mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:05:38 +00:00
Add a double check to protect from glitch
Check that the encryption has been done for the outbut buffer. This is to ensure that glitching out the encryption doesn't result as a unecrypted buffer to be sent.
This commit is contained in:
parent
d05da1fa45
commit
acb5eb00ca
|
@ -4490,6 +4490,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
{
|
{
|
||||||
unsigned i;
|
unsigned i;
|
||||||
size_t protected_record_size;
|
size_t protected_record_size;
|
||||||
|
volatile int encrypted_fi = 0;
|
||||||
|
|
||||||
/* Skip writing the record content type to after the encryption,
|
/* Skip writing the record content type to after the encryption,
|
||||||
* as it may change when using the CID extension. */
|
* as it may change when using the CID extension. */
|
||||||
|
@ -4544,6 +4545,13 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
ssl->out_msglen = len = rec.data_len;
|
ssl->out_msglen = len = rec.data_len;
|
||||||
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
|
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
|
||||||
|
encrypted_fi = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
//Double check to ensure the encryption has been done
|
||||||
|
if( ssl->transform_out != NULL && encrypted_fi == 0 )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
|
||||||
|
|
Loading…
Reference in a new issue