mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 07:14:18 +01:00
Split mbedtls_ssl_hdr_len() in separate functions for in/out records
The function mbedtls_ssl_hdr_len() returns the length of the record header (so far: always 13 Bytes for DTLS, and always 5 Bytes for TLS). With the introduction of the CID extension, the lengths of record headers depends on whether the records are incoming or outgoing, and also on the current transform. Preparing for this, this commit splits mbedtls_ssl_hdr_len() in two -- so far unmodified -- functions mbedtls_ssl_in_hdr_len() and mbedtls_ssl_out_hdr_len() and replaces the uses of mbedtls_ssl_hdr_len() according to whether they are about incoming or outgoing records. There is no need to change the signature of mbedtls_ssl_{in/out}_hdr_len() in preparation for its dependency on the currently active transform, since the SSL context is passed as an argument, and the currently active transform is referenced from that.
This commit is contained in:
parent
46483f11bf
commit
4339576208
@ -875,11 +875,26 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
|
|||||||
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||||
const unsigned char ver[2] );
|
const unsigned char ver[2] );
|
||||||
|
|
||||||
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
|
{
|
||||||
return( 13 );
|
return( 13 );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
((void) ssl);
|
||||||
|
#endif
|
||||||
|
return( 5 );
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
|
{
|
||||||
|
return( 13 );
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
#endif
|
#endif
|
||||||
|
@ -1312,7 +1312,7 @@ read_record_header:
|
|||||||
return( ssl_parse_client_hello_v2( ssl ) );
|
return( ssl_parse_client_hello_v2( ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSLv3/TLS Client Hello
|
* SSLv3/TLS Client Hello
|
||||||
@ -1401,7 +1401,7 @@ read_record_header:
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
||||||
mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
|
mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1410,7 +1410,7 @@ read_record_header:
|
|||||||
/* Done reading this record, get ready for the next one */
|
/* Done reading this record, get ready for the next one */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
|
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
|
@ -3096,7 +3096,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||||||
while( ssl->out_left > 0 )
|
while( ssl->out_left > 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
||||||
mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||||
|
|
||||||
buf = ssl->out_hdr - ssl->out_left;
|
buf = ssl->out_hdr - ssl->out_left;
|
||||||
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
|
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
|
||||||
@ -3748,7 +3748,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||||||
ssl->out_len[1] = (unsigned char)( rec.data_len );
|
ssl->out_len[1] = (unsigned char)( rec.data_len );
|
||||||
}
|
}
|
||||||
|
|
||||||
protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
|
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
/* In case of DTLS, double-check that we don't exceed
|
/* In case of DTLS, double-check that we don't exceed
|
||||||
@ -4407,7 +4407,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
int major_ver, minor_ver;
|
int major_ver, minor_ver;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||||
|
|
||||||
ssl->in_msgtype = ssl->in_hdr[0];
|
ssl->in_msgtype = ssl->in_hdr[0];
|
||||||
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
|
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
|
||||||
@ -4576,7 +4576,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
|||||||
int ret, done = 0;
|
int ret, done = 0;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
|
||||||
ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
|
ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||||
if( mbedtls_ssl_hw_record_read != NULL )
|
if( mbedtls_ssl_hw_record_read != NULL )
|
||||||
@ -5384,7 +5384,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
|
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -5410,7 +5410,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
/* Skip unexpected record (but not whole datagram) */
|
/* Skip unexpected record (but not whole datagram) */
|
||||||
ssl->next_record_offset = ssl->in_msglen
|
ssl->next_record_offset = ssl->in_msglen
|
||||||
+ mbedtls_ssl_hdr_len( ssl );
|
+ mbedtls_ssl_in_hdr_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
|
||||||
"(header)" ) );
|
"(header)" ) );
|
||||||
@ -5436,7 +5436,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||||||
* Read and optionally decrypt the message contents
|
* Read and optionally decrypt the message contents
|
||||||
*/
|
*/
|
||||||
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
||||||
mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
|
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -5446,7 +5446,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
|
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
||||||
if( ssl->next_record_offset < ssl->in_left )
|
if( ssl->next_record_offset < ssl->in_left )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
||||||
@ -8320,8 +8320,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||||||
const mbedtls_ssl_transform *transform = ssl->transform_out;
|
const mbedtls_ssl_transform *transform = ssl->transform_out;
|
||||||
unsigned block_size;
|
unsigned block_size;
|
||||||
|
|
||||||
|
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
|
||||||
|
|
||||||
if( transform == NULL )
|
if( transform == NULL )
|
||||||
return( (int) mbedtls_ssl_hdr_len( ssl ) );
|
return( (int) out_hdr_len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
||||||
@ -8364,7 +8366,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
|
return( (int)( out_hdr_len + transform_expansion ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
Loading…
Reference in New Issue
Block a user