From c0eefa8b921f2e08f0357b6bc2ef446c5aac3095 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:17:36 +0100 Subject: [PATCH] Introduce helper function to retrieve explicit IV len for transform The structure `mbedtls_ssl_transform` representing record protection transformations should ideally be used through a function-based interface only, as this will ease change of implementation as well as the addition of new record protection routines in the future. This commit makes a step in that direction by introducing the helper function `ssl_transform_get_explicit_iv_len()` which returns the size of the pre-expansion during record encryption due to the potential addition of an explicit IV. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c56e538f..669a33d4b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4985,6 +4985,15 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) * and the caller has to make sure there's space for this. */ +static size_t ssl_transform_get_explicit_iv_len( + mbedtls_ssl_transform const *transform ) +{ + if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) + return( 0 ); + + return( transform->ivlen - transform->fixed_ivlen ); +} + void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { @@ -5013,14 +5022,10 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, ssl->out_iv = ssl->out_hdr + 5; } + ssl->out_msg = ssl->out_iv; /* Adjust out_msg to make space for explicit IV, if used. */ - if( transform != NULL && - ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen; - } - else - ssl->out_msg = ssl->out_iv; + if( transform != NULL ) + ssl->out_msg += ssl_transform_get_explicit_iv_len( transform ); } /* Once ssl->in_hdr as the address of the beginning of the