aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/record/methods/dtls_meth.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/record/methods/dtls_meth.c')
-rw-r--r--crypto/openssl/ssl/record/methods/dtls_meth.c138
1 files changed, 68 insertions, 70 deletions
diff --git a/crypto/openssl/ssl/record/methods/dtls_meth.c b/crypto/openssl/ssl/record/methods/dtls_meth.c
index 99cb532d03c3..8cbd7678e193 100644
--- a/crypto/openssl/ssl/record/methods/dtls_meth.c
+++ b/crypto/openssl/ssl/record/methods/dtls_meth.c
@@ -46,20 +46,20 @@ static int dtls_record_replay_check(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
ossl_tls_rl_record_set_seq_num(&rl->rrec[0], seq);
- return 1; /* this record in new */
+ return 1; /* this record in new */
}
shift = -cmp;
if (shift >= sizeof(bitmap->map) * 8)
- return 0; /* stale, outside the window */
+ return 0; /* stale, outside the window */
else if (bitmap->map & ((uint64_t)1 << shift))
- return 0; /* record previously received */
+ return 0; /* record previously received */
ossl_tls_rl_record_set_seq_num(&rl->rrec[0], seq);
return 1;
}
static void dtls_record_bitmap_update(OSSL_RECORD_LAYER *rl,
- DTLS_BITMAP *bitmap)
+ DTLS_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
@@ -81,7 +81,7 @@ static void dtls_record_bitmap_update(OSSL_RECORD_LAYER *rl,
}
static DTLS_BITMAP *dtls_get_bitmap(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rr,
- unsigned int *is_next_epoch)
+ unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
@@ -171,7 +171,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
i = rl->funcs->mac(rl, rr, md, 0 /* not send */);
if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
return 0;
}
/*
@@ -207,15 +207,17 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
goto end;
}
ERR_clear_last_mark();
- OSSL_TRACE_BEGIN(TLS) {
+ OSSL_TRACE_BEGIN(TLS)
+ {
BIO_printf(trc_out, "dec %zd\n", rr->length);
BIO_dump_indent(trc_out, rr->data, rr->length, 4);
- } OSSL_TRACE_END(TLS);
+ }
+ OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
if (!rl->use_etm
- && (rl->enc_ctx != NULL)
- && (EVP_MD_CTX_get0_md(rl->md_ctx) != NULL)) {
+ && (rl->enc_ctx != NULL)
+ && (EVP_MD_CTX_get0_md(rl->md_ctx) != NULL)) {
/* rl->md_ctx != NULL => mac_size != -1 */
i = rl->funcs->mac(rl, rr, md, 0 /* not send */);
@@ -237,7 +239,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
if (rl->compctx != NULL) {
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto end;
}
if (!tls_do_uncompress(rl, rr)) {
@@ -272,14 +274,14 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
dtls_record_bitmap_update(rl, bitmap);
ret = 1;
- end:
+end:
if (macbuf.alloced)
OPENSSL_free(macbuf.mac);
return ret;
}
static int dtls_rlayer_buffer_record(OSSL_RECORD_LAYER *rl, struct pqueue_st *queue,
- unsigned char *priority)
+ unsigned char *priority)
{
DTLS_RLAYER_RECORD_DATA *rdata;
pitem *item;
@@ -348,7 +350,7 @@ static int dtls_copy_rlayer_record(OSSL_RECORD_LAYER *rl, pitem *item)
}
static int dtls_retrieve_rlayer_buffered_record(OSSL_RECORD_LAYER *rl,
- struct pqueue_st *queue)
+ struct pqueue_st *queue)
{
pitem *item;
@@ -397,7 +399,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
}
- again:
+again:
/* if we're renegotiating, then there may be buffered records */
if (dtls_retrieve_rlayer_buffered_record(rl, rl->processed_rcds)) {
rl->num_recs = 1;
@@ -407,14 +409,13 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
/* get something from the wire */
/* check if we have the header */
- if ((rl->rstate != SSL_ST_READ_BODY) ||
- (rl->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+ if ((rl->rstate != SSL_ST_READ_BODY) || (rl->packet_length < DTLS1_RT_HEADER_LENGTH)) {
rret = rl->funcs->read_n(rl, DTLS1_RT_HEADER_LENGTH,
- TLS_BUFFER_get_len(&rl->rbuf), 0, 1, &n);
+ TLS_BUFFER_get_len(&rl->rbuf), 0, 1, &n);
/* read timeout is handled by dtls1_read_bytes */
if (rret < OSSL_RECORD_RETURN_SUCCESS) {
/* RLAYERfatal() already called if appropriate */
- return rret; /* error or non-blocking */
+ return rret; /* error or non-blocking */
}
/* this packet contained a partial record, dump it */
@@ -443,7 +444,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (rl->msg_callback != NULL)
rl->msg_callback(0, rr->rec_version, SSL3_RT_HEADER, rl->packet, DTLS1_RT_HEADER_LENGTH,
- rl->cbarg);
+ rl->cbarg);
/*
* Lets check the version. We tolerate alerts that don't have the exact
@@ -458,9 +459,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
}
- if (ssl_major !=
- (rl->version == DTLS_ANY_VERSION ? DTLS1_VERSION_MAJOR
- : rl->version >> 8)) {
+ if (ssl_major != (rl->version == DTLS_ANY_VERSION ? DTLS1_VERSION_MAJOR : rl->version >> 8)) {
/* wrong version, silently discard record */
rr->length = 0;
rl->packet_length = 0;
@@ -518,7 +517,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (bitmap == NULL) {
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
#ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */
@@ -528,7 +527,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (!dtls_record_replay_check(rl, bitmap)) {
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
#ifndef OPENSSL_NO_SCTP
}
@@ -546,7 +545,8 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (is_next_epoch) {
if (rl->in_init) {
if (dtls_rlayer_buffer_record(rl, rl->unprocessed_rcds,
- rr->seq_num) < 0) {
+ rr->seq_num)
+ < 0) {
/* RLAYERfatal() already called */
return OSSL_RECORD_RETURN_FATAL;
}
@@ -563,7 +563,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
if (rl->funcs->post_process_record && !rl->funcs->post_process_record(rl, rr)) {
@@ -606,7 +606,7 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
rdata = (DTLS_RLAYER_RECORD_DATA *)item->data;
/* Push to the next record layer */
ret &= BIO_write_ex(rl->next, rdata->packet, rdata->packet_length,
- &written);
+ &written);
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(item->data);
pitem_free(item);
@@ -614,7 +614,7 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
pqueue_free(rl->unprocessed_rcds);
}
- if (rl->processed_rcds!= NULL) {
+ if (rl->processed_rcds != NULL) {
while ((item = pqueue_pop(rl->processed_rcds)) != NULL) {
rdata = (DTLS_RLAYER_RECORD_DATA *)item->data;
OPENSSL_free(rdata->rbuf.buf);
@@ -629,25 +629,25 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
static int
dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level, uint16_t epoch,
- unsigned char *secret, size_t secretlen,
- unsigned char *key, size_t keylen, unsigned char *iv,
- size_t ivlen, unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph, size_t taglen,
- int mactype,
- const EVP_MD *md, COMP_METHOD *comp,
- const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
- BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
- const OSSL_PARAM *settings, const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
- OSSL_RECORD_LAYER **retrl)
+ int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen, unsigned char *iv,
+ size_t ivlen, unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph, size_t taglen,
+ int mactype,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
+ OSSL_RECORD_LAYER **retrl)
{
int ret;
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
- ciph, taglen, md, comp, prev,
- transport, next, settings,
- options, fns, cbarg, retrl);
+ ciph, taglen, md, comp, prev,
+ transport, next, settings,
+ options, fns, cbarg, retrl);
if (ret != OSSL_RECORD_RETURN_SUCCESS)
return ret;
@@ -656,7 +656,7 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
(*retrl)->processed_rcds = pqueue_new();
if ((*retrl)->unprocessed_rcds == NULL
- || (*retrl)->processed_rcds == NULL) {
+ || (*retrl)->processed_rcds == NULL) {
dtls_free(*retrl);
*retrl = NULL;
ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
@@ -684,10 +684,10 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
- err:
+err:
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
dtls_free(*retrl);
*retrl = NULL;
@@ -696,10 +696,10 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata)
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata)
{
size_t maxcomplen;
@@ -710,15 +710,15 @@ int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
if (!WPACKET_put_bytes_u8(thispkt, rectype)
- || !WPACKET_put_bytes_u16(thispkt, templ->version)
- || !WPACKET_put_bytes_u16(thispkt, rl->epoch)
- || !WPACKET_memcpy(thispkt, &(rl->sequence[2]), 6)
- || !WPACKET_start_sub_packet_u16(thispkt)
- || (rl->eivlen > 0
- && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
- || (maxcomplen > 0
- && !WPACKET_reserve_bytes(thispkt, maxcomplen,
- recdata))) {
+ || !WPACKET_put_bytes_u16(thispkt, templ->version)
+ || !WPACKET_put_bytes_u16(thispkt, rl->epoch)
+ || !WPACKET_memcpy(thispkt, &(rl->sequence[2]), 6)
+ || !WPACKET_start_sub_packet_u16(thispkt)
+ || (rl->eivlen > 0
+ && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
+ || (maxcomplen > 0
+ && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+ recdata))) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -727,13 +727,13 @@ int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
}
int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
if (!tls_post_encryption_processing_default(rl, mac_size, thistempl,
- thispkt, thiswr)) {
+ thispkt, thiswr)) {
/* RLAYERfatal() already called */
return 0;
}
@@ -745,8 +745,7 @@ static size_t dtls_get_max_record_overhead(OSSL_RECORD_LAYER *rl)
{
size_t blocksize = 0;
- if (rl->enc_ctx != NULL &&
- (EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE))
+ if (rl->enc_ctx != NULL && (EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE))
blocksize = EVP_CIPHER_CTX_get_block_size(rl->enc_ctx);
/*
@@ -756,8 +755,7 @@ static size_t dtls_get_max_record_overhead(OSSL_RECORD_LAYER *rl)
* ciphers or AEAD ciphers we don't now the digest (or there isn't one) so
* we just trust that the taglen is correct.
*/
- assert(rl->enc_ctx == NULL || ((blocksize == 0 || rl->eivlen > 0)
- && rl->taglen > 0));
+ assert(rl->enc_ctx == NULL || ((blocksize == 0 || rl->eivlen > 0) && rl->taglen > 0));
assert(rl->md == NULL || (int)rl->taglen == EVP_MD_size(rl->md));
/*
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-18 00:23:35 +0000