Skip to content

Commit

Permalink
Clang format tls/s2n_[a-h].*\.[ch] and enforce in CI (#3681)
Browse files Browse the repository at this point in the history
  • Loading branch information
@harrisonkaiser
harrisonkaiser authored Dec 12, 2022
1 parent 4e7627f commit f2faa0e
Show file tree
Hide file tree
Showing 45 changed files with 681 additions and 732 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci_clang_format_check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- check: 'tests/unit'
exclude: "s2n_[^3a-cd-kt-z].*\\.c"
- check: 'tls'
exclude: "(tls\\/extensions)|(s2n_[a-h].*\\.[ch])"
exclude: ''
- check: 'tls/extensions'
exclude: ''
- check: 'utils'
Expand Down
10 changes: 4 additions & 6 deletions tls/s2n_aead.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,14 @@
*/

#include "error/s2n_errno.h"

#include "utils/s2n_safety.h"
#include "utils/s2n_mem.h"

#include "tls/s2n_connection.h"
#include "tls/s2n_record.h"
#include "utils/s2n_mem.h"
#include "utils/s2n_safety.h"

/* Derive the AAD for an AEAD mode cipher suite from the connection state, per
* RFC 5246 section 6.2.3.3 */
S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad)
S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t *sequence_number, uint8_t content_type, uint16_t record_length, struct s2n_blob *ad)
{
RESULT_ENSURE_REF(ad);
RESULT_ENSURE_GTE(ad->size, S2N_TLS_MAX_AAD_LEN);
Expand All @@ -34,7 +32,7 @@ S2N_RESULT s2n_aead_aad_init(const struct s2n_connection *conn, uint8_t * sequen
/* ad = seq_num || record_type || version || length */

size_t idx = 0;
for(; idx < S2N_TLS_SEQUENCE_NUM_LEN; idx++) {
for (; idx < S2N_TLS_SEQUENCE_NUM_LEN; idx++) {
data[idx] = sequence_number[idx];
}

Expand Down
28 changes: 13 additions & 15 deletions tls/s2n_alerts.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,37 +13,36 @@
* permissions and limitations under the License.
*/

#include "tls/s2n_alerts.h"

#include <stdint.h>
#include <sys/param.h>

#include "error/s2n_errno.h"

#include "tls/s2n_tls_parameters.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_record.h"
#include "tls/s2n_resume.h"
#include "tls/s2n_alerts.h"

#include "utils/s2n_safety.h"
#include "tls/s2n_tls_parameters.h"
#include "utils/s2n_blob.h"
#include "utils/s2n_safety.h"

#define S2N_TLS_ALERT_LEVEL_WARNING 1
#define S2N_TLS_ALERT_LEVEL_FATAL 2
#define S2N_TLS_ALERT_LEVEL_WARNING 1
#define S2N_TLS_ALERT_LEVEL_FATAL 2

#define S2N_ALERT_CASE(error, alert_code) \
case (error): \
*alert = (alert_code); \
case (error): \
*alert = (alert_code); \
return S2N_RESULT_OK

#define S2N_NO_ALERT(error) \
case (error): \
case (error): \
RESULT_BAIL(S2N_ERR_NO_ALERT)

static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t *alert)
{
RESULT_ENSURE_REF(alert);

switch(error_code) {
switch (error_code) {
S2N_ALERT_CASE(S2N_ERR_MISSING_EXTENSION, S2N_TLS_ALERT_MISSING_EXTENSION);

/* TODO: The ERR_BAD_MESSAGE -> ALERT_UNEXPECTED_MESSAGE mapping
Expand Down Expand Up @@ -179,7 +178,7 @@ int s2n_error_get_alert(int error, uint8_t *alert)

POSIX_ENSURE_REF(alert);

switch(error_type) {
switch (error_type) {
case S2N_ERR_T_OK:
case S2N_ERR_T_CLOSED:
case S2N_ERR_T_BLOCKED:
Expand Down Expand Up @@ -219,7 +218,6 @@ int s2n_process_alert_fragment(struct s2n_connection *conn)
POSIX_GUARD(s2n_stuffer_copy(&conn->in, &conn->alert_in, bytes_to_read));

if (s2n_stuffer_data_available(&conn->alert_in) == 2) {

/* Close notifications are handled as shutdowns */
if (conn->alert_in_data[1] == S2N_TLS_ALERT_CLOSE_NOTIFY) {
conn->closed = 1;
Expand Down Expand Up @@ -255,7 +253,7 @@ int s2n_queue_writer_close_alert_warning(struct s2n_connection *conn)
alert[0] = S2N_TLS_ALERT_LEVEL_WARNING;
alert[1] = S2N_TLS_ALERT_CLOSE_NOTIFY;

struct s2n_blob out = {.data = alert,.size = sizeof(alert) };
struct s2n_blob out = { .data = alert, .size = sizeof(alert) };

/* If there is an alert pending or we've already sent a close_notify, do nothing */
if (s2n_stuffer_data_available(&conn->writer_alert_out) || conn->close_notify_queued) {
Expand All @@ -280,7 +278,7 @@ static int s2n_queue_reader_alert(struct s2n_connection *conn, uint8_t level, ui
alert[0] = level;
alert[1] = error_code;

struct s2n_blob out = {.data = alert,.size = sizeof(alert) };
struct s2n_blob out = { .data = alert, .size = sizeof(alert) };

/* If there is an alert pending, do nothing */
if (s2n_stuffer_data_available(&conn->reader_alert_out)) {
Expand Down
97 changes: 52 additions & 45 deletions tls/s2n_async_pkey.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
*/
#include "tls/s2n_async_pkey.h"

#include "api/s2n.h"
#include "crypto/s2n_hash.h"
#include "crypto/s2n_signature.h"
#include "error/s2n_errno.h"
#include "api/s2n.h"
#include "tls/s2n_connection.h"
#include "tls/s2n_handshake.h"
#include "utils/s2n_blob.h"
Expand All @@ -27,27 +27,27 @@

struct s2n_async_pkey_decrypt_data {
s2n_async_pkey_decrypt_complete on_complete;
struct s2n_blob encrypted;
struct s2n_blob decrypted;
unsigned rsa_failed : 1;
struct s2n_blob encrypted;
struct s2n_blob decrypted;
unsigned rsa_failed : 1;
};

struct s2n_async_pkey_sign_data {
s2n_async_pkey_sign_complete on_complete;
struct s2n_hash_state digest;
s2n_signature_algorithm sig_alg;
struct s2n_blob signature;
struct s2n_hash_state digest;
s2n_signature_algorithm sig_alg;
struct s2n_blob signature;
};

struct s2n_async_pkey_op {
s2n_async_pkey_op_type type;
struct s2n_connection *conn;
s2n_async_pkey_validation_mode validation_mode;
unsigned complete : 1;
unsigned applied : 1;
unsigned complete : 1;
unsigned applied : 1;
union {
struct s2n_async_pkey_decrypt_data decrypt;
struct s2n_async_pkey_sign_data sign;
struct s2n_async_pkey_sign_data sign;
} op;
};

Expand All @@ -65,16 +65,16 @@ static S2N_RESULT s2n_async_get_actions(s2n_async_pkey_op_type type, const struc
static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op);

static S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete);
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete);
static S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete);
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete);

static S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_blob *encrypted,
struct s2n_blob * init_decrypted,
s2n_async_pkey_decrypt_complete on_complete);
struct s2n_blob *init_decrypted,
s2n_async_pkey_decrypt_complete on_complete);
static S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_blob *encrypted,
struct s2n_blob * init_decrypted,
s2n_async_pkey_decrypt_complete on_complete);
struct s2n_blob *init_decrypted,
s2n_async_pkey_decrypt_complete on_complete);

static S2N_RESULT s2n_async_pkey_decrypt_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *pkey);
static S2N_RESULT s2n_async_pkey_decrypt_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn);
Expand All @@ -90,19 +90,23 @@ static S2N_RESULT s2n_async_pkey_get_input_sign(struct s2n_async_pkey_op *op, ui
static S2N_RESULT s2n_async_pkey_op_set_output_sign(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len);
static S2N_RESULT s2n_async_pkey_sign_free(struct s2n_async_pkey_op *op);

static const struct s2n_async_pkey_op_actions s2n_async_pkey_decrypt_op = { .perform = &s2n_async_pkey_decrypt_perform,
.apply = &s2n_async_pkey_decrypt_apply,
.get_input_size = &s2n_async_pkey_get_input_size_decrypt,
.get_input = &s2n_async_pkey_get_input_decrypt,
.set_output = &s2n_async_pkey_op_set_output_decrypt,
.free = &s2n_async_pkey_decrypt_free };
static const struct s2n_async_pkey_op_actions s2n_async_pkey_decrypt_op = {
.perform = &s2n_async_pkey_decrypt_perform,
.apply = &s2n_async_pkey_decrypt_apply,
.get_input_size = &s2n_async_pkey_get_input_size_decrypt,
.get_input = &s2n_async_pkey_get_input_decrypt,
.set_output = &s2n_async_pkey_op_set_output_decrypt,
.free = &s2n_async_pkey_decrypt_free
};

static const struct s2n_async_pkey_op_actions s2n_async_pkey_sign_op = { .perform = &s2n_async_pkey_sign_perform,
.apply = &s2n_async_pkey_sign_apply,
.get_input_size = &s2n_async_pkey_get_input_size_sign,
.get_input = &s2n_async_pkey_get_input_sign,
.set_output = &s2n_async_pkey_op_set_output_sign,
.free = &s2n_async_pkey_sign_free };
static const struct s2n_async_pkey_op_actions s2n_async_pkey_sign_op = {
.perform = &s2n_async_pkey_sign_perform,
.apply = &s2n_async_pkey_sign_apply,
.get_input_size = &s2n_async_pkey_get_input_size_sign,
.get_input = &s2n_async_pkey_get_input_sign,
.set_output = &s2n_async_pkey_op_set_output_sign,
.free = &s2n_async_pkey_sign_free
};

DEFINE_POINTER_CLEANUP_FUNC(struct s2n_async_pkey_op *, s2n_async_pkey_op_free);

Expand All @@ -129,7 +133,7 @@ static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op)
RESULT_ENSURE(*op == NULL, S2N_ERR_SAFETY);

/* allocate memory */
DEFER_CLEANUP(struct s2n_blob mem = {0}, s2n_free);
DEFER_CLEANUP(struct s2n_blob mem = { 0 }, s2n_free);
RESULT_GUARD_POSIX(s2n_alloc(&mem, sizeof(struct s2n_async_pkey_op)));
RESULT_GUARD_POSIX(s2n_blob_zero(&mem));

Expand All @@ -142,7 +146,7 @@ static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op)
}

S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted,
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(encrypted);
Expand Down Expand Up @@ -184,7 +188,7 @@ S2N_RESULT s2n_async_cb_execute(struct s2n_connection *conn, struct s2n_async_pk
}

S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_blob *encrypted,
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(encrypted);
Expand All @@ -199,7 +203,7 @@ S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_
op->validation_mode = conn->config->async_pkey_validation_mode;

struct s2n_async_pkey_decrypt_data *decrypt = &op->op.decrypt;
decrypt->on_complete = on_complete;
decrypt->on_complete = on_complete;

RESULT_GUARD_POSIX(s2n_dup(encrypted, &decrypt->encrypted));
RESULT_GUARD_POSIX(s2n_dup(init_decrypted, &decrypt->decrypted));
Expand All @@ -209,7 +213,7 @@ S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_
}

S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_blob *encrypted,
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(encrypted);
Expand All @@ -225,7 +229,7 @@ S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_b
}

S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(digest);
Expand All @@ -241,7 +245,7 @@ S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algori
}

S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(digest);
Expand All @@ -258,8 +262,8 @@ S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_
}

struct s2n_async_pkey_sign_data *sign = &op->op.sign;
sign->on_complete = on_complete;
sign->sig_alg = sig_alg;
sign->on_complete = on_complete;
sign->sig_alg = sig_alg;

RESULT_GUARD_POSIX(s2n_hash_new(&sign->digest));
RESULT_GUARD_POSIX(s2n_hash_copy(&sign->digest, digest));
Expand All @@ -269,7 +273,7 @@ S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_
}

S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(digest);
Expand Down Expand Up @@ -334,7 +338,7 @@ int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection

POSIX_GUARD_RESULT(actions->apply(op, conn));

op->applied = true;
op->applied = true;
conn->handshake.async_state = S2N_ASYNC_COMPLETE;

/* Free up the decrypt/sign structs to avoid storing secrets for too long */
Expand All @@ -351,9 +355,11 @@ int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op)
POSIX_ENSURE_REF(actions);

/* If applied the decrypt/sign structs were released in apply call */
if (!op->applied) { POSIX_GUARD_RESULT(actions->free(op)); }
if (!op->applied) {
POSIX_GUARD_RESULT(actions->free(op));
}

POSIX_GUARD(s2n_free_object(( uint8_t ** )&op, sizeof(struct s2n_async_pkey_op)));
POSIX_GUARD(s2n_free_object((uint8_t **) &op, sizeof(struct s2n_async_pkey_op)));

return S2N_SUCCESS;
}
Expand Down Expand Up @@ -442,17 +448,18 @@ S2N_RESULT s2n_async_pkey_sign_apply(struct s2n_async_pkey_op *op, struct s2n_co
}

S2N_RESULT s2n_async_pkey_verify_signature(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, struct s2n_blob *signature) {
struct s2n_hash_state *digest, struct s2n_blob *signature)
{
RESULT_ENSURE_REF(conn);
RESULT_ENSURE_REF(conn->handshake_params.our_chain_and_key);
RESULT_ENSURE_REF(digest);
RESULT_ENSURE_REF(signature);

/* Parse public key for the cert */
DEFER_CLEANUP(struct s2n_pkey public_key = {0}, s2n_pkey_free);
DEFER_CLEANUP(struct s2n_pkey public_key = { 0 }, s2n_pkey_free);
s2n_pkey_type pkey_type = S2N_PKEY_TYPE_UNKNOWN;
RESULT_GUARD_POSIX(s2n_asn1der_to_public_key_and_type(&public_key, &pkey_type,
&conn->handshake_params.our_chain_and_key->cert_chain->head->raw));
&conn->handshake_params.our_chain_and_key->cert_chain->head->raw));
RESULT_ENSURE(s2n_pkey_verify(&public_key, sig_alg, digest, signature) == S2N_SUCCESS, S2N_ERR_VERIFY_SIGNATURE);

return S2N_RESULT_OK;
Expand All @@ -474,7 +481,7 @@ int s2n_async_pkey_op_set_validation_mode(struct s2n_async_pkey_op *op, s2n_asyn
{
POSIX_ENSURE_REF(op);

switch(mode) {
switch (mode) {
case S2N_ASYNC_PKEY_VALIDATION_FAST:
case S2N_ASYNC_PKEY_VALIDATION_STRICT:
op->validation_mode = mode;
Expand Down
6 changes: 3 additions & 3 deletions tls/s2n_async_pkey.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,8 @@ int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *da
int s2n_async_pkey_op_set_validation_mode(struct s2n_async_pkey_op *op, s2n_async_pkey_validation_mode mode);

S2N_RESULT s2n_async_pkey_verify_signature(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
struct s2n_hash_state *digest, struct s2n_blob *signature);
struct s2n_hash_state *digest, struct s2n_blob *signature);
S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted, struct s2n_blob *init_decrypted,
s2n_async_pkey_decrypt_complete on_complete);
s2n_async_pkey_decrypt_complete on_complete);
S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg, struct s2n_hash_state *digest,
s2n_async_pkey_sign_complete on_complete);
s2n_async_pkey_sign_complete on_complete);
Loading

0 comments on commit f2faa0e

Please sign in to comment.