Add frame for loading and storing buffered messages

This commit introduces the frame for saving and loading
buffered messages within message reading function
mbedtls_ssl_read_record().
This commit is contained in:
Hanno Becker 2018-08-15 14:48:01 +01:00
parent e74d556b43
commit 40f50848fa
2 changed files with 65 additions and 6 deletions

View file

@ -121,6 +121,7 @@
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
/* /*
* Various constants * Various constants

View file

@ -4289,6 +4289,12 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
static int ssl_get_next_record( mbedtls_ssl_context *ssl ); static int ssl_get_next_record( mbedtls_ssl_context *ssl );
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
static int ssl_buffer_message( mbedtls_ssl_context *ssl );
static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
unsigned update_digest ) unsigned update_digest )
{ {
@ -4306,6 +4312,21 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
if( ssl_record_is_in_progress( ssl ) == 0 ) if( ssl_record_is_in_progress( ssl ) == 0 )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS)
int have_buffered = 0;
/* We only check for buffered messages if the
* current datagram is fully consumed. */
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl_another_record_in_datagram( ssl ) == 0 )
{
if( ssl_load_buffered_message( ssl ) == 0 )
have_buffered = 1;
}
if( have_buffered == 0 )
#endif /* MBEDTLS_SSL_PROTO_DTLS */
{
ret = ssl_get_next_record( ssl ); ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
continue; continue;
@ -4316,9 +4337,22 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
} }
}
ret = mbedtls_ssl_handle_message_type( ssl ); ret = mbedtls_ssl_handle_message_type( ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
{
/* Buffer future message */
ret = ssl_buffer_message( ssl );
if( ret != 0 )
return( ret );
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret || } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
@ -4345,6 +4379,30 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
{
if( ssl->in_left > ssl->next_record_offset )
return( 1 );
return( 0 );
}
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
{
/* No buffering support so far. */
((void) ssl );
return( -1 );
}
static int ssl_buffer_message( mbedtls_ssl_context *ssl )
{
/* No buffering support so far. */
((void) ssl );
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
{ {
/* /*