Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d558e38..16eccfc 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -71,7 +71,7 @@
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
/* Faked handshake message identity for HelloRetryRequest. */
-#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO )
+#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST (-MBEDTLS_SSL_HS_SERVER_HELLO)
/*
* Internal identity of handshake extensions
@@ -108,10 +108,10 @@
#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
/* Utility for translating IANA extension type. */
-uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type );
-uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
+uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type);
+uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
/* Macros used to define mask constants */
-#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) )
+#define MBEDTLS_SSL_EXT_MASK(id) (1ULL << (MBEDTLS_SSL_EXT_ID_##id))
/* Reset value of extension mask */
#define MBEDTLS_SSL_EXT_MASK_NONE 0
@@ -136,81 +136,81 @@
/* Extensions that are not recognized by TLS 1.3 */
#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \
- ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \
- MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \
- MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \
- MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \
- MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \
- MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
+ (MBEDTLS_SSL_EXT_MASK(SUPPORTED_POINT_FORMATS) | \
+ MBEDTLS_SSL_EXT_MASK(ENCRYPT_THEN_MAC) | \
+ MBEDTLS_SSL_EXT_MASK(EXTENDED_MASTER_SECRET) | \
+ MBEDTLS_SSL_EXT_MASK(SESSION_TICKET) | \
+ MBEDTLS_SSL_EXT_MASK(TRUNCATED_HMAC) | \
+ MBEDTLS_SSL_EXT_MASK(UNRECOGNIZED))
/* RFC 8446 section 4.2. Allowed extensions for ClientHello */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \
- ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
- MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
- MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
- MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
- MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
- MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
- MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
- MBEDTLS_SSL_EXT_MASK( ALPN ) | \
- MBEDTLS_SSL_EXT_MASK( SCT ) | \
- MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
- MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
- MBEDTLS_SSL_EXT_MASK( PADDING ) | \
- MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
- MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
- MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) | \
- MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
- MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
- MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) | \
- MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
- MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \
- MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
- MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+ (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \
+ MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \
+ MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \
+ MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \
+ MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \
+ MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \
+ MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \
+ MBEDTLS_SSL_EXT_MASK(ALPN) | \
+ MBEDTLS_SSL_EXT_MASK(SCT) | \
+ MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \
+ MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \
+ MBEDTLS_SSL_EXT_MASK(PADDING) | \
+ MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \
+ MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \
+ MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES) | \
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \
+ MBEDTLS_SSL_EXT_MASK(COOKIE) | \
+ MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS) | \
+ MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \
+ MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH) | \
+ MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \
- ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
- MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
- MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
- MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
- MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
- MBEDTLS_SSL_EXT_MASK( ALPN ) | \
- MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
- MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
- MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
+ (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \
+ MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \
+ MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \
+ MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \
+ MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \
+ MBEDTLS_SSL_EXT_MASK(ALPN) | \
+ MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \
+ MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA))
/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \
- ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
- MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
- MBEDTLS_SSL_EXT_MASK( SCT ) | \
- MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
- MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \
- MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
- MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+ (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \
+ MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \
+ MBEDTLS_SSL_EXT_MASK(SCT) | \
+ MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \
+ MBEDTLS_SSL_EXT_MASK(OID_FILTERS) | \
+ MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
/* RFC 8446 section 4.2. Allowed extensions for Certificate */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \
- ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
- MBEDTLS_SSL_EXT_MASK( SCT ) )
+ (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \
+ MBEDTLS_SSL_EXT_MASK(SCT))
/* RFC 8446 section 4.2. Allowed extensions for ServerHello */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \
- ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
- MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
- MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+ (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \
+ MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \
+ MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS))
/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \
- ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
- MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
- MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+ (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \
+ MBEDTLS_SSL_EXT_MASK(COOKIE) | \
+ MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS))
/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \
- ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
- MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+ (MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
/*
* Helper macros for function call with return check.
@@ -218,25 +218,25 @@
/*
* Exit when return non-zero value
*/
-#define MBEDTLS_SSL_PROC_CHK( f ) \
+#define MBEDTLS_SSL_PROC_CHK(f) \
do { \
- ret = ( f ); \
- if( ret != 0 ) \
+ ret = (f); \
+ if (ret != 0) \
{ \
goto cleanup; \
} \
- } while( 0 )
+ } while (0)
/*
* Exit when return negative value
*/
-#define MBEDTLS_SSL_PROC_CHK_NEG( f ) \
+#define MBEDTLS_SSL_PROC_CHK_NEG(f) \
do { \
- ret = ( f ); \
- if( ret < 0 ) \
+ ret = (f); \
+ if (ret < 0) \
{ \
goto cleanup; \
} \
- } while( 0 )
+ } while (0)
/*
* DTLS retransmission states, see RFC 6347 4.2.4
@@ -260,10 +260,10 @@
/* This macro determines whether CBC is supported. */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || \
- defined(MBEDTLS_CAMELLIA_C) || \
- defined(MBEDTLS_ARIA_C) || \
- defined(MBEDTLS_DES_C) )
+ (defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_DES_C))
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
#endif
@@ -275,7 +275,7 @@
/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
#endif
@@ -318,17 +318,17 @@
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_MAX_IV_LENGTH + \
- MBEDTLS_SSL_MAC_ADD + \
- MBEDTLS_SSL_PADDING_ADD + \
- MBEDTLS_SSL_MAX_CID_EXPANSION \
- )
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \
+ MBEDTLS_SSL_MAC_ADD + \
+ MBEDTLS_SSL_PADDING_ADD + \
+ MBEDTLS_SSL_MAX_CID_EXPANSION \
+ )
-#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
+#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+ (MBEDTLS_SSL_IN_CONTENT_LEN))
-#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+ (MBEDTLS_SSL_OUT_CONTENT_LEN))
/* The maximum number of buffered handshake messages. */
#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
@@ -339,8 +339,8 @@
*/
#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
(MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
- ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
- : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
+ ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \
+ : (MBEDTLS_SSL_IN_CONTENT_LEN) \
)
/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */
@@ -359,7 +359,7 @@
#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( sig, hash ) (( hash << 8 ) | sig)
+#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(sig, hash) ((hash << 8) | sig)
#define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF)
#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8)
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -395,20 +395,20 @@
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN))
#else
#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \
+ + (MBEDTLS_SSL_CID_IN_LEN_MAX))
#endif
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN))
#else
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \
+ + (MBEDTLS_SSL_CID_OUT_LEN_MAX))
#endif
#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
@@ -428,7 +428,7 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl);
/**
* \brief Return the maximum fragment length (payload, in bytes) for
@@ -444,31 +444,31 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_OUT_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_output_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ + MBEDTLS_SSL_CID_OUT_LEN_MAX;
#else
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+ return mbedtls_ssl_get_output_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
-static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_IN_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_input_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ + MBEDTLS_SSL_CID_IN_LEN_MAX;
#else
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+ return mbedtls_ssl_get_input_max_frag_len(ctx)
+ + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
#endif
@@ -492,36 +492,34 @@
* \return Zero if the needed space is available in the buffer, non-zero
* otherwise.
*/
-#if ! defined(MBEDTLS_TEST_HOOKS)
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
- const uint8_t *end, size_t need )
+#if !defined(MBEDTLS_TEST_HOOKS)
+static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
+ const uint8_t *end, size_t need)
{
- return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+ return (cur > end) || (need > (size_t) (end - cur));
}
#else
-typedef struct
-{
+typedef struct {
const uint8_t *cur;
const uint8_t *end;
size_t need;
} mbedtls_ssl_chk_buf_ptr_args;
void mbedtls_ssl_set_chk_buf_ptr_fail_args(
- const uint8_t *cur, const uint8_t *end, size_t need );
-void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void );
+ const uint8_t *cur, const uint8_t *end, size_t need);
+void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args );
+int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args);
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
- const uint8_t *end, size_t need )
+static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
+ const uint8_t *end, size_t need)
{
- if( ( cur > end ) || ( need > (size_t)( end - cur ) ) )
- {
- mbedtls_ssl_set_chk_buf_ptr_fail_args( cur, end, need );
- return( 1 );
+ if ((cur > end) || (need > (size_t) (end - cur))) {
+ mbedtls_ssl_set_chk_buf_ptr_fail_args(cur, end, need);
+ return 1;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_TEST_HOOKS */
@@ -535,13 +533,13 @@
* \param need Needed space in bytes.
*
*/
-#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
+#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \
do { \
- if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+ if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
{ \
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \
} \
- } while( 0 )
+ } while (0)
/**
* \brief This macro checks if the remaining length in an input buffer is
@@ -557,26 +555,26 @@
* \param need Needed length in bytes.
*
*/
-#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need ) \
+#define MBEDTLS_SSL_CHK_BUF_READ_PTR(cur, end, need) \
do { \
- if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+ if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
{ \
- MBEDTLS_SSL_DEBUG_MSG( 1, \
- ( "missing input data in %s", __func__ ) ); \
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
- MBEDTLS_ERR_SSL_DECODE_ERROR ); \
- return( MBEDTLS_ERR_SSL_DECODE_ERROR ); \
+ MBEDTLS_SSL_DEBUG_MSG(1, \
+ ("missing input data in %s", __func__)); \
+ MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
+ MBEDTLS_ERR_SSL_DECODE_ERROR); \
+ return MBEDTLS_ERR_SSL_DECODE_ERROR; \
} \
- } while( 0 )
+ } while (0)
#ifdef __cplusplus
extern "C" {
#endif
-typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen);
/* cipher.h exports the maximum IV, key and block length from
* all ciphers enabled in the config, regardless of whether those
@@ -602,16 +600,15 @@
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
*/
-struct mbedtls_ssl_key_set
-{
+struct mbedtls_ssl_key_set {
/*! The key for client->server records. */
- unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The key for server->client records. */
- unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The IV for client->server records. */
- unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
/*! The IV for server->client records. */
- unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
size_t key_len; /*!< The length of client_write_key and
* server_write_key, in Bytes. */
@@ -620,24 +617,21 @@
};
typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
-typedef struct
-{
- unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+typedef struct {
+ unsigned char binder_key[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ unsigned char client_early_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ unsigned char early_exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
} mbedtls_ssl_tls13_early_secrets;
-typedef struct
-{
- unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+typedef struct {
+ unsigned char client_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ unsigned char server_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
} mbedtls_ssl_tls13_handshake_secrets;
/*
* This structure contains the parameters only needed during handshake.
*/
-struct mbedtls_ssl_handshake_params
-{
+struct mbedtls_ssl_handshake_params {
/* Frequently-used boolean or byte fields (placed early to take
* advantage of smaller code size for indirect access on Arm Thumb) */
uint8_t resume; /*!< session resume indicator*/
@@ -819,16 +813,14 @@
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- struct
- {
+ struct {
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
* buffers used for message buffering. */
uint8_t seen_ccs; /*!< Indicates if a CCS message has
* been seen in the current flight. */
- struct mbedtls_ssl_hs_buffer
- {
+ struct mbedtls_ssl_hs_buffer {
unsigned is_valid : 1;
unsigned is_fragmented : 1;
unsigned is_complete : 1;
@@ -836,8 +828,7 @@
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
- struct
- {
+ struct {
unsigned char *data;
size_t len;
unsigned epoch;
@@ -846,8 +837,8 @@
} buffering;
#if defined(MBEDTLS_SSL_CLI_C) && \
- ( defined(MBEDTLS_SSL_PROTO_DTLS) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ (defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_3))
unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
* HelloRetryRequest cookie for TLS 1.3 */
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -885,7 +876,7 @@
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
flight being received */
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
- resending messages */
+ resending messages */
unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter
for resending messages */
@@ -896,7 +887,7 @@
* has been negotiated. Possible values are
* #MBEDTLS_SSL_CID_ENABLED and
* #MBEDTLS_SSL_CID_DISABLED. */
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */
uint8_t peer_cid_len; /*!< The length of
* \c peer_cid. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -942,11 +933,9 @@
* State-local variables used during the processing
* of a specific handshake state.
*/
- union
- {
+ union {
/* Outgoing Finished message */
- struct
- {
+ struct {
uint8_t preparation_done;
/* Buffer holding digest of the handshake up to
@@ -956,8 +945,7 @@
} finished_out;
/* Incoming Finished message */
- struct
- {
+ struct {
uint8_t preparation_done;
/* Buffer holding digest of the handshake up to but
@@ -972,10 +960,10 @@
unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
MBEDTLS_SERVER_HELLO_RANDOM_LEN];
- /*!< random bytes */
+ /*!< random bytes */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
- /*!< premaster secret */
+ /*!< premaster secret */
size_t pmslen; /*!< premaster length */
#endif
@@ -990,11 +978,10 @@
/** TLS 1.3 transform for encrypted handshake messages. */
mbedtls_ssl_transform *transform_handshake;
- union
- {
- unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ union {
+ unsigned char early[MBEDTLS_TLS1_3_MD_MAX_SIZE];
unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
- unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ unsigned char app[MBEDTLS_TLS1_3_MD_MAX_SIZE];
} tls13_master_secrets;
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
@@ -1104,8 +1091,7 @@
* in other transformations.
*
*/
-struct mbedtls_ssl_transform
-{
+struct mbedtls_ssl_transform {
/*
* Session specific crypto layer
*/
@@ -1149,8 +1135,8 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
uint8_t out_cid_len;
- unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -1159,7 +1145,7 @@
* see ssl_tls12_populate_transform() */
unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
- /*!< ServerHello.random+ClientHello.random */
+ /*!< ServerHello.random+ClientHello.random */
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
};
@@ -1168,13 +1154,13 @@
* Equivalently, return 0 if a separate MAC is used, 1 otherwise.
*/
static inline int mbedtls_ssl_transform_uses_aead(
- const mbedtls_ssl_transform *transform )
+ const mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- return( transform->maclen == 0 && transform->taglen != 0 );
+ return transform->maclen == 0 && transform->taglen != 0;
#else
(void) transform;
- return( 1 );
+ return 1;
#endif
}
@@ -1204,8 +1190,7 @@
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
-typedef struct
-{
+typedef struct {
uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number.
* In DTLS: The 2-byte epoch followed by
* the 6-byte sequence number.
@@ -1228,7 +1213,7 @@
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t cid_len; /* Length of the CID (0 if not present) */
- unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
+ unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
} mbedtls_record;
@@ -1236,8 +1221,7 @@
/*
* List of certificate + private key pairs
*/
-struct mbedtls_ssl_key_cert
-{
+struct mbedtls_ssl_key_cert {
mbedtls_x509_crt *cert; /*!< cert */
mbedtls_pk_context *key; /*!< private key */
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
@@ -1248,8 +1232,7 @@
/*
* List of handshake messages kept around for resending
*/
-struct mbedtls_ssl_flight_item
-{
+struct mbedtls_ssl_flight_item {
unsigned char *p; /*!< message, including handshake headers */
size_t len; /*!< length of p */
unsigned char type; /*!< type of the message: handshake or CCS */
@@ -1270,11 +1253,11 @@
* \param[out] out_len Length of the data written into the buffer \p buf
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- int uses_ec,
- size_t *out_len );
+int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ int uses_ec,
+ size_t *out_len);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@@ -1291,8 +1274,8 @@
* identifier as defined in the TLS 1.2 HashAlgorithm enumeration.
*/
unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
- mbedtls_ssl_context *ssl,
- unsigned int sig_alg );
+ mbedtls_ssl_context *ssl,
+ unsigned int sig_alg);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -1303,7 +1286,7 @@
*
* \param transform SSL transform context
*/
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform);
/**
* \brief Free referenced items in an SSL handshake context and clear
@@ -1311,42 +1294,42 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl);
/* set inbound transform of ssl context */
-void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
+void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform);
/* set outbound transform of ssl context */
-void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
+void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
-static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
- mbedtls_ssl_states state )
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
+static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_states state)
{
- ssl->state = ( int ) state;
+ ssl->state = (int) state;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
/**
* \brief Update record layer
@@ -1425,81 +1408,81 @@
*
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
- unsigned update_hs_digest );
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want);
/*
* Write handshake message header
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
- unsigned char **buf, size_t *buf_len );
+int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type,
+ unsigned char **buf, size_t *buf_len);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
- int update_checksum,
- int force_flush );
-static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
+ int update_checksum,
+ int force_flush);
+static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) );
+ return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */);
}
/*
* Write handshake message tail
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
- size_t buf_len, size_t msg_len );
+int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl,
+ size_t buf_len, size_t msg_len);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info);
/*
* Update checksum of handshake messages.
*/
-void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len );
+void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len);
-void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len );
+void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
- mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
+ mbedtls_key_exchange_type_t key_ex);
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_SSL_CLI_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
+int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
@@ -1510,15 +1493,17 @@
* Return an opaque PSK
*/
static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
- const mbedtls_ssl_context *ssl )
+ const mbedtls_ssl_context *ssl)
{
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( ssl->handshake->psk_opaque );
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+ return ssl->handshake->psk_opaque;
+ }
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( ssl->conf->psk_opaque );
+ if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
+ return ssl->conf->psk_opaque;
+ }
- return( MBEDTLS_SVC_KEY_ID_INIT );
+ return MBEDTLS_SVC_KEY_ID_INIT;
}
#else
/**
@@ -1527,53 +1512,46 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk()
* Return a code and update the pair (PSK, PSK length) passed to this function
*/
-static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
- const unsigned char **psk, size_t *psk_len )
+static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
+ const unsigned char **psk, size_t *psk_len)
{
- if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
- {
+ if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
- }
-
- else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
- {
+ } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
- }
-
- else
- {
+ } else {
*psk = NULL;
*psk_len = 0;
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type);
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
#endif
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash);
+unsigned char mbedtls_ssl_hash_from_md_alg(int md);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
#endif
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
+int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
#if defined(MBEDTLS_ECP_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
#endif
/**
@@ -1592,9 +1570,9 @@
* The function can be called with both parameters as NULL
* simply to check if a specific TLS ID is supported.
*/
-int mbedtls_ssl_get_psa_curve_info_from_tls_id( uint16_t tls_id,
- psa_ecc_family_t *family,
- size_t* bits );
+int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
+ psa_ecc_family_t *family,
+ size_t *bits);
/**
* \brief Return \c mbedtls_ecp_group_id for the specified TLS ID.
@@ -1603,7 +1581,7 @@
* \return Proper \c mbedtls_ecp_group_id if the TLS ID is supported,
* or MBEDTLS_ECP_DP_NONE otherwise
*/
-mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id( uint16_t tls_id );
+mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id);
/**
* \brief Return TLS ID for the specified \c mbedtls_ecp_group_id.
@@ -1612,7 +1590,7 @@
* \return Proper TLS ID if the \c mbedtls_ecp_group_id is supported,
* or 0 otherwise
*/
-uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id( mbedtls_ecp_group_id grp_id );
+uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id);
#if defined(MBEDTLS_DEBUG_C)
/**
@@ -1622,15 +1600,14 @@
* \return A pointer to a const string with the proper name. If TLS
* ID is not supported, a NULL pointer is returned instead.
*/
-const char* mbedtls_ssl_get_curve_name_from_tls_id( uint16_t tls_id );
+const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id);
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
- ( const uint16_t srtp_profile_value )
+ (const uint16_t srtp_profile_value)
{
- switch( srtp_profile_value )
- {
+ switch (srtp_profile_value) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
@@ -1638,33 +1615,35 @@
return srtp_profile_value;
default: break;
}
- return( MBEDTLS_TLS_SRTP_UNSET );
+ return MBEDTLS_TLS_SRTP_UNSET;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
- else
+ } else {
key_cert = ssl->conf->key_cert;
+ }
- return( key_cert == NULL ? NULL : key_cert->key );
+ return key_cert == NULL ? NULL : key_cert->key;
}
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
key_cert = ssl->handshake->key_cert;
- else
+ } else {
key_cert = ssl->conf->key_cert;
+ }
- return( key_cert == NULL ? NULL : key_cert->cert );
+ return key_cert == NULL ? NULL : key_cert->cert;
}
/*
@@ -1677,159 +1656,159 @@
* Return 0 if everything is OK, -1 if not.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
- const mbedtls_ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint,
- uint32_t *flags );
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite,
+ int cert_endpoint,
+ uint32_t *flags);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_write_version( unsigned char version[2], int transport,
- mbedtls_ssl_protocol_version tls_version );
-uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
- int transport );
+void mbedtls_ssl_write_version(unsigned char version[2], int transport,
+ mbedtls_ssl_protocol_version tls_version);
+uint16_t mbedtls_ssl_read_version(const unsigned char version[2],
+ int transport);
-static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl)
{
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
((void) ssl);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- return( 13 );
- }
- else
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 13;
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
- return( 5 );
+ return 5;
}
}
-static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
{
- return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
+ return (size_t) (ssl->out_iv - ssl->out_hdr);
}
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 12 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 12;
+ }
#else
((void) ssl);
#endif
- return( 4 );
+ return 4;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl);
#endif
/* Visible for testing purposes only */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl);
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl);
#endif
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
- const mbedtls_ssl_session *src );
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg );
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#ifdef __cplusplus
}
#endif
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec );
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec);
/* Length of the "epoch" field in the record header */
-static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 2 );
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 2;
+ }
#else
((void) ssl);
#endif
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform);
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
-void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
- int partial );
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
+void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
+ int partial);
/*
* Send pending alert
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl);
/*
* Set pending fatal alert flag.
*/
-void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
- unsigned char alert_type,
- int alert_reason );
+void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl,
+ unsigned char alert_type,
+ int alert_reason);
/* Alias of mbedtls_ssl_pend_fatal_alert */
-#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value ) \
- mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
+#define MBEDTLS_SSL_PEND_FATAL_ALERT(type, user_return_value) \
+ mbedtls_ssl_pend_fatal_alert(ssl, type, user_return_value)
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl);
#endif
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl);
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
@@ -1837,61 +1816,61 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls13_only(const mbedtls_ssl_config *conf)
{
- return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
- conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
+ return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls12_only(const mbedtls_ssl_config *conf)
{
- return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
- conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 );
+ return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls13_enabled(const mbedtls_ssl_config *conf)
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
- conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 );
+ return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
+ conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3;
#else
((void) conf);
- return( 0 );
+ return 0;
#endif
}
-static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls12_enabled(const mbedtls_ssl_config *conf)
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
- conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 );
+ return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2;
#else
((void) conf);
- return( 0 );
+ return 0;
#endif
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13(const mbedtls_ssl_config *conf)
{
- return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
- conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
+ return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+ conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
- MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN];
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl);
/**
* \brief Given an SSL context and its associated configuration, write the TLS
@@ -1903,10 +1882,10 @@
* \param[out] out_len Length of the data written into the buffer \p buf
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len );
+int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len);
/**
* \brief TLS 1.3 client side state machine entry
@@ -1914,7 +1893,7 @@
* \param ssl SSL context
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl);
/**
* \brief TLS 1.3 server side state machine entry
@@ -1922,46 +1901,46 @@
* \param ssl SSL context
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl);
/*
* Helper functions around key exchange modes.
*/
-static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
- int kex_mode_mask )
+static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
+ int kex_mode_mask)
{
- return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
+ return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0;
}
-static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
+ return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
}
-static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+ return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
}
-static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+ return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
}
-static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+ return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
}
-static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+ return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
}
#if defined(MBEDTLS_SSL_SRV_C) && \
@@ -1976,41 +1955,41 @@
* \return 0 if at least one of the key exchange modes is supported,
* !=0 otherwise.
*/
-static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
- int kex_modes_mask )
+static inline unsigned mbedtls_ssl_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
+ int kex_modes_mask)
{
- return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 );
+ return (ssl->handshake->tls13_kex_modes & kex_modes_mask) == 0;
}
-static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_psk_enabled(mbedtls_ssl_context *ssl)
{
- return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
+ return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
}
static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled(
- mbedtls_ssl_context *ssl )
+ mbedtls_ssl_context *ssl)
{
- return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+ return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
}
-static inline int mbedtls_ssl_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+ return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
}
-static inline int mbedtls_ssl_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+ return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
}
-static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
{
- return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+ return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
}
#endif /* MBEDTLS_SSL_SRV_C &&
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -2021,68 +2000,68 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_check_received_extension(
- mbedtls_ssl_context *ssl,
- int hs_msg_type,
- unsigned int received_extension_type,
- uint32_t hs_msg_allowed_extensions_mask );
+ mbedtls_ssl_context *ssl,
+ int hs_msg_type,
+ unsigned int received_extension_type,
+ uint32_t hs_msg_allowed_extensions_mask);
static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask(
- mbedtls_ssl_context *ssl, unsigned int extension_type )
+ mbedtls_ssl_context *ssl, unsigned int extension_type)
{
ssl->handshake->sent_extensions |=
- mbedtls_ssl_get_extension_mask( extension_type );
+ mbedtls_ssl_get_extension_mask(extension_type);
}
/*
* Helper functions to check the selected key exchange mode.
*/
static inline int mbedtls_ssl_tls13_key_exchange_mode_check(
- mbedtls_ssl_context *ssl, int kex_mask )
+ mbedtls_ssl_context *ssl, int kex_mask)
{
- return( ( ssl->handshake->key_exchange_mode & kex_mask ) != 0 );
+ return (ssl->handshake->key_exchange_mode & kex_mask) != 0;
}
static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk(
- mbedtls_ssl_context *ssl )
+ mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+ return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
}
static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(
- mbedtls_ssl_context *ssl )
+ mbedtls_ssl_context *ssl)
{
- return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+ return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
}
/*
* Fetch TLS 1.3 handshake message header
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
+int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buf_len);
/*
* Handler of TLS 1.3 server certificate message
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* Handler of TLS 1.3 write Certificate message
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl);
/*
* Handler of TLS 1.3 write Certificate Verify message
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -2090,32 +2069,32 @@
* Generic handler of Certificate Verify
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl);
/*
* Write of dummy-CCS's for middlebox compatibility
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_ECDH_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
- mbedtls_ssl_context *ssl,
- uint16_t named_group,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len );
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len);
#endif /* MBEDTLS_ECDH_C */
#if defined(MBEDTLS_SSL_EARLY_DATA)
-int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *out_len );
+int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len);
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2125,24 +2104,24 @@
* Write Signature Algorithm extension
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
- const unsigned char *end, size_t *out_len );
+int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len);
/*
* Parse TLS Signature Algorithm extension
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end );
+int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end);
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/* Get handshake transcript */
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen );
+int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *olen);
/*
* Return supported groups.
@@ -2155,87 +2134,89 @@
* ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
*
*/
-static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
+static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
- return( ssl->conf->group_list );
+ return ssl->conf->group_list;
#else
- if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
- return( ssl->handshake->group_list );
- else
- return( ssl->conf->group_list );
+ if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) {
+ return ssl->handshake->group_list;
+ } else {
+ return ssl->conf->group_list;
+ }
#endif
}
/*
* Helper functions for NamedGroup.
*/
-static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
{
/*
* RFC 8422 section 5.1.1
*/
- return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
- /* Below deprecated curves should be removed with notice to users */
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
+ return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
+ /* Below deprecated curves should be removed with notice to users */
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1;
}
-static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group)
{
- return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
+ return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448;
}
-static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_dhe(uint16_t named_group)
{
- return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
+ return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
}
static inline int mbedtls_ssl_named_group_is_offered(
- const mbedtls_ssl_context *ssl, uint16_t named_group )
+ const mbedtls_ssl_context *ssl, uint16_t named_group)
{
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+ const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
- if( group_list == NULL )
- return( 0 );
-
- for( ; *group_list != 0; group_list++ )
- {
- if( *group_list == named_group )
- return( 1 );
+ if (group_list == NULL) {
+ return 0;
}
- return( 0 );
+ for (; *group_list != 0; group_list++) {
+ if (*group_list == named_group) {
+ return 1;
+ }
+ }
+
+ return 0;
}
-static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group )
+static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
{
#if defined(MBEDTLS_ECDH_C)
- if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
- {
- if( mbedtls_ssl_get_ecp_group_id_from_tls_id( named_group ) !=
- MBEDTLS_ECP_DP_NONE )
- return( 1 );
+ if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) {
+ if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) !=
+ MBEDTLS_ECP_DP_NONE) {
+ return 1;
+ }
}
#else
((void) named_group);
#endif /* MBEDTLS_ECDH_C */
- return( 0 );
+ return 0;
}
/*
@@ -2251,48 +2232,47 @@
*
*/
static inline const void *mbedtls_ssl_get_sig_algs(
- const mbedtls_ssl_context *ssl )
+ const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- if( ssl->handshake != NULL &&
+ if (ssl->handshake != NULL &&
ssl->handshake->sig_algs_heap_allocated == 1 &&
- ssl->handshake->sig_algs != NULL )
- {
- return( ssl->handshake->sig_algs );
+ ssl->handshake->sig_algs != NULL) {
+ return ssl->handshake->sig_algs;
}
#endif
- return( ssl->conf->sig_algs );
+ return ssl->conf->sig_algs;
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
((void) ssl);
- return( NULL );
+ return NULL;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl,
- uint16_t own_sig_alg )
+static inline int mbedtls_ssl_sig_alg_is_received(const mbedtls_ssl_context *ssl,
+ uint16_t own_sig_alg)
{
const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
- if( sig_alg == NULL )
- return( 0 );
-
- for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
- {
- if( *sig_alg == own_sig_alg )
- return( 1 );
+ if (sig_alg == NULL) {
+ return 0;
}
- return( 0 );
+
+ for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) {
+ if (*sig_alg == own_sig_alg) {
+ return 1;
+ }
+ }
+ return 0;
}
static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
- const uint16_t sig_alg )
+ const uint16_t sig_alg)
{
- switch( sig_alg )
- {
+ switch (sig_alg) {
#if defined(MBEDTLS_ECDSA_C)
#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
@@ -2323,17 +2303,16 @@
#endif /* PSA_WANT_ALG_SHA_512 */
#endif /* MBEDTLS_PKCS1_V21 */
default:
- return( 0 );
+ return 0;
}
- return( 1 );
+ return 1;
}
static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
- const uint16_t sig_alg )
+ const uint16_t sig_alg)
{
- switch( sig_alg )
- {
+ switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V15)
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
@@ -2349,44 +2328,45 @@
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_PKCS1_V15 */
default:
- return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
- sig_alg ) );
+ return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
+ sig_alg);
}
- return( 1 );
+ return 1;
}
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
- mbedtls_pk_context *key );
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
+ mbedtls_pk_context *key);
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
- uint16_t proposed_sig_alg )
+static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl,
+ uint16_t proposed_sig_alg)
{
- const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
- if( sig_alg == NULL )
- return( 0 );
-
- for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
- {
- if( *sig_alg == proposed_sig_alg )
- return( 1 );
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
+ if (sig_alg == NULL) {
+ return 0;
}
- return( 0 );
+
+ for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) {
+ if (*sig_alg == proposed_sig_alg) {
+ return 1;
+ }
+ }
+ return 0;
}
static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
- uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+ uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg)
{
- *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
- *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
+ *pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff);
+ *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff);
- if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
- return( 0 );
+ if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) {
+ return 0;
+ }
- switch( sig_alg )
- {
+ switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V21)
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
@@ -2407,22 +2387,21 @@
break;
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_PKCS1_V21 */
- default:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
- return( 0 );
+ default:
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ }
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
- const uint16_t sig_alg )
+ const uint16_t sig_alg)
{
/* High byte is hash */
- unsigned char hash = MBEDTLS_BYTE_1( sig_alg );
- unsigned char sig = MBEDTLS_BYTE_0( sig_alg );
+ unsigned char hash = MBEDTLS_BYTE_1(sig_alg);
+ unsigned char sig = MBEDTLS_BYTE_0(sig_alg);
- switch( hash )
- {
+ switch (hash) {
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
case MBEDTLS_SSL_HASH_MD5:
break;
@@ -2454,11 +2433,10 @@
#endif
default:
- return( 0 );
+ return 0;
}
- switch( sig )
- {
+ switch (sig) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_SSL_SIG_RSA:
break;
@@ -2469,35 +2447,33 @@
break;
#endif
- default:
- return( 0 );
+ default:
+ return 0;
}
- return( 1 );
+ return 1;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static inline int mbedtls_ssl_sig_alg_is_supported(
- const mbedtls_ssl_context *ssl,
- const uint16_t sig_alg )
+ const mbedtls_ssl_context *ssl,
+ const uint16_t sig_alg)
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
- {
- return( mbedtls_ssl_tls12_sig_alg_is_supported( sig_alg ) );
+ if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
+ return mbedtls_ssl_tls12_sig_alg_is_supported(sig_alg);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
- if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
- {
- return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) );
+ if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+ return mbedtls_ssl_tls13_sig_alg_is_supported(sig_alg);
}
#endif
((void) ssl);
((void) sig_alg);
- return( 0 );
+ return 0;
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -2526,11 +2502,11 @@
* \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if
* conversion is not supported.
*/
-psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
- size_t taglen,
- psa_algorithm_t *alg,
- psa_key_type_t *key_type,
- size_t *key_size );
+psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type,
+ size_t taglen,
+ psa_algorithm_t *alg,
+ psa_key_type_t *key_type,
+ size_t *key_size);
/**
* \brief Convert given PSA status to mbedtls error code.
@@ -2539,26 +2515,25 @@
*
* \return corresponding mbedtls error code
*/
-static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
+static inline int psa_ssl_status_to_mbedtls(psa_status_t status)
{
- switch( status )
- {
+ switch (status) {
case PSA_SUCCESS:
- return( 0 );
+ return 0;
case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
case PSA_ERROR_INVALID_SIGNATURE:
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
case PSA_ERROR_INVALID_ARGUMENT:
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
case PSA_ERROR_BAD_STATE:
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
default:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2584,9 +2559,9 @@
* \return 0 on success or a negative error code in case of failure
*/
int mbedtls_psa_ecjpake_read_round(
- psa_pake_operation_t *pake_ctx,
- const unsigned char *buf,
- size_t len, mbedtls_ecjpake_rounds_t round );
+ psa_pake_operation_t *pake_ctx,
+ const unsigned char *buf,
+ size_t len, mbedtls_ecjpake_rounds_t round);
/**
* \brief Write the first round of key exchange into the provided output
@@ -2602,10 +2577,10 @@
* \return 0 on success or a negative error code in case of failure
*/
int mbedtls_psa_ecjpake_write_round(
- psa_pake_operation_t *pake_ctx,
- unsigned char *buf,
- size_t len, size_t *olen,
- mbedtls_ecjpake_rounds_t round );
+ psa_pake_operation_t *pake_ctx,
+ unsigned char *buf,
+ size_t len, size_t *olen,
+ mbedtls_ecjpake_rounds_t round);
#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
@@ -2620,40 +2595,38 @@
} mbedtls_ssl_mode_t;
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
- const mbedtls_ssl_transform *transform );
+ const mbedtls_ssl_transform *transform);
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
- int encrypt_then_mac,
- const mbedtls_ssl_ciphersuite_t *suite );
+ int encrypt_then_mac,
+ const mbedtls_ssl_ciphersuite_t *suite);
#else
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
- const mbedtls_ssl_ciphersuite_t *suite );
+ const mbedtls_ssl_ciphersuite_t *suite);
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
#if defined(MBEDTLS_ECDH_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t buf_len );
+int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t buf_len);
#endif /* MBEDTLS_ECDH_C */
static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
- mbedtls_ssl_context *ssl, int cipher_suite )
+ mbedtls_ssl_context *ssl, int cipher_suite)
{
const int *ciphersuite_list = ssl->conf->ciphersuite_list;
/* Check whether we have offered this ciphersuite */
- for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
- {
- if( ciphersuite_list[i] == cipher_suite )
- {
- return( 1 );
+ for (size_t i = 0; ciphersuite_list[i] != 0; i++) {
+ if (ciphersuite_list[i] == cipher_suite) {
+ return 1;
}
}
- return( 0 );
+ return 0;
}
/**
@@ -2671,35 +2644,35 @@
const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info,
mbedtls_ssl_protocol_version min_tls_version,
- mbedtls_ssl_protocol_version max_tls_version );
+ mbedtls_ssl_protocol_version max_tls_version);
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end );
+int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end );
+int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end);
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len );
+int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len);
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_TEST_HOOKS)
int mbedtls_ssl_check_dtls_clihlo_cookie(
- mbedtls_ssl_context *ssl,
- const unsigned char *cli_id, size_t cli_id_len,
- const unsigned char *in, size_t in_len,
- unsigned char *obuf, size_t buf_len, size_t *olen );
+ mbedtls_ssl_context *ssl,
+ const unsigned char *cli_id, size_t cli_id_len,
+ const unsigned char *in, size_t in_len,
+ unsigned char *obuf, size_t buf_len, size_t *olen);
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -2720,7 +2693,7 @@
int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end,
- size_t *out_len, size_t *binders_len );
+ size_t *out_len, size_t *binders_len);
/**
* \brief Given an SSL context and its associated configuration, write the TLS
@@ -2734,7 +2707,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl,
- unsigned char *buf, unsigned char *end );
+ unsigned char *buf, unsigned char *end);
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
@@ -2742,8 +2715,8 @@
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
defined(MBEDTLS_SSL_CLI_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
- const char *hostname );
+int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session,
+ const char *hostname);
#endif
#endif /* ssl_misc.h */