aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/record/methods
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/record/methods')
-rw-r--r--crypto/openssl/ssl/record/methods/dtls_meth.c138
-rw-r--r--crypto/openssl/ssl/record/methods/ktls_meth.c278
-rw-r--r--crypto/openssl/ssl/record/methods/recmethod_local.h256
-rw-r--r--crypto/openssl/ssl/record/methods/ssl3_cbc.c85
-rw-r--r--crypto/openssl/ssl/record/methods/ssl3_meth.c53
-rw-r--r--crypto/openssl/ssl/record/methods/tls13_meth.c99
-rw-r--r--crypto/openssl/ssl/record/methods/tls1_meth.c211
-rw-r--r--crypto/openssl/ssl/record/methods/tls_common.c424
-rw-r--r--crypto/openssl/ssl/record/methods/tls_multib.c66
-rw-r--r--crypto/openssl/ssl/record/methods/tls_pad.c76
-rw-r--r--crypto/openssl/ssl/record/methods/tlsany_meth.c47
11 files changed, 870 insertions, 863 deletions
diff --git a/crypto/openssl/ssl/record/methods/dtls_meth.c b/crypto/openssl/ssl/record/methods/dtls_meth.c
index 99cb532d03c3..8cbd7678e193 100644
--- a/crypto/openssl/ssl/record/methods/dtls_meth.c
+++ b/crypto/openssl/ssl/record/methods/dtls_meth.c
@@ -46,20 +46,20 @@ static int dtls_record_replay_check(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
ossl_tls_rl_record_set_seq_num(&rl->rrec[0], seq);
- return 1; /* this record in new */
+ return 1; /* this record in new */
}
shift = -cmp;
if (shift >= sizeof(bitmap->map) * 8)
- return 0; /* stale, outside the window */
+ return 0; /* stale, outside the window */
else if (bitmap->map & ((uint64_t)1 << shift))
- return 0; /* record previously received */
+ return 0; /* record previously received */
ossl_tls_rl_record_set_seq_num(&rl->rrec[0], seq);
return 1;
}
static void dtls_record_bitmap_update(OSSL_RECORD_LAYER *rl,
- DTLS_BITMAP *bitmap)
+ DTLS_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
@@ -81,7 +81,7 @@ static void dtls_record_bitmap_update(OSSL_RECORD_LAYER *rl,
}
static DTLS_BITMAP *dtls_get_bitmap(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rr,
- unsigned int *is_next_epoch)
+ unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
@@ -171,7 +171,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
i = rl->funcs->mac(rl, rr, md, 0 /* not send */);
if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
return 0;
}
/*
@@ -207,15 +207,17 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
goto end;
}
ERR_clear_last_mark();
- OSSL_TRACE_BEGIN(TLS) {
+ OSSL_TRACE_BEGIN(TLS)
+ {
BIO_printf(trc_out, "dec %zd\n", rr->length);
BIO_dump_indent(trc_out, rr->data, rr->length, 4);
- } OSSL_TRACE_END(TLS);
+ }
+ OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
if (!rl->use_etm
- && (rl->enc_ctx != NULL)
- && (EVP_MD_CTX_get0_md(rl->md_ctx) != NULL)) {
+ && (rl->enc_ctx != NULL)
+ && (EVP_MD_CTX_get0_md(rl->md_ctx) != NULL)) {
/* rl->md_ctx != NULL => mac_size != -1 */
i = rl->funcs->mac(rl, rr, md, 0 /* not send */);
@@ -237,7 +239,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
if (rl->compctx != NULL) {
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto end;
}
if (!tls_do_uncompress(rl, rr)) {
@@ -272,14 +274,14 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
dtls_record_bitmap_update(rl, bitmap);
ret = 1;
- end:
+end:
if (macbuf.alloced)
OPENSSL_free(macbuf.mac);
return ret;
}
static int dtls_rlayer_buffer_record(OSSL_RECORD_LAYER *rl, struct pqueue_st *queue,
- unsigned char *priority)
+ unsigned char *priority)
{
DTLS_RLAYER_RECORD_DATA *rdata;
pitem *item;
@@ -348,7 +350,7 @@ static int dtls_copy_rlayer_record(OSSL_RECORD_LAYER *rl, pitem *item)
}
static int dtls_retrieve_rlayer_buffered_record(OSSL_RECORD_LAYER *rl,
- struct pqueue_st *queue)
+ struct pqueue_st *queue)
{
pitem *item;
@@ -397,7 +399,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
}
- again:
+again:
/* if we're renegotiating, then there may be buffered records */
if (dtls_retrieve_rlayer_buffered_record(rl, rl->processed_rcds)) {
rl->num_recs = 1;
@@ -407,14 +409,13 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
/* get something from the wire */
/* check if we have the header */
- if ((rl->rstate != SSL_ST_READ_BODY) ||
- (rl->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+ if ((rl->rstate != SSL_ST_READ_BODY) || (rl->packet_length < DTLS1_RT_HEADER_LENGTH)) {
rret = rl->funcs->read_n(rl, DTLS1_RT_HEADER_LENGTH,
- TLS_BUFFER_get_len(&rl->rbuf), 0, 1, &n);
+ TLS_BUFFER_get_len(&rl->rbuf), 0, 1, &n);
/* read timeout is handled by dtls1_read_bytes */
if (rret < OSSL_RECORD_RETURN_SUCCESS) {
/* RLAYERfatal() already called if appropriate */
- return rret; /* error or non-blocking */
+ return rret; /* error or non-blocking */
}
/* this packet contained a partial record, dump it */
@@ -443,7 +444,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (rl->msg_callback != NULL)
rl->msg_callback(0, rr->rec_version, SSL3_RT_HEADER, rl->packet, DTLS1_RT_HEADER_LENGTH,
- rl->cbarg);
+ rl->cbarg);
/*
* Lets check the version. We tolerate alerts that don't have the exact
@@ -458,9 +459,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
}
- if (ssl_major !=
- (rl->version == DTLS_ANY_VERSION ? DTLS1_VERSION_MAJOR
- : rl->version >> 8)) {
+ if (ssl_major != (rl->version == DTLS_ANY_VERSION ? DTLS1_VERSION_MAJOR : rl->version >> 8)) {
/* wrong version, silently discard record */
rr->length = 0;
rl->packet_length = 0;
@@ -518,7 +517,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (bitmap == NULL) {
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
#ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */
@@ -528,7 +527,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (!dtls_record_replay_check(rl, bitmap)) {
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
#ifndef OPENSSL_NO_SCTP
}
@@ -546,7 +545,8 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
if (is_next_epoch) {
if (rl->in_init) {
if (dtls_rlayer_buffer_record(rl, rl->unprocessed_rcds,
- rr->seq_num) < 0) {
+ rr->seq_num)
+ < 0) {
/* RLAYERfatal() already called */
return OSSL_RECORD_RETURN_FATAL;
}
@@ -563,7 +563,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
}
rr->length = 0;
rl->packet_length = 0; /* dump this record */
- goto again; /* get another record */
+ goto again; /* get another record */
}
if (rl->funcs->post_process_record && !rl->funcs->post_process_record(rl, rr)) {
@@ -606,7 +606,7 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
rdata = (DTLS_RLAYER_RECORD_DATA *)item->data;
/* Push to the next record layer */
ret &= BIO_write_ex(rl->next, rdata->packet, rdata->packet_length,
- &written);
+ &written);
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(item->data);
pitem_free(item);
@@ -614,7 +614,7 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
pqueue_free(rl->unprocessed_rcds);
}
- if (rl->processed_rcds!= NULL) {
+ if (rl->processed_rcds != NULL) {
while ((item = pqueue_pop(rl->processed_rcds)) != NULL) {
rdata = (DTLS_RLAYER_RECORD_DATA *)item->data;
OPENSSL_free(rdata->rbuf.buf);
@@ -629,25 +629,25 @@ static int dtls_free(OSSL_RECORD_LAYER *rl)
static int
dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level, uint16_t epoch,
- unsigned char *secret, size_t secretlen,
- unsigned char *key, size_t keylen, unsigned char *iv,
- size_t ivlen, unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph, size_t taglen,
- int mactype,
- const EVP_MD *md, COMP_METHOD *comp,
- const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
- BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
- const OSSL_PARAM *settings, const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
- OSSL_RECORD_LAYER **retrl)
+ int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen, unsigned char *iv,
+ size_t ivlen, unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph, size_t taglen,
+ int mactype,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
+ OSSL_RECORD_LAYER **retrl)
{
int ret;
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
- ciph, taglen, md, comp, prev,
- transport, next, settings,
- options, fns, cbarg, retrl);
+ ciph, taglen, md, comp, prev,
+ transport, next, settings,
+ options, fns, cbarg, retrl);
if (ret != OSSL_RECORD_RETURN_SUCCESS)
return ret;
@@ -656,7 +656,7 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
(*retrl)->processed_rcds = pqueue_new();
if ((*retrl)->unprocessed_rcds == NULL
- || (*retrl)->processed_rcds == NULL) {
+ || (*retrl)->processed_rcds == NULL) {
dtls_free(*retrl);
*retrl = NULL;
ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
@@ -684,10 +684,10 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
- err:
+err:
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
dtls_free(*retrl);
*retrl = NULL;
@@ -696,10 +696,10 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata)
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata)
{
size_t maxcomplen;
@@ -710,15 +710,15 @@ int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
if (!WPACKET_put_bytes_u8(thispkt, rectype)
- || !WPACKET_put_bytes_u16(thispkt, templ->version)
- || !WPACKET_put_bytes_u16(thispkt, rl->epoch)
- || !WPACKET_memcpy(thispkt, &(rl->sequence[2]), 6)
- || !WPACKET_start_sub_packet_u16(thispkt)
- || (rl->eivlen > 0
- && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
- || (maxcomplen > 0
- && !WPACKET_reserve_bytes(thispkt, maxcomplen,
- recdata))) {
+ || !WPACKET_put_bytes_u16(thispkt, templ->version)
+ || !WPACKET_put_bytes_u16(thispkt, rl->epoch)
+ || !WPACKET_memcpy(thispkt, &(rl->sequence[2]), 6)
+ || !WPACKET_start_sub_packet_u16(thispkt)
+ || (rl->eivlen > 0
+ && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
+ || (maxcomplen > 0
+ && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+ recdata))) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -727,13 +727,13 @@ int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
}
int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
if (!tls_post_encryption_processing_default(rl, mac_size, thistempl,
- thispkt, thiswr)) {
+ thispkt, thiswr)) {
/* RLAYERfatal() already called */
return 0;
}
@@ -745,8 +745,7 @@ static size_t dtls_get_max_record_overhead(OSSL_RECORD_LAYER *rl)
{
size_t blocksize = 0;
- if (rl->enc_ctx != NULL &&
- (EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE))
+ if (rl->enc_ctx != NULL && (EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE))
blocksize = EVP_CIPHER_CTX_get_block_size(rl->enc_ctx);
/*
@@ -756,8 +755,7 @@ static size_t dtls_get_max_record_overhead(OSSL_RECORD_LAYER *rl)
* ciphers or AEAD ciphers we don't now the digest (or there isn't one) so
* we just trust that the taglen is correct.
*/
- assert(rl->enc_ctx == NULL || ((blocksize == 0 || rl->eivlen > 0)
- && rl->taglen > 0));
+ assert(rl->enc_ctx == NULL || ((blocksize == 0 || rl->eivlen > 0) && rl->taglen > 0));
assert(rl->md == NULL || (int)rl->taglen == EVP_MD_size(rl->md));
/*
diff --git a/crypto/openssl/ssl/record/methods/ktls_meth.c b/crypto/openssl/ssl/record/methods/ktls_meth.c
index 6f2594768391..bfdcc24687f2 100644
--- a/crypto/openssl/ssl/record/methods/ktls_meth.c
+++ b/crypto/openssl/ssl/record/methods/ktls_meth.c
@@ -18,7 +18,7 @@
static struct record_functions_st ossl_ktls_funcs;
#if defined(__FreeBSD__)
-# include "crypto/cryptodev.h"
+#include "crypto/cryptodev.h"
/*-
* Check if a given cipher is supported by the KTLS interface.
@@ -27,9 +27,9 @@ static struct record_functions_st ossl_ktls_funcs;
* supports the cipher suite used at all.
*/
static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
- const EVP_CIPHER *c,
- const EVP_MD *md,
- size_t taglen)
+ const EVP_CIPHER *c,
+ const EVP_MD *md,
+ size_t taglen)
{
switch (rl->version) {
case TLS1_VERSION:
@@ -44,15 +44,15 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
}
if (EVP_CIPHER_is_a(c, "AES-128-GCM")
- || EVP_CIPHER_is_a(c, "AES-256-GCM")
-# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
-# endif
- )
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
+#ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
+#endif
+ )
return 1;
if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
- && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
+ && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
return 0;
if (rl->use_etm)
@@ -62,35 +62,34 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
return 0;
if (EVP_MD_is_a(md, "SHA1")
- || EVP_MD_is_a(md, "SHA2-256")
- || EVP_MD_is_a(md, "SHA2-384"))
+ || EVP_MD_is_a(md, "SHA2-256")
+ || EVP_MD_is_a(md, "SHA2-384"))
return 1;
return 0;
}
/* Function to configure kernel TLS structure */
-static
-int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
- EVP_MD *md, void *rl_sequence,
- ktls_crypto_info_t *crypto_info, int is_tx,
- unsigned char *iv, size_t ivlen,
- unsigned char *key, size_t keylen,
- unsigned char *mac_key, size_t mac_secret_size)
+static int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
+ EVP_MD *md, void *rl_sequence,
+ ktls_crypto_info_t *crypto_info, int is_tx,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *key, size_t keylen,
+ unsigned char *mac_key, size_t mac_secret_size)
{
memset(crypto_info, 0, sizeof(*crypto_info));
if (EVP_CIPHER_is_a(c, "AES-128-GCM")
- || EVP_CIPHER_is_a(c, "AES-256-GCM")) {
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")) {
crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
crypto_info->iv_len = ivlen;
} else
-# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
+#ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
crypto_info->iv_len = ivlen;
} else
-# endif
- if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
+#endif
+ if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
if (md == NULL)
return 0;
if (EVP_MD_is_a(md, "SHA1"))
@@ -113,23 +112,23 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
crypto_info->iv = iv;
crypto_info->tls_vmajor = (version >> 8) & 0x000000ff;
crypto_info->tls_vminor = (version & 0x000000ff);
-# ifdef TCP_RXTLS_ENABLE
+#ifdef TCP_RXTLS_ENABLE
memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
-# else
+#else
if (!is_tx)
return 0;
-# endif
+#endif
return 1;
};
-#endif /* __FreeBSD__ */
+#endif /* __FreeBSD__ */
#if defined(OPENSSL_SYS_LINUX)
/* Function to check supported ciphers in Linux */
static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
- const EVP_CIPHER *c,
- const EVP_MD *md,
- size_t taglen)
+ const EVP_CIPHER *c,
+ const EVP_MD *md,
+ size_t taglen)
{
switch (rl->version) {
case TLS1_2_VERSION:
@@ -145,23 +144,23 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
* Check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
* or Chacha20-Poly1305
*/
-# ifdef OPENSSL_KTLS_AES_CCM_128
+#ifdef OPENSSL_KTLS_AES_CCM_128
if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
if (taglen != EVP_CCM_TLS_TAG_LEN)
return 0;
return 1;
} else
-# endif
- if (0
-# ifdef OPENSSL_KTLS_AES_GCM_128
- || EVP_CIPHER_is_a(c, "AES-128-GCM")
-# endif
-# ifdef OPENSSL_KTLS_AES_GCM_256
- || EVP_CIPHER_is_a(c, "AES-256-GCM")
-# endif
-# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
-# endif
+#endif
+ if (0
+#ifdef OPENSSL_KTLS_AES_GCM_128
+ || EVP_CIPHER_is_a(c, "AES-128-GCM")
+#endif
+#ifdef OPENSSL_KTLS_AES_GCM_256
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
+#endif
+#ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
+#endif
) {
return 1;
}
@@ -169,42 +168,41 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
}
/* Function to configure kernel TLS structure */
-static
-int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
- const EVP_MD *md, void *rl_sequence,
- ktls_crypto_info_t *crypto_info, int is_tx,
- unsigned char *iv, size_t ivlen,
- unsigned char *key, size_t keylen,
- unsigned char *mac_key, size_t mac_secret_size)
+static int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
+ const EVP_MD *md, void *rl_sequence,
+ ktls_crypto_info_t *crypto_info, int is_tx,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *key, size_t keylen,
+ unsigned char *mac_key, size_t mac_secret_size)
{
unsigned char geniv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
unsigned char *eiv = NULL;
-# ifdef OPENSSL_NO_KTLS_RX
+#ifdef OPENSSL_NO_KTLS_RX
if (!is_tx)
return 0;
-# endif
+#endif
if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE
- || EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
+ || EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
if (!ossl_assert(EVP_GCM_TLS_FIXED_IV_LEN == EVP_CCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
- == EVP_CCM_TLS_EXPLICIT_IV_LEN))
+ || !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
+ == EVP_CCM_TLS_EXPLICIT_IV_LEN))
return 0;
if (version == TLS1_2_VERSION) {
if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN))
return 0;
if (is_tx) {
if (RAND_bytes_ex(libctx, geniv,
- EVP_GCM_TLS_EXPLICIT_IV_LEN, 0) <= 0)
+ EVP_GCM_TLS_EXPLICIT_IV_LEN, 0)
+ <= 0)
return 0;
} else {
memset(geniv, 0, EVP_GCM_TLS_EXPLICIT_IV_LEN);
}
eiv = geniv;
} else {
- if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN
- + EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN))
return 0;
eiv = iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE;
}
@@ -212,12 +210,12 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
memset(crypto_info, 0, sizeof(*crypto_info));
switch (EVP_CIPHER_get_nid(c)) {
-# ifdef OPENSSL_KTLS_AES_GCM_128
+#ifdef OPENSSL_KTLS_AES_GCM_128
case NID_aes_128_gcm:
if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE
- == EVP_GCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE
- == EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ == EVP_GCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE
+ == EVP_GCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
crypto_info->gcm128.info.version = version;
@@ -226,15 +224,15 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
memcpy(crypto_info->gcm128.key, key, keylen);
memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
- TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
return 1;
-# endif
-# ifdef OPENSSL_KTLS_AES_GCM_256
+#endif
+#ifdef OPENSSL_KTLS_AES_GCM_256
case NID_aes_256_gcm:
if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE
- == EVP_GCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE
- == EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ == EVP_GCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE
+ == EVP_GCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
crypto_info->gcm256.info.version = version;
@@ -243,16 +241,16 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
memcpy(crypto_info->gcm256.key, key, keylen);
memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
- TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
return 1;
-# endif
-# ifdef OPENSSL_KTLS_AES_CCM_128
+#endif
+#ifdef OPENSSL_KTLS_AES_CCM_128
case NID_aes_128_ccm:
if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE
- == EVP_CCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE
- == EVP_CCM_TLS_EXPLICIT_IV_LEN))
+ == EVP_CCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE
+ == EVP_CCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
crypto_info->ccm128.info.version = version;
@@ -261,10 +259,10 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
memcpy(crypto_info->ccm128.key, key, keylen);
memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
- TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
+ TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
return 1;
-# endif
-# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+#endif
+#ifdef OPENSSL_KTLS_CHACHA20_POLY1305
case NID_chacha20_poly1305:
if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
return 0;
@@ -275,26 +273,25 @@ int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c
memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
memcpy(crypto_info->chacha20poly1305.key, key, keylen);
memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
- TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
+ TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
return 1;
-# endif
+#endif
default:
return 0;
}
-
}
#endif /* OPENSSL_SYS_LINUX */
static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp)
{
ktls_crypto_info_t crypto_info;
@@ -326,16 +323,15 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
if (!ktls_configure_crypto(rl->libctx, rl->version, ciph, md, rl->sequence,
- &crypto_info,
- rl->direction == OSSL_RECORD_DIRECTION_WRITE,
- iv, ivlen, key, keylen, mackey, mackeylen))
- return OSSL_RECORD_RETURN_NON_FATAL_ERR;
+ &crypto_info,
+ rl->direction == OSSL_RECORD_DIRECTION_WRITE,
+ iv, ivlen, key, keylen, mackey, mackeylen))
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
- if (rl->direction == OSSL_RECORD_DIRECTION_WRITE &&
- (rl->options & SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE) != 0)
+ if (rl->direction == OSSL_RECORD_DIRECTION_WRITE && (rl->options & SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE) != 0)
/* Ignore errors. The application opts in to using the zerocopy
* optimization. If the running kernel doesn't support it, just
* continue without the optimization.
@@ -346,7 +342,7 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
- int clearold, size_t *readbytes)
+ int clearold, size_t *readbytes)
{
int ret;
@@ -356,15 +352,15 @@ static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
switch (errno) {
case EBADMSG:
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
break;
case EMSGSIZE:
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_PACKET_LENGTH_TOO_LONG);
+ SSL_R_PACKET_LENGTH_TOO_LONG);
break;
case EINVAL:
RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
break;
default:
break;
@@ -375,8 +371,8 @@ static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
}
static int ktls_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
- size_t n_recs, int sending, SSL_MAC_BUF *mac,
- size_t macsize)
+ size_t n_recs, int sending, SSL_MAC_BUF *mac,
+ size_t macsize)
{
return 1;
}
@@ -401,25 +397,25 @@ static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
static int
ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level, uint16_t epoch,
- unsigned char *secret, size_t secretlen,
- unsigned char *key, size_t keylen, unsigned char *iv,
- size_t ivlen, unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph, size_t taglen,
- int mactype,
- const EVP_MD *md, COMP_METHOD *comp,
- const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
- BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
- const OSSL_PARAM *settings, const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
- OSSL_RECORD_LAYER **retrl)
+ int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen, unsigned char *iv,
+ size_t ivlen, unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph, size_t taglen,
+ int mactype,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
+ OSSL_RECORD_LAYER **retrl)
{
int ret;
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
- ciph, taglen, md, comp, prev,
- transport, next, settings,
- options, fns, cbarg, retrl);
+ ciph, taglen, md, comp, prev,
+ transport, next, settings,
+ options, fns, cbarg, retrl);
if (ret != OSSL_RECORD_RETURN_SUCCESS)
return ret;
@@ -427,8 +423,8 @@ ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
(*retrl)->funcs = &ossl_ktls_funcs;
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
tls_free(*retrl);
@@ -444,8 +440,8 @@ ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
static int ktls_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl, size_t *prefix)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl, size_t *prefix)
{
if (!ossl_assert(numtempl == 1))
return 0;
@@ -460,12 +456,12 @@ static int ktls_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
}
static int ktls_initialise_write_packets(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited)
{
TLS_BUFFER *wb;
@@ -477,11 +473,11 @@ static int ktls_initialise_write_packets(OSSL_RECORD_LAYER *rl,
wb->type = templates[0].type;
/*
- * ktls doesn't modify the buffer, but to avoid a warning we need
- * to discard the const qualifier.
- * This doesn't leak memory because the buffers have never been allocated
- * with KTLS
- */
+ * ktls doesn't modify the buffer, but to avoid a warning we need
+ * to discard the const qualifier.
+ * This doesn't leak memory because the buffers have never been allocated
+ * with KTLS
+ */
TLS_BUFFER_set_buf(wb, (unsigned char *)templates[0].buf);
TLS_BUFFER_set_offset(wb, 0);
TLS_BUFFER_set_app_buffer(wb, 1);
@@ -490,10 +486,10 @@ static int ktls_initialise_write_packets(OSSL_RECORD_LAYER *rl,
}
static int ktls_prepare_record_header(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata)
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata)
{
/* The kernel writes the record header, so nothing to do */
*recdata = NULL;
@@ -502,19 +498,19 @@ static int ktls_prepare_record_header(OSSL_RECORD_LAYER *rl,
}
static int ktls_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
/* No encryption, so nothing to do */
return 1;
}
static int ktls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *templ,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *templ,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
/* The kernel does anything that is needed, so nothing to do here */
return 1;
diff --git a/crypto/openssl/ssl/record/methods/recmethod_local.h b/crypto/openssl/ssl/record/methods/recmethod_local.h
index 364a3a01bbe2..4ffce8d66385 100644
--- a/crypto/openssl/ssl/record/methods/recmethod_local.h
+++ b/crypto/openssl/ssl/record/methods/recmethod_local.h
@@ -80,15 +80,14 @@ typedef struct tls_rl_record_st {
/* Macros/functions provided by the TLS_RL_RECORD component */
-#define TLS_RL_RECORD_set_type(r, t) ((r)->type = (t))
-#define TLS_RL_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
-#define TLS_RL_RECORD_get_length(r) ((r)->length)
-#define TLS_RL_RECORD_set_length(r, l) ((r)->length = (l))
-#define TLS_RL_RECORD_add_length(r, l) ((r)->length += (l))
-#define TLS_RL_RECORD_set_data(r, d) ((r)->data = (d))
-#define TLS_RL_RECORD_set_input(r, i) ((r)->input = (i))
-#define TLS_RL_RECORD_reset_input(r) ((r)->input = (r)->data)
-
+#define TLS_RL_RECORD_set_type(r, t) ((r)->type = (t))
+#define TLS_RL_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
+#define TLS_RL_RECORD_get_length(r) ((r)->length)
+#define TLS_RL_RECORD_set_length(r, l) ((r)->length = (l))
+#define TLS_RL_RECORD_add_length(r, l) ((r)->length += (l))
+#define TLS_RL_RECORD_set_data(r, d) ((r)->data = (d))
+#define TLS_RL_RECORD_set_input(r, i) ((r)->input = (i))
+#define TLS_RL_RECORD_reset_input(r) ((r)->input = (r)->data)
/* Protocol version specific function pointers */
struct record_functions_st {
@@ -98,14 +97,14 @@ struct record_functions_st {
* alternative record layer.
*/
int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp);
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp);
/*
* Returns:
@@ -114,10 +113,10 @@ struct record_functions_st {
* 1: Success or MtE decryption failed (MAC will be randomised)
*/
int (*cipher)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, size_t n_recs,
- int sending, SSL_MAC_BUF *macs, size_t macsize);
+ int sending, SSL_MAC_BUF *macs, size_t macsize);
/* Returns 1 for success or 0 for error */
int (*mac)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md,
- int sending);
+ int sending);
/* Return 1 for success or 0 for error */
int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version);
@@ -125,7 +124,7 @@ struct record_functions_st {
/* Read related functions */
int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
- int clearold, size_t *readbytes);
+ int clearold, size_t *readbytes);
int (*get_more_records)(OSSL_RECORD_LAYER *rl);
@@ -138,16 +137,16 @@ struct record_functions_st {
/* Write related functions */
size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len,
- size_t maxfrag, size_t *preffrag);
+ size_t maxfrag, size_t *preffrag);
/* Return 1 for success or 0 for error */
int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl);
+ size_t numtempl);
/* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */
int (*allocate_write_buffers)(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl, size_t *prefix);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl, size_t *prefix);
/*
* Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|.
@@ -158,27 +157,27 @@ struct record_functions_st {
* initialised. This must be 0 on entry and will be filled in even on error.
*/
int (*initialise_write_packets)(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited);
/* Get the actual record type to be used for a given template */
uint8_t (*get_record_type)(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *template);
+ OSSL_RECORD_TEMPLATE *template);
/* Write the record header data to the WPACKET */
int (*prepare_record_header)(OSSL_RECORD_LAYER *rl, WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata);
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata);
int (*add_record_padding)(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
/*
* This applies any mac that might be necessary, ensures that we have enough
@@ -186,19 +185,19 @@ struct record_functions_st {
* TLS_RL_RECORD ready for that encryption.
*/
int (*prepare_for_encryption)(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ size_t mac_size,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
/*
* Any updates required to the record after encryption has been applied. For
* example, adding a MAC if using encrypt-then-mac
*/
int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
/*
* Some record layer implementations need to do some custom preparation of
@@ -335,8 +334,8 @@ struct ossl_record_layer_st {
int tlstree;
/* TLSv1.3 fields */
- unsigned char *iv; /* static IV */
- unsigned char *nonce; /* part of static IV followed by sequence number */
+ unsigned char *iv; /* static IV */
+ unsigned char *nonce; /* part of static IV followed by sequence number */
int allow_plain_alerts;
/* TLS "any" fields */
@@ -387,47 +386,47 @@ extern const struct record_functions_st dtls_1_funcs;
extern const struct record_functions_st dtls_any_funcs;
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
- const char *fmt, ...);
+ const char *fmt, ...);
#define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
-#define RLAYERfatal_data \
- (ERR_new(), \
- ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
- ossl_rlayer_fatal)
+#define RLAYERfatal_data \
+ (ERR_new(), \
+ ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
+ ossl_rlayer_fatal)
#define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
- || (rl)->version == TLS1_2_VERSION \
- || (rl)->version == DTLS1_BAD_VER \
- || (rl)->version == DTLS1_VERSION \
- || (rl)->version == DTLS1_2_VERSION)
+ || (rl)->version == TLS1_2_VERSION \
+ || (rl)->version == DTLS1_BAD_VER \
+ || (rl)->version == DTLS1_VERSION \
+ || (rl)->version == DTLS1_2_VERSION)
void ossl_tls_rl_record_set_seq_num(TLS_RL_RECORD *r,
- const unsigned char *seq_num);
+ const unsigned char *seq_num);
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
- EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *ciph,
- const EVP_MD *md);
+ EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER *ciph,
+ const EVP_MD *md);
int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl);
int tls_alloc_buffers(OSSL_RECORD_LAYER *rl);
int tls_free_buffers(OSSL_RECORD_LAYER *rl);
int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
- int clearold, size_t *readbytes);
+ int clearold, size_t *readbytes);
int tls_get_more_records(OSSL_RECORD_LAYER *rl);
int dtls_get_more_records(OSSL_RECORD_LAYER *rl);
int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata);
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata);
int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *re);
@@ -436,29 +435,28 @@ int tls_do_uncompress(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec);
int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec);
int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec);
-int
-tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level,
- const EVP_CIPHER *ciph, size_t taglen,
- const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
- BIO *transport, BIO *next,
- const OSSL_PARAM *settings, const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg,
- OSSL_RECORD_LAYER **retrl);
+int tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
+ int role, int direction, int level,
+ const EVP_CIPHER *ciph, size_t taglen,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
+ BIO *transport, BIO *next,
+ const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg,
+ OSSL_RECORD_LAYER **retrl);
int tls_free(OSSL_RECORD_LAYER *rl);
int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl);
int tls_processed_read_pending(OSSL_RECORD_LAYER *rl);
size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl);
size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len,
- size_t maxfrag, size_t *preffrag);
+ size_t maxfrag, size_t *preffrag);
int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl);
+ size_t numtempl);
int tls_retry_write_records(OSSL_RECORD_LAYER *rl);
int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
- uint8_t *type, const unsigned char **data, size_t *datalen,
- uint16_t *epoch, unsigned char *seq_num);
+ uint8_t *type, const unsigned char **data, size_t *datalen,
+ uint16_t *epoch, unsigned char *seq_num);
int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
@@ -466,74 +464,74 @@ void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow);
void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first);
void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
- const char **longstr);
+ const char **longstr);
int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl);
void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len);
int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
- size_t firstlen, size_t nextlen);
+ size_t firstlen, size_t nextlen);
int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl);
size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, uint8_t type,
- size_t len,
- size_t maxfrag, size_t *preffrag);
+ size_t len,
+ size_t maxfrag, size_t *preffrag);
size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, uint8_t type,
- size_t len, size_t maxfrag,
- size_t *preffrag);
+ size_t len, size_t maxfrag,
+ size_t *preffrag);
int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl, size_t *prefix);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl, size_t *prefix);
int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited);
int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl, size_t *prefix);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl, size_t *prefix);
int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited);
int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata);
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata);
int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ size_t mac_size,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr);
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr);
int tls_write_records_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl);
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl);
/* Macros/functions provided by the TLS_BUFFER component */
-#define TLS_BUFFER_get_buf(b) ((b)->buf)
-#define TLS_BUFFER_set_buf(b, n) ((b)->buf = (n))
-#define TLS_BUFFER_get_len(b) ((b)->len)
-#define TLS_BUFFER_get_left(b) ((b)->left)
-#define TLS_BUFFER_set_left(b, l) ((b)->left = (l))
-#define TLS_BUFFER_sub_left(b, l) ((b)->left -= (l))
-#define TLS_BUFFER_get_offset(b) ((b)->offset)
-#define TLS_BUFFER_set_offset(b, o) ((b)->offset = (o))
-#define TLS_BUFFER_add_offset(b, o) ((b)->offset += (o))
-#define TLS_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
-#define TLS_BUFFER_is_app_buffer(b) ((b)->app_buffer)
+#define TLS_BUFFER_get_buf(b) ((b)->buf)
+#define TLS_BUFFER_set_buf(b, n) ((b)->buf = (n))
+#define TLS_BUFFER_get_len(b) ((b)->len)
+#define TLS_BUFFER_get_left(b) ((b)->left)
+#define TLS_BUFFER_set_left(b, l) ((b)->left = (l))
+#define TLS_BUFFER_sub_left(b, l) ((b)->left -= (l))
+#define TLS_BUFFER_get_offset(b) ((b)->offset)
+#define TLS_BUFFER_set_offset(b, o) ((b)->offset = (o))
+#define TLS_BUFFER_add_offset(b, o) ((b)->offset += (o))
+#define TLS_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
+#define TLS_BUFFER_is_app_buffer(b) ((b)->app_buffer)
void ossl_tls_buffer_release(TLS_BUFFER *b);
diff --git a/crypto/openssl/ssl/record/methods/ssl3_cbc.c b/crypto/openssl/ssl/record/methods/ssl3_cbc.c
index a8282989ed39..48be4885bbb8 100644
--- a/crypto/openssl/ssl/record/methods/ssl3_cbc.c
+++ b/crypto/openssl/ssl/record/methods/ssl3_cbc.c
@@ -24,7 +24,7 @@
#include <openssl/evp.h>
#ifndef FIPS_MODULE
-# include <openssl/md5.h>
+#include <openssl/md5.h>
#endif
#include <openssl/sha.h>
@@ -50,11 +50,11 @@
* u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
* little-endian order. The value of p is advanced by four.
*/
-# define u32toLE(n, p) \
- (*((p)++) = (unsigned char)(n ), \
- *((p)++) = (unsigned char)(n >> 8), \
- *((p)++) = (unsigned char)(n >> 16), \
- *((p)++) = (unsigned char)(n >> 24))
+#define u32toLE(n, p) \
+ (*((p)++) = (unsigned char)(n), \
+ *((p)++) = (unsigned char)(n >> 8), \
+ *((p)++) = (unsigned char)(n >> 16), \
+ *((p)++) = (unsigned char)(n >> 24))
/*
* These functions serialize the state of a hash and thus perform the
@@ -101,7 +101,7 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
l2n8(sha512->h[i], md_out);
}
-#undef LARGEST_DIGEST_CTX
+#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
/*-
@@ -124,26 +124,26 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
* Returns 1 on success or 0 on error
*/
int ssl3_cbc_digest_record(const EVP_MD *md,
- unsigned char *md_out,
- size_t *md_out_size,
- const unsigned char *header,
- const unsigned char *data,
- size_t data_size,
- size_t data_plus_mac_plus_padding_size,
- const unsigned char *mac_secret,
- size_t mac_secret_length, char is_sslv3)
+ unsigned char *md_out,
+ size_t *md_out_size,
+ const unsigned char *header,
+ const unsigned char *data,
+ size_t data_size,
+ size_t data_plus_mac_plus_padding_size,
+ const unsigned char *mac_secret,
+ size_t mac_secret_length, char is_sslv3)
{
union {
OSSL_UNION_ALIGN;
unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
} md_state;
- void (*md_final_raw) (void *ctx, unsigned char *md_out);
- void (*md_transform) (void *ctx, const unsigned char *block);
+ void (*md_final_raw)(void *ctx, unsigned char *md_out);
+ void (*md_transform)(void *ctx, const unsigned char *block);
size_t md_size, md_block_size = 64;
size_t sslv3_pad_length = 40, header_length, variance_blocks,
- len, max_mac_bytes, num_blocks,
- num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
- size_t bits; /* at most 18 bits */
+ len, max_mac_bytes, num_blocks,
+ num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
+ size_t bits; /* at most 18 bits */
unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
/* hmac_pad is the masked HMAC key. */
unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
@@ -174,8 +174,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_md5_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
md_size = 16;
sslv3_pad_length = 48;
length_is_big_endian = 0;
@@ -184,29 +183,25 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha1_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
} else if (EVP_MD_is_a(md, "SHA2-224")) {
if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha256_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 224 / 8;
} else if (EVP_MD_is_a(md, "SHA2-256")) {
if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha256_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
} else if (EVP_MD_is_a(md, "SHA2-384")) {
if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha512_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
md_size = 384 / 8;
md_block_size = 128;
md_length_size = 16;
@@ -214,8 +209,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha512_final_raw;
- md_transform =
- (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+ md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
md_size = 64;
md_block_size = 128;
md_length_size = 16;
@@ -230,17 +224,17 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
}
if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES)
- || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
- || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
+ || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
+ || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
return 0;
header_length = 13;
if (is_sslv3) {
header_length = mac_secret_length
- + sslv3_pad_length
- + 8 /* sequence number */
- + 1 /* record type */
- + 2; /* record length */
+ + sslv3_pad_length
+ + 8 /* sequence number */
+ + 1 /* record type */
+ + 2; /* record length */
}
/*
@@ -260,7 +254,8 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
*/
variance_blocks = is_sslv3 ? 2
: (((255 + 1 + md_size + md_block_size - 1)
- / md_block_size) + 1);
+ / md_block_size)
+ + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
@@ -273,9 +268,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
*/
max_mac_bytes = len - md_size - 1;
/* num_blocks is the maximum number of hash blocks. */
- num_blocks =
- (max_mac_bytes + 1 + md_length_size + md_block_size -
- 1) / md_block_size;
+ num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
/*
* In order to calculate the MAC in constant time we have to handle the
* final blocks specially because the padding value could cause the end
@@ -398,7 +391,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
* constant time, to |mac_out|.
*/
for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
- i++) {
+ i++) {
unsigned char block[MAX_HASH_BLOCK_SIZE];
unsigned char is_block_a = constant_time_eq_8_s(i, index_a);
unsigned char is_block_b = constant_time_eq_8_s(i, index_b);
@@ -438,9 +431,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
if (j >= md_block_size - md_length_size) {
/* If this is index_b, write a length byte. */
b = constant_time_select_8(is_block_b,
- length_bytes[j -
- (md_block_size -
- md_length_size)], b);
+ length_bytes[j - (md_block_size - md_length_size)], b);
}
block[j] = b;
}
@@ -480,7 +471,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
*md_out_size = md_out_size_u;
ret = 1;
- err:
+err:
EVP_MD_CTX_free(md_ctx);
return ret;
}
diff --git a/crypto/openssl/ssl/record/methods/ssl3_meth.c b/crypto/openssl/ssl/record/methods/ssl3_meth.c
index 6b5a1bed23eb..3f28346027e3 100644
--- a/crypto/openssl/ssl/record/methods/ssl3_meth.c
+++ b/crypto/openssl/ssl/record/methods/ssl3_meth.c
@@ -15,14 +15,14 @@
#include "recmethod_local.h"
static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0;
@@ -69,7 +69,7 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
* different to that in ciph if we have an ENGINE in use
*/
if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
+ && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
/* ERR_raise already called */
return OSSL_RECORD_RETURN_FATAL;
}
@@ -93,8 +93,8 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/
static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
- size_t n_recs, int sending, SSL_MAC_BUF *mac,
- size_t macsize)
+ size_t n_recs, int sending, SSL_MAC_BUF *mac,
+ size_t macsize)
{
TLS_RL_RECORD *rec;
EVP_CIPHER_CTX *ds;
@@ -154,7 +154,7 @@ static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
int outlen;
if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input,
- (unsigned int)l))
+ (unsigned int)l))
return 0;
rec->length = outlen;
@@ -166,8 +166,8 @@ static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
mac->alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
- (void **)&mac->mac,
- macsize);
+ (void **)&mac->mac,
+ macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
@@ -185,13 +185,13 @@ static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
if (!sending)
return ssl3_cbc_remove_padding_and_mac(&rec->length,
- rec->orig_len,
- rec->data,
- (mac != NULL) ? &mac->mac : NULL,
- (mac != NULL) ? &mac->alloced : NULL,
- bs,
- macsize,
- rl->libctx);
+ rec->orig_len,
+ rec->data,
+ (mac != NULL) ? &mac->mac : NULL,
+ (mac != NULL) ? &mac->alloced : NULL,
+ bs,
+ macsize,
+ rl->libctx);
}
return 1;
@@ -216,7 +216,7 @@ static const unsigned char ssl3_pad_2[48] = {
};
static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md,
- int sending)
+ int sending)
{
unsigned char *mac_sec, *seq = rl->sequence;
const EVP_MD_CTX *hash;
@@ -268,10 +268,11 @@ static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
/* Final param == is SSLv3 */
if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash),
- md, &md_size,
- header, rec->input,
- rec->length, rec->orig_len,
- mac_sec, md_size, 1) <= 0)
+ md, &md_size,
+ header, rec->input,
+ rec->length, rec->orig_len,
+ mac_sec, md_size, 1)
+ <= 0)
return 0;
#endif
} else {
diff --git a/crypto/openssl/ssl/record/methods/tls13_meth.c b/crypto/openssl/ssl/record/methods/tls13_meth.c
index 6bbba84d0d89..f35e0a5b4a31 100644
--- a/crypto/openssl/ssl/record/methods/tls13_meth.c
+++ b/crypto/openssl/ssl/record/methods/tls13_meth.c
@@ -14,14 +14,14 @@
#include "recmethod_local.h"
static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
EVP_MAC_CTX *mac_ctx;
@@ -51,7 +51,7 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
EVP_MAC_free(mac);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- (char *)EVP_MD_name(md), 0);
+ (char *)EVP_MD_name(md), 0);
*p = OSSL_PARAM_construct_end();
if (!EVP_MAC_init(mac_ctx, key, keylen, params)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
@@ -70,21 +70,23 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, enc) <= 0
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen,
- NULL) <= 0
+ NULL)
+ <= 0
|| (mode == EVP_CIPH_CCM_MODE
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
- NULL) <= 0)
+ NULL)
+ <= 0)
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, enc) <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
- end:
+end:
return OSSL_RECORD_RETURN_SUCCESS;
}
static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
- size_t n_recs, int sending, SSL_MAC_BUF *mac,
- size_t macsize)
+ size_t n_recs, int sending, SSL_MAC_BUF *mac,
+ size_t macsize)
{
EVP_CIPHER_CTX *enc_ctx;
unsigned char recheader[SSL3_RT_HEADER_LENGTH];
@@ -169,12 +171,12 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
/* Set up the AAD */
if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)
- || !WPACKET_put_bytes_u8(&wpkt, rec->type)
- || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
- || !WPACKET_put_bytes_u16(&wpkt, rec->length + rl->taglen)
- || !WPACKET_get_total_written(&wpkt, &hdrlen)
- || hdrlen != SSL3_RT_HEADER_LENGTH
- || !WPACKET_finish(&wpkt)) {
+ || !WPACKET_put_bytes_u8(&wpkt, rec->type)
+ || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
+ || !WPACKET_put_bytes_u16(&wpkt, rec->length + rl->taglen)
+ || !WPACKET_get_total_written(&wpkt, &hdrlen)
+ || hdrlen != SSL3_RT_HEADER_LENGTH
+ || !WPACKET_finish(&wpkt)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
WPACKET_cleanup(&wpkt);
return 0;
@@ -196,7 +198,8 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
memcpy(rec->data + rec->length, tag, rl->taglen);
rec->length += rl->taglen;
} else if (CRYPTO_memcmp(tag, rec->data + rec->length,
- rl->taglen) != 0) {
+ rl->taglen)
+ != 0) {
goto end_mac;
}
ret = 1;
@@ -213,9 +216,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
mode = EVP_CIPHER_get_mode(cipher);
if (EVP_CipherInit_ex(enc_ctx, NULL, NULL, NULL, nonce, sending) <= 0
- || (!sending && EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_SET_TAG,
- rl->taglen,
- rec->data + rec->length) <= 0)) {
+ || (!sending && EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_SET_TAG, rl->taglen, rec->data + rec->length) <= 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -225,20 +226,24 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
* any AAD.
*/
if ((mode == EVP_CIPH_CCM_MODE
- && EVP_CipherUpdate(enc_ctx, NULL, &lenu, NULL,
- (unsigned int)rec->length) <= 0)
- || EVP_CipherUpdate(enc_ctx, NULL, &lenu, recheader,
- sizeof(recheader)) <= 0
- || EVP_CipherUpdate(enc_ctx, rec->data, &lenu, rec->input,
- (unsigned int)rec->length) <= 0
- || EVP_CipherFinal_ex(enc_ctx, rec->data + lenu, &lenf) <= 0
- || (size_t)(lenu + lenf) != rec->length) {
+ && EVP_CipherUpdate(enc_ctx, NULL, &lenu, NULL,
+ (unsigned int)rec->length)
+ <= 0)
+ || EVP_CipherUpdate(enc_ctx, NULL, &lenu, recheader,
+ sizeof(recheader))
+ <= 0
+ || EVP_CipherUpdate(enc_ctx, rec->data, &lenu, rec->input,
+ (unsigned int)rec->length)
+ <= 0
+ || EVP_CipherFinal_ex(enc_ctx, rec->data + lenu, &lenf) <= 0
+ || (size_t)(lenu + lenf) != rec->length) {
return 0;
}
if (sending) {
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_AEAD_GET_TAG, rl->taglen,
- rec->data + rec->length) <= 0) {
+ rec->data + rec->length)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -249,12 +254,12 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
}
static int tls13_validate_record_header(OSSL_RECORD_LAYER *rl,
- TLS_RL_RECORD *rec)
+ TLS_RL_RECORD *rec)
{
if (rec->type != SSL3_RT_APPLICATION_DATA
- && (rec->type != SSL3_RT_CHANGE_CIPHER_SPEC
- || !rl->is_first_handshake)
- && (rec->type != SSL3_RT_ALERT || !rl->allow_plain_alerts)) {
+ && (rec->type != SSL3_RT_CHANGE_CIPHER_SPEC
+ || !rl->is_first_handshake)
+ && (rec->type != SSL3_RT_ALERT || !rl->allow_plain_alerts)) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE);
return 0;
}
@@ -266,7 +271,7 @@ static int tls13_validate_record_header(OSSL_RECORD_LAYER *rl,
if (rec->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
return 0;
}
return 1;
@@ -279,9 +284,9 @@ static int tls13_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
size_t end;
if (rec->length == 0
- || rec->type != SSL3_RT_APPLICATION_DATA) {
+ || rec->type != SSL3_RT_APPLICATION_DATA) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_BAD_RECORD_TYPE);
+ SSL_R_BAD_RECORD_TYPE);
return 0;
}
@@ -307,7 +312,7 @@ static int tls13_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
}
static uint8_t tls13_get_record_type(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *template)
+ OSSL_RECORD_TEMPLATE *template)
{
if (rl->allow_plain_alerts && template->type == SSL3_RT_ALERT)
return SSL3_RT_ALERT;
@@ -321,9 +326,9 @@ static uint8_t tls13_get_record_type(OSSL_RECORD_LAYER *rl,
}
static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
size_t rlen;
@@ -353,7 +358,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
* a change that could break some application that has
* a client and server that both know what padding they
* like, and that dislike any other padding. That'd need
- * one of those to have been updated though so the
+ * one of those to have been updated though so the
* probability may be low enough that we could change
* the "else if" below to just an "if" and pick the
* larger of the library and callback's idea of padding.
@@ -373,7 +378,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
else if (thistempl->type == SSL3_RT_ALERT && rl->hs_padding > 0)
bp = rl->hs_padding;
else if (thistempl->type == SSL3_RT_APPLICATION_DATA
- && rl->block_padding > 0)
+ && rl->block_padding > 0)
bp = rl->block_padding;
if (bp > 0) {
mask = bp - 1;
@@ -395,7 +400,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
padding = max_padding;
if (!WPACKET_memset(thispkt, 0, padding)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
- ERR_R_INTERNAL_ERROR);
+ ERR_R_INTERNAL_ERROR);
return 0;
}
TLS_RL_RECORD_add_length(thiswr, padding);
diff --git a/crypto/openssl/ssl/record/methods/tls1_meth.c b/crypto/openssl/ssl/record/methods/tls1_meth.c
index 9275e19fbd3f..ed4a436dffc1 100644
--- a/crypto/openssl/ssl/record/methods/tls1_meth.c
+++ b/crypto/openssl/ssl/record/methods/tls1_meth.c
@@ -17,14 +17,14 @@
#include "recmethod_local.h"
static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
EVP_PKEY *mac_key;
@@ -62,8 +62,8 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0) {
if (mactype == EVP_PKEY_HMAC) {
mac_key = EVP_PKEY_new_raw_private_key_ex(rl->libctx, "HMAC",
- rl->propq, mackey,
- mackeylen);
+ rl->propq, mackey,
+ mackeylen);
} else {
/*
* If its not HMAC then the only other types of MAC we support are
@@ -71,12 +71,13 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
* a MAC key.
*/
mac_key = EVP_PKEY_new_mac_key(mactype, NULL, mackey,
- (int)mackeylen);
+ (int)mackeylen);
}
if (mac_key == NULL
|| EVP_DigestSignInit_ex(rl->md_ctx, NULL, EVP_MD_get0_name(md),
- rl->libctx, rl->propq, mac_key,
- NULL) <= 0) {
+ rl->libctx, rl->propq, mac_key,
+ NULL)
+ <= 0) {
EVP_PKEY_free(mac_key);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
@@ -86,20 +87,24 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, NULL, enc)
- || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
- (int)ivlen, iv) <= 0) {
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
+ (int)ivlen, iv)
+ <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
} else if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) {
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, enc)
- || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, 12,
- NULL) <= 0
- || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
- (int)taglen, NULL) <= 0
- || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_CCM_SET_IV_FIXED,
- (int)ivlen, iv) <= 0
- || !EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, enc)) {
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, 12,
+ NULL)
+ <= 0
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
+ (int)taglen, NULL)
+ <= 0
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_CCM_SET_IV_FIXED,
+ (int)ivlen, iv)
+ <= 0
+ || !EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, enc)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
@@ -113,7 +118,8 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0
&& mackeylen != 0
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
- (int)mackeylen, mackey) <= 0) {
+ (int)mackeylen, mackey)
+ <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
@@ -123,7 +129,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
* different to that in ciph if we have an ENGINE in use
*/
if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
+ && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
/* ERR_raise already called */
return OSSL_RECORD_RETURN_FATAL;
}
@@ -165,8 +171,8 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/
static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
- size_t n_recs, int sending, SSL_MAC_BUF *macs,
- size_t macsize)
+ size_t n_recs, int sending, SSL_MAC_BUF *macs,
+ size_t macsize)
{
EVP_CIPHER_CTX *ds;
size_t reclen[SSL_MAX_PIPELINES];
@@ -213,7 +219,8 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(rl->libctx, recs[ctr].input,
- ivlen, 0) <= 0) {
+ ivlen, 0)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -236,7 +243,8 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
if (n_recs > 1) {
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_PIPELINE) == 0) {
+ & EVP_CIPH_FLAG_PIPELINE)
+ == 0) {
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
@@ -249,7 +257,8 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
reclen[ctr] = recs[ctr].length;
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
+ & EVP_CIPH_FLAG_AEAD_CIPHER)
+ != 0) {
unsigned char *seq;
seq = rl->sequence;
@@ -274,7 +283,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);
buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
- EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+ EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
if (pad <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@@ -318,7 +327,8 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
data[ctr] = recs[ctr].data;
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
- (int)n_recs, data) <= 0) {
+ (int)n_recs, data)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE);
return 0;
}
@@ -327,9 +337,11 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
data[ctr] = recs[ctr].input;
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
- (int)n_recs, data) <= 0
+ (int)n_recs, data)
+ <= 0
|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
- (int)n_recs, reclen) <= 0) {
+ (int)n_recs, reclen)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE);
return 0;
}
@@ -347,7 +359,8 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
decrement_seq = 1;
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq,
- rl->sequence) <= 0) {
+ rl->sequence)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@@ -364,7 +377,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
}
if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input,
- (unsigned int)reclen[0]))
+ (unsigned int)reclen[0]))
return 0;
recs[0].length = outlen;
@@ -394,14 +407,14 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
macs[0].alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
- (void **)&macs[0].mac,
- macsize);
+ (void **)&macs[0].mac,
+ macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
/* Shouldn't normally happen */
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
- ERR_R_INTERNAL_ERROR);
+ ERR_R_INTERNAL_ERROR);
return 0;
}
}
@@ -410,11 +423,12 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
/* Legacy cipher */
tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
- (unsigned int)reclen[0]);
+ (unsigned int)reclen[0]);
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
- ? (tmpr < 0)
- : (tmpr == 0)) {
+ & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+ != 0
+ ? (tmpr < 0)
+ : (tmpr == 0)) {
/* AEAD can fail to verify MAC */
return 0;
}
@@ -444,16 +458,17 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
* with a random MAC if padding is invalid
*/
if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length,
- recs[ctr].orig_len,
- recs[ctr].data,
- (macs != NULL) ? &macs[ctr].mac : NULL,
- (macs != NULL) ? &macs[ctr].alloced
- : NULL,
- bs,
- pad ? (size_t)pad : macsize,
- (EVP_CIPHER_get_flags(enc)
- & EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
- rl->libctx))
+ recs[ctr].orig_len,
+ recs[ctr].data,
+ (macs != NULL) ? &macs[ctr].mac : NULL,
+ (macs != NULL) ? &macs[ctr].alloced
+ : NULL,
+ bs,
+ pad ? (size_t)pad : macsize,
+ (EVP_CIPHER_get_flags(enc)
+ & EVP_CIPH_FLAG_AEAD_CIPHER)
+ != 0,
+ rl->libctx))
return 0;
}
}
@@ -462,7 +477,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
}
static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md,
- int sending)
+ int sending)
{
unsigned char *seq = rl->sequence;
EVP_MD_CTX *hash;
@@ -490,8 +505,8 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
}
if (!rl->isdtls
- && rl->tlstree
- && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0)
+ && rl->tlstree
+ && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0)
goto end;
if (rl->isdtls) {
@@ -517,11 +532,11 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
*p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE,
- &rec->orig_len);
+ &rec->orig_len);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx),
- tls_hmac_params))
+ tls_hmac_params))
goto end;
}
@@ -530,65 +545,69 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0)
goto end;
- OSSL_TRACE_BEGIN(TLS) {
+ OSSL_TRACE_BEGIN(TLS)
+ {
BIO_printf(trc_out, "seq:\n");
BIO_dump_indent(trc_out, seq, 8, 4);
BIO_printf(trc_out, "rec:\n");
BIO_dump_indent(trc_out, rec->data, rec->length, 4);
- } OSSL_TRACE_END(TLS);
+ }
+ OSSL_TRACE_END(TLS);
if (!rl->isdtls && !tls_increment_sequence_ctr(rl)) {
/* RLAYERfatal already called */
goto end;
}
- OSSL_TRACE_BEGIN(TLS) {
+ OSSL_TRACE_BEGIN(TLS)
+ {
BIO_printf(trc_out, "md:\n");
BIO_dump_indent(trc_out, md, md_size, 4);
- } OSSL_TRACE_END(TLS);
+ }
+ OSSL_TRACE_END(TLS);
ret = 1;
- end:
+end:
EVP_MD_CTX_free(hmac);
return ret;
}
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
-# ifndef OPENSSL_NO_COMP
-# define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
- + SSL3_RT_HEADER_LENGTH \
- + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-# else
-# define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
- + SSL3_RT_HEADER_LENGTH)
-# endif /* OPENSSL_NO_COMP */
+#ifndef OPENSSL_NO_COMP
+#define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+ + SSL3_RT_HEADER_LENGTH \
+ + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+#else
+#define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+ + SSL3_RT_HEADER_LENGTH)
+#endif /* OPENSSL_NO_COMP */
+#else
+#ifndef OPENSSL_NO_COMP
+#define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+ + SSL3_RT_HEADER_LENGTH \
+ + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
#else
-# ifndef OPENSSL_NO_COMP
-# define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
- + SSL3_RT_HEADER_LENGTH \
- + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-# else
-# define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
- + SSL3_RT_HEADER_LENGTH)
-# endif /* OPENSSL_NO_COMP */
+#define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+ + SSL3_RT_HEADER_LENGTH)
+#endif /* OPENSSL_NO_COMP */
#endif
/* This function is also used by the SSLv3 implementation */
int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl, size_t *prefix)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl, size_t *prefix)
{
/* Do we need to add an empty record prefix? */
*prefix = rl->need_empty_fragments
- && templates[0].type == SSL3_RT_APPLICATION_DATA;
+ && templates[0].type == SSL3_RT_APPLICATION_DATA;
/*
* In the prefix case we can allocate a much smaller buffer. Otherwise we
* just allocate the default buffer size
*/
if (!tls_setup_write_buffer(rl, numtempl + *prefix,
- *prefix ? MAX_PREFIX_LEN : 0, 0)) {
+ *prefix ? MAX_PREFIX_LEN : 0, 0)) {
/* RLAYERfatal() already called */
return 0;
}
@@ -598,12 +617,12 @@ int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
/* This function is also used by the SSLv3 implementation */
int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited)
{
size_t align = 0;
TLS_BUFFER *wb;
@@ -611,7 +630,7 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
/* Do we need to add an empty record prefix? */
prefix = rl->need_empty_fragments
- && templates[0].type == SSL3_RT_APPLICATION_DATA;
+ && templates[0].type == SSL3_RT_APPLICATION_DATA;
if (prefix) {
/*
@@ -628,12 +647,12 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
align = (size_t)TLS_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
align = SSL3_ALIGN_PAYLOAD - 1
- - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+ - ((align - 1) % SSL3_ALIGN_PAYLOAD);
#endif
TLS_BUFFER_set_offset(wb, align);
if (!WPACKET_init_static_len(&pkt[0], TLS_BUFFER_get_buf(wb),
- TLS_BUFFER_get_len(wb), 0)) {
+ TLS_BUFFER_get_len(wb), 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -645,9 +664,9 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
}
return tls_initialise_write_packets_default(rl, templates, numtempl,
- NULL,
- pkt + prefix, bufs + prefix,
- wpinited);
+ NULL,
+ pkt + prefix, bufs + prefix,
+ wpinited);
}
/* TLSv1.0, TLSv1.1 and TLSv1.2 all use the same funcs */
diff --git a/crypto/openssl/ssl/record/methods/tls_common.c b/crypto/openssl/ssl/record/methods/tls_common.c
index b9c79099462d..bf035b13d54f 100644
--- a/crypto/openssl/ssl/record/methods/tls_common.c
+++ b/crypto/openssl/ssl/record/methods/tls_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,13 +40,13 @@ static void TLS_RL_RECORD_release(TLS_RL_RECORD *r, size_t num_recs)
}
void ossl_tls_rl_record_set_seq_num(TLS_RL_RECORD *r,
- const unsigned char *seq_num)
+ const unsigned char *seq_num)
{
memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
}
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
- const char *fmt, ...)
+ const char *fmt, ...)
{
va_list args;
@@ -58,9 +58,9 @@ void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
}
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
- EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *ciph,
- const EVP_MD *md)
+ EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER *ciph,
+ const EVP_MD *md)
{
/*
* Provided cipher, the TLS padding/MAC removal is performed provider
@@ -71,15 +71,15 @@ int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
int imacsize = -1;
if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
- && !rl->use_etm)
+ && !rl->use_etm)
imacsize = EVP_MD_get_size(md);
if (imacsize > 0)
macsize = (size_t)imacsize;
*pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
- &rl->version);
+ &rl->version);
*pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE,
- &macsize);
+ &macsize);
*pprm = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
@@ -116,7 +116,7 @@ static int tls_allow_compression(OSSL_RECORD_LAYER *rl)
return 0;
return rl->security == NULL
- || rl->security(rl->cbarg, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+ || rl->security(rl->cbarg, SSL_SECOP_COMPRESSION, 0, 0, NULL);
}
#endif
@@ -140,7 +140,7 @@ static void tls_release_write_buffer_int(OSSL_RECORD_LAYER *rl, size_t start)
}
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
- size_t firstlen, size_t nextlen)
+ size_t firstlen, size_t nextlen)
{
unsigned char *p;
size_t maxalign = 0, headerlen;
@@ -164,7 +164,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
#endif
defltlen = maxalign + headerlen + rl->eivlen + rl->max_frag_len
- + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+ + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
#ifndef OPENSSL_NO_COMP
if (tls_allow_compression(rl))
defltlen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
@@ -188,7 +188,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
if (thiswb->len != len) {
OPENSSL_free(thiswb->buf);
- thiswb->buf = NULL; /* force reallocation */
+ thiswb->buf = NULL; /* force reallocation */
}
p = thiswb->buf;
@@ -245,7 +245,7 @@ int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl)
if (b->buf == NULL) {
len = rl->max_frag_len
- + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + maxalign;
+ + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + maxalign;
#ifndef OPENSSL_NO_COMP
if (tls_allow_compression(rl))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
@@ -292,7 +292,7 @@ static int tls_release_read_buffer(OSSL_RECORD_LAYER *rl)
* Return values are as per SSL_read()
*/
int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
- int clearold, size_t *readbytes)
+ int clearold, size_t *readbytes)
{
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
@@ -443,7 +443,7 @@ int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
*/
if (rl->isdtls) {
if (n > left)
- n = left; /* makes the while condition false */
+ n = left; /* makes the while condition false */
}
}
@@ -495,13 +495,13 @@ static int tls_record_app_data_waiting(OSSL_RECORD_LAYER *rl)
}
static int rlayer_early_data_count_ok(OSSL_RECORD_LAYER *rl, size_t length,
- size_t overhead, int send)
+ size_t overhead, int send)
{
uint32_t max_early_data = rl->max_early_data;
if (max_early_data == 0) {
RLAYERfatal(rl, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
+ SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
@@ -510,7 +510,7 @@ static int rlayer_early_data_count_ok(OSSL_RECORD_LAYER *rl, size_t length,
if (rl->early_data_count + length > max_early_data) {
RLAYERfatal(rl, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
+ SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
rl->early_data_count += length;
@@ -526,7 +526,7 @@ static int rlayer_early_data_count_ok(OSSL_RECORD_LAYER *rl, size_t length,
*/
#define MAX_EMPTY_RECORDS 32
-#define SSL2_RT_HEADER_LENGTH 2
+#define SSL2_RT_HEADER_LENGTH 2
/*-
* Call this to buffer new input records in rl->rrec.
@@ -575,14 +575,13 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
thisrr = &rr[num_recs];
/* check if we have the header */
- if ((rl->rstate != SSL_ST_READ_BODY) ||
- (rl->packet_length < SSL3_RT_HEADER_LENGTH)) {
+ if ((rl->rstate != SSL_ST_READ_BODY) || (rl->packet_length < SSL3_RT_HEADER_LENGTH)) {
size_t sslv2len;
unsigned int type;
rret = rl->funcs->read_n(rl, SSL3_RT_HEADER_LENGTH,
- TLS_BUFFER_get_len(rbuf), 0,
- num_recs == 0 ? 1 : 0, &n);
+ TLS_BUFFER_get_len(rbuf), 0,
+ num_recs == 0 ? 1 : 0, &n);
if (rret < OSSL_RECORD_RETURN_SUCCESS)
return rret; /* error or non-blocking */
@@ -596,7 +595,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
}
sslv2pkt = pkt;
if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
- || !PACKET_get_1(&sslv2pkt, &type)) {
+ || !PACKET_get_1(&sslv2pkt, &type)) {
RLAYERfatal(rl, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
@@ -604,9 +603,9 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
* The first record received by the server may be a V2ClientHello.
*/
if (rl->role == OSSL_RECORD_ROLE_SERVER
- && rl->is_first_record
- && (sslv2len & 0x8000) != 0
- && (type == SSL2_MT_CLIENT_HELLO)) {
+ && rl->is_first_record
+ && (sslv2len & 0x8000) != 0
+ && (type == SSL2_MT_CLIENT_HELLO)) {
/*
* SSLv2 style record
*
@@ -621,10 +620,15 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
thisrr->length = sslv2len & 0x7fff;
+ if (!rl->funcs->validate_record_header(rl, thisrr)) {
+ /* RLAYERfatal already called */
+ return OSSL_RECORD_RETURN_FATAL;
+ }
+
if (thisrr->length > TLS_BUFFER_get_len(rbuf)
- - SSL2_RT_HEADER_LENGTH) {
+ - SSL2_RT_HEADER_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_PACKET_LENGTH_TOO_LONG);
+ SSL_R_PACKET_LENGTH_TOO_LONG);
return OSSL_RECORD_RETURN_FATAL;
}
} else {
@@ -632,8 +636,8 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
/* Pull apart the header into the TLS_RL_RECORD */
if (!PACKET_get_1(&pkt, &type)
- || !PACKET_get_net_2(&pkt, &version)
- || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
+ || !PACKET_get_net_2(&pkt, &version)
+ || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
if (rl->msg_callback != NULL)
rl->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, rl->cbarg);
RLAYERfatal(rl, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
@@ -650,24 +654,23 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
*/
if (thisrr->rec_version == SSL2_VERSION) {
RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
return OSSL_RECORD_RETURN_FATAL;
}
if (rl->msg_callback != NULL)
rl->msg_callback(0, version, SSL3_RT_HEADER, p, 5, rl->cbarg);
- if (thisrr->length >
- TLS_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
- RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_PACKET_LENGTH_TOO_LONG);
+ if (!rl->funcs->validate_record_header(rl, thisrr)) {
+ /* RLAYERfatal already called */
return OSSL_RECORD_RETURN_FATAL;
}
- }
- if (!rl->funcs->validate_record_header(rl, thisrr)) {
- /* RLAYERfatal already called */
- return OSSL_RECORD_RETURN_FATAL;
+ if (thisrr->length > TLS_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
+ RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
+ SSL_R_PACKET_LENGTH_TOO_LONG);
+ return OSSL_RECORD_RETURN_FATAL;
+ }
}
/* now rl->rstate == SSL_ST_READ_BODY */
@@ -679,7 +682,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
*/
if (thisrr->rec_version == SSL2_VERSION) {
more = thisrr->length + SSL2_RT_HEADER_LENGTH
- - SSL3_RT_HEADER_LENGTH;
+ - SSL3_RT_HEADER_LENGTH;
} else {
more = thisrr->length;
}
@@ -689,7 +692,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
rret = rl->funcs->read_n(rl, more, more, 1, 0, &n);
if (rret < OSSL_RECORD_RETURN_SUCCESS)
- return rret; /* error or non-blocking io */
+ return rret; /* error or non-blocking io */
}
/* set state for later operations */
@@ -728,24 +731,25 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
rl->packet_length = 0;
rl->is_first_record = 0;
} while (num_recs < max_recs
- && thisrr->type == SSL3_RT_APPLICATION_DATA
- && RLAYER_USE_EXPLICIT_IV(rl)
- && rl->enc_ctx != NULL
- && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
- & EVP_CIPH_FLAG_PIPELINE) != 0
- && tls_record_app_data_waiting(rl));
+ && thisrr->type == SSL3_RT_APPLICATION_DATA
+ && RLAYER_USE_EXPLICIT_IV(rl)
+ && rl->enc_ctx != NULL
+ && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
+ & EVP_CIPH_FLAG_PIPELINE)
+ != 0
+ && tls_record_app_data_waiting(rl));
if (num_recs == 1
- && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
- /* The following can happen in tlsany_meth after HRR */
- && rl->version == TLS1_3_VERSION
- && rl->is_first_handshake) {
+ && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
+ /* The following can happen in tlsany_meth after HRR */
+ && rl->version == TLS1_3_VERSION
+ && rl->is_first_handshake) {
/*
* CCS messages must be exactly 1 byte long, containing the value 0x01
*/
if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_INVALID_CCS_MESSAGE);
+ SSL_R_INVALID_CCS_MESSAGE);
return OSSL_RECORD_RETURN_FATAL;
}
/*
@@ -754,11 +758,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
*/
if (rl->msg_callback != NULL)
rl->msg_callback(0, TLS1_3_VERSION, SSL3_RT_CHANGE_CIPHER_SPEC,
- thisrr->data, 1, rl->cbarg);
+ thisrr->data, 1, rl->cbarg);
thisrr->type = SSL3_RT_HANDSHAKE;
if (++(rl->empty_record_count) > MAX_EMPTY_RECORDS) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_UNEXPECTED_CCS_MESSAGE);
+ SSL_R_UNEXPECTED_CCS_MESSAGE);
return OSSL_RECORD_RETURN_FATAL;
}
rl->num_recs = 0;
@@ -800,7 +804,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
i = rl->funcs->mac(rl, thisrr, md, 0 /* not send */);
if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
return OSSL_RECORD_RETURN_FATAL;
}
}
@@ -835,8 +839,8 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
goto end;
}
if (num_recs == 1
- && rl->skip_early_data != NULL
- && rl->skip_early_data(rl->cbarg)) {
+ && rl->skip_early_data != NULL
+ && rl->skip_early_data(rl->cbarg)) {
/*
* Valid early_data that we cannot decrypt will fail here. We treat
* it like an empty record.
@@ -851,7 +855,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
thisrr = &rr[0];
if (!rlayer_early_data_count_ok(rl, thisrr->length,
- EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+ EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
/* RLAYERfatal() already called */
goto end;
}
@@ -867,20 +871,22 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
}
ERR_clear_last_mark();
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto end;
} else {
ERR_clear_last_mark();
}
- OSSL_TRACE_BEGIN(TLS) {
+ OSSL_TRACE_BEGIN(TLS)
+ {
BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length);
BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4);
- } OSSL_TRACE_END(TLS);
+ }
+ OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
if (rl->enc_ctx != NULL
- && !rl->use_etm
- && EVP_MD_CTX_get0_md(rl->md_ctx) != NULL) {
+ && !rl->use_etm
+ && EVP_MD_CTX_get0_md(rl->md_ctx) != NULL) {
for (j = 0; j < num_recs; j++) {
SSL_MAC_BUF *thismb = &macbufs[j];
@@ -893,8 +899,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = 0;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- if (enc_err == 0 && mac_size > 0 && thismb != NULL &&
- thismb->mac != NULL && (md[0] ^ thismb->mac[0]) != 0xFF) {
+ if (enc_err == 0 && mac_size > 0 && thismb != NULL && thismb->mac != NULL && (md[0] ^ thismb->mac[0]) != 0xFF) {
enc_err = 1;
}
#endif
@@ -914,7 +919,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
* visible to an attacker (e.g. via a logfile)
*/
RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
goto end;
}
@@ -937,7 +942,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
* be > SSL3_RT_MAX_PLAIN_LENGTH (and rl->max_frag_len must be ignored)
*/
if (rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH
- && thisrr->length > rl->max_frag_len) {
+ && thisrr->length > rl->max_frag_len) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
goto end;
}
@@ -955,7 +960,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
if (thisrr->length == 0) {
if (++(rl->empty_record_count) > MAX_EMPTY_RECORDS) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_RECORD_TOO_SMALL);
+ SSL_R_RECORD_TOO_SMALL);
goto end;
}
} else {
@@ -966,7 +971,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
if (rl->level == OSSL_RECORD_PROTECTION_LEVEL_EARLY) {
thisrr = &rr[0];
if (thisrr->type == SSL3_RT_APPLICATION_DATA
- && !rlayer_early_data_count_ok(rl, thisrr->length, 0, 0)) {
+ && !rlayer_early_data_count_ok(rl, thisrr->length, 0, 0)) {
/* RLAYERfatal already called */
goto end;
}
@@ -976,7 +981,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
rl->curr_rec = 0;
rl->num_released = 0;
ret = OSSL_RECORD_RETURN_SUCCESS;
- end:
+end:
if (macbufs != NULL) {
for (j = 0; j < num_recs; j++) {
if (macbufs[j].alloced)
@@ -1008,7 +1013,7 @@ int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec
if (rec->length > len) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
return 0;
}
@@ -1021,8 +1026,8 @@ int tls_do_compress(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *wr)
int i;
i = COMP_compress_block(rl->compctx, wr->data,
- (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
- wr->input, (int)wr->length);
+ (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
+ wr->input, (int)wr->length);
if (i < 0)
return 0;
@@ -1047,7 +1052,7 @@ int tls_do_uncompress(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
return 0;
i = COMP_expand_block(rl->compctx, rec->comp, SSL3_RT_MAX_PLAIN_LENGTH,
- rec->data, (int)rec->length);
+ rec->data, (int)rec->length);
if (i < 0)
return 0;
else
@@ -1065,12 +1070,12 @@ int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
if (rl->compctx != NULL) {
if (rec->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
- SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
return 0;
}
if (!tls_do_uncompress(rl, rec)) {
RLAYERfatal(rl, SSL_AD_DECOMPRESSION_FAILURE,
- SSL_R_BAD_DECOMPRESSION);
+ SSL_R_BAD_DECOMPRESSION);
return 0;
}
}
@@ -1087,8 +1092,8 @@ int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
{
if (rec->type != SSL3_RT_APPLICATION_DATA
- && rec->type != SSL3_RT_ALERT
- && rec->type != SSL3_RT_HANDSHAKE) {
+ && rec->type != SSL3_RT_ALERT
+ && rec->type != SSL3_RT_HANDSHAKE) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE);
return 0;
}
@@ -1097,7 +1102,7 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
unsigned char ctype = (unsigned char)rec->type;
rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype,
- 1, rl->cbarg);
+ 1, rl->cbarg);
}
/*
@@ -1105,7 +1110,7 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
* length.
*/
if ((rec->type == SSL3_RT_HANDSHAKE || rec->type == SSL3_RT_ALERT)
- && rec->length == 0) {
+ && rec->length == 0) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_LENGTH);
return 0;
}
@@ -1114,8 +1119,8 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
}
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
- uint8_t *type, const unsigned char **data, size_t *datalen,
- uint16_t *epoch, unsigned char *seq_num)
+ uint8_t *type, const unsigned char **data, size_t *datalen,
+ uint16_t *epoch, unsigned char *seq_num)
{
TLS_RL_RECORD *rec;
@@ -1163,7 +1168,7 @@ int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length)
TLS_RL_RECORD *rec = &rl->rrec[rl->num_released];
if (!ossl_assert(rl->num_released < rl->curr_rec)
- || !ossl_assert(rechandle == rec)) {
+ || !ossl_assert(rechandle == rec)) {
/* Should not happen */
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_INVALID_RECORD);
return OSSL_RECORD_RETURN_FATAL;
@@ -1187,8 +1192,8 @@ int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length)
rl->num_released++;
if (rl->curr_rec == rl->num_released
- && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0
- && TLS_BUFFER_get_left(&rl->rbuf) == 0)
+ && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0
+ && TLS_BUFFER_get_left(&rl->rbuf) == 0)
tls_release_read_buffer(rl);
return OSSL_RECORD_RETURN_SUCCESS;
@@ -1212,20 +1217,20 @@ int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options)
if (rl->direction == OSSL_RECORD_DIRECTION_READ) {
p = OSSL_PARAM_locate_const(options,
- OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN);
+ OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN);
if (p != NULL && !OSSL_PARAM_get_size_t(p, &rl->rbuf.default_len)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
return 0;
}
} else {
p = OSSL_PARAM_locate_const(options,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING);
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING);
if (p != NULL && !OSSL_PARAM_get_size_t(p, &rl->block_padding)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
return 0;
}
p = OSSL_PARAM_locate_const(options,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING);
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING);
if (p != NULL && !OSSL_PARAM_get_size_t(p, &rl->hs_padding)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
return 0;
@@ -1240,7 +1245,7 @@ int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options)
* we don't support that at this stage.
*/
p = OSSL_PARAM_locate_const(options,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
if (p != NULL && !OSSL_PARAM_get_int(p, &rl->read_ahead)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
return 0;
@@ -1250,15 +1255,14 @@ int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options)
return 1;
}
-int
-tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level,
- const EVP_CIPHER *ciph, size_t taglen,
- const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
- BIO *transport, BIO *next, const OSSL_PARAM *settings,
- const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg,
- OSSL_RECORD_LAYER **retrl)
+int tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
+ int role, int direction, int level,
+ const EVP_CIPHER *ciph, size_t taglen,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
+ BIO *transport, BIO *next, const OSSL_PARAM *settings,
+ const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg,
+ OSSL_RECORD_LAYER **retrl)
{
OSSL_RECORD_LAYER *rl = OPENSSL_zalloc(sizeof(*rl));
const OSSL_PARAM *p;
@@ -1283,25 +1287,29 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
goto err;
}
} else if (strcmp(p->key,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN)
+ == 0) {
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA)
+ == 0) {
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC)
+ == 0) {
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE)
+ == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
@@ -1368,9 +1376,9 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0
- && rl->version <= TLS1_VERSION
- && !EVP_CIPHER_is_a(ciph, "NULL")
- && !EVP_CIPHER_is_a(ciph, "RC4")) {
+ && rl->version <= TLS1_VERSION
+ && !EVP_CIPHER_is_a(ciph, "NULL")
+ && !EVP_CIPHER_is_a(ciph, "RC4")) {
/*
* Enable vulnerability countermeasure for CBC ciphers with known-IV
* problem (http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -1380,32 +1388,32 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
*retrl = rl;
return OSSL_RECORD_RETURN_SUCCESS;
- err:
+err:
tls_int_free(rl);
return OSSL_RECORD_RETURN_FATAL;
}
static int
tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
- int role, int direction, int level, uint16_t epoch,
- unsigned char *secret, size_t secretlen,
- unsigned char *key, size_t keylen, unsigned char *iv,
- size_t ivlen, unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph, size_t taglen,
- int mactype,
- const EVP_MD *md, COMP_METHOD *comp,
- const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
- BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
- const OSSL_PARAM *settings, const OSSL_PARAM *options,
- const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
- OSSL_RECORD_LAYER **retrl)
+ int role, int direction, int level, uint16_t epoch,
+ unsigned char *secret, size_t secretlen,
+ unsigned char *key, size_t keylen, unsigned char *iv,
+ size_t ivlen, unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph, size_t taglen,
+ int mactype,
+ const EVP_MD *md, COMP_METHOD *comp,
+ const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
+ BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
+ const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
+ OSSL_RECORD_LAYER **retrl)
{
int ret;
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
- ciph, taglen, md, comp, prev,
- transport, next, settings,
- options, fns, cbarg, retrl);
+ ciph, taglen, md, comp, prev,
+ transport, next, settings,
+ options, fns, cbarg, retrl);
if (ret != OSSL_RECORD_RETURN_SUCCESS)
return ret;
@@ -1433,10 +1441,10 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
- err:
+err:
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
tls_int_free(*retrl);
*retrl = NULL;
@@ -1517,18 +1525,19 @@ size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl)
}
size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, uint8_t type,
- size_t len,
- size_t maxfrag, size_t *preffrag)
+ size_t len,
+ size_t maxfrag, size_t *preffrag)
{
/*
* If we have a pipeline capable cipher, and we have been configured to use
* it, then return the preferred number of pipelines.
*/
if (rl->max_pipelines > 0
- && rl->enc_ctx != NULL
- && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
- & EVP_CIPH_FLAG_PIPELINE) != 0
- && RLAYER_USE_EXPLICIT_IV(rl)) {
+ && rl->enc_ctx != NULL
+ && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
+ & EVP_CIPH_FLAG_PIPELINE)
+ != 0
+ && RLAYER_USE_EXPLICIT_IV(rl)) {
size_t pipes;
if (len == 0)
@@ -1542,15 +1551,15 @@ size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, uint8_t type,
}
size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len,
- size_t maxfrag, size_t *preffrag)
+ size_t maxfrag, size_t *preffrag)
{
return rl->funcs->get_max_records(rl, type, len, maxfrag, preffrag);
}
int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- size_t *prefix)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ size_t *prefix)
{
if (!tls_setup_write_buffer(rl, numtempl, 0, 0)) {
/* RLAYERfatal() already called */
@@ -1561,12 +1570,12 @@ int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
}
int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl,
- OSSL_RECORD_TEMPLATE *prefixtempl,
- WPACKET *pkt,
- TLS_BUFFER *bufs,
- size_t *wpinited)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl,
+ OSSL_RECORD_TEMPLATE *prefixtempl,
+ WPACKET *pkt,
+ TLS_BUFFER *bufs,
+ size_t *wpinited)
{
WPACKET *thispkt;
size_t j, align;
@@ -1582,12 +1591,12 @@ int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
align = (size_t)TLS_BUFFER_get_buf(wb);
align += rl->isdtls ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH;
align = SSL3_ALIGN_PAYLOAD - 1
- - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+ - ((align - 1) % SSL3_ALIGN_PAYLOAD);
#endif
TLS_BUFFER_set_offset(wb, align);
if (!WPACKET_init_static_len(thispkt, TLS_BUFFER_get_buf(wb),
- TLS_BUFFER_get_len(wb), 0)) {
+ TLS_BUFFER_get_len(wb), 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1602,10 +1611,10 @@ int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
}
int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
- WPACKET *thispkt,
- OSSL_RECORD_TEMPLATE *templ,
- uint8_t rectype,
- unsigned char **recdata)
+ WPACKET *thispkt,
+ OSSL_RECORD_TEMPLATE *templ,
+ uint8_t rectype,
+ unsigned char **recdata)
{
size_t maxcomplen;
@@ -1616,13 +1625,13 @@ int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
if (!WPACKET_put_bytes_u8(thispkt, rectype)
- || !WPACKET_put_bytes_u16(thispkt, templ->version)
- || !WPACKET_start_sub_packet_u16(thispkt)
- || (rl->eivlen > 0
- && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
- || (maxcomplen > 0
- && !WPACKET_reserve_bytes(thispkt, maxcomplen,
- recdata))) {
+ || !WPACKET_put_bytes_u16(thispkt, templ->version)
+ || !WPACKET_start_sub_packet_u16(thispkt)
+ || (rl->eivlen > 0
+ && !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
+ || (maxcomplen > 0
+ && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+ recdata))) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1631,9 +1640,9 @@ int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
}
int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
size_t len;
unsigned char *recordstart;
@@ -1648,7 +1657,7 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
- || !rl->funcs->mac(rl, thiswr, mac, 1)) {
+ || !rl->funcs->mac(rl, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1660,13 +1669,12 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
* max encrypted overhead does not need to include an allocation for that
* MAC
*/
- if (!WPACKET_reserve_bytes(thispkt, SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
- - mac_size, NULL)
- /*
- * We also need next the amount of bytes written to this
- * sub-packet
- */
- || !WPACKET_get_length(thispkt, &len)) {
+ if (!WPACKET_reserve_bytes(thispkt, SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - mac_size, NULL)
+ /*
+ * We also need next the amount of bytes written to this
+ * sub-packet
+ */
+ || !WPACKET_get_length(thispkt, &len)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1681,10 +1689,10 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
}
int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- OSSL_RECORD_TEMPLATE *thistempl,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ OSSL_RECORD_TEMPLATE *thistempl,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
size_t origlen, len;
size_t headerlen = rl->isdtls ? DTLS1_RT_HEADER_LENGTH
@@ -1692,15 +1700,16 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
/* Allocate bytes for the encryption overhead */
if (!WPACKET_get_length(thispkt, &origlen)
- /* Check we allowed enough room for the encryption growth */
- || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
- - mac_size >= thiswr->length)
- /* Encryption should never shrink the data! */
- || origlen > thiswr->length
- || (thiswr->length > origlen
- && !WPACKET_allocate_bytes(thispkt,
- thiswr->length - origlen,
- NULL))) {
+ /* Check we allowed enough room for the encryption growth */
+ || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size
+ >= thiswr->length)
+ /* Encryption should never shrink the data! */
+ || origlen > thiswr->length
+ || (thiswr->length > origlen
+ && !WPACKET_allocate_bytes(thispkt,
+ thiswr->length - origlen,
+ NULL))) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1708,7 +1717,7 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
- || !rl->funcs->mac(rl, thiswr, mac, 1)) {
+ || !rl->funcs->mac(rl, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1717,7 +1726,7 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
}
if (!WPACKET_get_length(thispkt, &len)
- || !WPACKET_close(thispkt)) {
+ || !WPACKET_close(thispkt)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1727,13 +1736,13 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
recordstart = WPACKET_get_curr(thispkt) - len - headerlen;
rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
- headerlen, rl->cbarg);
+ headerlen, rl->cbarg);
if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) {
unsigned char ctype = thistempl->type;
rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
- &ctype, 1, rl->cbarg);
+ &ctype, 1, rl->cbarg);
}
}
@@ -1748,8 +1757,8 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
}
int tls_write_records_default(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl)
{
WPACKET pkt[SSL_MAX_PIPELINES + 1];
TLS_RL_RECORD wr[SSL_MAX_PIPELINES + 1];
@@ -1775,8 +1784,8 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
}
if (!rl->funcs->initialise_write_packets(rl, templates, numtempl,
- &prefixtempl, pkt, rl->wbuf,
- &wpinited)) {
+ &prefixtempl, pkt, rl->wbuf,
+ &wpinited)) {
/* RLAYERfatal() already called */
goto err;
}
@@ -1804,7 +1813,7 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
TLS_RL_RECORD_set_rec_version(thiswr, thistempl->version);
if (!rl->funcs->prepare_record_header(rl, thispkt, thistempl, rectype,
- &compressdata)) {
+ &compressdata)) {
/* RLAYERfatal() already called */
goto err;
}
@@ -1823,7 +1832,7 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
/* first we compress */
if (rl->compctx != NULL) {
if (!tls_do_compress(rl, thiswr)
- || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
+ || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
goto err;
}
@@ -1836,8 +1845,8 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
}
if (rl->funcs->add_record_padding != NULL
- && !rl->funcs->add_record_padding(rl, thistempl, thispkt,
- thiswr)) {
+ && !rl->funcs->add_record_padding(rl, thistempl, thispkt,
+ thiswr)) {
/* RLAYERfatal() already called */
goto err;
}
@@ -1870,7 +1879,7 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
thistempl = (j < prefix) ? &prefixtempl : &templates[j - prefix];
if (!rl->funcs->post_encryption_processing(rl, mac_size, thistempl,
- thispkt, thiswr)) {
+ thispkt, thiswr)) {
/* RLAYERfatal() already called */
goto err;
}
@@ -1880,18 +1889,18 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
}
ret = 1;
- err:
+err:
for (j = 0; j < wpinited; j++)
WPACKET_cleanup(&pkt[j]);
return ret;
}
int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl)
+ size_t numtempl)
{
/* Check we don't have pending data waiting to write */
if (!ossl_assert(rl->nextwbuf >= rl->numwpipes
- || TLS_BUFFER_get_left(&rl->wbuf[rl->nextwbuf]) == 0)) {
+ || TLS_BUFFER_get_left(&rl->wbuf[rl->nextwbuf]) == 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return OSSL_RECORD_RETURN_FATAL;
}
@@ -1925,10 +1934,8 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
if (ret != OSSL_RECORD_RETURN_SUCCESS)
return ret;
}
- i = BIO_write(rl->bio, (char *)
- &(TLS_BUFFER_get_buf(thiswb)
- [TLS_BUFFER_get_offset(thiswb)]),
- (unsigned int)TLS_BUFFER_get_left(thiswb));
+ i = BIO_write(rl->bio, (char *)&(TLS_BUFFER_get_buf(thiswb)[TLS_BUFFER_get_offset(thiswb)]),
+ (unsigned int)TLS_BUFFER_get_left(thiswb));
if (i >= 0) {
tmpwrit = i;
if (i == 0 && BIO_should_retry(rl->bio))
@@ -1940,7 +1947,7 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
ret = OSSL_RECORD_RETURN_RETRY;
} else {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
- "tls_retry_write_records failure");
+ "tls_retry_write_records failure");
ret = OSSL_RECORD_RETURN_FATAL;
}
}
@@ -1964,7 +1971,7 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
continue;
if (rl->nextwbuf == rl->numwpipes
- && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)
+ && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)
tls_release_write_buffer(rl);
return OSSL_RECORD_RETURN_SUCCESS;
} else if (i <= 0) {
@@ -1975,9 +1982,8 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
*/
TLS_BUFFER_set_left(thiswb, 0);
if (++(rl->nextwbuf) == rl->numwpipes
- && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)
+ && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)
tls_release_write_buffer(rl);
-
}
return ret;
}
@@ -2033,7 +2039,7 @@ void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines)
}
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
- const char **longstr)
+ const char **longstr)
{
const char *shrt, *lng;
@@ -2138,8 +2144,8 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl)
* looks like real pending data and it is an error.
*/
if (rl->nextwbuf != 0
- || rl->numwpipes != 1
- || TLS_BUFFER_get_left(&rl->wbuf[0]) != 0)
+ || rl->numwpipes != 1
+ || TLS_BUFFER_get_left(&rl->wbuf[0]) != 0)
return 0;
}
tls_release_write_buffer(rl);
@@ -2150,9 +2156,9 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl)
/* If we have pending data to be read then fail */
if (rl->curr_rec < rl->num_recs
- || rl->curr_rec != rl->num_released
- || TLS_BUFFER_get_left(&rl->rbuf) != 0
- || rl->rstate == SSL_ST_READ_BODY)
+ || rl->curr_rec != rl->num_released
+ || TLS_BUFFER_get_left(&rl->rbuf) != 0
+ || rl->rstate == SSL_ST_READ_BODY)
return 0;
return tls_release_read_buffer(rl);
diff --git a/crypto/openssl/ssl/record/methods/tls_multib.c b/crypto/openssl/ssl/record/methods/tls_multib.c
index 3c2c30ef162a..e0a6dc6a579c 100644
--- a/crypto/openssl/ssl/record/methods/tls_multib.c
+++ b/crypto/openssl/ssl/record/methods/tls_multib.c
@@ -12,35 +12,33 @@
#include "recmethod_local.h"
#if defined(OPENSSL_SMALL_FOOTPRINT) \
- || !(defined(AES_ASM) && (defined(__x86_64) \
- || defined(__x86_64__) \
- || defined(_M_AMD64) \
- || defined(_M_X64)))
-# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+ || !(defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)))
+#undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
#endif
static int tls_is_multiblock_capable(OSSL_RECORD_LAYER *rl, uint8_t type,
- size_t len, size_t fraglen)
+ size_t len, size_t fraglen)
{
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
if (type == SSL3_RT_APPLICATION_DATA
- && len >= 4 * fraglen
- && rl->compctx == NULL
- && rl->msg_callback == NULL
- && !rl->use_etm
- && RLAYER_USE_EXPLICIT_IV(rl)
- && !BIO_get_ktls_send(rl->bio)
- && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
- & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0)
+ && len >= 4 * fraglen
+ && rl->compctx == NULL
+ && rl->msg_callback == NULL
+ && !rl->use_etm
+ && RLAYER_USE_EXPLICIT_IV(rl)
+ && !BIO_get_ktls_send(rl->bio)
+ && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
+ & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
+ != 0)
return 1;
#endif
return 0;
}
size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, uint8_t type,
- size_t len, size_t maxfrag,
- size_t *preffrag)
+ size_t len, size_t maxfrag,
+ size_t *preffrag)
{
if (tls_is_multiblock_capable(rl, type, len, *preffrag)) {
/* minimize address aliasing conflicts */
@@ -63,8 +61,8 @@ size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, uint8_t type,
* -1 on fatal error.
*/
static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl)
{
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
size_t i;
@@ -84,15 +82,15 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
*/
for (i = 1; i < numtempl; i++) {
if (templates[i - 1].type != templates[i].type
- || templates[i - 1].buflen != templates[i].buflen
- || templates[i - 1].buf + templates[i - 1].buflen
- != templates[i].buf)
+ || templates[i - 1].buflen != templates[i].buflen
+ || templates[i - 1].buf + templates[i - 1].buflen
+ != templates[i].buf)
return 0;
}
totlen = templates[0].buflen * numtempl;
if (!tls_is_multiblock_capable(rl, templates[0].type, totlen,
- templates[0].buflen))
+ templates[0].buflen))
return 0;
/*
@@ -109,8 +107,8 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
* buffer sizes will be spotted and the buffer reallocated.
*/
packlen = EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
- (int)templates[0].buflen, NULL);
+ EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+ (int)templates[0].buflen, NULL);
packlen *= numtempl;
if (!tls_setup_write_buffer(rl, 1, packlen, packlen)) {
/* RLAYERfatal() already called */
@@ -130,8 +128,8 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
mb_param.len = totlen;
packleni = EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
- sizeof(mb_param), &mb_param);
+ EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+ sizeof(mb_param), &mb_param);
packlen = (size_t)packleni;
if (packleni <= 0 || packlen > wb->len) { /* never happens */
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -143,8 +141,9 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
mb_param.len = totlen;
if (EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
- sizeof(mb_param), &mb_param) <= 0) {
+ EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+ sizeof(mb_param), &mb_param)
+ <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -152,21 +151,22 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
rl->sequence[7] += mb_param.interleave;
if (rl->sequence[7] < mb_param.interleave) {
int j = 6;
- while (j >= 0 && (++rl->sequence[j--]) == 0) ;
+ while (j >= 0 && (++rl->sequence[j--]) == 0)
+ ;
}
wb->offset = 0;
wb->left = packlen;
return 1;
-#else /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
+#else /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
return 0;
#endif
}
int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl,
- OSSL_RECORD_TEMPLATE *templates,
- size_t numtempl)
+ OSSL_RECORD_TEMPLATE *templates,
+ size_t numtempl)
{
int ret;
diff --git a/crypto/openssl/ssl/record/methods/tls_pad.c b/crypto/openssl/ssl/record/methods/tls_pad.c
index 23198f3a4935..8e92ae95109d 100644
--- a/crypto/openssl/ssl/record/methods/tls_pad.c
+++ b/crypto/openssl/ssl/record/methods/tls_pad.c
@@ -24,14 +24,14 @@
*/
static int ssl3_cbc_copy_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size,
- size_t mac_size,
- size_t good,
- OSSL_LIB_CTX *libctx);
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size,
+ size_t mac_size,
+ size_t good,
+ OSSL_LIB_CTX *libctx);
/*-
* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
@@ -51,16 +51,16 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
* MAC returned is random.
*/
int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size, size_t mac_size,
- OSSL_LIB_CTX *libctx)
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size, size_t mac_size,
+ OSSL_LIB_CTX *libctx)
{
size_t padding_length;
size_t good;
- const size_t overhead = 1 /* padding length byte */ + mac_size;
+ const size_t overhead = 1 /* padding length byte */ + mac_size;
/*
* These lengths are all public so we can test them in non-constant time.
@@ -75,7 +75,7 @@ int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
*reclen -= good & (padding_length + 1);
return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced,
- block_size, mac_size, good, libctx);
+ block_size, mac_size, good, libctx);
}
/*-
@@ -96,18 +96,18 @@ int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
* MAC returned is random.
*/
int tls1_cbc_remove_padding_and_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size, size_t mac_size,
- int aead,
- OSSL_LIB_CTX *libctx)
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size, size_t mac_size,
+ int aead,
+ OSSL_LIB_CTX *libctx)
{
size_t good = -1;
size_t padding_length, to_check, i;
size_t overhead = ((block_size == 1) ? 0 : 1) /* padding length byte */
- + mac_size;
+ + mac_size;
/*
* These lengths are all public so we can test them in non-constant
@@ -136,7 +136,7 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen,
* maximum amount of padding possible. (Again, the length of the record
* is public information so we can use it.)
*/
- to_check = 256; /* maximum amount of padding, inc length byte. */
+ to_check = 256; /* maximum amount of padding, inc length byte. */
if (to_check > *reclen)
to_check = *reclen;
@@ -159,7 +159,7 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen,
}
return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced,
- block_size, mac_size, good, libctx);
+ block_size, mac_size, good, libctx);
}
/*-
@@ -180,14 +180,14 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen,
#define CBC_MAC_ROTATE_IN_PLACE
static int ssl3_cbc_copy_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size,
- size_t mac_size,
- size_t good,
- OSSL_LIB_CTX *libctx)
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size,
+ size_t mac_size,
+ size_t good,
+ OSSL_LIB_CTX *libctx)
{
#if defined(CBC_MAC_ROTATE_IN_PLACE)
unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
@@ -214,7 +214,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
size_t rotate_offset;
if (!ossl_assert(origreclen >= mac_size
- && mac_size <= EVP_MAX_MD_SIZE))
+ && mac_size <= EVP_MAX_MD_SIZE))
return 0;
/* If no MAC then nothing to be done */
@@ -286,8 +286,8 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
/* If the padding wasn't good we emit a random MAC */
out[j++] = constant_time_select_8((unsigned char)(good & 0xff),
- aux3,
- randmac[i]);
+ aux3,
+ randmac[i]);
rotate_offset &= constant_time_lt_s(rotate_offset, mac_size);
}
#else
@@ -302,7 +302,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
/* If the padding wasn't good we emit a random MAC */
out[i] = constant_time_select_8((unsigned char)(good & 0xff), out[i],
- randmac[i]);
+ randmac[i]);
}
#endif
diff --git a/crypto/openssl/ssl/record/methods/tlsany_meth.c b/crypto/openssl/ssl/record/methods/tlsany_meth.c
index bbe873aaf516..996172543979 100644
--- a/crypto/openssl/ssl/record/methods/tlsany_meth.c
+++ b/crypto/openssl/ssl/record/methods/tlsany_meth.c
@@ -12,17 +12,17 @@
#include "../record_local.h"
#include "recmethod_local.h"
-#define MIN_SSL2_RECORD_LEN 9
+#define MIN_SSL2_RECORD_LEN 9
static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
- unsigned char *key, size_t keylen,
- unsigned char *iv, size_t ivlen,
- unsigned char *mackey, size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- int mactype,
- const EVP_MD *md,
- COMP_METHOD *comp)
+ unsigned char *key, size_t keylen,
+ unsigned char *iv, size_t ivlen,
+ unsigned char *mackey, size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ int mactype,
+ const EVP_MD *md,
+ COMP_METHOD *comp)
{
if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
@@ -35,8 +35,8 @@ static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
- size_t n_recs, int sending, SSL_MAC_BUF *macs,
- size_t macsize)
+ size_t n_recs, int sending, SSL_MAC_BUF *macs,
+ size_t macsize)
{
return 1;
}
@@ -64,29 +64,22 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
* we have.
*/
p = rl->packet;
- if (HAS_PREFIX((char *)p, "GET ") ||
- HAS_PREFIX((char *)p, "POST ") ||
- HAS_PREFIX((char *)p, "HEAD ") ||
- HAS_PREFIX((char *)p, "PATCH") ||
- HAS_PREFIX((char *)p, "OPTIO") ||
- HAS_PREFIX((char *)p, "DELET") ||
- HAS_PREFIX((char *)p, "TRACE") ||
- HAS_PREFIX((char *)p, "PUT ")) {
+ if (HAS_PREFIX((char *)p, "GET ") || HAS_PREFIX((char *)p, "POST ") || HAS_PREFIX((char *)p, "HEAD ") || HAS_PREFIX((char *)p, "PATCH") || HAS_PREFIX((char *)p, "OPTIO") || HAS_PREFIX((char *)p, "DELET") || HAS_PREFIX((char *)p, "TRACE") || HAS_PREFIX((char *)p, "PUT ")) {
RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
return 0;
} else if (HAS_PREFIX((char *)p, "CONNE")) {
RLAYERfatal(rl, SSL_AD_NO_ALERT,
- SSL_R_HTTPS_PROXY_REQUEST);
+ SSL_R_HTTPS_PROXY_REQUEST);
return 0;
}
/* Doesn't look like TLS - don't send an alert */
RLAYERfatal(rl, SSL_AD_NO_ALERT,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
return 0;
} else {
RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
return 0;
}
}
@@ -108,14 +101,14 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
* end.
*/
RLAYERfatal(rl, SSL_AD_NO_ALERT,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
return 0;
}
/* Send back error using their minor version number */
rl->version = (unsigned short)rec->rec_version;
}
RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
- SSL_R_WRONG_VERSION_NUMBER);
+ SSL_R_WRONG_VERSION_NUMBER);
return 0;
}
}
@@ -141,9 +134,9 @@ static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
}
static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
- size_t mac_size,
- WPACKET *thispkt,
- TLS_RL_RECORD *thiswr)
+ size_t mac_size,
+ WPACKET *thispkt,
+ TLS_RL_RECORD *thiswr)
{
/* No encryption, so nothing to do */
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-22 23:10:57 +0000