mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 19:24:20 +01:00
Introduce buffering structure for handshake messages
This commit introduces, but does not yet put to use, a sub-structure of mbedtls_ssl_handshake_params::buffering that will be used for the buffering and/or reassembly of handshake messages with handshake sequence numbers that are greater or equal to the next expected sequence number.
This commit is contained in:
parent
d7f8ae2508
commit
0271f967d6
@ -155,6 +155,9 @@
|
|||||||
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
||||||
( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
|
( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
|
||||||
|
|
||||||
|
/* The maximum number of buffered handshake messages. */
|
||||||
|
#define MBEDTLS_SSL_MAX_BUFFERED_HS 2
|
||||||
|
|
||||||
/* Maximum length we can advertise as our max content length for
|
/* Maximum length we can advertise as our max content length for
|
||||||
RFC 6066 max_fragment_length extension negotiation purposes
|
RFC 6066 max_fragment_length extension negotiation purposes
|
||||||
(the lesser of both sizes, if they are unequal.)
|
(the lesser of both sizes, if they are unequal.)
|
||||||
@ -313,6 +316,14 @@ struct mbedtls_ssl_handshake_params
|
|||||||
uint8_t seen_ccs; /*!< Indicates if a CCS message has
|
uint8_t seen_ccs; /*!< Indicates if a CCS message has
|
||||||
* been seen in the current flight. */
|
* been seen in the current flight. */
|
||||||
|
|
||||||
|
struct mbedtls_ssl_hs_buffer
|
||||||
|
{
|
||||||
|
uint8_t is_valid : 1;
|
||||||
|
uint8_t is_fragmented : 1;
|
||||||
|
uint8_t is_complete : 1;
|
||||||
|
unsigned char *data;
|
||||||
|
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
|
||||||
|
|
||||||
} buffering;
|
} buffering;
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
@ -372,6 +383,8 @@ struct mbedtls_ssl_handshake_params
|
|||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This structure contains a full set of runtime transform parameters
|
* This structure contains a full set of runtime transform parameters
|
||||||
* either in negotiation or active.
|
* either in negotiation or active.
|
||||||
|
@ -167,6 +167,8 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
|||||||
return( (int) remaining );
|
return( (int) remaining );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void ssl_buffering_free( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Double the retransmit timeout value, within the allowed range,
|
* Double the retransmit timeout value, within the allowed range,
|
||||||
* returning -1 if the maximum value has already been reached.
|
* returning -1 if the maximum value has already been reached.
|
||||||
@ -3072,6 +3074,9 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
|
|||||||
/* We don't want to remember CCS's across flight boundaries. */
|
/* We don't want to remember CCS's across flight boundaries. */
|
||||||
ssl->handshake->buffering.seen_ccs = 0;
|
ssl->handshake->buffering.seen_ccs = 0;
|
||||||
|
|
||||||
|
/* Clear future message buffering structure. */
|
||||||
|
ssl_buffering_free( ssl );
|
||||||
|
|
||||||
/* Cancel timer */
|
/* Cancel timer */
|
||||||
ssl_set_timer( ssl, 0 );
|
ssl_set_timer( ssl, 0 );
|
||||||
|
|
||||||
@ -3747,9 +3752,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||||
|
|
||||||
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
|
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
|
||||||
ssl->handshake != NULL )
|
|
||||||
{
|
{
|
||||||
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
|
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
|
||||||
}
|
}
|
||||||
@ -3759,7 +3764,8 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake != NULL )
|
ssl->handshake != NULL )
|
||||||
{
|
{
|
||||||
ssl->handshake->in_msg_seq++;
|
unsigned offset;
|
||||||
|
mbedtls_ssl_hs_buffer *hs_buf;
|
||||||
|
|
||||||
/* Clear up handshake reassembly structure, if any. */
|
/* Clear up handshake reassembly structure, if any. */
|
||||||
if( ssl->handshake->hs_msg != NULL )
|
if( ssl->handshake->hs_msg != NULL )
|
||||||
@ -3767,6 +3773,28 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
|||||||
mbedtls_free( ssl->handshake->hs_msg );
|
mbedtls_free( ssl->handshake->hs_msg );
|
||||||
ssl->handshake->hs_msg = NULL;
|
ssl->handshake->hs_msg = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Increment handshake sequence number */
|
||||||
|
hs->in_msg_seq++;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Clear up handshake buffering and reassembly structure.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Free first entry */
|
||||||
|
hs_buf = &hs->buffering.hs[0];
|
||||||
|
if( hs_buf->is_valid )
|
||||||
|
mbedtls_free( hs_buf->data );
|
||||||
|
|
||||||
|
/* Shift all other entries */
|
||||||
|
for( offset = 0; offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
|
||||||
|
offset++, hs_buf++ )
|
||||||
|
{
|
||||||
|
*hs_buf = *(hs_buf + 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Create a fresh last entry */
|
||||||
|
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -8286,6 +8314,29 @@ static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|
||||||
|
static void ssl_buffering_free( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
unsigned offset;
|
||||||
|
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||||
|
|
||||||
|
if( hs == NULL )
|
||||||
|
return;
|
||||||
|
|
||||||
|
for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
|
||||||
|
{
|
||||||
|
mbedtls_ssl_hs_buffer *hs_buf = &hs->buffering.hs[offset];
|
||||||
|
if( hs_buf->is_valid == 1 )
|
||||||
|
{
|
||||||
|
mbedtls_free( hs_buf->data );
|
||||||
|
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||||
@ -8367,6 +8418,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||||||
mbedtls_free( handshake->verify_cookie );
|
mbedtls_free( handshake->verify_cookie );
|
||||||
mbedtls_free( handshake->hs_msg );
|
mbedtls_free( handshake->hs_msg );
|
||||||
ssl_flight_free( handshake->flight );
|
ssl_flight_free( handshake->flight );
|
||||||
|
ssl_buffering_free( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_platform_zeroize( handshake,
|
mbedtls_platform_zeroize( handshake,
|
||||||
|
Loading…
Reference in New Issue
Block a user