yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-26 11:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2909 from artokin/mbedtls_replay_check_fix_backport

Browse source 
Fix mbedtls_ssl_check_record usage with ext buf
This commit is contained in:
Gilles Peskine 2019-10-29 16:59:44 +01:00 committed by GitHub
parent b23abcb38d 7f8089b2ec
commit 7b6d8c27c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
library/ssl_tls.c
View file

@ -4878,6 +4878,25 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
( (uint64_t) buf[5] ) );
}
static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
{
int ret;
unsigned char *original_in_ctr;
// save original in_ctr
original_in_ctr = ssl->in_ctr;
// use counter from record
ssl->in_ctr = record_in_ctr;
ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
// restore the counter
ssl->in_ctr = original_in_ctr;
return ret;
}
/*
* Return 0 if sequence number is acceptable, -1 otherwise
*/
@ -5383,7 +5402,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/* For records from the correct epoch, check whether their
* sequence number has been seen before. */
else if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
&rec->ctr[0] ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );