From af0c461f3969a8c51c29cd48b83197250a120c60 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:59:12 +0100 Subject: [PATCH] mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep Minor refactoring of the initial checks and preparation when receiving the first fragment. Use `ssl->in_hsfraglen` to determine whether there is a pending handshake fragment, for consistency, and possibly for more robustness in case handshake fragments are mixed with non-handshake records (although this is not currently supported anyway). Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c642fe960..e68474d458 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3221,16 +3221,19 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - /* First handshake fragment must at least include the header. */ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } + if (ssl->badmac_seen_or_in_hsfraglen == 0) { + /* The handshake message must at least include the header. + * We may not have the full message yet in case of fragmentation. + * To simplify the code, we insist on having the header (and in + * particular the handshake message length) in the first + * fragment. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } - if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - ssl->badmac_seen_or_in_hsfraglen = 0; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="