Skip to content

Incremental TLS handshake defragmentation #10011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Mar 7, 2025
Merged

Incremental TLS handshake defragmentation #10011

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
2e5a7ea
Fix Doxygen markup
gilles-peskine-arm Feb 12, 2025
9bdc8aa
Tweak "waiting for more handshake fragments" log message
gilles-peskine-arm Feb 28, 2025
0702772
Tweak handshake fragment log message
gilles-peskine-arm Mar 3, 2025
7a17696
mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep
gilles-peskine-arm Feb 28, 2025
235eae9
mbedtls_ssl_prepare_handshake_record(): log offsets after decryption
gilles-peskine-arm Feb 28, 2025
e85ece6
Handshake defragmentation: reassemble incrementally
gilles-peskine-arm Feb 28, 2025
90a9593
Fix dodgy printf calls
gilles-peskine-arm Feb 25, 2025
e4a3fc2
Update framework
gilles-peskine-arm Mar 3, 2025
0851ec9
Fix end check before memmove
gilles-peskine-arm Mar 6, 2025
15c072f
Fix handshake defragmentation when the record has multiple messages
gilles-peskine-arm Mar 6, 2025
afb254c
Unify handshake fragment log messages
gilles-peskine-arm Mar 6, 2025
b8f1e4b
Pacify uncrustify
gilles-peskine-arm Mar 6, 2025
dab1cb5
Note unused variables when debugging is disabled
gilles-peskine-arm Mar 6, 2025
e34ec86
Fix a log message
gilles-peskine-arm Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 24 additions & 19 deletions library/ssl_msg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3055,6 +3055,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
unsigned char *const payload_start =
reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl);
unsigned char *payload_end = payload_start + ssl->in_hsfraglen;
/* How many more bytes we want to have a complete handshake message. */
const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
/* How many bytes of the current record are part of the first
* handshake message. There may be more handshake messages (possibly
* incomplete) in the same record; if so, we leave them after the
* current record, and ssl_consume_current_message() will take
* care of consuming the next handshake message. */
const size_t hs_this_fragment_len =
ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen;

if (ssl->in_hsfraglen != 0) {
/* We already had a handshake fragment. Prepare to append
Expand All @@ -3066,21 +3075,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
" of %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen,
ssl->in_hsfraglen,
ssl->in_hsfraglen + ssl->in_msglen,
ssl->in_hsfraglen + hs_this_fragment_len,
ssl->in_hslen));

const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
if (ssl->in_msglen > hs_remain) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %"
MBEDTLS_PRINTF_SIZET " but only %"
MBEDTLS_PRINTF_SIZET " of %"
MBEDTLS_PRINTF_SIZET " remain",
ssl->in_msglen,
hs_remain,
ssl->in_hslen));
return MBEDTLS_ERR_SSL_INVALID_RECORD;
}
} else if (ssl->in_msglen == ssl->in_hslen) {
} else if (hs_this_fragment_len == ssl->in_hslen) {
/* This is the sole fragment. */
/* Emit a log message in the same format as when there are
* multiple fragments, for ease of matching. */
Expand All @@ -3091,7 +3088,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
" of %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen,
ssl->in_hsfraglen,
ssl->in_hsfraglen + ssl->in_msglen,
ssl->in_hsfraglen + hs_this_fragment_len,
ssl->in_hslen));
} else {
/* This is the first fragment of many. */
Expand All @@ -3102,7 +3099,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
" of %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen,
ssl->in_hsfraglen,
ssl->in_hsfraglen + ssl->in_msglen,
ssl->in_hsfraglen + hs_this_fragment_len,
ssl->in_hslen));
}

Expand Down Expand Up @@ -3154,16 +3151,24 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
/* Update the record length in the fully reassembled record */
if (ssl->in_msglen > 0xffff) {
MBEDTLS_SSL_DEBUG_MSG(1,
("Shouldn't happen: in_msglen=%"
("Shouldn't happen: in_hslen=%"
MBEDTLS_PRINTF_SIZET " > 0xffff",
ssl->in_msglen));
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0);

size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen;
MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
ssl->in_hdr,
mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen);
ssl->in_hdr, record_len);
if (ssl->in_hslen < ssl->in_msglen) {
MBEDTLS_SSL_DEBUG_MSG(3,
("More handshake messages in the record: "
"%" MBEDTLS_PRINTF_SIZET " + "
"%" MBEDTLS_PRINTF_SIZET,
ssl->in_hslen,
ssl->in_msglen - ssl->in_hslen));
}
}
}

Expand Down