Address Feedback v3

aws · Oct 10, 2024 · b056544 · b056544
1 parent d377a0b
commit b056544
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 6 deletions.
diff --git a/tests/unit/s2n_pq_kem_test.c b/tests/unit/s2n_pq_kem_test.c
@@ -64,7 +64,7 @@ int main()
         DEFER_CLEANUP(struct s2n_blob ciphertext = { 0 }, s2n_free);
         EXPECT_SUCCESS(s2n_alloc(&ciphertext, kem->ciphertext_length));
 
-        if (!s2m_kem_is_available(kem)) {
+        if (!s2n_kem_is_available(kem)) {
             EXPECT_FAILURE_WITH_ERRNO(kem->generate_keypair(kem, public_key.data, private_key.data), S2N_ERR_UNIMPLEMENTED);
             EXPECT_FAILURE_WITH_ERRNO(kem->encapsulate(kem, ciphertext.data, client_shared_secret.data, public_key.data), S2N_ERR_UNIMPLEMENTED);
             EXPECT_FAILURE_WITH_ERRNO(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data), S2N_ERR_UNIMPLEMENTED);

diff --git a/tests/unit/s2n_x509_validator_time_verification_test.c b/tests/unit/s2n_x509_validator_time_verification_test.c
@@ -13,10 +13,12 @@
 * permissions and limitations under the License.
 */
 
-#include "crypto/s2n_libcrypto.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"
 
+bool s2n_libcrypto_supports_flag_no_check_time();
+uint64_t s2n_libcrypto_awslc_api_version(void);
+
 static uint8_t s2n_verify_host_accept_everything(const char *host_name, size_t host_name_len, void *data)
 {
     return 1;

diff --git a/tls/extensions/s2n_client_key_share.c b/tls/extensions/s2n_client_key_share.c
@@ -122,7 +122,7 @@ static int s2n_generate_pq_hybrid_key_share(struct s2n_stuffer *out, struct s2n_
     struct s2n_kem_params *kem_params = &kem_group_params->kem_params;
     kem_params->kem = kem_group->kem;
 
-    if (kem_group_params->kem_group->send_kem_first) {
+    if (kem_group->send_kem_first) {
         POSIX_GUARD(s2n_kem_send_public_key(out, kem_params));
         POSIX_GUARD_RESULT(s2n_ecdhe_send_public_key(ecc_params, out, kem_params->len_prefixed));
     } else {
@@ -304,6 +304,7 @@ static int s2n_client_key_share_recv_hybrid_partial_ecc(struct s2n_stuffer *key_
     POSIX_ENSURE_REF(new_client_params);
     const struct s2n_kem_group *kem_group = new_client_params->kem_group;
     POSIX_ENSURE_REF(kem_group);
+    POSIX_ENSURE_REF(kem_group->curve);
 
     if (new_client_params->kem_params.len_prefixed) {
         uint16_t ec_share_size = 0;

diff --git a/tls/s2n_kem.c b/tls/s2n_kem.c
@@ -461,7 +461,7 @@ int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_p
     return S2N_SUCCESS;
 }
 
-bool s2m_kem_is_available(const struct s2n_kem *kem)
+bool s2n_kem_is_available(const struct s2n_kem *kem)
 {
     if (kem == NULL || kem->kem_nid == NID_undef) {
         return false;
@@ -484,7 +484,7 @@ bool s2n_kem_group_is_available(const struct s2n_kem_group *kem_group)
         return false;
     }
 
-    bool available = s2m_kem_is_available(kem_group->kem);
+    bool available = s2n_kem_is_available(kem_group->kem);
 
     /* x25519 based tls13_kem_groups require EVP_APIS_SUPPORTED */
     if (kem_group->curve == &s2n_ecc_curve_x25519) {

diff --git a/tls/s2n_kem.h b/tls/s2n_kem.h
@@ -132,7 +132,7 @@ int s2n_kem_send_public_key(struct s2n_stuffer *out, struct s2n_kem_params *kem_
 int s2n_kem_recv_public_key(struct s2n_stuffer *in, struct s2n_kem_params *kem_params);
 int s2n_kem_send_ciphertext(struct s2n_stuffer *out, struct s2n_kem_params *kem_params);
 int s2n_kem_recv_ciphertext(struct s2n_stuffer *in, struct s2n_kem_params *kem_params);
-bool s2m_kem_is_available(const struct s2n_kem *kem);
+bool s2n_kem_is_available(const struct s2n_kem *kem);
 bool s2n_kem_group_is_available(const struct s2n_kem_group *kem_group);
 
 /* mlkem768 */