execute the rdrand instruction, store the result in a general purpose register (it's assigned to
* output.u64). Check the carry bit, which will be set on success. Then clober the carry bit.
* Due to needing to support an ancient assembler we use the opcode syntax.
@@ -525,10 +527,13 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size)
* 0x48 (pick a 64-bit register it does more too, but that's all that matters there)
* 0x0fc7 (rdrand)
* 0xf0 (store the result in rax). */
- __asm__ __volatile__(".byte 0x48, 0x0f, 0xc7, 0xf0;\n" "setc %b1;\n": "=a"(output.u64), "=qm"(success)
- :
- :"cc");
-#endif /* defined(__i386__) */
+ __asm__ __volatile__(
+ ".byte 0x48, 0x0f, 0xc7, 0xf0;\n"
+ "setc %b1;\n"
+ : "=a"(output.u64), "=qm"(success)
+ :
+ : "cc");
+ #endif /* defined(__i386__) */
/* Some AMD CPUs will find that RDRAND "sticks" on all 1s but still reports success.
* Some other very old CPUs use all 0s as an error condition while still reporting success.
@@ -541,8 +546,7 @@ static int s2n_rand_rdrand_impl(void *data, uint32_t size)
* negligible (1/2^63). Finally, adding processor specific logic would greatly
* increase the complexity and would cause us to "miss" any unknown processors with
* similar bugs. */
- if (output.u64 == UINT64_MAX ||
- output.u64 == 0) {
+ if (output.u64 == UINT64_MAX || output.u64 == 0) {
success = 0;
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_random.h b/contrib/restricted/aws/s2n/utils/s2n_random.h
index 1d316328b9..fd5ca4b9d7 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_random.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_random.h
@@ -16,7 +16,6 @@
#pragma once
#include "crypto/s2n_drbg.h"
-
#include "utils/s2n_blob.h"
#include "utils/s2n_result.h"
diff --git a/contrib/restricted/aws/s2n/utils/s2n_result.c b/contrib/restricted/aws/s2n/utils/s2n_result.c
index a270f6ec1a..47d53f27fb 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_result.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_result.c
@@ -76,10 +76,12 @@
* `warn_unused_result` attribute, which ensures they are GUARDed.
*/
-#include "api/s2n.h"
-#include <stdbool.h>
#include "utils/s2n_result.h"
+#include <stdbool.h>
+
+#include "api/s2n.h"
+
/* returns true when the result is S2N_RESULT_OK */
inline bool s2n_result_is_ok(s2n_result result)
{
diff --git a/contrib/restricted/aws/s2n/utils/s2n_result.h b/contrib/restricted/aws/s2n/utils/s2n_result.h
index d16635429b..32120a8847 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_result.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_result.h
@@ -15,24 +15,25 @@
#pragma once
-#include "api/s2n.h"
#include <stdbool.h>
+#include "api/s2n.h"
+
/* A value which indicates the outcome of a function */
typedef struct {
int __error_signal;
} s2n_result;
/* used to signal a successful function return */
-#define S2N_RESULT_OK ((s2n_result) { S2N_SUCCESS })
+#define S2N_RESULT_OK ((s2n_result){ S2N_SUCCESS })
/* used to signal an error while executing a function */
-#define S2N_RESULT_ERROR ((s2n_result) { S2N_FAILURE })
+#define S2N_RESULT_ERROR ((s2n_result){ S2N_FAILURE })
#if defined(__clang__) || defined(__GNUC__)
-#define S2N_RESULT_MUST_USE __attribute__((warn_unused_result))
+ #define S2N_RESULT_MUST_USE __attribute__((warn_unused_result))
#else
-#define S2N_RESULT_MUST_USE
+ #define S2N_RESULT_MUST_USE
#endif
/* returns true when the result is S2N_RESULT_OK */
diff --git a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c
index ef49e4aa7c..cf6cf9f1d3 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.c
@@ -13,13 +13,13 @@
* permissions and limitations under the License.
*/
-#include <sys/types.h>
-#include <sys/socket.h>
+#include "utils/s2n_rfc5952.h"
+
#include <stdio.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#include "error/s2n_errno.h"
-
-#include "utils/s2n_rfc5952.h"
#include "utils/s2n_safety.h"
static uint8_t dec[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
@@ -77,8 +77,7 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst)
if (octets[i]) {
current_run_length = 0;
- }
- else {
+ } else {
current_run_length++;
}
@@ -88,10 +87,8 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst)
}
}
-
for (int i = 0; i < 8; i++) {
if (i == longest_run_start && longest_run_length > 1) {
-
if (i == 0) {
*cursor++ = ':';
}
@@ -102,12 +99,11 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst)
i += longest_run_length - 1;
- }
- else {
+ } else {
uint8_t nibbles[4] = { (octets[i] & 0xF000) >> 12,
- (octets[i] & 0x0F00) >> 8,
- (octets[i] & 0x00F0) >> 4,
- (octets[i] & 0x000F) };
+ (octets[i] & 0x0F00) >> 8,
+ (octets[i] & 0x00F0) >> 4,
+ (octets[i] & 0x000F) };
/* Skip up to three leading zeroes */
int j;
@@ -118,9 +114,8 @@ S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst)
}
for (; j < 4; j++) {
- *cursor++ = hex[ nibbles[j] ];
+ *cursor++ = hex[nibbles[j]];
}
-
}
*cursor++ = ':';
diff --git a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h
index 724c923128..0c9652ffc2 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_rfc5952.h
@@ -21,4 +21,3 @@
* representation. Returns 0 on success and -1 on failure.
*/
extern S2N_RESULT s2n_inet_ntop(int af, const void *addr, struct s2n_blob *dst);
-
diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.c b/contrib/restricted/aws/s2n/utils/s2n_safety.c
index b26e2d9c41..dad46f8ded 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_safety.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_safety.c
@@ -13,11 +13,12 @@
* permissions and limitations under the License.
*/
+#include "utils/s2n_safety.h"
+
#include <stdint.h>
#include <stdio.h>
#include "utils/s2n_annotations.h"
-#include "utils/s2n_safety.h"
/**
* Given arrays "a" and "b" of length "len", determine whether they
@@ -87,7 +88,7 @@ bool s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, const uint32_t
* will affect the timing of this function).
*
*/
-int s2n_constant_time_copy_or_dont(uint8_t * dest, const uint8_t * src, uint32_t len, uint8_t dont)
+int s2n_constant_time_copy_or_dont(uint8_t *dest, const uint8_t *src, uint32_t len, uint8_t dont)
{
S2N_PUBLIC_INPUT(dest);
S2N_PUBLIC_INPUT(src);
@@ -113,7 +114,7 @@ int s2n_constant_time_copy_or_dont(uint8_t * dest, const uint8_t * src, uint32_t
*
* Normally, one would fill dst with random bytes before calling this function.
*/
-int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, uint32_t srclen, uint32_t expectlen)
+int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t *dst, const uint8_t *src, uint32_t srclen, uint32_t expectlen)
{
S2N_PUBLIC_INPUT(dst);
S2N_PUBLIC_INPUT(src);
@@ -137,7 +138,7 @@ int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, ui
dont_copy |= src[0] ^ 0x00;
dont_copy |= src[1] ^ 0x02;
- dont_copy |= *(start_of_data-1) ^ 0x00;
+ dont_copy |= *(start_of_data - 1) ^ 0x00;
for (uint32_t i = 2; i < srclen - expectlen - 1; i++) {
/* Note! We avoid using logical NOT (!) here; while in practice
@@ -169,7 +170,7 @@ int s2n_in_unit_test_set(bool newval)
return S2N_SUCCESS;
}
-int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out)
+int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t *out)
{
POSIX_ENSURE_REF(out);
POSIX_ENSURE(alignment != 0, S2N_ERR_SAFETY);
@@ -185,7 +186,7 @@ int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out)
return S2N_SUCCESS;
}
-int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out)
+int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t *out)
{
POSIX_ENSURE_REF(out);
const uint64_t result = ((uint64_t) a) * ((uint64_t) b);
@@ -194,7 +195,7 @@ int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out)
return S2N_SUCCESS;
}
-int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out)
+int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t *out)
{
POSIX_ENSURE_REF(out);
uint64_t result = ((uint64_t) a) + ((uint64_t) b);
@@ -203,7 +204,7 @@ int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out)
return S2N_SUCCESS;
}
-int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t* out)
+int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t *out)
{
POSIX_ENSURE_REF(out);
POSIX_ENSURE(a >= b, S2N_ERR_INTEGER_OVERFLOW);
diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety.h b/contrib/restricted/aws/s2n/utils/s2n_safety.h
index 438ee2c9d6..e4a037d0fc 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_safety.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_safety.h
@@ -15,10 +15,10 @@
#pragma once
-#include <string.h>
-#include <stdint.h>
#include <stdbool.h>
+#include <stdint.h>
#include <stdlib.h>
+#include <string.h>
#include "error/s2n_errno.h"
#include "utils/s2n_ensure.h"
@@ -34,9 +34,9 @@
* Marks a case of a switch statement as able to fall through to the next case
*/
#if defined(S2N_FALL_THROUGH_SUPPORTED)
-# define FALL_THROUGH __attribute__((fallthrough))
+ #define FALL_THROUGH __attribute__((fallthrough))
#else
-# define FALL_THROUGH ((void)0)
+ #define FALL_THROUGH ((void) 0)
#endif
/* Returns `true` if s2n is in unit test mode, `false` otherwise */
@@ -45,25 +45,25 @@ bool s2n_in_unit_test();
/* Sets whether s2n is in unit test mode */
int s2n_in_unit_test_set(bool newval);
-#define S2N_IN_INTEG_TEST ( getenv("S2N_INTEG_TEST") != NULL )
-#define S2N_IN_TEST ( s2n_in_unit_test() || S2N_IN_INTEG_TEST )
+#define S2N_IN_INTEG_TEST (getenv("S2N_INTEG_TEST") != NULL)
+#define S2N_IN_TEST (s2n_in_unit_test() || S2N_IN_INTEG_TEST)
/* Returns 1 if a and b are equal, in constant time */
-extern bool s2n_constant_time_equals(const uint8_t * a, const uint8_t * b, const uint32_t len);
+extern bool s2n_constant_time_equals(const uint8_t* a, const uint8_t* b, const uint32_t len);
/* Copy src to dst, or don't copy it, in constant time */
-extern int s2n_constant_time_copy_or_dont(uint8_t * dst, const uint8_t * src, uint32_t len, uint8_t dont);
+extern int s2n_constant_time_copy_or_dont(uint8_t* dst, const uint8_t* src, uint32_t len, uint8_t dont);
/* If src contains valid PKCS#1 v1.5 padding of exactly expectlen bytes, decode
* it into dst, otherwise leave dst alone, in constant time.
* Always returns zero. */
-extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t * src, uint32_t srclen, uint32_t expectlen);
+extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t* dst, const uint8_t* src, uint32_t srclen, uint32_t expectlen);
/**
* Runs _thecleanup function on _thealloc once _thealloc went out of scope
*/
#define DEFER_CLEANUP(_thealloc, _thecleanup) \
- __attribute__((cleanup(_thecleanup))) _thealloc
+ __attribute__((cleanup(_thecleanup))) _thealloc
/**
* Often we want to free memory on an error, but not on a success.
* We do this by declaring a variable with DEFER_CLEANUP, then zeroing
@@ -79,25 +79,27 @@ extern int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t * dst, const uint8_t *
* Instead, let's rely on the consistent error handling behavior of returning from a method early on error
* and apply blinding if our tracking variable goes out of scope early.
*/
-S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection **conn);
-#define WITH_ERROR_BLINDING(conn, action) do { \
- DEFER_CLEANUP(struct s2n_connection *_conn_to_blind = conn, s2n_connection_apply_error_blinding); \
- action; \
- /* The `if` here is to avoid a redundantInitialization warning from cppcheck */ \
- if (_conn_to_blind) { \
- _conn_to_blind = NULL; \
- } \
-} while (0)
+S2N_CLEANUP_RESULT s2n_connection_apply_error_blinding(struct s2n_connection** conn);
+#define WITH_ERROR_BLINDING(conn, action) \
+ do { \
+ DEFER_CLEANUP(struct s2n_connection* _conn_to_blind = conn, s2n_connection_apply_error_blinding); \
+ action; \
+ /* The `if` here is to avoid a redundantInitialization warning from cppcheck */ \
+ if (_conn_to_blind) { \
+ _conn_to_blind = NULL; \
+ } \
+ } while (0)
/* Creates cleanup function for pointers from function func which accepts a pointer.
* This is useful for DEFER_CLEANUP as it passes &_thealloc into _thecleanup function,
* so if _thealloc is a pointer _thecleanup will receive a pointer to a pointer.*/
-#define DEFINE_POINTER_CLEANUP_FUNC(type, func) \
- static inline void func##_pointer(type *p) { \
- if (p && *p) \
- func(*p); \
- } \
- struct __useless_struct_to_allow_trailing_semicolon__
+#define DEFINE_POINTER_CLEANUP_FUNC(type, func) \
+ static inline void func##_pointer(type* p) \
+ { \
+ if (p && *p) \
+ func(*p); \
+ } \
+ struct __useless_struct_to_allow_trailing_semicolon__
#define s2n_array_len(array) ((array != NULL) ? (sizeof(array) / sizeof(array[0])) : 0)
diff --git a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h
index e478724da0..553e49ad83 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_safety_macros.h
@@ -23,6 +23,8 @@
* should be in there.
*/
+/* clang-format off */
+
#include "error/s2n_errno.h"
#include "utils/s2n_ensure.h"
#include "utils/s2n_result.h"
diff --git a/contrib/restricted/aws/s2n/utils/s2n_set.c b/contrib/restricted/aws/s2n/utils/s2n_set.c
index 65c854a73c..cc88b029cc 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_set.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_set.c
@@ -12,12 +12,13 @@
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
+#include "utils/s2n_set.h"
+
+#include "utils/s2n_array.h"
#include "utils/s2n_blob.h"
#include "utils/s2n_mem.h"
#include "utils/s2n_result.h"
#include "utils/s2n_safety.h"
-#include "utils/s2n_set.h"
-#include "utils/s2n_array.h"
#define S2N_INITIAL_SET_SIZE 16
@@ -30,13 +31,13 @@ S2N_RESULT s2n_set_validate(const struct s2n_set *set)
/* Sets "out" to the index at which the element should be inserted.
* Returns an error if the element already exists */
-static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint32_t* out)
+static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint32_t *out)
{
RESULT_GUARD(s2n_set_validate(set));
RESULT_ENSURE(S2N_MEM_IS_READABLE(element, set->data->element_size), S2N_ERR_NULL);
RESULT_ENSURE_REF(out);
struct s2n_array *array = set->data;
- int (*comparator)(const void*, const void*) = set->comparator;
+ int (*comparator)(const void *, const void *) = set->comparator;
uint32_t len = 0;
RESULT_GUARD(s2n_array_num_elements(array, &len));
@@ -52,7 +53,7 @@ static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint
while (low <= top) {
int64_t mid = low + ((top - low) / 2);
- void* array_element = NULL;
+ void *array_element = NULL;
RESULT_GUARD(s2n_array_get(array, mid, &array_element));
int m = comparator(array_element, element);
@@ -72,14 +73,14 @@ static S2N_RESULT s2n_set_binary_search(struct s2n_set *set, void *element, uint
return S2N_RESULT_OK;
}
-struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void*, const void*))
+struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *))
{
PTR_ENSURE_REF(comparator);
- struct s2n_blob mem = {0};
+ struct s2n_blob mem = { 0 };
PTR_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_set)));
struct s2n_set *set = (void *) mem.data;
- *set = (struct s2n_set) {.data = s2n_array_new(element_size), .comparator = comparator};
- if(set->data == NULL) {
+ *set = (struct s2n_set){ .data = s2n_array_new(element_size), .comparator = comparator };
+ if (set->data == NULL) {
PTR_GUARD_POSIX(s2n_free(&mem));
return NULL;
}
@@ -124,10 +125,9 @@ S2N_RESULT s2n_set_free_p(struct s2n_set **pset)
RESULT_GUARD(s2n_array_free(set->data));
/* And finally the set object. */
- RESULT_GUARD_POSIX(s2n_free_object((uint8_t **)pset, sizeof(struct s2n_set)));
+ RESULT_GUARD_POSIX(s2n_free_object((uint8_t **) pset, sizeof(struct s2n_set)));
return S2N_RESULT_OK;
-
}
S2N_RESULT s2n_set_free(struct s2n_set *set)
@@ -136,7 +136,6 @@ S2N_RESULT s2n_set_free(struct s2n_set *set)
return s2n_set_free_p(&set);
}
-
S2N_RESULT s2n_set_len(struct s2n_set *set, uint32_t *len)
{
RESULT_GUARD(s2n_set_validate(set));
diff --git a/contrib/restricted/aws/s2n/utils/s2n_set.h b/contrib/restricted/aws/s2n/utils/s2n_set.h
index 917123a076..263cf86964 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_set.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_set.h
@@ -15,16 +15,16 @@
#pragma once
#include "api/s2n.h"
-#include "utils/s2n_result.h"
#include "utils/s2n_array.h"
+#include "utils/s2n_result.h"
struct s2n_set {
- struct s2n_array *data;
- int (*comparator)(const void*, const void*);
+ struct s2n_array *data;
+ int (*comparator)(const void *, const void *);
};
extern S2N_RESULT s2n_set_validate(const struct s2n_set *set);
-extern struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void*, const void*));
+extern struct s2n_set *s2n_set_new(uint32_t element_size, int (*comparator)(const void *, const void *));
extern S2N_RESULT s2n_set_add(struct s2n_set *set, void *element);
extern S2N_RESULT s2n_set_get(struct s2n_set *set, uint32_t idx, void **element);
extern S2N_RESULT s2n_set_remove(struct s2n_set *set, uint32_t idx);
diff --git a/contrib/restricted/aws/s2n/utils/s2n_socket.c b/contrib/restricted/aws/s2n/utils/s2n_socket.c
index 4c809f4cf5..6928f1e015 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_socket.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_socket.c
@@ -13,28 +13,28 @@
* permissions and limitations under the License.
*/
-#include "tls/s2n_connection.h"
-
#include "utils/s2n_socket.h"
-#include "utils/s2n_safety.h"
-#include <netinet/tcp.h>
#include <netinet/in.h>
+#include <netinet/tcp.h>
#include <sys/socket.h>
#include <unistd.h>
+#include "tls/s2n_connection.h"
+#include "utils/s2n_safety.h"
+
#if TCP_CORK
- #define S2N_CORK TCP_CORK
- #define S2N_CORK_ON 1
- #define S2N_CORK_OFF 0
+ #define S2N_CORK TCP_CORK
+ #define S2N_CORK_ON 1
+ #define S2N_CORK_OFF 0
#elif TCP_NOPUSH
- #define S2N_CORK TCP_NOPUSH
- #define S2N_CORK_ON 1
- #define S2N_CORK_OFF 0
+ #define S2N_CORK TCP_NOPUSH
+ #define S2N_CORK_ON 1
+ #define S2N_CORK_OFF 0
#elif TCP_NODELAY
- #define S2N_CORK TCP_NODELAY
- #define S2N_CORK_ON 0
- #define S2N_CORK_OFF 1
+ #define S2N_CORK TCP_NODELAY
+ #define S2N_CORK_ON 0
+ #define S2N_CORK_OFF 1
#endif
int s2n_socket_quickack(struct s2n_connection *conn)
@@ -190,14 +190,14 @@ int s2n_socket_read(void *io_context, uint8_t *buf, uint32_t len)
{
POSIX_ENSURE_REF(io_context);
POSIX_ENSURE_REF(buf);
- int rfd = ((struct s2n_socket_read_io_context*) io_context)->fd;
+ int rfd = ((struct s2n_socket_read_io_context *) io_context)->fd;
if (rfd < 0) {
errno = EBADF;
POSIX_BAIL(S2N_ERR_BAD_FD);
}
/* Clear the quickack flag so we know to reset it */
- ((struct s2n_socket_read_io_context*) io_context)->tcp_quickack_set = 0;
+ ((struct s2n_socket_read_io_context *) io_context)->tcp_quickack_set = 0;
/* On success, the number of bytes read is returned. On failure, -1 is
* returned and errno is set appropriately. */
@@ -210,7 +210,7 @@ int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len)
{
POSIX_ENSURE_REF(io_context);
POSIX_ENSURE_REF(buf);
- int wfd = ((struct s2n_socket_write_io_context*) io_context)->fd;
+ int wfd = ((struct s2n_socket_write_io_context *) io_context)->fd;
if (wfd < 0) {
errno = EBADF;
POSIX_BAIL(S2N_ERR_BAD_FD);
@@ -223,19 +223,19 @@ int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len)
return result;
}
-int s2n_socket_is_ipv6(int fd, uint8_t *ipv6)
+int s2n_socket_is_ipv6(int fd, uint8_t *ipv6)
{
POSIX_ENSURE_REF(ipv6);
socklen_t len;
struct sockaddr_storage addr;
- len = sizeof (addr);
- POSIX_GUARD(getpeername(fd, (struct sockaddr*)&addr, &len));
-
+ len = sizeof(addr);
+ POSIX_GUARD(getpeername(fd, (struct sockaddr *) &addr, &len));
+
*ipv6 = 0;
if (AF_INET6 == addr.ss_family) {
- *ipv6 = 1;
+ *ipv6 = 1;
}
-
+
return 0;
}
diff --git a/contrib/restricted/aws/s2n/utils/s2n_socket.h b/contrib/restricted/aws/s2n/utils/s2n_socket.h
index 693ac758a3..d7f34a25ee 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_socket.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_socket.h
@@ -23,9 +23,9 @@ struct s2n_socket_read_io_context {
int fd;
/* Has TCP_QUICKACK been set since the last read */
- unsigned int tcp_quickack_set:1;
+ unsigned int tcp_quickack_set : 1;
/* Original SO_RCVLOWAT socket option settings before s2n takes over the fd */
- unsigned int original_rcvlowat_is_set:1;
+ unsigned int original_rcvlowat_is_set : 1;
int original_rcvlowat_val;
};
@@ -33,9 +33,9 @@ struct s2n_socket_read_io_context {
struct s2n_socket_write_io_context {
/* The peer's fd */
int fd;
-
+
/* Original TCP_CORK socket option settings before s2n takes over the fd */
- unsigned int original_cork_is_set:1;
+ unsigned int original_cork_is_set : 1;
int original_cork_val;
};
diff --git a/contrib/restricted/aws/s2n/utils/s2n_timer.c b/contrib/restricted/aws/s2n/utils/s2n_timer.c
index 4b834ef6ad..3017d4af9c 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_timer.c
+++ b/contrib/restricted/aws/s2n/utils/s2n_timer.c
@@ -13,33 +13,33 @@
* permissions and limitations under the License.
*/
-#include "utils/s2n_result.h"
-#include "utils/s2n_safety.h"
#include "utils/s2n_timer.h"
#include "tls/s2n_config.h"
+#include "utils/s2n_result.h"
+#include "utils/s2n_safety.h"
S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer)
{
RESULT_ENSURE(config->monotonic_clock(config->monotonic_clock_ctx, &timer->time) >= S2N_SUCCESS,
- S2N_ERR_CANCELLED);
+ S2N_ERR_CANCELLED);
return S2N_RESULT_OK;
}
-S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds)
+S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds)
{
uint64_t current_time;
RESULT_ENSURE(config->monotonic_clock(config->monotonic_clock_ctx, &current_time) >= S2N_SUCCESS,
- S2N_ERR_CANCELLED);
+ S2N_ERR_CANCELLED);
*nanoseconds = current_time - timer->time;
return S2N_RESULT_OK;
}
-S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds)
+S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds)
{
uint64_t previous_time = timer->time;
diff --git a/contrib/restricted/aws/s2n/utils/s2n_timer.h b/contrib/restricted/aws/s2n/utils/s2n_timer.h
index 8bd2b262c3..dbf4a3efcd 100644
--- a/contrib/restricted/aws/s2n/utils/s2n_timer.h
+++ b/contrib/restricted/aws/s2n/utils/s2n_timer.h
@@ -16,6 +16,7 @@
#pragma once
#include <stdint.h>
+
#include "utils/s2n_result.h"
struct s2n_timer {
@@ -23,5 +24,5 @@ struct s2n_timer {
};
extern S2N_RESULT s2n_timer_start(struct s2n_config *config, struct s2n_timer *timer);
-extern S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds);
-extern S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t * nanoseconds);
+extern S2N_RESULT s2n_timer_elapsed(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds);
+extern S2N_RESULT s2n_timer_reset(struct s2n_config *config, struct s2n_timer *timer, uint64_t *nanoseconds);