Refactor handshake msg header parsing etc.

fwh-dc · Jun 21, 2024 · b9d608e · b9d608e
1 parent 928386b
commit b9d608e
Show file tree

Hide file tree

Showing 6 changed files with 226 additions and 250 deletions.
diff --git a/include/internal/common.h b/include/internal/common.h
@@ -180,10 +180,6 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
                               (((unsigned long)((c)[1]))<< 8)| \
                               (((unsigned long)((c)[2]))    )),(c)+=3)
 
-# define l2n3(l,c)       (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
-                           (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
-                           (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
-
 #define l3n2(c,l)       (l =((uint64_t)(*((c)++)))<<16, \
                          l|=((uint64_t)(*((c)++)))<< 8, \
                          l|=((uint64_t)(*((c)++))))

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
@@ -94,7 +94,7 @@ int dtls1_new(SSL *ssl)
         return 0;
     }
 
-    d1->buffered_messages = pqueue_new();
+    d1->rcvd_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
 
     if (s->server) {
@@ -105,8 +105,8 @@ int dtls1_new(SSL *ssl)
     d1->mtu = 0;
     d1->hello_verify_request = SSL_HVR_NONE;
 
-    if (d1->buffered_messages == NULL || d1->sent_messages == NULL) {
-        pqueue_free(d1->buffered_messages);
+    if (d1->rcvd_messages == NULL || d1->sent_messages == NULL) {
+        pqueue_free(d1->rcvd_messages);
         pqueue_free(d1->sent_messages);
         OPENSSL_free(d1);
         ssl3_free(ssl);
@@ -132,7 +132,7 @@ void dtls1_clear_received_buffer(SSL_CONNECTION *s)
     pitem *item = NULL;
     hm_fragment *frag = NULL;
 
-    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+    while ((item = pqueue_pop(s->d1->rcvd_messages)) != NULL) {
         frag = (hm_fragment *)item->data;
         dtls1_hm_fragment_free(frag);
         pitem_free(item);
@@ -142,22 +142,21 @@ void dtls1_clear_received_buffer(SSL_CONNECTION *s)
 void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
 {
     pitem *item = NULL;
-    hm_fragment *frag = NULL;
 
     while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
-        frag = (hm_fragment *)item->data;
+        dtls_sent_msg *sent_msg = (dtls_sent_msg *)item->data;
 
-        if (frag->msg_header.is_ccs
-                && frag->msg_header.saved_retransmit_state.wrlmethod != NULL
-                && s->rlayer.wrl != frag->msg_header.saved_retransmit_state.wrl) {
+        if (sent_msg->record_type == SSL3_RT_CHANGE_CIPHER_SPEC
+            && sent_msg->saved_retransmit_state.wrlmethod != NULL
+            && s->rlayer.wrl != sent_msg->saved_retransmit_state.wrl) {
             /*
              * If we're freeing the CCS then we're done with the old wrl and it
              * can bee freed
              */
-            frag->msg_header.saved_retransmit_state.wrlmethod->free(frag->msg_header.saved_retransmit_state.wrl);
+            sent_msg->saved_retransmit_state.wrlmethod->free(sent_msg->saved_retransmit_state.wrl);
         }
 
-        dtls1_hm_fragment_free(frag);
+        dtls1_sent_msg_free(sent_msg);
         pitem_free(item);
     }
 }
@@ -172,7 +171,7 @@ void dtls1_free(SSL *ssl)
 
     if (s->d1 != NULL) {
         dtls1_clear_queues(s);
-        pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->rcvd_messages);
         pqueue_free(s->d1->sent_messages);
     }
 
@@ -186,7 +185,7 @@ void dtls1_free(SSL *ssl)
 
 int dtls1_clear(SSL *ssl)
 {
-    pqueue *buffered_messages;
+    pqueue *rcvd_messages;
     pqueue *sent_messages;
     size_t mtu;
     size_t link_mtu;
@@ -201,7 +200,7 @@ int dtls1_clear(SSL *ssl)
     if (s->d1) {
         DTLS_timer_cb timer_cb = s->d1->timer_cb;
 
-        buffered_messages = s->d1->buffered_messages;
+        rcvd_messages = s->d1->rcvd_messages;
         sent_messages = s->d1->sent_messages;
         mtu = s->d1->mtu;
         link_mtu = s->d1->link_mtu;
@@ -222,7 +221,7 @@ int dtls1_clear(SSL *ssl)
             s->d1->link_mtu = link_mtu;
         }
 
-        s->d1->buffered_messages = buffered_messages;
+        s->d1->rcvd_messages = rcvd_messages;
         s->d1->sent_messages = sent_messages;
     }
 
@@ -423,7 +422,7 @@ int dtls1_handle_timeout(SSL_CONNECTION *s)
 
     dtls1_start_timer(s);
     /* Calls SSLfatal() if required */
-    return dtls1_retransmit_buffered_messages(s);
+    return dtls1_retransmit_sent_messages(s);
 }
 
 #define LISTEN_SUCCESS              2

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
@@ -490,7 +490,7 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
      * Unexpected handshake message (Client Hello, or protocol violation)
      */
     if (rr->type == SSL3_RT_HANDSHAKE && !ossl_statem_get_in_handshake(sc)) {
-        struct hm_header_st msg_hdr;
+        unsigned char msg_type;
 
         /*
          * This may just be a stale retransmit. Also sanity check that we have
@@ -503,19 +503,19 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
             goto start;
         }
 
-        dtls1_get_message_header(rr->data, &msg_hdr);
+        msg_type = *rr->data;
 
         /*
          * If we are server, we may have a repeated FINISHED of the client
          * here, then retransmit our CCS and FINISHED.
          */
-        if (msg_hdr.type == SSL3_MT_FINISHED) {
+        if (msg_type == SSL3_MT_FINISHED) {
             if (dtls1_check_timeout_num(sc) < 0) {
                 /* SSLfatal) already called */
                 return -1;
             }
 
-            if (dtls1_retransmit_buffered_messages(sc) <= 0) {
+            if (dtls1_retransmit_sent_messages(sc) <= 0) {
                 /* Fail if we encountered a fatal error */
                 if (ossl_statem_in_error(sc))
                     return -1;

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
@@ -1930,12 +1930,6 @@ typedef struct sigalg_lookup_st {
 /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
 # define DTLS1_MAX_MTU_OVERHEAD                   48
 
-/*
- * Flag used in message reuse to indicate the buffer contains the record
- * header as well as the handshake message header.
- */
-# define DTLS1_SKIP_RECORD_HEADER                 2
-
 struct dtls1_retransmit_state {
     const OSSL_RECORD_METHOD *wrlmethod;
     OSSL_RECORD_LAYER *wrl;
@@ -1947,8 +1941,6 @@ struct hm_header_st {
     unsigned short seq;
     size_t frag_off;
     size_t frag_len;
-    unsigned int is_ccs;
-    struct dtls1_retransmit_state saved_retransmit_state;
 };
 
 typedef struct hm_fragment_st {
@@ -1980,6 +1972,19 @@ pitem *pqueue_iterator(pqueue *pq);
 pitem *pqueue_next(piterator *iter);
 size_t pqueue_size(pqueue *pq);
 
+typedef struct dtls_msg_info_st {
+    unsigned char msg_type;
+    size_t msg_body_len;
+    unsigned short msg_seq;
+} dtls_msg_info;
+
+typedef struct dtls_sent_msg_st {
+    dtls_msg_info msg_info;
+    int record_type;
+    unsigned char *msg_buf;
+    struct dtls1_retransmit_state saved_retransmit_state;
+} dtls_sent_msg;
+
 typedef struct dtls1_state_st {
     unsigned char cookie[DTLS1_COOKIE_LENGTH];
     size_t cookie_len;
@@ -1988,16 +1993,16 @@ typedef struct dtls1_state_st {
     unsigned short handshake_write_seq;
     unsigned short next_handshake_write_seq;
     unsigned short handshake_read_seq;
-    /* Buffered handshake messages */
-    pqueue *buffered_messages;
+    /* Buffered received handshake messages */
+    pqueue *rcvd_messages;
     /* Buffered (sent) handshake records */
     pqueue *sent_messages;
     /* Flag to indicate current HelloVerifyRequest status */
     enum {SSL_HVR_NONE = 0, SSL_HVR_RECEIVED} hello_verify_request;
     size_t link_mtu;      /* max on-the-wire DTLS packet size */
     size_t mtu;           /* max DTLS packet size */
-    struct hm_header_st w_msg_hdr;
-    struct hm_header_st r_msg_hdr;
+    dtls_msg_info w_msg;
+    unsigned short r_msg_seq;
     /* Number of alerts received so far */
     unsigned int timeout_num_alerts;
     /*
@@ -2708,25 +2713,19 @@ __owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
                                    int *max_version, int *real_max);
 
 __owur OSSL_TIME tls1_default_timeout(void);
-__owur int dtls1_do_write(SSL_CONNECTION *s, uint8_t type);
-void dtls1_set_message_header(SSL_CONNECTION *s,
-                              unsigned char mt,
-                              size_t len,
-                              size_t frag_off, size_t frag_len);
+__owur int dtls1_do_write(SSL_CONNECTION *s, uint8_t recordtype);
 
 int dtls1_write_app_data_bytes(SSL *s, uint8_t type, const void *buf_,
                                size_t len, size_t *written);
 
 __owur int dtls1_read_failed(SSL_CONNECTION *s, int code);
-__owur int dtls1_buffer_message(SSL_CONNECTION *s, int ccs);
+__owur int dtls1_buffer_sent_message(SSL_CONNECTION *s, int record_type);
 __owur int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq,
                                     int *found);
 __owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s);
+int dtls1_retransmit_sent_messages(SSL_CONNECTION *s);
 void dtls1_clear_received_buffer(SSL_CONNECTION *s);
 void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
-void dtls1_get_message_header(const unsigned char *data,
-                              struct hm_header_st *msg_hdr);
 __owur OSSL_TIME dtls1_default_timeout(void);
 __owur int dtls1_get_timeout(const SSL_CONNECTION *s, OSSL_TIME *timeleft);
 __owur int dtls1_check_timeout_num(SSL_CONNECTION *s);
@@ -2738,6 +2737,7 @@ __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
                                          size_t cookie_len);
 __owur size_t dtls1_min_mtu(SSL_CONNECTION *s);
 void dtls1_hm_fragment_free(hm_fragment *frag);
+void dtls1_sent_msg_free(dtls_sent_msg *msg);
 __owur int dtls1_query_mtu(SSL_CONNECTION *s);
 
 __owur int tls1_new(SSL *s);