mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 14:15:37 +00:00
Add a double check to protect from glitch
Check that the encryption has been done for the outbut buffer. This is to ensure that glitching out the encryption doesn't result as a unecrypted buffer to be sent.
This commit is contained in:
parent
d05da1fa45
commit
acb5eb00ca
|
@ -4490,6 +4490,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
{
|
||||
unsigned i;
|
||||
size_t protected_record_size;
|
||||
volatile int encrypted_fi = 0;
|
||||
|
||||
/* Skip writing the record content type to after the encryption,
|
||||
* as it may change when using the CID extension. */
|
||||
|
@ -4544,6 +4545,13 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
ssl->out_msglen = len = rec.data_len;
|
||||
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
|
||||
encrypted_fi = 1;
|
||||
}
|
||||
|
||||
//Double check to ensure the encryption has been done
|
||||
if( ssl->transform_out != NULL && encrypted_fi == 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
||||
|
|
Loading…
Reference in a new issue