Apply clang formatting.
Executed with:
`find . -regextype posix-egrep -regex ".*\.([hc]|fmt|function)" | xargs -L1 clang-format-12 -i`
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index de33e4e..851d6cd 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -28,37 +28,37 @@
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+# include "psa/crypto.h"
#endif
#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
+# include "mbedtls/md5.h"
#endif
#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
+# include "mbedtls/sha1.h"
#endif
#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
+# include "mbedtls/sha256.h"
#endif
#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
+# include "mbedtls/sha512.h"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#include "mbedtls/ecjpake.h"
+# include "mbedtls/ecjpake.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
+# include "psa/crypto.h"
+# include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+ !defined(__cplusplus)
+# define inline __inline
#endif
/* Legacy minor version numbers as defined by:
@@ -69,38 +69,37 @@
* constants as part of negotiating with the peer, so keep them available
* internally.
*/
-#define MBEDTLS_SSL_MINOR_VERSION_1 1
-#define MBEDTLS_SSL_MINOR_VERSION_2 2
+#define MBEDTLS_SSL_MINOR_VERSION_1 1
+#define MBEDTLS_SSL_MINOR_VERSION_2 2
/* Determine minimum supported version */
-#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
+# define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
/* Determine maximum supported version */
-#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
+# define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Shorthand for restartable ECC */
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
- defined(MBEDTLS_SSL_CLI_C) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
+# define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
#endif
-#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
-#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
-#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
-#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
+#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
+#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
+#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
+#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
/*
* DTLS retransmission states, see RFC 6347 4.2.4
@@ -110,10 +109,10 @@
*
* Note: initial state is wrong for server, but is not used anyway.
*/
-#define MBEDTLS_SSL_RETRANS_PREPARING 0
-#define MBEDTLS_SSL_RETRANS_SENDING 1
-#define MBEDTLS_SSL_RETRANS_WAITING 2
-#define MBEDTLS_SSL_RETRANS_FINISHED 3
+#define MBEDTLS_SSL_RETRANS_PREPARING 0
+#define MBEDTLS_SSL_RETRANS_SENDING 1
+#define MBEDTLS_SSL_RETRANS_WAITING 2
+#define MBEDTLS_SSL_RETRANS_FINISHED 3
/*
* Allow extra bytes for record, authentication and encryption overhead:
@@ -123,70 +122,68 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* This macro determines whether CBC is supported. */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || \
- defined(MBEDTLS_CAMELLIA_C) || \
- defined(MBEDTLS_ARIA_C) || \
- defined(MBEDTLS_DES_C) )
-#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
-#endif
+# if defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ (defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_DES_C))
+# define MBEDTLS_SSL_SOME_SUITES_USE_CBC
+# endif
/* This macro determines whether a ciphersuite using a
* stream cipher can be used. */
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
-#endif
+# if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+# define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
+# endif
-/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
-#endif
+/* This macro determines whether the CBC construct used in TLS 1.2 is supported.
+ */
+# if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+# define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
+# endif
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \
- defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
-#endif
+# if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
+# define MBEDTLS_SSL_SOME_SUITES_USE_MAC
+# endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
-#elif defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
-#else
-#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
-#endif
+# if defined(MBEDTLS_SHA384_C)
+# define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
+# elif defined(MBEDTLS_SHA256_C)
+# define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
+# else
+# define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
+# endif
#else /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
-#define MBEDTLS_SSL_MAC_ADD 16
+# define MBEDTLS_SSL_MAC_ADD 16
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_SSL_PADDING_ADD 256
+# define MBEDTLS_SSL_PADDING_ADD 256
#else
-#define MBEDTLS_SSL_PADDING_ADD 0
+# define MBEDTLS_SSL_PADDING_ADD 0
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+# define MBEDTLS_SSL_MAX_CID_EXPANSION \
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
#else
-#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
+# define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_MAX_IV_LENGTH + \
- MBEDTLS_SSL_MAC_ADD + \
- MBEDTLS_SSL_PADDING_ADD + \
- MBEDTLS_SSL_MAX_CID_EXPANSION \
- )
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD \
+ (MBEDTLS_MAX_IV_LENGTH + MBEDTLS_SSL_MAC_ADD + MBEDTLS_SSL_PADDING_ADD + \
+ MBEDTLS_SSL_MAX_CID_EXPANSION)
-#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
+#define MBEDTLS_SSL_IN_PAYLOAD_LEN \
+ (MBEDTLS_SSL_PAYLOAD_OVERHEAD + (MBEDTLS_SSL_IN_CONTENT_LEN))
-#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
- ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+#define MBEDTLS_SSL_OUT_PAYLOAD_LEN \
+ (MBEDTLS_SSL_PAYLOAD_OVERHEAD + (MBEDTLS_SSL_OUT_CONTENT_LEN))
/* The maximum number of buffered handshake messages. */
#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
@@ -195,36 +192,35 @@
RFC 6066 max_fragment_length extension negotiation purposes
(the lesser of both sizes, if they are unequal.)
*/
-#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
- (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
- ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
- : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
- )
+#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN \
+ ((MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) ? \
+ (MBEDTLS_SSL_OUT_CONTENT_LEN) : \
+ (MBEDTLS_SSL_IN_CONTENT_LEN))
/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
-#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
+#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
-#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
+#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
/*
* Check that we obey the standard's message size bounds
*/
#if MBEDTLS_SSL_IN_CONTENT_LEN > 16384
-#error "Bad configuration - incoming record content too large."
+# error "Bad configuration - incoming record content too large."
#endif
#if MBEDTLS_SSL_OUT_CONTENT_LEN > 16384
-#error "Bad configuration - outgoing record content too large."
+# error "Bad configuration - outgoing record content too large."
#endif
#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_IN_CONTENT_LEN + 2048
-#error "Bad configuration - incoming protected record payload too large."
+# error "Bad configuration - incoming protected record payload too large."
#endif
#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN + 2048
-#error "Bad configuration - outgoing protected record payload too large."
+# error "Bad configuration - outgoing protected record payload too large."
#endif
/* Calculate buffer sizes */
@@ -235,21 +231,21 @@
#define MBEDTLS_SSL_HEADER_LEN 13
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+# define MBEDTLS_SSL_IN_BUFFER_LEN \
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN))
#else
-#define MBEDTLS_SSL_IN_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+# define MBEDTLS_SSL_IN_BUFFER_LEN \
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) + \
+ (MBEDTLS_SSL_CID_IN_LEN_MAX))
#endif
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+# define MBEDTLS_SSL_OUT_BUFFER_LEN \
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN))
#else
-#define MBEDTLS_SSL_OUT_BUFFER_LEN \
- ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
- + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+# define MBEDTLS_SSL_OUT_BUFFER_LEN \
+ ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) + \
+ (MBEDTLS_SSL_CID_OUT_LEN_MAX))
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -266,7 +262,7 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl);
/**
* \brief Return the maximum fragment length (payload, in bytes) for
@@ -282,32 +278,32 @@
*
* \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t
+mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_OUT_LEN_MAX;
-#else
- return mbedtls_ssl_get_output_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
-#endif
+# if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_output_max_frag_len(ctx) + MBEDTLS_SSL_HEADER_LEN +
+ MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_OUT_LEN_MAX;
+# else
+ return mbedtls_ssl_get_output_max_frag_len(ctx) + MBEDTLS_SSL_HEADER_LEN +
+ MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+# endif
}
-static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t
+mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx)
{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
- + MBEDTLS_SSL_CID_IN_LEN_MAX;
-#else
- return mbedtls_ssl_get_input_max_frag_len( ctx )
- + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
-#endif
+# if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ return mbedtls_ssl_get_input_max_frag_len(ctx) + MBEDTLS_SSL_HEADER_LEN +
+ MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_CID_IN_LEN_MAX;
+# else
+ return mbedtls_ssl_get_input_max_frag_len(ctx) + MBEDTLS_SSL_HEADER_LEN +
+ MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+# endif
}
#endif
@@ -330,10 +326,10 @@
* \return Zero if the needed space is available in the buffer, non-zero
* otherwise.
*/
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
- const uint8_t *end, size_t need )
+static inline int
+mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, const uint8_t *end, size_t need)
{
- return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+ return ((cur > end) || (need > (size_t)(end - cur)));
}
/**
@@ -346,13 +342,12 @@
* \param need Needed space in bytes.
*
*/
-#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
- do { \
- if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
- { \
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ; \
- } \
- } while( 0 )
+#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \
+ do { \
+ if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) { \
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \
+ } \
+ } while (0)
#ifdef __cplusplus
extern "C" {
@@ -363,8 +358,7 @@
/*
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
*/
-struct mbedtls_ssl_sig_hash_set_t
-{
+struct mbedtls_ssl_sig_hash_set_t {
/* At the moment, we only need to remember a single suitable
* hash algorithm per signature algorithm. As long as that's
* the case - and we don't need a general lookup function -
@@ -373,13 +367,16 @@
mbedtls_md_type_t rsa;
mbedtls_md_type_t ecdsa;
};
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && \
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret,
+ size_t slen,
+ const char *label,
+ const unsigned char *random,
+ size_t rlen,
+ unsigned char *dstbuf,
+ size_t dlen);
/* cipher.h exports the maximum IV, key and block length from
* all ciphers enabled in the config, regardless of whether those
@@ -405,39 +402,38 @@
* \brief The data structure holding the cryptographic material (key and IV)
* used for record protection in TLS 1.3.
*/
-struct mbedtls_ssl_key_set
-{
+struct mbedtls_ssl_key_set {
/*! The key for client->server records. */
- unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The key for server->client records. */
- unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+ unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
/*! The IV for client->server records. */
- unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
/*! The IV for server->client records. */
- unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+ unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
size_t key_len; /*!< The length of client_write_key and
* server_write_key, in Bytes. */
- size_t iv_len; /*!< The length of client_write_iv and
- * server_write_iv, in Bytes. */
+ size_t iv_len; /*!< The length of client_write_iv and
+ * server_write_iv, in Bytes. */
};
typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
/*
* This structure contains the parameters only needed during handshake.
*/
-struct mbedtls_ssl_handshake_params
-{
+struct mbedtls_ssl_handshake_params {
/*
* Handshake specific crypto variables
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
+ mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs
+ */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
+ mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
@@ -445,104 +441,103 @@
* MBEDTLS_ECDSA_C which does not seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
- mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
+ mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t ecdh_psa_type;
uint16_t ecdh_bits;
psa_key_id_t ecdh_psa_privkey;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
-#if defined(MBEDTLS_SSL_CLI_C)
- unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
- size_t ecjpake_cache_len; /*!< Length of cached data */
-#endif
+ mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
+# if defined(MBEDTLS_SSL_CLI_C)
+ unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
+ size_t ecjpake_cache_len; /*!< Length of cached data */
+# endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
+ const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *psk; /*!< PSK from the callback */
- size_t psk_len; /*!< Length of PSK from callback */
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
+ unsigned char *psk; /*!< PSK from the callback */
+ size_t psk_len; /*!< Length of PSK from callback */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- int sni_authmode; /*!< authmode from SNI callback */
+ mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
+# if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ int sni_authmode; /*!< authmode from SNI callback */
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
- mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
- mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+ mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
+ mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
+# endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- int ecrs_enabled; /*!< Handshake supports EC restart? */
- mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
- enum { /* this complements ssl->state with info on intra-state operations */
- ssl_ecrs_none = 0, /*!< nothing going on (yet) */
- ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
- ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
- ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
- ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
- } ecrs_state; /*!< current (or last) operation */
- mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */
- size_t ecrs_n; /*!< place for saving a length */
+ int ecrs_enabled; /*!< Handshake supports EC restart? */
+ mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
+ enum
+ { /* this complements ssl->state with info on intra-state operations */
+ ssl_ecrs_none = 0, /*!< nothing going on (yet) */
+ ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
+ ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
+ ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
+ ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
+ } ecrs_state; /*!< current (or last) operation */
+ mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */
+ size_t ecrs_n; /*!< place for saving a length */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
+ mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
- unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
+ unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
+ unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
- unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
- Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length
- Srv: flag for sending a cookie */
+ unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
+ Srv: unused */
+ unsigned char verify_cookie_len; /*!< Cli: cookie length
+ Srv: flag for sending a cookie */
- uint32_t retransmit_timeout; /*!< Current value of timeout */
- unsigned char retransmit_state; /*!< Retransmission state */
- mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
- mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
- unsigned char *cur_msg_p; /*!< Position in current message */
- unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
- flight being received */
- mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
- resending messages */
- unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
- for resending messages */
+ uint32_t retransmit_timeout; /*!< Current value of timeout */
+ unsigned char retransmit_state; /*!< Retransmission state */
+ mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
+ mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
+ unsigned char *cur_msg_p; /*!< Position in current message */
+ unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
+ flight being received */
+ mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
+ resending messages */
+ unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
+ for resending messages */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+# if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* The state of CID configuration in this handshake. */
uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
* has been negotiated. Possible values are
* #MBEDTLS_SSL_CID_ENABLED and
* #MBEDTLS_SSL_CID_DISABLED. */
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
- uint8_t peer_cid_len; /*!< The length of
- * \c peer_cid. */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */
+ uint8_t peer_cid_len; /*!< The length of
+ * \c peer_cid. */
+# endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- struct
- {
+ struct {
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
* buffers used for message buffering. */
- uint8_t seen_ccs; /*!< Indicates if a CCS message has
- * been seen in the current flight. */
+ uint8_t seen_ccs; /*!< Indicates if a CCS message has
+ * been seen in the current flight. */
- struct mbedtls_ssl_hs_buffer
- {
+ struct mbedtls_ssl_hs_buffer {
unsigned is_valid : 1;
unsigned is_fragmented : 1;
unsigned is_complete : 1;
@@ -550,8 +545,7 @@
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
- struct
- {
+ struct {
unsigned char *data;
size_t len;
unsigned epoch;
@@ -559,56 +553,59 @@
} buffering;
- uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
+ uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Checksum contexts
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_SHA256_C)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
-#else
+# else
mbedtls_sha256_context fin_sha256;
-#endif
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# endif
+# endif
+# if defined(MBEDTLS_SHA384_C)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha384_psa;
-#else
+# else
mbedtls_sha512_context fin_sha512;
-#endif
-#endif
+# endif
+# endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
+ void (*update_checksum)(mbedtls_ssl_context *,
+ const unsigned char *,
+ size_t);
void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
mbedtls_ssl_tls_prf_cb *tls_prf;
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
- size_t pmslen; /*!< premaster length */
+ size_t pmslen; /*!< premaster length */
- unsigned char randbytes[64]; /*!< random bytes */
+ unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
- /*!< premaster secret */
+ /*!< premaster secret */
- int resume; /*!< session resume indicator*/
- int max_major_ver; /*!< max. major version client*/
- int max_minor_ver; /*!< max. minor version client*/
- int cli_exts; /*!< client extension presence*/
+ int resume; /*!< session resume indicator*/
+ int max_major_ver; /*!< max. major version client*/
+ int max_minor_ver; /*!< max. minor version client*/
+ int cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- int new_session_ticket; /*!< use NewSessionTicket? */
+ int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- int extended_ms; /*!< use Extended Master Secret? */
+ int extended_ms; /*!< use Extended Master Secret? */
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
+ unsigned int async_in_progress : 1; /*!< an asynchronous operation is in
+ progress */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -702,40 +699,39 @@
* in other transformations.
*
*/
-struct mbedtls_ssl_transform
-{
+struct mbedtls_ssl_transform {
/*
* Session specific crypto layer
*/
- size_t minlen; /*!< min. ciphertext length */
- size_t ivlen; /*!< IV length */
- size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
- size_t maclen; /*!< MAC(CBC) len */
- size_t taglen; /*!< TAG(AEAD) len */
+ size_t minlen; /*!< min. ciphertext length */
+ size_t ivlen; /*!< IV length */
+ size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
+ size_t maclen; /*!< MAC(CBC) len */
+ size_t taglen; /*!< TAG(AEAD) len */
- unsigned char iv_enc[16]; /*!< IV (encryption) */
- unsigned char iv_dec[16]; /*!< IV (decryption) */
+ unsigned char iv_enc[16]; /*!< IV (encryption) */
+ unsigned char iv_dec[16]; /*!< IV (decryption) */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
- mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+ mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
+ mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac; /*!< flag for EtM activation */
-#endif
+# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac; /*!< flag for EtM activation */
+# endif
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
- mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
+ mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
+ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
int minor_ver;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
uint8_t out_cid_len;
- unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
- unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char in_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
+ unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -749,14 +745,14 @@
* Return 1 if the transform uses an AEAD cipher, 0 otherwise.
* Equivalently, return 0 if a separate MAC is used, 1 otherwise.
*/
-static inline int mbedtls_ssl_transform_uses_aead(
- const mbedtls_ssl_transform *transform )
+static inline int
+mbedtls_ssl_transform_uses_aead(const mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- return transform->maclen == 0 && transform->taglen != 0 ;
+ return transform->maclen == 0 && transform->taglen != 0;
#else
- (void) transform;
- return 1 ;
+ (void)transform;
+ return 1;
#endif
}
@@ -781,36 +777,35 @@
*
*/
#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
-#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
+# define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
#else
-#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
+# define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
-typedef struct
-{
- uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
- * In DTLS: The 2-byte epoch followed by
- * the 6-byte sequence number.
- * This is stored as a raw big endian byte array
- * as opposed to a uint64_t because we rarely
- * need to perform arithmetic on this, but do
- * need it as a Byte array for the purpose of
- * MAC computations. */
- uint8_t type; /* The record content type. */
- uint8_t ver[2]; /* SSL/TLS version as present on the wire.
- * Convert to internal presentation of versions
- * using mbedtls_ssl_read_version() and
- * mbedtls_ssl_write_version().
- * Keep wire-format for MAC computations. */
+typedef struct {
+ uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
+ * In DTLS: The 2-byte epoch followed by
+ * the 6-byte sequence number.
+ * This is stored as a raw big endian byte array
+ * as opposed to a uint64_t because we rarely
+ * need to perform arithmetic on this, but do
+ * need it as a Byte array for the purpose of
+ * MAC computations. */
+ uint8_t type; /* The record content type. */
+ uint8_t ver[2]; /* SSL/TLS version as present on the wire.
+ * Convert to internal presentation of versions
+ * using mbedtls_ssl_read_version() and
+ * mbedtls_ssl_write_version().
+ * Keep wire-format for MAC computations. */
- unsigned char *buf; /* Memory buffer enclosing the record content */
- size_t buf_len; /* Buffer length */
- size_t data_offset; /* Offset of record content */
- size_t data_len; /* Length of record content */
+ unsigned char *buf; /* Memory buffer enclosing the record content */
+ size_t buf_len; /* Buffer length */
+ size_t data_offset; /* Offset of record content */
+ size_t data_len; /* Length of record content */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- uint8_t cid_len; /* Length of the CID (0 if not present) */
- unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
+ uint8_t cid_len; /* Length of the CID (0 if not present) */
+ unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
} mbedtls_record;
@@ -818,11 +813,10 @@
/*
* List of certificate + private key pairs
*/
-struct mbedtls_ssl_key_cert
-{
- mbedtls_x509_crt *cert; /*!< cert */
- mbedtls_pk_context *key; /*!< private key */
- mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
+struct mbedtls_ssl_key_cert {
+ mbedtls_x509_crt *cert; /*!< cert */
+ mbedtls_pk_context *key; /*!< private key */
+ mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -830,12 +824,11 @@
/*
* List of handshake messages kept around for resending
*/
-struct mbedtls_ssl_flight_item
-{
- unsigned char *p; /*!< message, including handshake headers */
- size_t len; /*!< length of p */
- unsigned char type; /*!< type of the message: handshake or CCS */
- mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
+struct mbedtls_ssl_flight_item {
+ unsigned char *p; /*!< message, including handshake headers */
+ size_t len; /*!< length of p */
+ unsigned char type; /*!< type of the message: handshake or CCS */
+ mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
};
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -843,23 +836,24 @@
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg );
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg);
/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg,
- mbedtls_md_type_t md_alg );
+void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg);
/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_md_type_t md_alg );
+void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg);
/* Setup an empty signature-hash set */
-static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
+static inline void
+mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
{
- mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
+ mbedtls_ssl_sig_hash_set_const_hash(set, MBEDTLS_MD_NONE);
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2) && \
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/**
@@ -868,7 +862,7 @@
*
* \param transform SSL transform context
*/
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform);
/**
* \brief Free referenced items in an SSL handshake context and clear
@@ -876,20 +870,20 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
/**
* \brief Update record layer
@@ -967,28 +961,30 @@
* following the above definition.
*
*/
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
- unsigned update_hs_digest );
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest);
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want);
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush);
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+void mbedtls_ssl_optimize_checksum(
+ mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
+ mbedtls_key_exchange_type_t key_ex);
/**
* Get the first defined PSK by order of precedence:
@@ -996,32 +992,30 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk()
* Return a code and update the pair (PSK, PSK length) passed to this function
*/
-static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
- const unsigned char **psk, size_t *psk_len )
+static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
+ const unsigned char **psk,
+ size_t *psk_len)
{
- if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
- {
+ if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
}
- else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
- {
+ else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
}
- else
- {
+ else {
*psk = NULL;
*psk_len = 0;
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ;
+ return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
}
- return 0 ;
+ return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* Get the first defined opaque PSK by order of precedence:
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
@@ -1029,80 +1023,81 @@
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
* Return an opaque PSK
*/
-static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
- const mbedtls_ssl_context *ssl )
+static inline psa_key_id_t
+mbedtls_ssl_get_opaque_psk(const mbedtls_ssl_context *ssl)
{
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return ssl->handshake->psk_opaque ;
+ if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque))
+ return ssl->handshake->psk_opaque;
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return ssl->conf->psk_opaque ;
+ if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque))
+ return ssl->conf->psk_opaque;
- return MBEDTLS_SVC_KEY_ID_INIT ;
+ return MBEDTLS_SVC_KEY_ID_INIT;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type);
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
#endif
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash);
+unsigned char mbedtls_ssl_hash_from_md_alg(int md);
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
#if defined(MBEDTLS_ECP_C)
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl,
+ mbedtls_ecp_group_id grp_id);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
- mbedtls_md_type_t md );
+int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl,
+ mbedtls_md_type_t md);
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
- ( const uint16_t srtp_profile_value )
+static inline mbedtls_ssl_srtp_profile
+mbedtls_ssl_check_srtp_profile_value(const uint16_t srtp_profile_value)
{
- switch( srtp_profile_value )
- {
+ switch (srtp_profile_value) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
return srtp_profile_value;
- default: break;
+ default:
+ break;
}
- return MBEDTLS_TLS_SRTP_UNSET ;
+ return MBEDTLS_TLS_SRTP_UNSET;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL)
key_cert = ssl->handshake->key_cert;
else
key_cert = ssl->conf->key_cert;
- return key_cert == NULL ? NULL : key_cert->key ;
+ return key_cert == NULL ? NULL : key_cert->key;
}
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *key_cert;
- if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+ if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL)
key_cert = ssl->handshake->key_cert;
else
key_cert = ssl->conf->key_cert;
- return key_cert == NULL ? NULL : key_cert->cert ;
+ return key_cert == NULL ? NULL : key_cert->cert;
}
/*
@@ -1114,77 +1109,79 @@
*
* Return 0 if everything is OK, -1 if not.
*/
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
- const mbedtls_ssl_ciphersuite_t *ciphersuite,
- int cert_endpoint,
- uint32_t *flags );
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+ const mbedtls_ssl_ciphersuite_t *ciphersuite,
+ int cert_endpoint,
+ uint32_t *flags);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_write_version( int major, int minor, int transport,
- unsigned char ver[2] );
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
- const unsigned char ver[2] );
+void mbedtls_ssl_write_version(int major,
+ int minor,
+ int transport,
+ unsigned char ver[2]);
+void mbedtls_ssl_read_version(int *major,
+ int *minor,
+ int transport,
+ const unsigned char ver[2]);
-static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl)
{
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
- ((void) ssl);
+ ((void)ssl);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- return 13 ;
- }
- else
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 13;
+ } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
- return 5 ;
+ return 5;
}
}
-static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
{
- return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
+ return ((size_t)(ssl->out_iv - ssl->out_hdr));
}
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return 12 ;
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM)
+ return 12;
#else
- ((void) ssl);
+ ((void)ssl);
#endif
- return 4 ;
+ return 4;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl);
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl);
#endif
/* Visible for testing purposes only */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl);
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl);
#endif
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
- const mbedtls_ssl_session *src );
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src);
/* constant-time buffer comparison */
-static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
+static inline int
+mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
{
size_t i;
- volatile const unsigned char *A = (volatile const unsigned char *) a;
- volatile const unsigned char *B = (volatile const unsigned char *) b;
+ volatile const unsigned char *A = (volatile const unsigned char *)a;
+ volatile const unsigned char *B = (volatile const unsigned char *)b;
volatile unsigned char diff = 0;
- for( i = 0; i < n; i++ )
- {
+ for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@@ -1192,71 +1189,73 @@
diff |= x ^ y;
}
- return diff ;
+ return diff;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg );
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hashlen,
+ unsigned char *data,
+ size_t data_len,
+ mbedtls_md_type_t md_alg);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#ifdef __cplusplus
}
#endif
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
- mbedtls_ssl_transform *transform,
- mbedtls_record *rec );
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform);
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec);
/* Length of the "epoch" field in the record header */
-static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return 2 ;
+ if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM)
+ return 2;
#else
- ((void) ssl);
+ ((void)ssl);
#endif
- return 0 ;
+ return 0;
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform);
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl);
#endif
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl);
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#endif /* ssl_misc.h */