Remove in_hshdr
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fcab63e..8b1aa23 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3230,7 +3230,6 @@
if (ssl->in_hslen == 0) {
ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
ssl->in_hsfraglen = 0;
- ssl->in_hshdr = ssl->in_hdr;
}
MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@@ -3297,10 +3296,7 @@
}
} else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- {
- if (ssl->in_hsfraglen > ssl->in_hslen) {
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- }
+ if (ssl->in_hsfraglen <= ssl->in_hslen) {
int ret;
const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
MBEDTLS_SSL_DEBUG_MSG(3,
@@ -3318,15 +3314,16 @@
mbedtls_ssl_update_in_pointers(ssl);
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
- if (ssl->in_hshdr != ssl->in_hdr) {
+ if (ssl->in_hsfraglen > 0) {
/*
- * At ssl->in_hshdr we have a sequence of records that cover the next handshake
+ * At in_first_hdr we have a sequence of records that cover the next handshake
* record, each with its own record header that we need to remove.
* Note that the reassembled record size may not equal the size of the message,
- * there maybe bytes from the next message following it.
+ * there may be more messages after it, complete or partial.
*/
+ unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+ unsigned char *p = in_first_hdr, *q = NULL;
size_t merged_rec_len = 0;
- unsigned char *p = ssl->in_hshdr, *q = NULL;
do {
mbedtls_record rec;
ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
@@ -3342,16 +3339,17 @@
q = p;
}
} while (merged_rec_len < ssl->in_hslen);
- ssl->in_hdr = ssl->in_hshdr;
+ ssl->in_hdr = in_first_hdr;
mbedtls_ssl_update_in_pointers(ssl);
ssl->in_msglen = merged_rec_len;
/* Adjust message length. */
MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
ssl->in_hsfraglen = 0;
- ssl->in_hshdr = NULL;
MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
}
+ } else {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
return 0;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f7554d2..0c39494 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -346,15 +346,11 @@
int modified = 0;
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
- size_t hshdr_in = 0;
if (ssl->in_buf != NULL) {
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
hdr_in = ssl->in_hdr - ssl->in_buf;
- if (ssl->in_hshdr != NULL) {
- hshdr_in = ssl->in_hshdr - ssl->in_buf;
- }
if (downsizing ?
ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
ssl->in_buf_len < in_buf_new_len) {
@@ -399,9 +395,6 @@
ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
- if (ssl->in_hshdr != NULL) {
- ssl->in_hshdr = ssl->in_buf + hshdr_in;
- }
}
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
@@ -1495,10 +1488,9 @@
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
ssl->in_hslen = 0;
+ ssl->in_hsfraglen = 0;
ssl->keep_current_message = 0;
ssl->transform_in = NULL;
- ssl->in_hshdr = NULL;
- ssl->in_hsfraglen = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->next_record_offset = 0;