s2n_connection: Move all bitfield fields up front

Ultimately, this is for the benefit of the SAW proofs. Due to a limitation in how SAW currently works, bitfields must be accessed by index rather than by name, and due to how often new fields are added to `s2n_connection`, the only way to do this in way that's maintainable is to have all the bitfield fields be up front. That way, the index to access the bitfield will always be zero, which significantly decreases the likelihood that the SAW proofs will need to be updated with each new field added to `s2n_connection`. This is all rather unfortunate. See GaloisInc/saw-script#1461 for a plan to make handling bitfields more maintainable in SAW.
RyanGlScott · Oct 2, 2021 · ba47998 · ba47998
1 parent b83e187
commit ba47998
Showing 1 changed file with 52 additions and 52 deletions.
diff --git a/tls/s2n_connection.h b/tls/s2n_connection.h
@@ -56,27 +56,6 @@ typedef enum {
 } s2n_session_ticket_status;
 
 struct s2n_connection {
-    /* The configuration (cert, key .. etc ) */
-    struct s2n_config *config;
-
-    /* Overrides Security Policy in config if non-null */
-    const struct s2n_security_policy *security_policy_override;
-
-    /* The user defined context associated with connection */
-    void *context;
-
-    /* The user defined secret callback and context */
-    s2n_secret_cb secret_cb;
-    void *secret_cb_context;
-
-    /* The send and receive callbacks don't have to be the same (e.g. two pipes) */
-    s2n_send_fn *send;
-    s2n_recv_fn *recv;
-
-    /* The context passed to the I/O callbacks */
-    void *send_io_context;
-    void *recv_io_context;
-
     /* Is this connection using CORK/SO_RCVLOWAT optimizations? Only valid when the connection is using
      * managed_send_io
      */
@@ -110,6 +89,58 @@ struct s2n_connection {
     /* If write fd is broken */
     unsigned write_fd_broken:1;
 
+    /* Has the user set their own I/O callbacks or is this connection using the
+     * default socket-based I/O set by s2n */
+    unsigned managed_send_io:1;
+    unsigned managed_recv_io:1;
+
+    /* Key update data */
+    unsigned key_update_pending:1;
+
+    /* Early data supported by caller.
+     * If a caller does not use any APIs that support early data,
+     * do not negotiate early data.
+     */
+    unsigned early_data_expected:1;
+
+    /* Connection overrides server_max_early_data_size */
+    unsigned server_max_early_data_size_overridden:1;
+
+    /* Connection overrides psk_mode.
+     * This means that the connection will keep the existing value of psk_params->type,
+     * even when setting a new config. */
+    unsigned psk_mode_overridden:1;
+
+    /* Have we received a close notify alert from the peer. */
+    unsigned close_notify_received:1;
+
+    /* Connection negotiated an EMS */
+    unsigned ems_negotiated:1;
+
+    /* Connection can be used by a QUIC implementation */
+    unsigned quic_enabled:1;
+
+    /* The configuration (cert, key .. etc ) */
+    struct s2n_config *config;
+
+    /* Overrides Security Policy in config if non-null */
+    const struct s2n_security_policy *security_policy_override;
+
+    /* The user defined context associated with connection */
+    void *context;
+
+    /* The user defined secret callback and context */
+    s2n_secret_cb secret_cb;
+    void *secret_cb_context;
+
+    /* The send and receive callbacks don't have to be the same (e.g. two pipes) */
+    s2n_send_fn *send;
+    s2n_recv_fn *recv;
+
+    /* The context passed to the I/O callbacks */
+    void *send_io_context;
+    void *recv_io_context;
+
     /* Track request extensions to ensure correct response extension behavior.
      *
      * We need to track client and server extensions separately because some
@@ -322,37 +353,6 @@ struct s2n_connection {
     /* Cookie extension data */
     struct s2n_stuffer cookie_stuffer;
 
-    /* Has the user set their own I/O callbacks or is this connection using the
-     * default socket-based I/O set by s2n */
-    unsigned managed_send_io:1;
-    unsigned managed_recv_io:1;
-
-    /* Key update data */
-    unsigned key_update_pending:1;
-
-    /* Early data supported by caller.
-     * If a caller does not use any APIs that support early data,
-     * do not negotiate early data.
-     */
-    unsigned early_data_expected:1;
-
-    /* Connection overrides server_max_early_data_size */
-    unsigned server_max_early_data_size_overridden:1;
-
-    /* Connection overrides psk_mode.
-     * This means that the connection will keep the existing value of psk_params->type,
-     * even when setting a new config. */
-    unsigned psk_mode_overridden:1;
-
-    /* Have we received a close notify alert from the peer. */
-    unsigned close_notify_received:1;
-
-    /* Connection negotiated an EMS */
-    unsigned ems_negotiated:1;
-
-    /* Connection can be used by a QUIC implementation */
-    unsigned quic_enabled:1;
-
     /* Flags to prevent users from calling methods recursively.
      * This can be an easy mistake to make when implementing send/receive callbacks.
      */