Split mbedtls_ssl_hdr_len() in separate functions for in/out records

The function mbedtls_ssl_hdr_len() returns the length of the record
header (so far: always 13 Bytes for DTLS, and always 5 Bytes for TLS).

With the introduction of the CID extension, the lengths of record
headers depends on whether the records are incoming or outgoing,
and also on the current transform.

Preparing for this, this commit splits mbedtls_ssl_hdr_len() in two
-- so far unmodified -- functions mbedtls_ssl_in_hdr_len() and
mbedtls_ssl_out_hdr_len() and replaces the uses of mbedtls_ssl_hdr_len()
according to whether they are about incoming or outgoing records.

There is no need to change the signature of mbedtls_ssl_{in/out}_hdr_len()
in preparation for its dependency on the currently active transform,
since the SSL context is passed as an argument, and the currently
active transform is referenced from that.
This commit is contained in:
Hanno Becker 2019-05-03 14:46:38 +01:00
parent f661c9c39c
commit 5903de45b6
3 changed files with 31 additions and 14 deletions

View File

@ -910,11 +910,26 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] );
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
return( 13 );
}
#else
((void) ssl);
#endif
return( 5 );
}
static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
return( 13 );
}
#else
((void) ssl);
#endif

View File

@ -1352,7 +1352,7 @@ read_record_header:
return( ssl_parse_client_hello_v2( ssl ) );
#endif
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
/*
* SSLv3/TLS Client Hello
@ -1441,7 +1441,7 @@ read_record_header:
}
if( ( ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -1450,7 +1450,7 @@ read_record_header:
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
else
#endif
ssl->in_left = 0;

View File

@ -3518,7 +3518,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
while( ssl->out_left > 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
@ -4170,7 +4170,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
ssl->out_len[1] = (unsigned char)( rec.data_len );
}
protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* In case of DTLS, double-check that we don't exceed
@ -4829,7 +4829,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
int major_ver, minor_ver;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
ssl->in_msgtype = ssl->in_hdr[0];
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
@ -4998,7 +4998,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
int ret, done = 0;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_read != NULL )
@ -5806,7 +5806,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
return( ret );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -5832,7 +5832,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
{
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = ssl->in_msglen
+ mbedtls_ssl_hdr_len( ssl );
+ mbedtls_ssl_in_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
"(header)" ) );
@ -5858,7 +5858,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
* Read and optionally decrypt the message contents
*/
if( ( ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -5868,7 +5868,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
@ -9203,8 +9203,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
if( transform == NULL )
return( (int) mbedtls_ssl_hdr_len( ssl ) );
return( (int) out_hdr_len );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
@ -9247,7 +9249,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
return( (int)( out_hdr_len + transform_expansion ) );
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)