static int s2n_map_embiggen(struct s2n_map *map, uint32_t capacity)
{
struct s2n_blob mem;
struct s2n_map tmp;
if (map->immutable) {
S2N_ERROR(S2N_ERR_MAP_IMMUTABLE);
}
GUARD(s2n_alloc(&mem, (capacity * sizeof(struct s2n_map_entry))));
GUARD(s2n_blob_zero(&mem));
tmp.capacity = capacity;
tmp.size = 0;
tmp.table = (void *) mem.data;
tmp.immutable = 0;
tmp.sha256 = map->sha256;
for (int i = 0; i < map->capacity; i++) {
if (map->table[i].key.size) {
GUARD(s2n_map_add(&tmp, &map->table[i].key, &map->table[i].value));
GUARD(s2n_free(&map->table[i].key));
GUARD(s2n_free(&map->table[i].value));
}
}
/* Free the old memory */
mem.data = (void *) map->table;
mem.size = map->capacity * sizeof(struct s2n_map_entry);
GUARD(s2n_free(&mem));
/* Clone the temporary map */
map->capacity = tmp.capacity;
map->size = tmp.size;
map->table = tmp.table;
map->immutable = 0;
map->sha256 = tmp.sha256;
return 0;
}
/* Reset any selected record algorithms */
int s2n_cipher_suites_cleanup(void)
{
const int num_cipher_suites = sizeof(s2n_all_cipher_suites) / sizeof(struct s2n_cipher_suite*);
for (int i = 0; i < num_cipher_suites; i++) {
struct s2n_cipher_suite *cur_suite = s2n_all_cipher_suites[i];
cur_suite->available = 0;
cur_suite->record_alg = NULL;
/* Release custom SSLv3 cipher suites */
if (cur_suite->sslv3_cipher_suite != cur_suite) {
struct s2n_cipher_suite *sslv3_suite = cur_suite->sslv3_cipher_suite;
struct s2n_blob sslv3_suite_mem = {.data = (uint8_t *) sslv3_suite, .size = sizeof(struct s2n_cipher_suite)};
GUARD(s2n_free(&sslv3_suite_mem));
}
cur_suite->sslv3_cipher_suite = NULL;
}
#if !S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
/*https://wiki.openssl.org/index.php/Manual:OpenSSL_add_all_algorithms(3)*/
EVP_cleanup();
/* per the reqs here https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html we don't explicitly call
* cleanup in later versions */
#endif
return 0;
}
struct s2n_cipher_suite *s2n_cipher_suite_from_wire(const uint8_t cipher_suite[S2N_TLS_CIPHER_SUITE_LEN])
{
int low = 0;
int top = (sizeof(s2n_all_cipher_suites) / sizeof(struct s2n_cipher_suite*)) - 1;
/* Perform a textbook binary search */
while (low <= top) {
/* Check in the middle */
int mid = low + ((top - low) / 2);
int m = memcmp(s2n_all_cipher_suites[mid]->iana_value, cipher_suite, 2);
if (m == 0) {
return s2n_all_cipher_suites[mid];
} else if (m > 0) {
top = mid - 1;
} else if (m < 0) {
low = mid + 1;
}
}
return NULL;
}
int s2n_map_free(struct s2n_map *map)
{
struct s2n_blob mem;
/* Free the keys and values */
for (int i = 0; i < map->capacity; i++) {
if (map->table[i].key.size) {
GUARD(s2n_free(&map->table[i].key));
GUARD(s2n_free(&map->table[i].value));
}
}
/* Free the table */
mem.data = (void *) map->table;
mem.size = map->capacity * sizeof(struct s2n_map_entry);
GUARD(s2n_free(&mem));
/* And finally the map */
mem.data = (void *) map;
mem.size = sizeof(struct s2n_map);
GUARD(s2n_free(&mem));
return 0;
}
int s2n_connection_free(struct s2n_connection *conn)
{
struct s2n_blob blob;
GUARD(s2n_connection_free_keys(conn));
GUARD(s2n_stuffer_free(&conn->in));
GUARD(s2n_stuffer_free(&conn->out));
GUARD(s2n_stuffer_free(&conn->handshake.io));
blob.data = (uint8_t *) conn;
blob.size = sizeof(struct s2n_connection);
GUARD(s2n_free(&blob));
return 0;
}
int s2n_stuffer_free(struct s2n_stuffer *stuffer)
{
if (stuffer->alloced == 0) {
return 0;
}
if (stuffer->wiped == 0) {
GUARD(s2n_stuffer_wipe(stuffer));
}
GUARD(s2n_free(&stuffer->blob));
stuffer->blob.data = NULL;
stuffer->blob.size = 0;
return 0;
}
static int s2n_connection_free_keys(struct s2n_connection *conn)
{
/* Destroy any keys - we call destroy on the pending object as that is where
* keys are allocated. */
if (conn->pending.cipher_suite && conn->pending.cipher_suite->cipher->destroy_key) {
GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.client_key));
GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.server_key));
}
/* Free any pending server key received (we may not have completed a
* handshake, so this may not have been free'd yet) */
GUARD(s2n_rsa_public_key_free(&conn->pending.server_rsa_public_key));
GUARD(s2n_dh_params_free(&conn->pending.server_dh_params));
GUARD(s2n_dh_params_free(&conn->active.server_dh_params));
GUARD(s2n_ecc_params_free(&conn->pending.server_ecc_params));
GUARD(s2n_ecc_params_free(&conn->active.server_ecc_params));
GUARD(s2n_free(&conn->status_response));
return 0;
}
int s2n_config_free_cert_chain_and_key(struct s2n_config *config)
{
struct s2n_blob b = {
.data = (uint8_t *) config->cert_and_key_pairs,
.size = sizeof(struct s2n_cert_chain_and_key)
};
/* If there were cert and key pairs set, walk the chain and free the certs */
if (config->cert_and_key_pairs) {
struct s2n_cert_chain *node = config->cert_and_key_pairs->head;
while (node) {
struct s2n_blob n = {
.data = (uint8_t *)node,
.size = sizeof(struct s2n_cert_chain)
};
/* Free the cert */
GUARD(s2n_free(&node->cert));
/* Advance to next */
node = node->next;
/* Free the node */
GUARD(s2n_free(&n));
}
GUARD(s2n_rsa_private_key_free(&config->cert_and_key_pairs->private_key));
GUARD(s2n_free(&config->cert_and_key_pairs->ocsp_status));
}
GUARD(s2n_free(&b));
return 0;
}
int s2n_config_free_dhparams(struct s2n_config *config)
{
struct s2n_blob b = {
.data = (uint8_t *) config->dhparams,
.size = sizeof(struct s2n_dh_params)
};
if (config->dhparams) {
GUARD(s2n_dh_params_free(config->dhparams));
}
GUARD(s2n_free(&b));
return 0;
}
int s2n_config_free(struct s2n_config *config)
{
struct s2n_blob b = {.data = (uint8_t *) config,.size = sizeof(struct s2n_config) };
GUARD(s2n_config_free_cert_chain_and_key(config));
GUARD(s2n_config_free_dhparams(config));
GUARD(s2n_free(&config->application_protocols));
GUARD(s2n_free(&b));
return 0;
}
int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version)
{
for (int i = 0; selection[i].version != NULL; i++) {
if (!strcasecmp(version, selection[i].version)) {
config->cipher_preferences = selection[i].preferences;
return 0;
}
}
s2n_errno = S2N_ERR_INVALID_CIPHER_PREFERENCES;
return -1;
}
int s2n_config_set_protocol_preferences(struct s2n_config *config, const char * const *protocols, int protocol_count)
{
struct s2n_stuffer protocol_stuffer;
GUARD(s2n_free(&config->application_protocols));
if (protocols == NULL || protocol_count == 0) {
/* NULL value indicates no prference, so nothing to do */
return 0;
}
GUARD(s2n_stuffer_growable_alloc(&protocol_stuffer, 256));
for (int i = 0; i < protocol_count; i++) {
size_t length = strlen(protocols[i]);
uint8_t protocol[255];
if (length > 255 || (s2n_stuffer_data_available(&protocol_stuffer) + length + 1) > 65535) {
return S2N_ERR_APPLICATION_PROTOCOL_TOO_LONG;
}
memcpy_check(protocol, protocols[i], length);
GUARD(s2n_stuffer_write_uint8(&protocol_stuffer, length));
GUARD(s2n_stuffer_write_bytes(&protocol_stuffer, protocol, length));
}
uint32_t size = s2n_stuffer_data_available(&protocol_stuffer);
/* config->application_protocols blob now owns this data */
config->application_protocols.size = size;
config->application_protocols.data = s2n_stuffer_raw_read(&protocol_stuffer, size);
notnull_check(config->application_protocols.data);
return 0;
}
int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type)
{
config->status_request_type = type;
return 0;
}
int s2n_config_add_cert_chain_and_key_with_status(struct s2n_config *config,
char *cert_chain_pem, char *private_key_pem, const uint8_t *status, uint32_t length)
{
struct s2n_stuffer chain_in_stuffer, cert_out_stuffer, key_in_stuffer, key_out_stuffer;
struct s2n_blob key_blob;
struct s2n_blob mem;
/* Allocate the memory for the chain and key struct */
GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert_chain_and_key)));
config->cert_and_key_pairs = (struct s2n_cert_chain_and_key *)(void *)mem.data;
config->cert_and_key_pairs->ocsp_status.data = NULL;
config->cert_and_key_pairs->ocsp_status.size = 0;
/* Put the private key pem in a stuffer */
GUARD(s2n_stuffer_alloc_ro_from_string(&key_in_stuffer, private_key_pem));
GUARD(s2n_stuffer_growable_alloc(&key_out_stuffer, strlen(private_key_pem)));
/* Convert pem to asn1 and asn1 to the private key */
GUARD(s2n_stuffer_rsa_private_key_from_pem(&key_in_stuffer, &key_out_stuffer));
GUARD(s2n_stuffer_free(&key_in_stuffer));
key_blob.size = s2n_stuffer_data_available(&key_out_stuffer);
key_blob.data = s2n_stuffer_raw_read(&key_out_stuffer, key_blob.size);
notnull_check(key_blob.data);
GUARD(s2n_asn1der_to_rsa_private_key(&config->cert_and_key_pairs->private_key, &key_blob));
GUARD(s2n_stuffer_free(&key_out_stuffer));
/* Turn the chain into a stuffer */
GUARD(s2n_stuffer_alloc_ro_from_string(&chain_in_stuffer, cert_chain_pem));
GUARD(s2n_stuffer_growable_alloc(&cert_out_stuffer, 2048));
struct s2n_cert_chain **insert = &config->cert_and_key_pairs->head;
uint32_t chain_size = 0;
do {
struct s2n_cert_chain *new_node;
if (s2n_stuffer_certificate_from_pem(&chain_in_stuffer, &cert_out_stuffer) < 0) {
if (chain_size == 0) {
S2N_ERROR(S2N_ERR_NO_CERTIFICATE_IN_PEM);
}
break;
}
GUARD(s2n_alloc(&mem, sizeof(struct s2n_cert_chain)));
new_node = (struct s2n_cert_chain *)(void *)mem.data;
GUARD(s2n_alloc(&new_node->cert, s2n_stuffer_data_available(&cert_out_stuffer)));
GUARD(s2n_stuffer_read(&cert_out_stuffer, &new_node->cert));
/* Additional 3 bytes for the length field in the protocol */
chain_size += new_node->cert.size + 3;
new_node->next = NULL;
*insert = new_node;
insert = &new_node->next;
} while (s2n_stuffer_data_available(&chain_in_stuffer));
GUARD(s2n_stuffer_free(&chain_in_stuffer));
GUARD(s2n_stuffer_free(&cert_out_stuffer));
config->cert_and_key_pairs->chain_size = chain_size;
if (status && length > 0) {
GUARD(s2n_alloc(&config->cert_and_key_pairs->ocsp_status, length));
memcpy_check(config->cert_and_key_pairs->ocsp_status.data, status, length);
}
return 0;
}
int s2n_config_add_cert_chain_and_key(struct s2n_config *config, char *cert_chain_pem, char *private_key_pem)
{
GUARD(s2n_config_add_cert_chain_and_key_with_status(config, cert_chain_pem, private_key_pem, NULL, 0));
return 0;
}
int s2n_config_add_dhparams(struct s2n_config *config, char *dhparams_pem)
{
struct s2n_stuffer dhparams_in_stuffer, dhparams_out_stuffer;
struct s2n_blob dhparams_blob;
struct s2n_blob mem;
/* Allocate the memory for the chain and key struct */
GUARD(s2n_alloc(&mem, sizeof(struct s2n_dh_params)));
config->dhparams = (struct s2n_dh_params *)(void *)mem.data;
GUARD(s2n_stuffer_alloc_ro_from_string(&dhparams_in_stuffer, dhparams_pem));
GUARD(s2n_stuffer_growable_alloc(&dhparams_out_stuffer, strlen(dhparams_pem)));
/* Convert pem to asn1 and asn1 to the private key */
GUARD(s2n_stuffer_dhparams_from_pem(&dhparams_in_stuffer, &dhparams_out_stuffer));
GUARD(s2n_stuffer_free(&dhparams_in_stuffer));
dhparams_blob.size = s2n_stuffer_data_available(&dhparams_out_stuffer);
dhparams_blob.data = s2n_stuffer_raw_read(&dhparams_out_stuffer, dhparams_blob.size);
notnull_check(dhparams_blob.data);
GUARD(s2n_pkcs3_to_dh_params(config->dhparams, &dhparams_blob));
GUARD(s2n_free(&dhparams_blob));
return 0;
}
int s2n_config_set_nanoseconds_since_epoch_callback(struct s2n_config *config, int (*nanoseconds_since_epoch)(void *, uint64_t *), void * data)
{
notnull_check(nanoseconds_since_epoch);
config->nanoseconds_since_epoch = nanoseconds_since_epoch;
config->data_for_nanoseconds_since_epoch = data;
return 0;
}
int main(int argc, char **argv)
{
struct s2n_stuffer certificate_in, certificate_out;
struct s2n_stuffer dhparams_in, dhparams_out;
struct s2n_stuffer rsa_key_in, rsa_key_out;
struct s2n_blob b;
BEGIN_TEST();
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_in, sizeof(certificate)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_out, sizeof(certificate)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_in, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_out, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&rsa_key_in, sizeof(private_key)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&rsa_key_out, sizeof(private_key)));
b.data = certificate;
b.size = sizeof(certificate);
EXPECT_SUCCESS(s2n_stuffer_write(&certificate_in, &b));
b.data = private_key;
b.size = sizeof(private_key);
EXPECT_SUCCESS(s2n_stuffer_write(&rsa_key_in, &b));
b.data = dhparams;
b.size = sizeof(dhparams);
EXPECT_SUCCESS(s2n_stuffer_write(&dhparams_in, &b));
EXPECT_SUCCESS(s2n_stuffer_certificate_from_pem(&certificate_in, &certificate_out));
EXPECT_SUCCESS(s2n_stuffer_rsa_private_key_from_pem(&rsa_key_in, &rsa_key_out));
EXPECT_SUCCESS(s2n_stuffer_dhparams_from_pem(&dhparams_in, &dhparams_out));
struct s2n_rsa_private_key priv_key;
struct s2n_rsa_public_key pub_key;
b.size = s2n_stuffer_data_available(&certificate_out);
b.data = s2n_stuffer_raw_read(&certificate_out, b.size);
EXPECT_SUCCESS(s2n_asn1der_to_rsa_public_key(&pub_key, &b));
b.size = s2n_stuffer_data_available(&rsa_key_out);
b.data = s2n_stuffer_raw_read(&rsa_key_out, b.size);
EXPECT_SUCCESS(s2n_asn1der_to_rsa_private_key(&priv_key, &b));
EXPECT_SUCCESS(s2n_rsa_keys_match(&pub_key, &priv_key));
struct s2n_connection *conn;
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(conn->config, (char *)chain, (char *)private_key));
struct s2n_dh_params dh_params;
b.size = s2n_stuffer_data_available(&dhparams_out);
b.data = s2n_stuffer_raw_read(&dhparams_out, b.size);
EXPECT_SUCCESS(s2n_pkcs3_to_dh_params(&dh_params, &b));
EXPECT_SUCCESS(s2n_config_add_dhparams(conn->config, (char *)dhparams));
/* Try signing and verification with RSA */
uint8_t inputpad[] = "Hello world!";
struct s2n_blob signature;
struct s2n_hash_state tls10_one, tls10_two, tls12_one, tls12_two;
EXPECT_SUCCESS(s2n_hash_init(&tls10_one, S2N_HASH_MD5_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls10_two, S2N_HASH_MD5_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls12_one, S2N_HASH_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls12_two, S2N_HASH_SHA1));
EXPECT_SUCCESS(s2n_alloc(&signature, s2n_rsa_public_encrypted_size(&pub_key)));
EXPECT_SUCCESS(s2n_hash_update(&tls10_one, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_hash_update(&tls10_two, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_rsa_sign(&priv_key, &tls10_one, &signature));
EXPECT_SUCCESS(s2n_rsa_verify(&pub_key, &tls10_two, &signature));
EXPECT_SUCCESS(s2n_hash_update(&tls12_one, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_hash_update(&tls12_two, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_rsa_sign(&priv_key, &tls12_one, &signature));
EXPECT_SUCCESS(s2n_rsa_verify(&pub_key, &tls12_two, &signature));
EXPECT_SUCCESS(s2n_dh_params_free(&dh_params));
EXPECT_SUCCESS(s2n_rsa_private_key_free(&priv_key));
EXPECT_SUCCESS(s2n_rsa_public_key_free(&pub_key));
EXPECT_SUCCESS(s2n_config_free_dhparams(conn->config));
EXPECT_SUCCESS(s2n_config_free_cert_chain_and_key(conn->config));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_free(&signature));
EXPECT_SUCCESS(s2n_stuffer_free(&certificate_in));
EXPECT_SUCCESS(s2n_stuffer_free(&certificate_out));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_in));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_out));
EXPECT_SUCCESS(s2n_stuffer_free(&rsa_key_in));
EXPECT_SUCCESS(s2n_stuffer_free(&rsa_key_out));
END_TEST();
}
struct s2n_connection *s2n_connection_new(s2n_mode mode)
{
struct s2n_blob blob;
struct s2n_connection *conn;
GUARD_PTR(s2n_alloc(&blob, sizeof(struct s2n_connection)));
GUARD_PTR(s2n_blob_zero(&blob));
if (mode == S2N_CLIENT) {
/* At present s2n is not suitable for use in client mode, as it
* does not perform any certificate validation. However it is useful
* to use S2N in client mode for testing purposes. An environment
* variable is required to be set for the client mode to work.
*/
if (getenv("S2N_ENABLE_CLIENT_MODE") == NULL) {
GUARD_PTR(s2n_free(&blob));
S2N_ERROR_PTR(S2N_ERR_CLIENT_MODE_DISABLED);
}
}
/* Cast 'through' void to acknowledge that we are changing alignment,
* which is ok, as blob.data is always aligned.
*/
conn = (struct s2n_connection *)(void *)blob.data;
conn->mode = mode;
conn->blinding = S2N_BUILT_IN_BLINDING;
conn->config = &s2n_default_config;
conn->close_notify_queued = 0;
conn->session_id_len = 0;
/* Allocate the fixed-size stuffers */
blob.data = conn->alert_in_data;
blob.size = S2N_ALERT_LENGTH;
GUARD_PTR(s2n_stuffer_init(&conn->alert_in, &blob));
blob.data = conn->reader_alert_out_data;
blob.size = S2N_ALERT_LENGTH;
GUARD_PTR(s2n_stuffer_init(&conn->reader_alert_out, &blob));
blob.data = conn->writer_alert_out_data;
blob.size = S2N_ALERT_LENGTH;
GUARD_PTR(s2n_stuffer_init(&conn->writer_alert_out, &blob));
GUARD_PTR(s2n_stuffer_alloc(&conn->out, S2N_LARGE_RECORD_LENGTH));
/* Allocate long term key memory */
GUARD_PTR(s2n_session_key_alloc(&conn->secure.client_key));
GUARD_PTR(s2n_session_key_alloc(&conn->secure.server_key));
GUARD_PTR(s2n_session_key_alloc(&conn->initial.client_key));
GUARD_PTR(s2n_session_key_alloc(&conn->initial.server_key));
/* Initialize the growable stuffers. Zero length at first, but the resize
* in _wipe will fix that
*/
blob.data = conn->header_in_data;
blob.size = S2N_TLS_RECORD_HEADER_LENGTH;
GUARD_PTR(s2n_stuffer_init(&conn->header_in, &blob));
GUARD_PTR(s2n_stuffer_growable_alloc(&conn->in, 0));
GUARD_PTR(s2n_stuffer_growable_alloc(&conn->handshake.io, 0));
GUARD_PTR(s2n_connection_wipe(conn));
GUARD_PTR(s2n_timer_start(conn->config, &conn->write_timer));
return conn;
}
int s2n_connection_wipe(struct s2n_connection *conn)
{
/* First make a copy of everything we'd like to save, which isn't very
* much.
*/
int mode = conn->mode;
struct s2n_config *config = conn->config;
struct s2n_stuffer alert_in;
struct s2n_stuffer reader_alert_out;
struct s2n_stuffer writer_alert_out;
struct s2n_stuffer handshake_io;
struct s2n_stuffer header_in;
struct s2n_stuffer in;
struct s2n_stuffer out;
/* Session keys will be wiped. Preserve structs to avoid reallocation */
struct s2n_session_key initial_client_key;
struct s2n_session_key initial_server_key;
struct s2n_session_key secure_client_key;
struct s2n_session_key secure_server_key;
/* Wipe all of the sensitive stuff */
GUARD(s2n_connection_wipe_keys(conn));
GUARD(s2n_stuffer_wipe(&conn->alert_in));
GUARD(s2n_stuffer_wipe(&conn->reader_alert_out));
GUARD(s2n_stuffer_wipe(&conn->writer_alert_out));
GUARD(s2n_stuffer_wipe(&conn->handshake.io));
GUARD(s2n_stuffer_wipe(&conn->header_in));
GUARD(s2n_stuffer_wipe(&conn->in));
GUARD(s2n_stuffer_wipe(&conn->out));
/* Restore the socket option values */
GUARD(s2n_socket_read_restore(conn));
GUARD(s2n_socket_write_restore(conn));
GUARD(s2n_free(&conn->status_response));
/* Allocate or resize to their original sizes */
GUARD(s2n_stuffer_resize(&conn->in, S2N_LARGE_FRAGMENT_LENGTH));
/* Allocate memory for handling handshakes */
GUARD(s2n_stuffer_resize(&conn->handshake.io, S2N_LARGE_RECORD_LENGTH));
/* Clone the stuffers */
/* ignore gcc 4.7 address warnings because dest is allocated on the stack */
/* pragma gcc diagnostic was added in gcc 4.6 */
#if defined(__GNUC__) && GCC_VERSION >= 40600
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Waddress"
#endif
memcpy_check(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&reader_alert_out, &conn->reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&writer_alert_out, &conn->writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&handshake_io, &conn->handshake.io, sizeof(struct s2n_stuffer));
memcpy_check(&header_in, &conn->header_in, sizeof(struct s2n_stuffer));
memcpy_check(&in, &conn->in, sizeof(struct s2n_stuffer));
memcpy_check(&out, &conn->out, sizeof(struct s2n_stuffer));
memcpy_check(&initial_client_key, &conn->initial.client_key, sizeof(struct s2n_session_key));
memcpy_check(&initial_server_key, &conn->initial.server_key, sizeof(struct s2n_session_key));
memcpy_check(&secure_client_key, &conn->secure.client_key, sizeof(struct s2n_session_key));
memcpy_check(&secure_server_key, &conn->secure.server_key, sizeof(struct s2n_session_key));
#if defined(__GNUC__) && GCC_VERSION >= 40600
#pragma GCC diagnostic pop
#endif
/* Zero the whole connection structure */
memset_check(conn, 0, sizeof(struct s2n_connection));
conn->readfd = -1;
conn->writefd = -1;
conn->mode = mode;
conn->config = config;
conn->close_notify_queued = 0;
conn->current_user_data_consumed = 0;
conn->initial.cipher_suite = &s2n_null_cipher_suite;
conn->secure.cipher_suite = &s2n_null_cipher_suite;
conn->server = &conn->initial;
conn->client = &conn->initial;
conn->max_fragment_length = S2N_SMALL_FRAGMENT_LENGTH;
conn->handshake.handshake_type = INITIAL;
conn->handshake.message_number = 0;
GUARD(s2n_hash_init(&conn->handshake.md5, S2N_HASH_MD5));
GUARD(s2n_hash_init(&conn->handshake.sha1, S2N_HASH_SHA1));
GUARD(s2n_hash_init(&conn->handshake.sha256, S2N_HASH_SHA256));
GUARD(s2n_hash_init(&conn->handshake.sha384, S2N_HASH_SHA384));
GUARD(s2n_hmac_init(&conn->client->client_record_mac, S2N_HMAC_NONE, NULL, 0));
GUARD(s2n_hmac_init(&conn->server->server_record_mac, S2N_HMAC_NONE, NULL, 0));
memcpy_check(&conn->alert_in, &alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->reader_alert_out, &reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->writer_alert_out, &writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->handshake.io, &handshake_io, sizeof(struct s2n_stuffer));
memcpy_check(&conn->header_in, &header_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->in, &in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->out, &out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->initial.client_key, &initial_client_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->initial.server_key, &initial_server_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->secure.client_key, &secure_client_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->secure.server_key, &secure_server_key, sizeof(struct s2n_session_key));
if (conn->mode == S2N_SERVER) {
conn->server_protocol_version = s2n_highest_protocol_version;
conn->client_protocol_version = s2n_unknown_protocol_version;
}
else {
conn->server_protocol_version = s2n_unknown_protocol_version;
conn->client_protocol_version = s2n_highest_protocol_version;
}
conn->actual_protocol_version = s2n_unknown_protocol_version;
return 0;
}
