mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 10:14:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge in_hsfraglen with badmac_seen_or_in_hsfraglen

Browse Source 
In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into
`badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it
was in Mbed TLS 3.6.0 through 3.6.2.

The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only
used for DTLS (despite being present in non-DTLS builds), and the field
`in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can
be stored in the same field.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-02-17 16:28:51 +01:00
parent ebdd405f68
commit b710599e4a
3 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -1826,8 +1826,6 @@ struct mbedtls_ssl_context {
size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */ including the handshake header */
unsigned MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments
(up to in_hslen) */
int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message

22
library/ssl_msg.c
View File

@ -3230,7 +3230,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
if (ssl->in_hslen == 0) { if (ssl->in_hslen == 0) {
ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
ssl->in_hsfraglen = 0; ssl->badmac_seen_or_in_hsfraglen = 0;
} }
MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@ -3297,15 +3297,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
} }
} else } else
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
if (ssl->in_hsfraglen <= ssl->in_hslen) { if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) {
int ret; int ret;
const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
MBEDTLS_SSL_DEBUG_MSG(3, MBEDTLS_SSL_DEBUG_MSG(3,
("handshake fragment: %u .. %" ("handshake fragment: %u .. %"
MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " of %"
MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
ssl->in_hsfraglen, ssl->badmac_seen_or_in_hsfraglen,
(size_t) ssl->in_hsfraglen + (size_t) ssl->badmac_seen_or_in_hsfraglen +
(hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
ssl->in_hslen, ssl->in_msglen)); ssl->in_hslen, ssl->in_msglen));
if (ssl->in_msglen < hs_remain) { if (ssl->in_msglen < hs_remain) {
@ -3316,13 +3316,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
* we assume that both unsigned and size_t are at least 32 bits. * we assume that both unsigned and size_t are at least 32 bits.
* Therefore there is no possible integer overflow here. * Therefore there is no possible integer overflow here.
*/ */
ssl->in_hsfraglen += (unsigned) ssl->in_msglen; ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen;
ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
ssl->in_msglen = 0; ssl->in_msglen = 0;
mbedtls_ssl_update_in_pointers(ssl); mbedtls_ssl_update_in_pointers(ssl);
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
} }
if (ssl->in_hsfraglen > 0) { if (ssl->badmac_seen_or_in_hsfraglen > 0) {
/* /*
* At in_first_hdr we have a sequence of records that cover the next handshake * At in_first_hdr we have a sequence of records that cover the next handshake
* record, each with its own record header that we need to remove. * record, each with its own record header that we need to remove.
@ -3352,7 +3352,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
ssl->in_msglen = merged_rec_len; ssl->in_msglen = merged_rec_len;
/* Adjust message length. */ /* Adjust message length. */
MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
ssl->in_hsfraglen = 0; ssl->badmac_seen_or_in_hsfraglen = 0;
MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
} }
@ -4702,13 +4702,13 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_INTERNAL_ERROR; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
} }
if (ssl->in_hsfraglen != 0) { if (ssl->badmac_seen_or_in_hsfraglen != 0) {
/* Not all handshake fragments have arrived, do not consume. */ /* Not all handshake fragments have arrived, do not consume. */
MBEDTLS_SSL_DEBUG_MSG(3, MBEDTLS_SSL_DEBUG_MSG(3,
("waiting for more fragments (%u of %" ("waiting for more fragments (%u of %"
MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
ssl->in_hsfraglen, ssl->in_hslen, ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen,
ssl->in_hslen - ssl->in_hsfraglen)); ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen));
return 0; return 0;
} }

2
library/ssl_tls.c
View File

@ -1488,7 +1488,7 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
ssl->in_msgtype = 0; ssl->in_msgtype = 0;
ssl->in_msglen = 0; ssl->in_msglen = 0;
ssl->in_hslen = 0; ssl->in_hslen = 0;
ssl->in_hsfraglen = 0; ssl->badmac_seen_or_in_hsfraglen = 0;
ssl->keep_current_message = 0; ssl->keep_current_message = 0;
ssl->transform_in = NULL; ssl->transform_in = NULL;