Merge in_hsfraglen with badmac_seen_or_in_hsfraglen

In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it was in Mbed TLS 3.6.0 through 3.6.2. The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only used for DTLS (despite being present in non-DTLS builds), and the field `in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can be stored in the same field. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-09 10:14:11 +00:00 · 2025-02-17 16:28:51 +01:00 · 2025-02-17 16:28:51 +01:00 · b710599e4a
commit b710599e4a
parent ebdd405f68
3 changed files with 12 additions and 14 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1826,8 +1826,6 @@ struct mbedtls_ssl_context {

    size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
                                                    including the handshake header   */
-    unsigned MBEDTLS_PRIVATE(in_hsfraglen);      /*!< accumulated length of hs fragments
-                                                    (up to in_hslen) */
    int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */

    int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -3230,7 +3230,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)

    if (ssl->in_hslen == 0) {
        ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
-        ssl->in_hsfraglen = 0;
+        ssl->badmac_seen_or_in_hsfraglen = 0;
    }

    MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@ -3297,15 +3297,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
        }
    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    if (ssl->in_hsfraglen <= ssl->in_hslen) {
+    if (ssl->badmac_seen_or_in_hsfraglen <= ssl->in_hslen) {
        int ret;
-        const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
+        const size_t hs_remain = ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen;
        MBEDTLS_SSL_DEBUG_MSG(3,
                              ("handshake fragment: %u .. %"
                               MBEDTLS_PRINTF_SIZET " of %"
                               MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
-                               ssl->in_hsfraglen,
-                               (size_t) ssl->in_hsfraglen +
+                               ssl->badmac_seen_or_in_hsfraglen,
+                               (size_t) ssl->badmac_seen_or_in_hsfraglen +
                               (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
                               ssl->in_hslen, ssl->in_msglen));
        if (ssl->in_msglen < hs_remain) {
@ -3316,13 +3316,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
             * we assume that both unsigned and size_t are at least 32 bits.
             * Therefore there is no possible integer overflow here.
             */
-            ssl->in_hsfraglen += (unsigned) ssl->in_msglen;
+            ssl->badmac_seen_or_in_hsfraglen += (unsigned) ssl->in_msglen;
            ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
            ssl->in_msglen = 0;
            mbedtls_ssl_update_in_pointers(ssl);
            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
        }
-        if (ssl->in_hsfraglen > 0) {
+        if (ssl->badmac_seen_or_in_hsfraglen > 0) {
            /*
             * At in_first_hdr we have a sequence of records that cover the next handshake
             * record, each with its own record header that we need to remove.
@ -3352,7 +3352,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
            ssl->in_msglen = merged_rec_len;
            /* Adjust message length. */
            MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
-            ssl->in_hsfraglen = 0;
+            ssl->badmac_seen_or_in_hsfraglen = 0;
            MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
                                  ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
        }
@ -4702,13 +4702,13 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
        }

-        if (ssl->in_hsfraglen != 0) {
+        if (ssl->badmac_seen_or_in_hsfraglen != 0) {
            /* Not all handshake fragments have arrived, do not consume. */
            MBEDTLS_SSL_DEBUG_MSG(3,
                                  ("waiting for more fragments (%u of %"
                                   MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
-                                   ssl->in_hsfraglen, ssl->in_hslen,
-                                   ssl->in_hslen - ssl->in_hsfraglen));
+                                   ssl->badmac_seen_or_in_hsfraglen, ssl->in_hslen,
+                                   ssl->in_hslen - ssl->badmac_seen_or_in_hsfraglen));
            return 0;
        }

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1488,7 +1488,7 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
    ssl->in_msgtype = 0;
    ssl->in_msglen  = 0;
    ssl->in_hslen   = 0;
-    ssl->in_hsfraglen = 0;
+    ssl->badmac_seen_or_in_hsfraglen = 0;
    ssl->keep_current_message = 0;
    ssl->transform_in  = NULL;