From 198594709baa82d55bba4e5ee442ffb5ffe886b4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 6 Aug 2018 09:40:20 +0100 Subject: [PATCH] Store outgoing record sequence number outside record buffer This commit is another step towards supporting the packing of multiple records within a single datagram. Previously, the incremental outgoing record sequence number was statically stored within the record buffer, at its final place within the record header. This slightly increased efficiency as it was not necessary to copy the sequence number when writing outgoing records. When allowing multiple records within a single datagram, it is necessary to allow the position of the current record within the datagram buffer to be flexible; in particular, there is no static address for the record sequence number field within the record header. This commit introduces an additional field `cur_out_ctr` within the main SSL context structure `mbedtls_ssl_context` to keep track of the outgoing record sequence number independent of the buffer used for the current record / datagram. Whenever a new record is written, this sequence number is copied to the the address `out_ctr` of the sequence number header field within the current outgoing record. --- include/mbedtls/ssl.h | 2 ++ library/ssl_srv.c | 2 +- library/ssl_tls.c | 17 ++++++++++------- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a3b514cd4..f27f6c02f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1116,6 +1116,8 @@ struct mbedtls_ssl_context size_t out_msglen; /*!< record header: message length */ size_t out_left; /*!< amount of data not yet written */ + unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */ + #if defined(MBEDTLS_ZLIB_SUPPORT) unsigned char *compress_buf; /*!< zlib data buffer */ #endif diff --git a/library/ssl_srv.c b/library/ssl_srv.c index eda50bb34..7101f461f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1294,7 +1294,7 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 ); + memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 ); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4607749ef..f2373eb51 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2798,8 +2798,8 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = tmp_transform; /* Swap epoch + sequence_number */ - memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); - memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); + memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 ); + memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 ); memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); /* Adjust to the newly activated transform */ @@ -3210,6 +3210,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, ssl->conf->transport, ssl->out_hdr + 1 ); + memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); ssl->out_len[0] = (unsigned char)( len >> 8 ); ssl->out_len[1] = (unsigned char)( len ); @@ -5671,14 +5672,14 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) /* Remember current epoch settings for resending */ ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); + memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); /* Set sequence_number to zero */ - memset( ssl->out_ctr + 2, 0, 6 ); + memset( ssl->cur_out_ctr + 2, 0, 6 ); /* Increment epoch */ for( i = 2; i > 0; i-- ) - if( ++ssl->out_ctr[i - 1] != 0 ) + if( ++ssl->cur_out_ctr[i - 1] != 0 ) break; /* The loop goes to its end iff the counter is wrapping */ @@ -5690,7 +5691,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->out_ctr, 0, 8 ); + memset( ssl->cur_out_ctr, 0, 8 ); ssl->transform_out = ssl->transform_negotiate; ssl->session_out = ssl->session_negotiate; @@ -6166,6 +6167,8 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->split_done = 0; #endif + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + ssl->transform_in = NULL; ssl->transform_out = NULL; @@ -7381,7 +7384,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, ssl->conf->renego_period + ep_len, 8 - ep_len ); - out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, + out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, ssl->conf->renego_period + ep_len, 8 - ep_len ); if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )