1
0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-24 01:51:03 +08:00

Change the type of in_hsfraglen to unsigned

In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen`
from `size_t` to `unsigned`. This is in preparation for merging
`in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type
`unsigned` and cannot change since we do not want to change the ABI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-02-17 16:25:24 +01:00
parent f6a676d93f
commit ebdd405f68
2 changed files with 13 additions and 5 deletions

View File

@ -1826,7 +1826,7 @@ struct mbedtls_ssl_context {
size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments
unsigned MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments
(up to in_hslen) */
int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */

View File

@ -25,6 +25,7 @@
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
#include <limits.h>
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -3300,15 +3301,22 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
int ret;
const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
MBEDTLS_SSL_DEBUG_MSG(3,
("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %"
("handshake fragment: %u .. %"
MBEDTLS_PRINTF_SIZET " of %"
MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
ssl->in_hsfraglen,
ssl->in_hsfraglen +
(size_t) ssl->in_hsfraglen +
(hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
ssl->in_hslen, ssl->in_msglen));
if (ssl->in_msglen < hs_remain) {
ssl->in_hsfraglen += ssl->in_msglen;
/* ssl->in_msglen is a 25-bit value since it is the sum of the
* header length plus the payload length, the header length is 4
* and the payload length was received on the wire encoded as
* 3 octets. We don't support 16-bit platforms; more specifically,
* we assume that both unsigned and size_t are at least 32 bits.
* Therefore there is no possible integer overflow here.
*/
ssl->in_hsfraglen += (unsigned) ssl->in_msglen;
ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
ssl->in_msglen = 0;
mbedtls_ssl_update_in_pointers(ssl);
@ -4697,7 +4705,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
if (ssl->in_hsfraglen != 0) {
/* Not all handshake fragments have arrived, do not consume. */
MBEDTLS_SSL_DEBUG_MSG(3,
("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %"
("waiting for more fragments (%u of %"
MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
ssl->in_hsfraglen, ssl->in_hslen,
ssl->in_hslen - ssl->in_hsfraglen));