commit 7ae20e0f4c3c886309fed8b6940696526f90bc86
author Hanno Becker <hanno.becker@arm.com> Fri Jul 12 08:33:49 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed Aug 14 15:06:06 2019 +0100
tree 2389cb2a79c98d09b9d8a0442999e0f7943b3bda
parent 605949f84cfc299304c8940240294561299fe294

Move updating the internal rec ptrs to outside of rec hdr parsing

The stack maintains pointers mbedtls_ssl_context::in_xxx pointing to
various parts of the [D]TLS record header. Originally, these fields
were determined and set in ssl_parse_record_header(). By now,
ssl_parse_record_header() has been modularized to setup an instance
of the internal SSL record structure mbedtls_record, and to derive
the old in_xxx fields from that.

This commit takes a further step towards removing the in_xxx fields
by deriving them from the established record structure _outside_ of
ssl_parse_record_header() after the latter has succeeded.

One exception is the handling of possible client reconnects,
which happens in the case then ssl_parse_record_header() returns
MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; since ssl_check_client_reconnect()
so far uses the in_xxx fields, they need to be derived from the
record structure beforehand.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9696bd6..f16b619 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4950,7 +4950,6 @@
      */
 
     rec->type = buf[ rec_hdr_type_offset ];
-    ssl->in_msgtype = rec->type;
 
     /* Check record content type */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -4988,9 +4987,6 @@
 
         rec->cid_len = rec_hdr_cid_len;
         memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
-
-        ssl->in_len = ssl->in_cid + mbedtls_ssl_conf_get_cid_len( ssl->conf );
-        ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -5056,7 +5052,6 @@
     rec->data_len    = (size_t) READ_UINT16_BE( buf + rec_hdr_len_offset );
     MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
 
-    ssl->in_msglen   = rec->data_len;
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
                                 "version = [%d:%d], msglen = %d",
                                 rec->type,
@@ -6033,6 +6028,14 @@
             if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
             {
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
+                /* Setup internal message pointers from record structure. */
+                ssl->in_msgtype = rec.type;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+                ssl->in_len = ssl->in_cid + rec.cid_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+                ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
+                ssl->in_msglen = rec.data_len;
+
                 ret = ssl_check_client_reconnect( ssl );
                 if( ret != 0 )
                     return( ret );
@@ -6064,6 +6067,14 @@
         }
     }
 
+    /* Setup internal message pointers from record structure. */
+    ssl->in_msgtype = rec.type;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    ssl->in_len = ssl->in_cid + rec.cid_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+    ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
+    ssl->in_msglen = rec.data_len;
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {