Remove in_hshdr
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3eb49e2..a920e46 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3229,7 +3229,6 @@
if (ssl->in_hslen == 0) {
ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
ssl->in_hsfraglen = 0;
- ssl->in_hshdr = ssl->in_hdr;
}
MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@@ -3296,10 +3295,7 @@
}
} else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- {
- if (ssl->in_hsfraglen > ssl->in_hslen) {
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- }
+ if (ssl->in_hsfraglen <= ssl->in_hslen) {
int ret;
const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
MBEDTLS_SSL_DEBUG_MSG(3,
@@ -3317,15 +3313,16 @@
mbedtls_ssl_update_in_pointers(ssl);
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
- if (ssl->in_hshdr != ssl->in_hdr) {
+ if (ssl->in_hsfraglen > 0) {
/*
- * At ssl->in_hshdr we have a sequence of records that cover the next handshake
+ * At in_first_hdr we have a sequence of records that cover the next handshake
* record, each with its own record header that we need to remove.
* Note that the reassembled record size may not equal the size of the message,
- * there maybe bytes from the next message following it.
+ * there may be more messages after it, complete or partial.
*/
+ unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+ unsigned char *p = in_first_hdr, *q = NULL;
size_t merged_rec_len = 0;
- unsigned char *p = ssl->in_hshdr, *q = NULL;
do {
mbedtls_record rec;
ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
@@ -3341,16 +3338,17 @@
q = p;
}
} while (merged_rec_len < ssl->in_hslen);
- ssl->in_hdr = ssl->in_hshdr;
+ ssl->in_hdr = in_first_hdr;
mbedtls_ssl_update_in_pointers(ssl);
ssl->in_msglen = merged_rec_len;
/* Adjust message length. */
MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
ssl->in_hsfraglen = 0;
- ssl->in_hshdr = NULL;
MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
}
+ } else {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
return 0;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 450c397..991b431 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -345,15 +345,11 @@
int modified = 0;
size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0;
size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
- size_t hshdr_in = 0;
if (ssl->in_buf != NULL) {
written_in = ssl->in_msg - ssl->in_buf;
iv_offset_in = ssl->in_iv - ssl->in_buf;
len_offset_in = ssl->in_len - ssl->in_buf;
hdr_in = ssl->in_hdr - ssl->in_buf;
- if (ssl->in_hshdr != NULL) {
- hshdr_in = ssl->in_hshdr - ssl->in_buf;
- }
if (downsizing ?
ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
ssl->in_buf_len < in_buf_new_len) {
@@ -398,9 +394,6 @@
ssl->in_msg = ssl->in_buf + written_in;
ssl->in_len = ssl->in_buf + len_offset_in;
ssl->in_iv = ssl->in_buf + iv_offset_in;
- if (ssl->in_hshdr != NULL) {
- ssl->in_hshdr = ssl->in_buf + hshdr_in;
- }
}
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
@@ -1494,10 +1487,9 @@
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
ssl->in_hslen = 0;
+ ssl->in_hsfraglen = 0;
ssl->keep_current_message = 0;
ssl->transform_in = NULL;
- ssl->in_hshdr = NULL;
- ssl->in_hsfraglen = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->next_record_offset = 0;