mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-10-19 03:41:22 +00:00
Split mbedtls_ssl_hdr_len() in separate functions for in/out records
The function mbedtls_ssl_hdr_len() returns the length of the record
header (so far: always 13 Bytes for DTLS, and always 5 Bytes for TLS).
With the introduction of the CID extension, the lengths of record
headers depends on whether the records are incoming or outgoing,
and also on the current transform.
Preparing for this, this commit splits mbedtls_ssl_hdr_len() in two
-- so far unmodified -- functions mbedtls_ssl_in_hdr_len() and
mbedtls_ssl_out_hdr_len() and replaces the uses of mbedtls_ssl_hdr_len()
according to whether they are about incoming or outgoing records.
There is no need to change the signature of mbedtls_ssl_{in/out}_hdr_len()
in preparation for its dependency on the currently active transform,
since the SSL context is passed as an argument, and the currently
active transform is referenced from that.
This commit is contained in:
Hanno Becker
parent
f661c9c39c
commit
5903de45b6
|
|
@ -910,11 +910,26 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
|
|||
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||
const unsigned char ver[2] );
|
||||
|
||||
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
||||
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
return( 13 );
|
||||
}
|
||||
#else
|
||||
((void) ssl);
|
||||
#endif
|
||||
return( 5 );
|
||||
}
|
||||
|
||||
static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
return( 13 );
|
||||
}
|
||||
#else
|
||||
((void) ssl);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1352,7 +1352,7 @@ read_record_header:
|
|||
return( ssl_parse_client_hello_v2( ssl ) );
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||
|
||||
/*
|
||||
* SSLv3/TLS Client Hello
|
||||
|
|
@ -1441,7 +1441,7 @@ read_record_header:
|
|||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
||||
mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
|
||||
mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||
return( ret );
|
||||
|
|
@ -1450,7 +1450,7 @@ read_record_header:
|
|||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
|
||||
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
|
||||
else
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
|
|
|
|||
|
|
@ -3518,7 +3518,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||
while( ssl->out_left > 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
||||
mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||
|
||||
buf = ssl->out_hdr - ssl->out_left;
|
||||
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
|
||||
|
|
@ -4170,7 +4170,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
ssl->out_len[1] = (unsigned char)( rec.data_len );
|
||||
}
|
||||
|
||||
protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
|
||||
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
/* In case of DTLS, double-check that we don't exceed
|
||||
|
|
@ -4829,7 +4829,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int major_ver, minor_ver;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||
|
||||
ssl->in_msgtype = ssl->in_hdr[0];
|
||||
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
|
||||
|
|
@ -4998,7 +4998,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
|||
int ret, done = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
|
||||
ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
|
||||
ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
|
||||
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
if( mbedtls_ssl_hw_record_read != NULL )
|
||||
|
|
@ -5806,7 +5806,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||
return( ret );
|
||||
|
|
@ -5832,7 +5832,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
/* Skip unexpected record (but not whole datagram) */
|
||||
ssl->next_record_offset = ssl->in_msglen
|
||||
+ mbedtls_ssl_hdr_len( ssl );
|
||||
+ mbedtls_ssl_in_hdr_len( ssl );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
|
||||
"(header)" ) );
|
||||
|
|
@ -5858,7 +5858,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
* Read and optionally decrypt the message contents
|
||||
*/
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
||||
mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
|
||||
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||
return( ret );
|
||||
|
|
@ -5868,7 +5868,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
|
||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
||||
if( ssl->next_record_offset < ssl->in_left )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
||||
|
|
@ -9203,8 +9203,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
const mbedtls_ssl_transform *transform = ssl->transform_out;
|
||||
unsigned block_size;
|
||||
|
||||
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
|
||||
|
||||
if( transform == NULL )
|
||||
return( (int) mbedtls_ssl_hdr_len( ssl ) );
|
||||
return( (int) out_hdr_len );
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
||||
|
|
@ -9247,7 +9249,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
|
||||
return( (int)( out_hdr_len + transform_expansion ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
|
|
|
|||
Loading…
Reference in a new issue