diff options
Diffstat (limited to 'lib/tls13/key_update.c')
-rw-r--r-- | lib/tls13/key_update.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c index 10d2c77050..7a1641e880 100644 --- a/lib/tls13/key_update.c +++ b/lib/tls13/key_update.c @@ -38,13 +38,14 @@ * because KTLS most likely doesn't support key update. */ static inline int set_ktls_keys(gnutls_session_t session, - gnutls_transport_ktls_enable_flags_t iface) + gnutls_transport_ktls_enable_flags_t iface) { if (_gnutls_ktls_set_keys(session, iface) < 0) { session->internals.ktls_enabled = 0; session->internals.invalid_connection = true; session->internals.resumable = false; - _gnutls_audit_log(session, "invalidating session: KTLS - couldn't update keys\n"); + _gnutls_audit_log(session, + "invalidating session: KTLS - couldn't update keys\n"); return GNUTLS_E_INTERNAL_ERROR; } return 0; @@ -54,8 +55,9 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage) { int ret; - ret = _tls13_update_secret(session, session->key.proto.tls13.temp_secret, - session->key.proto.tls13.temp_secret_size); + ret = + _tls13_update_secret(session, session->key.proto.tls13.temp_secret, + session->key.proto.tls13.temp_secret_size); if (ret < 0) return gnutls_assert_val(ret); @@ -72,15 +74,17 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage) return gnutls_assert_val(ret); if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) - ret = set_ktls_keys(session, GNUTLS_KTLS_SEND); + ret = set_ktls_keys(session, GNUTLS_KTLS_SEND); } else { ret = _tls13_connection_state_init(session, stage); if (ret < 0) return gnutls_assert_val(ret); - if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) && stage == STAGE_UPD_OURS) + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND) + && stage == STAGE_UPD_OURS) ret = set_ktls_keys(session, GNUTLS_KTLS_SEND); - else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) && stage == STAGE_UPD_PEERS) + else if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) + && stage == STAGE_UPD_PEERS) ret = set_ktls_keys(session, GNUTLS_KTLS_RECV); } if (ret < 0) @@ -89,7 +93,7 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage) return 0; } -int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) +int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st * buf) { int ret; struct timespec now; @@ -109,9 +113,9 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) if (unlikely(++session->internals.key_update_count > KEY_UPDATES_PER_WINDOW)) { - _gnutls_debug_log("reached maximum number of key updates per %d milliseconds (%d)\n", - KEY_UPDATES_WINDOW, - KEY_UPDATES_PER_WINDOW); + _gnutls_debug_log + ("reached maximum number of key updates per %d milliseconds (%d)\n", + KEY_UPDATES_WINDOW, KEY_UPDATES_PER_WINDOW); return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS); } @@ -120,7 +124,7 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) _gnutls_handshake_log("HSK[%p]: received TLS 1.3 key update (%u)\n", session, (unsigned)buf->data[0]); - switch(buf->data[0]) { + switch (buf->data[0]) { case 0: /* peer updated its key, not requested our key update */ ret = update_keys(session, STAGE_UPD_PEERS); @@ -145,9 +149,11 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) * message. */ if (session->internals.rsend_state == RECORD_SEND_NORMAL) - session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1; + session->internals.rsend_state = + RECORD_SEND_KEY_UPDATE_1; else if (session->internals.rsend_state == RECORD_SEND_CORKED) - session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU; + session->internals.rsend_state = + RECORD_SEND_CORKED_TO_KU; break; default: @@ -159,7 +165,8 @@ int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) return 0; } -int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned flags /* GNUTLS_KU_* */) +int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, + unsigned flags /* GNUTLS_KU_* */ ) { int ret; mbuffer_st *bufel = NULL; @@ -175,7 +182,8 @@ int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned val = 0x00; } - _gnutls_handshake_log("HSK[%p]: sending key update (%u)\n", session, (unsigned)val); + _gnutls_handshake_log("HSK[%p]: sending key update (%u)\n", + session, (unsigned)val); bufel = _gnutls_handshake_alloc(session, 1); if (bufel == NULL) @@ -190,9 +198,10 @@ int _gnutls13_send_key_update(gnutls_session_t session, unsigned again, unsigned } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_KEY_UPDATE); + return _gnutls_send_handshake(session, bufel, + GNUTLS_HANDSHAKE_KEY_UPDATE); -cleanup: + cleanup: _mbuffer_xfree(&bufel); return ret; } @@ -227,8 +236,7 @@ int gnutls_session_key_update(gnutls_session_t session, unsigned flags) if (!vers->tls13_sem) return GNUTLS_E_INVALID_REQUEST; - ret = - _gnutls13_send_key_update(session, AGAIN(STATE150), flags); + ret = _gnutls13_send_key_update(session, AGAIN(STATE150), flags); STATE = STATE150; if (ret < 0) { |