Wrap lines which exceed 80 chars in ssl_tls13_generic.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d2082a7..a00785b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -247,15 +247,17 @@
/* RFC 8446 section 4.4.3
*
- * If the CertificateVerify message is sent by a server, the signature algorithm
- * MUST be one offered in the client's "signature_algorithms" extension unless
- * no valid certificate chain can be produced without unsupported algorithms
+ * If the CertificateVerify message is sent by a server, the signature
+ * algorithm MUST be one offered in the client's "signature_algorithms"
+ * extension unless no valid certificate chain can be produced without
+ * unsupported algorithms
*
* RFC 8446 section 4.4.2.2
*
* If the client cannot construct an acceptable chain using the provided
- * certificates and decides to abort the handshake, then it MUST abort the handshake
- * with an appropriate certificate-related alert (by default, "unsupported_certificate").
+ * certificates and decides to abort the handshake, then it MUST abort the
+ * handshake with an appropriate certificate-related alert
+ * (by default, "unsupported_certificate").
*
* Check if algorithm is an offered signature algorithm.
*/
@@ -350,17 +352,18 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
MBEDTLS_SSL_PROC_CHK(
- mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len));
+ mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len));
/* Need to calculate the hash of the transcript first
* before reading the message since otherwise it gets
* included in the transcript
*/
- ret = mbedtls_ssl_get_handshake_transcript(ssl,
- ssl->handshake->ciphersuite_info->mac,
- transcript, sizeof(transcript),
- &transcript_len);
+ ret = mbedtls_ssl_get_handshake_transcript(
+ ssl,
+ ssl->handshake->ciphersuite_info->mac,
+ transcript, sizeof(transcript),
+ &transcript_len);
if (ret != 0) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
@@ -380,13 +383,13 @@
MBEDTLS_SSL_IS_CLIENT);
/* Process the message contents */
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify(ssl, buf,
- buf + buf_len, verify_buffer,
- verify_buffer_len));
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify(
+ ssl, buf, buf + buf_len,
+ verify_buffer, verify_buffer_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
- buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, buf_len));
cleanup:
@@ -600,7 +603,8 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", ssl->session_negotiate->peer_cert);
+ MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate",
+ ssl->session_negotiate->peer_cert);
return ret;
}
@@ -666,8 +670,9 @@
if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
return 0;
} else {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT,
- MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_NO_CERT,
+ MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE);
return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
}
}
@@ -754,7 +759,8 @@
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
if (verify_result & MBEDTLS_X509_BADCERT_OTHER) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret);
} else if (verify_result & (MBEDTLS_X509_BADCERT_KEY_USAGE |
@@ -762,15 +768,19 @@
MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
MBEDTLS_X509_BADCERT_BAD_PK |
MBEDTLS_X509_BADCERT_BAD_KEY)) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret);
} else {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
}
}
@@ -815,9 +825,8 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, buf,
- buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -923,18 +932,16 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl,
buf,
buf + buf_len,
&msg_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, buf,
- msg_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1017,11 +1024,9 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- ret = mbedtls_ssl_get_handshake_transcript(ssl,
- ssl->handshake->ciphersuite_info->mac,
- handshake_hash,
- sizeof(handshake_hash),
- &handshake_hash_len);
+ ret = mbedtls_ssl_get_handshake_transcript(
+ ssl, ssl->handshake->ciphersuite_info->mac,
+ handshake_hash, sizeof(handshake_hash), &handshake_hash_len);
if (ret != 0) {
return ret;
}
@@ -1128,16 +1133,16 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf,
- msg_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1163,13 +1168,13 @@
{
int ret;
- ret = mbedtls_ssl_tls13_calculate_verify_data(ssl,
- ssl->handshake->state_local.finished_in.digest,
- sizeof(ssl->handshake->state_local.finished_in.
- digest),
- &ssl->handshake->state_local.finished_in.digest_len,
- ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
- MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT);
+ ret = mbedtls_ssl_tls13_calculate_verify_data(
+ ssl,
+ ssl->handshake->state_local.finished_in.digest,
+ sizeof(ssl->handshake->state_local.finished_in.digest),
+ &ssl->handshake->state_local.finished_in.digest_len,
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
+ MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_calculate_verify_data", ret);
return ret;
@@ -1228,17 +1233,17 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished message"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_FINISHED,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len));
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl));
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len));
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(
+ ssl, buf, buf + buf_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
cleanup:
@@ -1526,9 +1531,8 @@
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
/* Convert EC's TLS ID to PSA key type. */
- if (mbedtls_ssl_get_psa_curve_info_from_tls_id(named_group,
- &ec_psa_family,
- &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
+ if (mbedtls_ssl_get_psa_curve_info_from_tls_id(
+ named_group, &ec_psa_family, &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
@@ -1638,7 +1642,8 @@
uint16_t record_size_limit;
const size_t extension_data_len = end - buf;
- if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
+ if (extension_data_len !=
+ MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
MBEDTLS_SSL_DEBUG_MSG(2,
("record_size_limit extension has invalid length: %"
MBEDTLS_PRINTF_SIZET " Bytes",
@@ -1668,9 +1673,8 @@
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
- MBEDTLS_SSL_DEBUG_MSG(2,
- (
- "record_size_limit extension is still in development. Aborting handshake."));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ("record_size_limit extension is still in development. Aborting handshake."));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,