Improve ABI compat trick

mpg · mpg · commit 0521d6430629 · 2025-02-04T12:28:47.000+01:00
In principle, pointers to char and pointers to word-aligned structs
might have different sizes. However, it's guaranteed that any pointer
can be converted to a char pointer and back, so it's OK to store the
pointer to struct as a pointer to char.

Signed-off-by: Manuel Pégourié-Gonnard &lt;manuel.pegourie-gonnard@arm.com&gt;
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -1805,7 +1805,7 @@ struct mbedtls_ssl_context {
                                                   *   (the end is marked by in_len).   */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     unsigned char *MBEDTLS_PRIVATE(in_len);      /*!< two-bytes message length field   */
-    mbedtls_ssl_context_in_ext *MBEDTLS_PRIVATE(in_ext); /*!< extension structure      */
+    unsigned char *MBEDTLS_PRIVATE(in_ext);      /*!< extension structure (ABI compat) */
     unsigned char *MBEDTLS_PRIVATE(in_msg);      /*!< message contents (in_iv+ivlen)   */
     unsigned char *MBEDTLS_PRIVATE(in_offt);     /*!< read offset in application data  */
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
@@ -409,6 +409,11 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
 #define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
 #define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
 
+static inline mbedtls_ssl_context_in_ext *mbedtls_ssl_get_in_ext(const mbedtls_ssl_context *ssl)
+{
+    return (mbedtls_ssl_context_in_ext *) ssl->in_ext;
+}
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Return the maximum fragment length (payload, in bytes) for
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
@@ -3229,8 +3229,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 
     if (ssl->in_hslen == 0) {
         ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
-        ssl->in_ext->in_hsfraglen = 0;
-        ssl->in_ext->in_hshdr = ssl->in_hdr;
+        mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen = 0;
+        mbedtls_ssl_get_in_ext(ssl)->in_hshdr = ssl->in_hdr;
     }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
@@ -3298,35 +3298,35 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
-        if (ssl->in_ext->in_hsfraglen > ssl->in_hslen) {
+        if (mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen > ssl->in_hslen) {
             return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         }
         int ret;
-        const size_t hs_remain = ssl->in_hslen - ssl->in_ext->in_hsfraglen;
+        const size_t hs_remain = ssl->in_hslen - mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,
                               ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %"
                                MBEDTLS_PRINTF_SIZET " of %"
                                MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET,
-                               ssl->in_ext->in_hsfraglen,
-                               ssl->in_ext->in_hsfraglen +
+                               mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen,
+                               mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen +
                                (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen),
                                ssl->in_hslen, ssl->in_msglen));
         if (ssl->in_msglen < hs_remain) {
-            ssl->in_ext->in_hsfraglen += ssl->in_msglen;
+            mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen += ssl->in_msglen;
             ssl->in_hdr = ssl->in_msg + ssl->in_msglen;
             ssl->in_msglen = 0;
             mbedtls_ssl_update_in_pointers(ssl);
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         }
-        if (ssl->in_ext->in_hshdr != ssl->in_hdr) {
+        if (mbedtls_ssl_get_in_ext(ssl)->in_hshdr != ssl->in_hdr) {
             /*
-             * At ssl->in_ext->in_hshdr we have a sequence of records that cover the next handshake
+             * At mbedtls_ssl_get_in_ext(ssl)->in_hshdr we have a sequence of records that cover the next handshake
              * record, each with its own record header that we need to remove.
              * Note that the reassembled record size may not equal the size of the message,
              * there maybe bytes from the next message following it.
              */
             size_t merged_rec_len = 0;
-            unsigned char *p = ssl->in_ext->in_hshdr, *q = NULL;
+            unsigned char *p = mbedtls_ssl_get_in_ext(ssl)->in_hshdr, *q = NULL;
             do {
                 mbedtls_record rec;
                 ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec);
@@ -3342,13 +3342,13 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
                     q = p;
                 }
             } while (merged_rec_len < ssl->in_hslen);
-            ssl->in_hdr = ssl->in_ext->in_hshdr;
+            ssl->in_hdr = mbedtls_ssl_get_in_ext(ssl)->in_hshdr;
             mbedtls_ssl_update_in_pointers(ssl);
             ssl->in_msglen = merged_rec_len;
             /* Adjust message length. */
             MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0);
-            ssl->in_ext->in_hsfraglen = 0;
-            ssl->in_ext->in_hshdr = NULL;
+            mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen = 0;
+            mbedtls_ssl_get_in_ext(ssl)->in_hshdr = NULL;
             MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record",
                                   ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len);
         }
@@ -4696,13 +4696,13 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
             return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        if (ssl->in_ext->in_hsfraglen != 0) {
+        if (mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen != 0) {
             /* Not all handshake fragments have arrived, do not consume. */
             MBEDTLS_SSL_DEBUG_MSG(3,
                                   ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %"
                                    MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)",
-                                   ssl->in_ext->in_hsfraglen, ssl->in_hslen,
-                                   ssl->in_hslen - ssl->in_ext->in_hsfraglen));
+                                   mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen, ssl->in_hslen,
+                                   ssl->in_hslen - mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen));
             return 0;
         }
 
@@ -4955,7 +4955,7 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
                 ssl->in_len = ssl->in_cid + rec.cid_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-                ssl->in_ext->in_iv  = ssl->in_msg = ssl->in_len + 2;
+                mbedtls_ssl_get_in_ext(ssl)->in_iv  = ssl->in_msg = ssl->in_len + 2;
                 ssl->in_msglen = rec.data_len;
 
                 ret = ssl_check_client_reconnect(ssl);
@@ -5074,7 +5074,7 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     ssl->in_len = ssl->in_cid + rec.cid_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    ssl->in_ext->in_iv  = ssl->in_len + 2;
+    mbedtls_ssl_get_in_ext(ssl)->in_iv  = ssl->in_len + 2;
 
     /* The record content type may change during decryption,
      * so re-read it. */
@@ -5380,7 +5380,7 @@ void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
 void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
 {
     /* This function sets the pointers to match the case
-     * of unprotected TLS/DTLS records, with both  ssl->in_ext->in_iv
+     * of unprotected TLS/DTLS records, with both  mbedtls_ssl_get_in_ext(ssl)->in_iv
      * and ssl->in_msg pointing to the beginning of the record
      * content.
      *
@@ -5402,7 +5402,7 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->in_ext->in_iv  = ssl->in_len + 2;
+        mbedtls_ssl_get_in_ext(ssl)->in_iv  = ssl->in_len + 2;
     } else
 #endif
     {
@@ -5411,11 +5411,11 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->in_cid = ssl->in_len;
 #endif
-        ssl->in_ext->in_iv  = ssl->in_hdr + 5;
+        mbedtls_ssl_get_in_ext(ssl)->in_iv  = ssl->in_hdr + 5;
     }
 
     /* This will be adjusted at record decryption time. */
-    ssl->in_msg = ssl->in_ext->in_iv;
+    ssl->in_msg = mbedtls_ssl_get_in_ext(ssl)->in_iv;
 }
 
 /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -349,11 +349,11 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
     size_t hshdr_in = 0;
     if (ssl->in_buf != NULL) {
         written_in = ssl->in_msg - ssl->in_buf;
-        iv_offset_in = ssl->in_ext->in_iv - ssl->in_buf;
+        iv_offset_in = mbedtls_ssl_get_in_ext(ssl)->in_iv - ssl->in_buf;
         len_offset_in = ssl->in_len - ssl->in_buf;
         hdr_in = ssl->in_hdr - ssl->in_buf;
-        if (ssl->in_ext->in_hshdr != NULL) {
-            hshdr_in = ssl->in_ext->in_hshdr - ssl->in_buf;
+        if (mbedtls_ssl_get_in_ext(ssl)->in_hshdr != NULL) {
+            hshdr_in = mbedtls_ssl_get_in_ext(ssl)->in_hshdr - ssl->in_buf;
         }
         if (downsizing ?
             ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
@@ -398,9 +398,9 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
 
         ssl->in_msg = ssl->in_buf + written_in;
         ssl->in_len = ssl->in_buf + len_offset_in;
-        ssl->in_ext->in_iv = ssl->in_buf + iv_offset_in;
-        if (ssl->in_ext->in_hshdr != NULL) {
-            ssl->in_ext->in_hshdr = ssl->in_buf + hshdr_in;
+        mbedtls_ssl_get_in_ext(ssl)->in_iv = ssl->in_buf + iv_offset_in;
+        if (mbedtls_ssl_get_in_ext(ssl)->in_hshdr != NULL) {
+            mbedtls_ssl_get_in_ext(ssl)->in_hshdr = ssl->in_buf + hshdr_in;
         }
     }
 }
@@ -1459,7 +1459,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
     ssl->in_hdr = NULL;
     ssl->in_ctr = NULL;
     ssl->in_len = NULL;
-    ssl->in_ext->in_iv = NULL;
+    mbedtls_ssl_get_in_ext(ssl)->in_iv = NULL;
     ssl->in_msg = NULL;
 
     ssl->out_hdr = NULL;
@@ -1507,8 +1507,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_hslen   = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
-    ssl->in_ext->in_hshdr = NULL;
-    ssl->in_ext->in_hsfraglen = 0;
+    mbedtls_ssl_get_in_ext(ssl)->in_hshdr = NULL;
+    mbedtls_ssl_get_in_ext(ssl)->in_hsfraglen = 0;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;
