yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-24 08:07:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3809 from AndrzejKurek/refactor-variable-buffers

Browse source 
Refactor variable I/O buffers feature to reduce code duplication
This commit is contained in:
paul-elliott-arm 2021-01-14 14:25:56 +00:00 committed by GitHub
parent 2427d15ea3 2a54a6fe1c
commit 94ca18733a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 82 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/mbedtls/check_config.h
View file

@ -886,6 +886,10 @@
#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" #error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif
/* /*
* Avoid warning from -pedantic. This is a convenient place for this * Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the * workaround since this is included by every single file before the

5
include/mbedtls/config.h
View file

@ -1979,7 +1979,10 @@
/** /**
* \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
* *
* Enable modifying the maximum I/O buffer size. * When this option is enabled, the SSL buffer will be resized automatically
* based on the negotiated maximum fragment length in each direction.
*
* Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
*/ */
//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH

12
include/mbedtls/ssl_internal.h
View file

@ -275,26 +275,26 @@
#endif #endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
{ {
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) return mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_OUT_LEN_MAX; + MBEDTLS_SSL_CID_OUT_LEN_MAX;
#else #else
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx ) return mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif #endif
} }
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
{ {
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) return mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_IN_LEN_MAX; + MBEDTLS_SSL_CID_IN_LEN_MAX;
#else #else
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx ) return mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif #endif
} }

185
library/ssl_tls.c
View file

@ -260,6 +260,70 @@ static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_ol
return 0; return 0;
} }
static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
size_t in_buf_new_len,
size_t out_buf_new_len )
{
int modified = 0;
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
if( downsizing ?
ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
ssl->in_buf_len < in_buf_new_len )
{
if( resize_buffer( &ssl->in_buf, in_buf_new_len, &ssl->in_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) );
modified = 1;
}
}
}
if( ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
if( downsizing ?
ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len :
ssl->out_buf_len < out_buf_new_len )
{
if( resize_buffer( &ssl->out_buf, out_buf_new_len, &ssl->out_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) );
modified = 1;
}
}
}
if( modified )
{
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
* splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
ssl->out_len = ssl->out_buf + len_offset_out;
ssl->out_iv = ssl->out_buf + iv_offset_out;
ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
}
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
/* /*
@ -3686,64 +3750,9 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
} }
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* If the buffers are too small - reallocate */ /* If the buffers are too small - reallocate */
{
int modified = 0;
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
{
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
&ssl->in_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
modified = 1;
}
}
}
if( ssl->out_buf != NULL ) handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
{ MBEDTLS_SSL_OUT_BUFFER_LEN );
written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
{
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
&ssl->out_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
modified = 1;
}
}
}
if( modified )
{
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
* splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
ssl->out_len = ssl->out_buf + len_offset_out;
ssl->out_iv = ssl->out_buf + iv_offset_out;
ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
}
}
#endif #endif
/* All pointers should exist and can be directly freed without issue */ /* All pointers should exist and can be directly freed without issue */
@ -6068,66 +6077,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
* processes datagrams and the fact that a datagram is allowed to have * processes datagrams and the fact that a datagram is allowed to have
* several records in it, it is possible that the I/O buffers are not * several records in it, it is possible that the I/O buffers are not
* empty at this stage */ * empty at this stage */
{ handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
int modified = 0; mbedtls_ssl_get_output_buflen( ssl ) );
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
{
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
modified = 1;
}
}
}
buf_len = mbedtls_ssl_get_output_buflen( ssl );
if(ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
iv_offset_out = ssl->out_iv - ssl->out_buf;
len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
ssl->out_left < buf_len )
{
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
modified = 1;
}
}
}
if( modified )
{
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
* splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
ssl->out_len = ssl->out_buf + len_offset_out;
ssl->out_iv = ssl->out_buf + iv_offset_out;
ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
}
}
#endif #endif
} }