From f903dc8354379f191b71118e5fd21cf83cc3b56a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Jul 2019 09:55:46 +0100 Subject: [PATCH] Make mbedtls_ssl_in_hdr_len() CID-unaware The function mbedtls_ssl_in_hdr_len() is supposed to return the length of the record header of the current incoming record. With the advent of the DTLS Connection ID, this length is only known at runtime and hence so far needed to be derived from the internal in_iv pointer pointing to the beginning of the payload of the current incooing record. By now, however, those uses of mbedtls_ssl_in_hdr_len() where the presence of a CID would need to be detected have been removed (specifically, ssl_parse_record_header() doesn't use it anymore when checking that the current datagram is large enough to hold the record header, including the CID), and it's sufficient to statically return the default record header sizes of 5 / 13 Bytes for TLS / DTLS. --- include/mbedtls/ssl_internal.h | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 422df3fd3..ee0fa297b 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1073,7 +1073,22 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) { - return( (size_t) ( ssl->in_iv - ssl->in_hdr ) ); +#if !defined(MBEDTLS_SSL_PROTO__BOTH) + ((void) ssl); +#endif + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) + { + return( 13 ); + } + MBEDTLS_SSL_TRANSPORT_ELSE +#endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_PROTO_TLS) + { + return( 5 ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS */ } static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )