From 7ae20e0f4c3c886309fed8b6940696526f90bc86 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Jul 2019 08:33:49 +0100 Subject: [PATCH] Move updating the internal rec ptrs to outside of rec hdr parsing The stack maintains pointers mbedtls_ssl_context::in_xxx pointing to various parts of the [D]TLS record header. Originally, these fields were determined and set in ssl_parse_record_header(). By now, ssl_parse_record_header() has been modularized to setup an instance of the internal SSL record structure mbedtls_record, and to derive the old in_xxx fields from that. This commit takes a further step towards removing the in_xxx fields by deriving them from the established record structure _outside_ of ssl_parse_record_header() after the latter has succeeded. One exception is the handling of possible client reconnects, which happens in the case then ssl_parse_record_header() returns MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; since ssl_check_client_reconnect() so far uses the in_xxx fields, they need to be derived from the record structure beforehand. --- library/ssl_tls.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9696bd64e..f16b61960 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4950,7 +4950,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl, */ rec->type = buf[ rec_hdr_type_offset ]; - ssl->in_msgtype = rec->type; /* Check record content type */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -4988,9 +4987,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl, rec->cid_len = rec_hdr_cid_len; memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len ); - - ssl->in_len = ssl->in_cid + mbedtls_ssl_conf_get_cid_len( ssl->conf ); - ssl->in_iv = ssl->in_msg = ssl->in_len + 2; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -5056,7 +5052,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl, rec->data_len = (size_t) READ_UINT16_BE( buf + rec_hdr_len_offset ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); - ssl->in_msglen = rec->data_len; MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " "version = [%d:%d], msglen = %d", rec->type, @@ -6033,6 +6028,14 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) { #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) + /* Setup internal message pointers from record structure. */ + ssl->in_msgtype = rec.type; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + ssl->in_len = ssl->in_cid + rec.cid_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + ssl->in_iv = ssl->in_msg = ssl->in_len + 2; + ssl->in_msglen = rec.data_len; + ret = ssl_check_client_reconnect( ssl ); if( ret != 0 ) return( ret ); @@ -6064,6 +6067,14 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } } + /* Setup internal message pointers from record structure. */ + ssl->in_msgtype = rec.type; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + ssl->in_len = ssl->in_cid + rec.cid_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + ssl->in_iv = ssl->in_msg = ssl->in_len + 2; + ssl->in_msglen = rec.data_len; + #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) {