mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 03:14:22 +01:00
Implement future message buffering and loading
This commit implements future handshake message buffering and loading by implementing ssl_load_buffered_message() and ssl_buffer_message(). Whenever a handshake message is received which is - a future handshake message (i.e., the sequence number is larger than the next expected one), or which is - a proper fragment of the next expected handshake message, ssl_buffer_message() is called, which does the following: - Ignore message if its sequence number is too far ahead of the next expected sequence number, as controlled by the macro constant MBEDTLS_SSL_MAX_BUFFERED_HS. - Otherwise, check if buffering for the message with the respective sequence number has already commenced. - If not, allocate space to back up the message within the buffering substructure of mbedtls_ssl_handshake_params. If the message is a proper fragment, allocate additional space for a reassembly bitmap; if it is a full message, omit the bitmap. In any case, fall throuh to the next case. - If the message has already been buffered, check that the header is the same, and add the current fragment if the message is not yet complete (this excludes the case where a future message has been received in a single fragment, hence omitting the bitmap, and is afterwards also received as a series of proper fragments; in this case, the proper fragments will be ignored). For loading buffered messages in ssl_load_buffered_message(), the approach is the following: - Check the first entry in the buffering window (the window is always based at the next expected handshake message). If buffering hasn't started or if reassembly is still in progress, ignore. If the next expected message has been fully received, copy it to the input buffer (which is empty, as ssl_load_buffered_message() is only called in this case).
This commit is contained in:
parent
6d97ef5a03
commit
37f9532081
@ -4354,6 +4354,7 @@ static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
|
||||
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||
mbedtls_ssl_hs_buffer * hs_buf;
|
||||
int ret = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
|
||||
@ -4385,6 +4386,58 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
|
||||
hs->buffering.seen_ccs = 0;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* Debug only */
|
||||
{
|
||||
unsigned offset;
|
||||
for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
|
||||
{
|
||||
hs_buf = &hs->buffering.hs[offset];
|
||||
if( hs_buf->is_valid == 1 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
|
||||
hs->in_msg_seq + offset,
|
||||
hs_buf->is_complete ? "fully" : "partitially" ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Check if we have buffered and/or fully reassembled the
|
||||
* next handshake message. */
|
||||
hs_buf = &hs->buffering.hs[0];
|
||||
if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
|
||||
{
|
||||
/* Synthesize a record containing the buffered HS message. */
|
||||
size_t msg_len = ( hs_buf->data[1] << 16 ) |
|
||||
( hs_buf->data[2] << 8 ) |
|
||||
hs_buf->data[3];
|
||||
|
||||
/* Double-check that we haven't accidentally buffered
|
||||
* a message that doesn't fit into the input buffer. */
|
||||
if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
|
||||
hs_buf->data, msg_len + 12 );
|
||||
|
||||
ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
ssl->in_hslen = msg_len + 12;
|
||||
ssl->in_msglen = msg_len + 12;
|
||||
memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
|
||||
|
||||
ret = 0;
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
|
||||
hs->in_msg_seq ) );
|
||||
}
|
||||
|
||||
ret = -1;
|
||||
|
||||
exit:
|
||||
@ -4411,8 +4464,124 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_MSG_HANDSHAKE:
|
||||
/* TODO: Implement buffering and reassembly here. */
|
||||
{
|
||||
unsigned recv_msg_seq_offset;
|
||||
unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
|
||||
mbedtls_ssl_hs_buffer *hs_buf;
|
||||
size_t msg_len = ssl->in_hslen - 12;
|
||||
|
||||
/* We should never receive an old handshake
|
||||
* message - double-check nonetheless. */
|
||||
if( recv_msg_seq < ssl->handshake->in_msg_seq )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
|
||||
if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
|
||||
{
|
||||
/* Silently ignore -- message too far in the future */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2,
|
||||
( "Ignore future HS message with sequence number %u, "
|
||||
"buffering window %u - %u",
|
||||
recv_msg_seq, ssl->handshake->in_msg_seq,
|
||||
ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
|
||||
recv_msg_seq, recv_msg_seq_offset ) );
|
||||
|
||||
hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
|
||||
|
||||
/* Check if the buffering for this seq nr has already commenced. */
|
||||
if( ! hs_buf->is_valid )
|
||||
{
|
||||
hs_buf->is_fragmented =
|
||||
( ssl_hs_is_proper_fragment( ssl ) == 1 );
|
||||
|
||||
/* We copy the message back into the input buffer
|
||||
* after reassembly, so check that it's not too large.
|
||||
* This is an implementation-specific limitation
|
||||
* and not one from the standard, hence it is not
|
||||
* checked in ssl_check_hs_header(). */
|
||||
if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
{
|
||||
/* Ignore message */
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = ssl_prepare_reassembly_buffer( ssl, msg_len,
|
||||
hs_buf->is_fragmented,
|
||||
&hs_buf->data );
|
||||
if( ret == MBEDTLS_ERR_SSL_ALLOC_FAILED &&
|
||||
recv_msg_seq_offset > 0 )
|
||||
{
|
||||
/* If we run out of RAM trying to buffer a *future*
|
||||
* message, simply ignore instead of failing. */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Not enough RAM available to buffer future message - ignore" ) );
|
||||
goto exit;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
/* Prepare final header: copy msg_type, length and message_seq,
|
||||
* then add standardised fragment_offset and fragment_length */
|
||||
memcpy( hs_buf->data, ssl->in_msg, 6 );
|
||||
memset( hs_buf->data + 6, 0, 3 );
|
||||
memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
|
||||
|
||||
hs_buf->is_valid = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Make sure msg_type and length are consistent */
|
||||
if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
|
||||
/* Ignore */
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( ! hs_buf->is_complete )
|
||||
{
|
||||
size_t frag_len, frag_off;
|
||||
unsigned char * const msg = hs_buf->data + 12;
|
||||
|
||||
/*
|
||||
* Check and copy current fragment
|
||||
*/
|
||||
|
||||
/* Validation of header fields already done in
|
||||
* mbedtls_ssl_prepare_handshake_record(). */
|
||||
frag_off = ssl_get_hs_frag_off( ssl );
|
||||
frag_len = ssl_get_hs_frag_len( ssl );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
|
||||
frag_off, frag_len ) );
|
||||
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
||||
|
||||
if( hs_buf->is_fragmented )
|
||||
{
|
||||
unsigned char * const bitmask = msg + msg_len;
|
||||
ssl_bitmask_set( bitmask, frag_off, frag_len );
|
||||
hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
|
||||
msg_len ) == 0 );
|
||||
}
|
||||
else
|
||||
{
|
||||
hs_buf->is_complete = 1;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
|
||||
hs_buf->is_complete ? "" : "not yet " ) );
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
default:
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user