yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 21:35:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use plain memset() for public data in ssl_tls.c

Browse source 
- out_ctr is public because it's transmited over the wire in DTLS (and in TLS
  it can be inferred by a passive network attacker just by counting records).
- handshake mask is not a secret because it can be inferred by a passive
  network attacker just logging record sequence number seen so far.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-10-04 10:23:31 +02:00
parent ee0c35fbf5
commit 895454da01
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
library/ssl_tls.c
View file

@ -4712,7 +4712,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
mask[last_byte_idx] |= 1 << ( 8 - end_bits );
}
mbedtls_platform_memset( mask + offset / 8, 0xFF, len / 8 );
memset( mask + offset / 8, 0xFF, len / 8 );
}
/*
@ -7799,7 +7799,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
/* Set sequence_number to zero */
mbedtls_platform_memset( ssl->cur_out_ctr + 2, 0, 6 );
memset( ssl->cur_out_ctr + 2, 0, 6 );
/* Increment epoch */
for( i = 2; i > 0; i-- )
@ -8379,7 +8379,7 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
ssl->split_done = 0;
#endif
mbedtls_platform_memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
ssl->transform_in = NULL;
ssl->transform_out = NULL;