From 519f15dbba2f942798afa41dd40f4d1704552c97 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 11 Jul 2019 12:43:20 +0100 Subject: [PATCH] Adapt ssl_buffer_future_record() to work with SSL record structure --- library/ssl_tls.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d91b05d37..d270f80fb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -230,7 +230,8 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); static int ssl_buffer_message( mbedtls_ssl_context *ssl ); -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ); +static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, + mbedtls_record const *rec ); static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); @@ -5941,11 +5942,10 @@ exit: return( 0 ); } -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) +static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, + mbedtls_record const *rec ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - size_t const rec_hdr_len = 13; - size_t const total_buf_sz = rec_hdr_len + ssl->in_msglen; /* Don't buffer future records outside handshakes. */ if( hs == NULL ) @@ -5953,7 +5953,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) /* Only buffer handshake records (we are only interested * in Finished messages). */ - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) + if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE ) return( 0 ); /* Don't buffer more than one future epoch record. */ @@ -5961,11 +5961,11 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) return( 0 ); /* Don't buffer record if there's not enough buffering space remaining. */ - if( total_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - + if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - hs->buffering.total_bytes_buffered ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n", - (unsigned) total_buf_sz, MBEDTLS_SSL_DTLS_MAX_BUFFERING, + (unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING, (unsigned) hs->buffering.total_bytes_buffered ) ); return( 0 ); } @@ -5973,13 +5973,12 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) /* Buffer record */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", ssl->in_epoch + 1 ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", ssl->in_hdr, - rec_hdr_len + ssl->in_msglen ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len ); /* ssl_parse_record_header() only considers records * of the next epoch as candidates for buffering. */ hs->buffering.future_record.epoch = ssl->in_epoch + 1; - hs->buffering.future_record.len = total_buf_sz; + hs->buffering.future_record.len = rec->buf_len; hs->buffering.future_record.data = mbedtls_calloc( 1, hs->buffering.future_record.len ); @@ -5990,9 +5989,9 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl ) return( 0 ); } - memcpy( hs->buffering.future_record.data, ssl->in_hdr, total_buf_sz ); + memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len ); - hs->buffering.total_bytes_buffered += total_buf_sz; + hs->buffering.total_bytes_buffered += rec->buf_len; return( 0 ); } @@ -6038,7 +6037,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) { if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) { - ret = ssl_buffer_future_record( ssl ); + ret = ssl_buffer_future_record( ssl, &rec ); if( ret != 0 ) return( ret );