find/replace: "api/unstable" -> "api/s2n/unstable"

.github/workflows/ci_rust.yml

@@ -64,7 +64,7 @@ jobs:
         # __attribute__((visibility("default"))) label must be on a declaration
         # in the same unit of compilation as the definition. Generally this just
         # means that if the linker can't resolve foo_method in tls/foo.c, you
-        # forgot to include api/unstable/foo.h in tls/foo.c
+        # forgot to include api/s2n/unstable/foo.h in tls/foo.c
         if: ${{ matrix.os == 'ubuntu-latest' }}
         run: |
           cmake . -Bbuild -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off

CMakeLists.txt

@@ -43,7 +43,7 @@ option(ASAN "Enable AddressSanitizer to test memory safety" OFF)
 option(SECCOMP "Link with seccomp and run seccomp tests" OFF)
 
 file(GLOB API_HEADERS "api/*.h")
-file(GLOB API_UNSTABLE_HEADERS "api/unstable/*.h")
+file(GLOB API_UNSTABLE_HEADERS "api/s2n/unstable/*.h")
 
 file(GLOB CRYPTO_HEADERS "crypto/*.h")
 file(GLOB CRYPTO_SRC "crypto/*.c")

bin/echo.c

@@ -25,8 +25,8 @@
 #include <unistd.h>
 
 #include "api/s2n.h"
-#include "api/unstable/fingerprint.h"
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/fingerprint.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "common.h"
 #include "crypto/s2n_pkey.h"
 

bin/s2nc.c

@@ -30,8 +30,8 @@
 #endif
 
 #include "api/s2n.h"
-#include "api/unstable/npn.h"
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/npn.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "common.h"
 #include "crypto/s2n_libcrypto.h"
 #include "error/s2n_errno.h"

bin/s2nd.c

@@ -32,7 +32,7 @@
 #endif
 
 #include "api/s2n.h"
-#include "api/unstable/npn.h"
+#include "api/s2n/unstable/npn.h"
 #include "common.h"
 #include "crypto/s2n_libcrypto.h"
 #include "utils/s2n_safety.h"

bindings/rust/generate/src/main.rs

@@ -56,7 +56,7 @@ fn main() {
     );
 
     // get all of the files in the unstable folder
-    let unstable_api = out_dir.join("lib/api/unstable");
+    let unstable_api = out_dir.join("lib/api/s2n/unstable");
     let unstable_headers: Vec<(String, fs::DirEntry)> = fs::read_dir(unstable_api)
         .expect("unable to iterate through files in unstable api folder")
         .into_iter()

bindings/rust/s2n-tls/src/fingerprint.rs

@@ -3,7 +3,7 @@
 
 //! Methods to fingerprint ClientHellos.
 //!
-//! See [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+//! See [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
 
 use crate::{
     client_hello::ClientHello,
@@ -35,14 +35,14 @@ pub struct Fingerprint<'a>(&'a mut Builder);
 impl Fingerprint<'_> {
     /// Size of the fingerprint hash.
     ///
-    /// See s2n_fingerprint_get_hash_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+    /// See s2n_fingerprint_get_hash_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
     pub fn hash_size(&self) -> Result<usize, Error> {
         self.0.hash_size()
     }
 
     /// Calculate the fingerprint hash string.
     ///
-    /// See s2n_fingerprint_get_hash in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+    /// See s2n_fingerprint_get_hash in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
     pub fn hash(&mut self) -> Result<&str, Error> {
         if self.0.hash.is_empty() {
             let mut output_size = 0;
@@ -63,7 +63,7 @@ impl Fingerprint<'_> {
 
     /// Size of the raw fingerprint string.
     ///
-    /// See s2n_fingerprint_get_raw_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+    /// See s2n_fingerprint_get_raw_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
     ///
     /// The size of the raw fingerprint string can't be known without calculating
     /// the fingerprint for a given ClientHello, so either [Fingerprint::hash()]
@@ -76,7 +76,7 @@ impl Fingerprint<'_> {
 
     /// Calculate the raw fingerprint string.
     ///
-    /// See s2n_fingerprint_get_raw in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+    /// See s2n_fingerprint_get_raw in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
     ///
     /// The size of the raw fingerprint string can't be known without calculating
     /// the fingerprint for a given ClientHello. Before calling this method, you
@@ -228,7 +228,7 @@ impl Builder {
 
     /// Size of the fingerprint hash.
     ///
-    /// See s2n_fingerprint_get_hash_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/fingerprint.h).
+    /// See s2n_fingerprint_get_hash_size in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/fingerprint.h).
     pub fn hash_size(&self) -> Result<usize, Error> {
         Self::ptr_hash_size(&self.ptr)
     }

bindings/rust/s2n-tls/src/renegotiate.rs

@@ -4,7 +4,7 @@
 //! Methods to perform renegotiation.
 //!
 //! The use of renegotiation is strongly discouraged.
-//! See [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h)
+//! See [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h)
 //! for the primary documentation of the feature.
 //!
 //! # Scheduled renegotiation
@@ -100,7 +100,7 @@
 //! as direct mappings of the C `s2n_renegotiate_wipe` and `s2n_renegotiate` methods.
 //! If scheduled renegotiation is insufficient for your use case, you can manually
 //! integrate with renegotiation according to the instructions in
-//! [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+//! [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
 //! Your `on_renegotiate_request` method would return `RenegotiateResponse::Accept`
 //! rather than `RenegotiateResponse::Schedule`.
 //!
@@ -118,7 +118,7 @@ use std::task::Poll::{self, Pending, Ready};
 
 /// How to handle a renegotiation request.
 ///
-/// See s2n_renegotiate_response in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+/// See s2n_renegotiate_response in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
 #[derive(Debug, PartialEq, Copy, Clone)]
 pub enum RenegotiateResponse {
     Ignore,
@@ -151,7 +151,7 @@ pub trait RenegotiateCallback: 'static + Send + Sync {
     /// Returning "None" will result in the C callback returning an error,
     /// canceling the connection.
     ///
-    /// See s2n_renegotiate_request_cb in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+    /// See s2n_renegotiate_request_cb in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
     //
     // This method returns Option instead of Result because the callback has no mechanism
     // for surfacing errors to the application, so Result would be somewhat deceptive.
@@ -198,7 +198,7 @@ impl Connection {
 
     /// Reset the connection so that it can be renegotiated.
     ///
-    /// See s2n_renegotiate_wipe in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+    /// See s2n_renegotiate_wipe in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
     /// The Rust equivalent of the listed connection-specific methods that are NOT wiped are:
     ///  - Methods to set the file descriptors: not currently supported by rust bindings
     ///  - Methods to set the send callback:
@@ -292,7 +292,7 @@ impl Connection {
     /// of bytes received is returned as the second element of the returned pair,
     /// and the data is written to `buf`.
     ///
-    /// See s2n_renegotiate in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+    /// See s2n_renegotiate in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
     pub fn poll_renegotiate(&mut self, buf: &mut [u8]) -> (Poll<Result<(), Error>>, usize) {
         let buf_len: isize = buf.len().try_into().unwrap_or(0);
         let buf_ptr = buf.as_ptr() as *mut ::libc::c_void;
@@ -377,7 +377,7 @@ impl Connection {
 impl config::Builder {
     /// Sets a method to be called when the client receives a request to renegotiate.
     ///
-    /// See s2n_config_set_renegotiate_request_cb in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/unstable/renegotiate.h).
+    /// See s2n_config_set_renegotiate_request_cb in [the C API documentation](https://github.com/aws/s2n-tls/blob/main/api/s2n/unstable/renegotiate.h).
     pub fn set_renegotiate_callback<T: 'static + RenegotiateCallback>(
         &mut self,
         handler: T,

docs/DEVELOPMENT-GUIDE.md

@@ -164,7 +164,7 @@ For every thread that s2n functions are called in, a small amount of thread-loca
 An important thing to note is that a call to `s2n_cleanup()` usually does not fully clean up s2n. It only cleans up the thread-local memory. This is because we have an atexit handler that does fully clean up s2n at process-exit.
 The behavior is different if the atexit handler is disabled by calling `s2n_disable_atexit()`. Then s2n is actually fully cleaned up if `s2n_cleanup()` is called on the thread that called `s2n_init()`. `s2n_cleanup()` attempts to track the thread that had originally called `s2n_init()` and only performs the full cleanup when that "main" thread exits. If this behavior does not work for your use case (for example, if the "main" thread does not outlive child threads using s2n), you can instead call `s2n_cleanup_thread()` on each thread exit.
 
-> Note: `s2n_cleanup_thread()` is currently considered unstable, meaning the API is subject to change in a future release. To access this API, include `api/unstable/cleanup.h`.
+> Note: `s2n_cleanup_thread()` is currently considered unstable, meaning the API is subject to change in a future release. To access this API, include `api/s2n/unstable/cleanup.h`.
 
 ### Control flow and the state machine
 

docs/usage-guide/topics/ch02-initialization.md

@@ -1,7 +1,7 @@
 # Initialization and Teardown
 The s2n-tls library must be initialized with `s2n_init()` before calling most library functions. `s2n_init()` MUST NOT be called more than once, even when an application uses multiple threads or processes. s2n attempts to clean up its thread-local memory at thread-exit and all other memory at process-exit. However, this may not work if you are using a thread library other than pthreads or other threads using s2n outlive the thread that called `s2n_init()`. In that case you should call `s2n_cleanup_thread()` from every thread or process created after `s2n_init()`.
 
-> Note: `s2n_cleanup_thread()` is currently considered unstable, meaning the API is subject to change in a future release. To access this API, include `api/unstable/cleanup.h`.
+> Note: `s2n_cleanup_thread()` is currently considered unstable, meaning the API is subject to change in a future release. To access this API, include `api/s2n/unstable/cleanup.h`.
 
 Initialization can be modified by calling `s2n_crypto_disable_init()` or `s2n_disable_atexit()` before `s2n_init()`.
 

docs/usage-guide/topics/ch09-certificates.md

@@ -94,7 +94,7 @@ The OCSP stapling information will be automatically validated if the underlying
 
 ## CRL Validation
 
-> Note: the CRL validation feature in s2n-tls is currently considered unstable, meaning the CRL APIs are subject to change in a future release. To access the CRL APIs, include `api/unstable/crl.h`.
+> Note: the CRL validation feature in s2n-tls is currently considered unstable, meaning the CRL APIs are subject to change in a future release. To access the CRL APIs, include `api/s2n/unstable/crl.h`.
 
 Certificate Revocation Lists (CRLs) are lists of issued, unexpired certificates that have been revoked by the CA. CAs publish updated versions of these lists periodically. A validator wishing to verify a certificate obtains a CRL from the CA, validates the CRL, and checks to ensure the certificate is not contained in the list, and therefore has not been revoked by the CA.
 

lib/Makefile

@@ -41,7 +41,7 @@ install: libs2n.a libs2n.so $(libdir)
 	@cp libs2n.*  $(libdir)
 	@cp ../api/s2n.h  $(includedir)
 	@mkdir -p $(includedir)/s2n
-	@cp -r ../api/unstable  $(includedir)/s2n
+	@cp -r ../api/s2n/unstable  $(includedir)/s2n
 
 uninstall:
 	@rm -f $(libdir)/libs2n.*

tests/unit/s2n_connection_test.c

@@ -15,7 +15,7 @@
 
 #include "tls/s2n_connection.h"
 
-#include "api/unstable/ktls.h"
+#include "api/s2n/unstable/ktls.h"
 #include "crypto/s2n_hash.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"

tests/unit/s2n_fingerprint_ja3_test.c

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-#include "api/unstable/fingerprint.h"
+#include "api/s2n/unstable/fingerprint.h"
 #include "crypto/s2n_fips.h"
 #include "s2n_test.h"
 #include "testlib/s2n_sslv2_client_hello.h"

tests/unit/s2n_fingerprint_ja4_test.c

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-#include "api/unstable/fingerprint.h"
+#include "api/s2n/unstable/fingerprint.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"
 #include "tls/s2n_tls.h"

tests/unit/s2n_fingerprint_test.c

@@ -15,7 +15,7 @@
 
 #include "tls/s2n_fingerprint.h"
 
-#include "api/unstable/fingerprint.h"
+#include "api/s2n/unstable/fingerprint.h"
 #include "crypto/s2n_hash.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"

tests/unit/s2n_init_test.c

@@ -15,7 +15,7 @@
 
 #include <pthread.h>
 
-#include "api/unstable/cleanup.h"
+#include "api/s2n/unstable/cleanup.h"
 #include "s2n_test.h"
 
 bool s2n_is_initialized(void);

tests/unit/s2n_post_handshake_recv_test.c

@@ -16,7 +16,7 @@
 #include <sys/param.h>
 #include <sys/socket.h>
 
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "error/s2n_errno.h"
 #include "s2n_test.h"
 #include "testlib/s2n_mem_testlib.h"

tests/unit/s2n_recv_buffering_test.c

@@ -14,7 +14,7 @@
  */
 
 #include "api/s2n.h"
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "s2n_test.h"
 #include "testlib/s2n_ktls_test_utils.h"
 #include "testlib/s2n_testlib.h"

tests/unit/s2n_recv_test.c

@@ -14,7 +14,7 @@
  */
 
 #include "api/s2n.h"
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "s2n_test.h"
 #include "testlib/s2n_ktls_test_utils.h"
 #include "testlib/s2n_testlib.h"

tls/s2n_client_hello.c

@@ -20,7 +20,7 @@
 #include <sys/param.h>
 #include <time.h>
 
-#include "api/unstable/fingerprint.h"
+#include "api/s2n/unstable/fingerprint.h"
 #include "crypto/s2n_fips.h"
 #include "crypto/s2n_hash.h"
 #include "crypto/s2n_rsa_signing.h"

tls/s2n_config.c

@@ -16,7 +16,7 @@
 #include <strings.h>
 #include <time.h>
 
-#include "api/unstable/npn.h"
+#include "api/s2n/unstable/npn.h"
 #include "crypto/s2n_certificate.h"
 #include "crypto/s2n_fips.h"
 #include "crypto/s2n_hkdf.h"

tls/s2n_connection.c

@@ -26,7 +26,7 @@
 
 #include "api/s2n.h"
 /* Required for s2n_connection_get_key_update_counts */
-#include "api/unstable/ktls.h"
+#include "api/s2n/unstable/ktls.h"
 #include "crypto/s2n_certificate.h"
 #include "crypto/s2n_cipher.h"
 #include "crypto/s2n_crypto.h"

tls/s2n_crl.h

@@ -18,7 +18,7 @@
 #include <openssl/x509v3.h>
 
 #include "api/s2n.h"
-#include "api/unstable/crl.h"
+#include "api/s2n/unstable/crl.h"
 #include "utils/s2n_result.h"
 
 struct s2n_x509_validator;

tls/s2n_fingerprint.h

@@ -16,7 +16,7 @@
 #pragma once
 
 #include "api/s2n.h"
-#include "api/unstable/fingerprint.h"
+#include "api/s2n/unstable/fingerprint.h"
 #include "crypto/s2n_hash.h"
 #include "stuffer/s2n_stuffer.h"
 #include "tls/s2n_client_hello.h"

tls/s2n_ktls.h

@@ -17,7 +17,7 @@
 
 #include <sys/socket.h>
 
-#include "api/unstable/ktls.h"
+#include "api/s2n/unstable/ktls.h"
 #include "tls/s2n_connection.h"
 /* Define headers needed to enable and use kTLS.
  *

tls/s2n_renegotiate.h

@@ -15,7 +15,7 @@
 
 #pragma once
 
-#include "api/unstable/renegotiate.h"
+#include "api/s2n/unstable/renegotiate.h"
 #include "utils/s2n_result.h"
 
 S2N_RESULT s2n_renegotiate_validate(struct s2n_connection *conn);

utils/s2n_init.c

@@ -17,7 +17,7 @@
 
 #include <pthread.h>
 
-#include "api/unstable/cleanup.h"
+#include "api/s2n/unstable/cleanup.h"
 #include "crypto/s2n_fips.h"
 #include "crypto/s2n_libcrypto.h"
 #include "crypto/s2n_locking.h"