aws · boquan-fang · Jan 3, 2025 · Jan 6, 2025 · Jan 7, 2025 · Jan 7, 2025
diff --git a/stuffer/s2n_stuffer.h b/stuffer/s2n_stuffer.h
@@ -35,6 +35,7 @@
 #define SIZEOF_IN_BITS(t) (sizeof(t) * CHAR_BIT)
 
 #define SIZEOF_UINT24 3
+#define SIZEOF_UINT32 4
 
 struct s2n_stuffer {
     /* The data for the s2n_stuffer */
@@ -143,6 +144,7 @@ S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation
 int S2N_RESULT_MUST_USE s2n_stuffer_reserve_uint8(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
 int S2N_RESULT_MUST_USE s2n_stuffer_reserve_uint16(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
 int S2N_RESULT_MUST_USE s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
+int S2N_RESULT_MUST_USE s2n_stuffer_reserve_uint32(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation);
 int S2N_RESULT_MUST_USE s2n_stuffer_write_reservation(struct s2n_stuffer_reservation *reservation, const uint32_t value);
 /* Reservations are primarily intended to handle the variable-length vector type
  * defined in the RFC: https://tools.ietf.org/html/rfc8446#section-3.4

diff --git a/stuffer/s2n_stuffer_network_order.c b/stuffer/s2n_stuffer_network_order.c
@@ -119,6 +119,11 @@ int s2n_stuffer_reserve_uint24(struct s2n_stuffer *stuffer, struct s2n_stuffer_r
     return s2n_stuffer_reserve(stuffer, reservation, SIZEOF_UINT24);
 }
 
+int s2n_stuffer_reserve_uint32(struct s2n_stuffer *stuffer, struct s2n_stuffer_reservation *reservation)
+{
+    return s2n_stuffer_reserve(stuffer, reservation, SIZEOF_UINT32);
+}
+
 int s2n_stuffer_read_uint32(struct s2n_stuffer *stuffer, uint32_t *u)
 {
     POSIX_ENSURE_REF(u);

diff --git a/tests/cbmc/sources/make_common_datastructures.c b/tests/cbmc/sources/make_common_datastructures.c
@@ -801,7 +801,7 @@ void cbmc_populate_s2n_connection(struct s2n_connection *s2n_connection)
     s2n_connection->verify_host_fn       = malloc(sizeof(*(s2n_connection->verify_host_fn))); /* Function pointer. */
     s2n_connection->data_for_verify_host = malloc(sizeof(*(s2n_connection->data_for_verify_host)));
     cbmc_populate_s2n_blob(&(s2n_connection->client_ticket));
-    cbmc_populate_s2n_ticket_fields(&(s2n_connection->tls13_ticket_fields));
+    cbmc_populate_s2n_ticket_fields(&(s2n_connection->ticket_fields));
     cbmc_populate_s2n_stuffer(&(s2n_connection->client_ticket_to_decrypt));
     cbmc_populate_s2n_blob(&(s2n_connection->application_protocols_overridden));
     cbmc_populate_s2n_blob(&(s2n_connection->cookie));

diff --git a/tests/unit/s2n_client_psk_extension_test.c b/tests/unit/s2n_client_psk_extension_test.c
@@ -76,10 +76,10 @@ static int mock_time(void *data, uint64_t *nanoseconds)
 
 static S2N_RESULT s2n_setup_encrypted_ticket(struct s2n_connection *conn, struct s2n_stuffer *output)
 {
-    conn->tls13_ticket_fields = (struct s2n_ticket_fields){ 0 };
+    conn->ticket_fields = (struct s2n_ticket_fields){ 0 };
     uint8_t test_secret_data[] = "test secret";
-    RESULT_GUARD_POSIX(s2n_alloc(&conn->tls13_ticket_fields.session_secret, sizeof(test_secret_data)));
-    RESULT_CHECKED_MEMCPY(conn->tls13_ticket_fields.session_secret.data, test_secret_data, sizeof(test_secret_data));
+    RESULT_GUARD_POSIX(s2n_alloc(&conn->ticket_fields.session_secret, sizeof(test_secret_data)));
+    RESULT_CHECKED_MEMCPY(conn->ticket_fields.session_secret.data, test_secret_data, sizeof(test_secret_data));
 
     /* Create a valid resumption psk identity */
     RESULT_GUARD(s2n_resume_encrypt_session_ticket(conn, output));

diff --git a/tests/unit/s2n_psk_offered_test.c b/tests/unit/s2n_psk_offered_test.c
@@ -24,10 +24,10 @@
 
 static S2N_RESULT s2n_setup_encrypted_ticket(struct s2n_connection *conn, struct s2n_stuffer *output)
 {
-    conn->tls13_ticket_fields = (struct s2n_ticket_fields){ 0 };
+    conn->ticket_fields = (struct s2n_ticket_fields){ 0 };
     uint8_t test_secret_data[] = "test secret";
-    RESULT_GUARD_POSIX(s2n_alloc(&conn->tls13_ticket_fields.session_secret, sizeof(test_secret_data)));
-    RESULT_CHECKED_MEMCPY(conn->tls13_ticket_fields.session_secret.data, test_secret_data, sizeof(test_secret_data));
+    RESULT_GUARD_POSIX(s2n_alloc(&conn->ticket_fields.session_secret, sizeof(test_secret_data)));
+    RESULT_CHECKED_MEMCPY(conn->ticket_fields.session_secret.data, test_secret_data, sizeof(test_secret_data));
 
     /* Create a valid resumption psk identity */
     RESULT_GUARD(s2n_resume_encrypt_session_ticket(conn, output));

diff --git a/tests/unit/s2n_resume_test.c b/tests/unit/s2n_resume_test.c
@@ -176,7 +176,7 @@ int main(int argc, char **argv)
             /* Set non-zero length secret */
             uint8_t secret_size = 0;
             EXPECT_SUCCESS(s2n_hmac_digest_size(conn->secure->cipher_suite->prf_alg, &secret_size));
-            EXPECT_SUCCESS(s2n_realloc(&conn->tls13_ticket_fields.session_secret, secret_size));
+            EXPECT_SUCCESS(s2n_realloc(&conn->ticket_fields.session_secret, secret_size));
 
             /* Result matches constant */
             size_t actual_size = 0;
@@ -206,7 +206,7 @@ int main(int argc, char **argv)
             /* Set non-zero length secret */
             uint8_t secret_size = 0;
             EXPECT_SUCCESS(s2n_hmac_digest_size(conn->secure->cipher_suite->prf_alg, &secret_size));
-            EXPECT_SUCCESS(s2n_realloc(&conn->tls13_ticket_fields.session_secret, secret_size));
+            EXPECT_SUCCESS(s2n_realloc(&conn->ticket_fields.session_secret, secret_size));
 
             /* Result matches constant */
             size_t actual_size = 0;
@@ -232,7 +232,7 @@ int main(int argc, char **argv)
             /* Set non-zero length secret */
             uint8_t secret_size = 0;
             EXPECT_SUCCESS(s2n_hmac_digest_size(conn->secure->cipher_suite->prf_alg, &secret_size));
-            EXPECT_SUCCESS(s2n_alloc(&conn->tls13_ticket_fields.session_secret, secret_size));
+            EXPECT_SUCCESS(s2n_alloc(&conn->ticket_fields.session_secret, secret_size));
 
             /* Result matches constants */
             size_t actual_size = 0;
@@ -260,7 +260,7 @@ int main(int argc, char **argv)
             /* Set non-zero length secret */
             uint8_t secret_size = 0;
             EXPECT_SUCCESS(s2n_hmac_digest_size(conn->secure->cipher_suite->prf_alg, &secret_size));
-            EXPECT_SUCCESS(s2n_alloc(&conn->tls13_ticket_fields.session_secret, secret_size));
+            EXPECT_SUCCESS(s2n_alloc(&conn->ticket_fields.session_secret, secret_size));
 
             /* Set early data fields */
             const uint8_t data[] = "test data";
@@ -324,7 +324,7 @@ int main(int argc, char **argv)
                 /* Set non-zero length secret */
                 uint8_t secret_size = 0;
                 EXPECT_SUCCESS(s2n_hmac_digest_size(conn->secure->cipher_suite->prf_alg, &secret_size));
-                EXPECT_SUCCESS(s2n_alloc(&conn->tls13_ticket_fields.session_secret, secret_size));
+                EXPECT_SUCCESS(s2n_alloc(&conn->ticket_fields.session_secret, secret_size));
                 int session_length = s2n_connection_get_session_length(conn);
                 EXPECT_NOT_EQUAL(session_length, 0);
 
@@ -473,8 +473,8 @@ int main(int argc, char **argv)
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
 
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
             EXPECT_OK(s2n_tls13_serialize_resumption_state(conn, &output));
 
@@ -496,11 +496,11 @@ int main(int argc, char **argv)
 
             uint32_t ticket_age_add = 0;
             EXPECT_SUCCESS(s2n_stuffer_read_uint32(&output, &ticket_age_add));
-            EXPECT_EQUAL(ticket_age_add, conn->tls13_ticket_fields.ticket_age_add);
+            EXPECT_EQUAL(ticket_age_add, conn->ticket_fields.ticket_age_add);
 
             uint8_t secret_len = 0;
             EXPECT_SUCCESS(s2n_stuffer_read_uint8(&output, &secret_len));
-            EXPECT_EQUAL(secret_len, conn->tls13_ticket_fields.session_secret.size);
+            EXPECT_EQUAL(secret_len, conn->ticket_fields.session_secret.size);
 
             uint8_t session_secret[S2N_TLS_SECRET_LEN] = { 0 };
             EXPECT_SUCCESS(s2n_stuffer_read_bytes(&output, session_secret, secret_len));
@@ -531,8 +531,8 @@ int main(int argc, char **argv)
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
 
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
             /* New expiration time */
             {
@@ -612,8 +612,8 @@ int main(int argc, char **argv)
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
 
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
             /* Write ticket without early data. Save size for comparison. */
             EXPECT_SUCCESS(s2n_connection_set_server_max_early_data_size(conn, 0));
@@ -687,10 +687,10 @@ int main(int argc, char **argv)
                 DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
                 EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
 
-                conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-                EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+                conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+                EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
-                EXPECT_SUCCESS(s2n_realloc(&conn->tls13_ticket_fields.session_secret, test_cases[i].secret_size));
+                EXPECT_SUCCESS(s2n_realloc(&conn->ticket_fields.session_secret, test_cases[i].secret_size));
                 if (test_cases[i].success) {
                     EXPECT_OK(s2n_tls13_serialize_resumption_state(conn, &output));
                 } else {
@@ -1137,8 +1137,8 @@ int main(int argc, char **argv)
                 DEFER_CLEANUP(struct s2n_stuffer stuffer = { 0 }, s2n_stuffer_free);
                 EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0));
 
-                conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = TICKET_AGE_ADD };
-                EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+                conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = TICKET_AGE_ADD };
+                EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
                 /* Initialize client ticket */
                 uint8_t client_ticket[] = { CLIENT_TICKET };
@@ -1194,8 +1194,8 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0));
 
             /* Initialize client ticket */
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = TICKET_AGE_ADD };
-            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = TICKET_AGE_ADD };
+            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
             uint8_t client_ticket[] = { CLIENT_TICKET };
             EXPECT_SUCCESS(s2n_realloc(&conn->client_ticket, sizeof(client_ticket)));
             EXPECT_MEMCPY_SUCCESS(conn->client_ticket.data, client_ticket, sizeof(client_ticket));
@@ -1368,11 +1368,11 @@ int main(int argc, char **argv)
 
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_session_secret, &conn->ticket_fields.session_secret));
 
             /* This secret is smaller than the maximum secret length */
-            EXPECT_TRUE(conn->tls13_ticket_fields.session_secret.size < S2N_TLS_SECRET_LEN);
+            EXPECT_TRUE(conn->ticket_fields.session_secret.size < S2N_TLS_SECRET_LEN);
 
             EXPECT_OK(s2n_resume_encrypt_session_ticket(conn, &output));
             EXPECT_OK(s2n_resume_decrypt_session_ticket(conn, &output));
@@ -1404,11 +1404,11 @@ int main(int argc, char **argv)
 
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_master_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_master_secret, &conn->ticket_fields.session_secret));
 
             /* This secret is equal to the maximum secret length */
-            EXPECT_EQUAL(conn->tls13_ticket_fields.session_secret.size, S2N_TLS_SECRET_LEN);
+            EXPECT_EQUAL(conn->ticket_fields.session_secret.size, S2N_TLS_SECRET_LEN);
 
             EXPECT_OK(s2n_resume_encrypt_session_ticket(conn, &output));
             EXPECT_OK(s2n_resume_decrypt_session_ticket(conn, &output));
@@ -1545,8 +1545,8 @@ int main(int argc, char **argv)
 
             DEFER_CLEANUP(struct s2n_stuffer output = { 0 }, s2n_stuffer_free);
             EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&output, 0));
-            conn->tls13_ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
-            EXPECT_SUCCESS(s2n_dup(&test_master_secret, &conn->tls13_ticket_fields.session_secret));
+            conn->ticket_fields = (struct s2n_ticket_fields){ .ticket_age_add = 1 };
+            EXPECT_SUCCESS(s2n_dup(&test_master_secret, &conn->ticket_fields.session_secret));
 
             EXPECT_OK(s2n_resume_encrypt_session_ticket(conn, &output));
             EXPECT_OK(s2n_resume_decrypt_session_ticket(conn, &output));