summaryrefslogtreecommitdiff
path: root/lib/tls13/key_update.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/tls13/key_update.c')
-rw-r--r--lib/tls13/key_update.c48
1 files changed, 28 insertions, 20 deletions
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
index 10d2c77050..7a1641e880 100644
--- a/lib/tls13/key_update.c
+++ b/lib/tls13/key_update.c
@@ -38,13 +38,14 @@
* because KTLS most likely doesn't support key update.
*/
static inline int set_ktls_keys(gnutls_session_t session,
- gnutls_transport_ktls_enable_flags_t iface)
+ gnutls_transport_ktls_enable_flags_t iface)
{
if (_gnutls_ktls_set_keys(session, iface) < 0) {
session->internals.ktls_enabled = 0;
session->internals.invalid_connection = true;
session->internals.resumable = false;
- _gnutls_audit_log(session, "invalidating session: KTLS - couldn't update keys\n");
+ _gnutls_audit_log(session,
+ "invalidating session: KTLS - couldn't update keys\n");
return GNUTLS_E_INTERNAL_ERROR;
}
return 0;
@@ -54,8 +55,9 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
{
int ret;
- ret = _tls13_update_secret(session, session->key.proto.tls13.temp_secret,
- session->key.proto.tls13.temp_secret_size);
+ ret =
+ _tls13_update_secret(session, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret_size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -72,15 +74,17 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
return gnutls_assert_val(ret);
if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
- ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
+ ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
} else {
ret = _tls13_connection_state_init(session, stage);
if (ret < 0)
return gnutls_assert_val(ret);
- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) && stage == STAGE_UPD_OURS)
+ if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)
+ && stage == STAGE_UPD_OURS)
ret = set_ktls_keys(session, GNUTLS_KTLS_SEND);
- else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) && stage == STAGE_UPD_PEERS)
+ else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV)
+ && stage == STAGE_UPD_PEERS)
ret = set_ktls_keys(session, GNUTLS_KTLS_RECV);
}
if (ret < 0)
@@ -89,7 +93,7 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
return 0;
}
-int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
+int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st * buf)
{
int ret;
struct timespec now;
@@ -109,9 +113,9 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
if (unlikely(++session->internals.key_update_count >
KEY_UPDATES_PER_WINDOW)) {
- _gnutls_debug_log("reached maximum number of key updates per %d milliseconds (%d)\n",
- KEY_UPDATES_WINDOW,
- KEY_UPDATES_PER_WINDOW);
+ _gnutls_debug_log
+ ("reached maximum number of key updates per %d milliseconds (%d)\n",
+ KEY_UPDATES_WINDOW, KEY_UPDATES_PER_WINDOW);
return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
}
@@ -120,7 +124,7 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
_gnutls_handshake_log("HSK[%p]: received TLS 1.3 key update (%u)\n",
session, (unsigned)buf->data[0]);
- switch(buf->data[0]) {
+ switch (buf->data[0]) {
case 0:
/* peer updated its key, not requested our key update */
ret = update_keys(session, STAGE_UPD_PEERS);
@@ -145,9 +149,11 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
* message.
*/
if (session->internals.rsend_state == RECORD_SEND_NORMAL)
- session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1;
+ session->internals.rsend_state =
+ RECORD_SEND_KEY_UPDATE_1;
else if (session->internals.rsend_state == RECORD_SEND_CORKED)
- session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU;
+ session->internals.rsend_state =
+ RECORD_SEND_CORKED_TO_KU;
break;
default:
@@ -159,7 +165,8 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
return 0;
}
-int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned flags /* GNUTLS_KU_* */)
+int _gnutls13_send_key_update(gnutls_session_t session, unsigned again,
+ unsigned flags /* GNUTLS_KU_* */ )
{
int ret;
mbuffer_st *bufel = NULL;
@@ -175,7 +182,8 @@ int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned
val = 0x00;
}
- _gnutls_handshake_log("HSK[%p]: sending key update (%u)\n", session, (unsigned)val);
+ _gnutls_handshake_log("HSK[%p]: sending key update (%u)\n",
+ session, (unsigned)val);
bufel = _gnutls_handshake_alloc(session, 1);
if (bufel == NULL)
@@ -190,9 +198,10 @@ int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned
}
- return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_KEY_UPDATE);
+ return _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_KEY_UPDATE);
-cleanup:
+ cleanup:
_mbuffer_xfree(&bufel);
return ret;
}
@@ -227,8 +236,7 @@ int gnutls_session_key_update(gnutls_session_t session, unsigned flags)
if (!vers->tls13_sem)
return GNUTLS_E_INVALID_REQUEST;
- ret =
- _gnutls13_send_key_update(session, AGAIN(STATE150), flags);
+ ret = _gnutls13_send_key_update(session, AGAIN(STATE150), flags);
STATE = STATE150;
if (ret < 0) {
View Lorry Controller Status