yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-23 18:55:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/library
History
Hanno Becker 361b10d1c4 Fix SSL context deserialization 
The SSL context maintains a set of 'out pointers' indicating the
address at which to write the header fields of the next outgoing
record. Some of these addresses have a static offset from the
beginning of the record header, while other offsets can vary
depending on the active record encryption mechanism: For example,
if an explicit IV is in use, there's an offset between the end
of the record header and the beginning of the encrypted data to
allow the explicit IV to be placed in between; also, if the DTLS
Connection ID (CID) feature is in use, the CID is part of the
record header, shifting all subsequent information (length, IV, data)
to the back.
When setting up an SSL context, the out pointers are initialized
according to the identity transform + no CID, and it is important
to keep them up to date whenever the record encryption mechanism
changes, which is done by the helper function ssl_update_out_pointers().

During context deserialization, updating the out pointers according
to the deserialized record transform went missing, leaving the out
pointers the initial state. When attemping to encrypt a record in
this state, this lead to failure if either a CID or an explicit IV
was in use. This wasn't caught in the tests by the bad luck that
they didn't use CID, _and_ used the default ciphersuite based on
ChaChaPoly, which doesn't have an explicit IV. Changing either of
this would have made the existing tests fail.

This commit fixes the bug by adding a call to ssl_update_out_pointers()
to ssl_context_load() implementing context deserialization.

Extending test coverage is left for a separate commit.
2019-08-30 12:14:25 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
certs.c Add support for all SHA modes in cert_write 2019-07-14 09:17:57 +03:00
CMakeLists.txt Remove use of CMAKE_SOURCE_DIR 2019-07-12 10:39:21 +01:00
debug.c Merge remote-tracking branch 'origin/pr/1818' into development 2019-03-05 16:27:38 +00:00
error.c Introduce specific error for ver/cfg mismatch on deserialization 2019-08-23 12:51:21 +03:00
Makefile Merge branch 'mbedtls-2.18' into development 2019-08-27 11:18:28 +01:00
net_sockets.c net_sockets: Fix typo in net_would_block() 2019-06-20 10:48:11 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_cache.c Remove peer CRT from cache if !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-03-01 10:19:27 +01:00
ssl_cli.c Make calc_verify() return the length as well 2019-08-23 12:45:33 +03:00
ssl_cookie.c Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
ssl_srv.c Make calc_verify() return the length as well 2019-08-23 12:45:33 +03:00
ssl_ticket.c Move session save/load function to ssl_tls.c 2019-08-23 12:48:41 +03:00
ssl_tls.c Fix SSL context deserialization 2019-08-30 12:14:25 +01:00
version.c Fix missing void argument declarations #678 2016-11-04 23:05:56 +01:00
version_features.c Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION 2019-08-23 12:52:29 +03:00
x509.c Improve documentation of mbedtls_x509_get_ext() 2019-06-04 13:59:55 +01:00
x509_create.c Break overly long line in library/x509_create.c 2018-11-02 10:52:38 +00:00
x509_crl.c Always return a high-level error code from X.509 module 2019-06-04 13:59:48 +01:00
x509_crt.c Deref pointer when using sizeof in x509_get_other_name 2019-06-24 09:17:18 -04:00
x509_csr.c Merge development commit 8e76332 into development-psa 2019-01-31 08:20:20 -05:00
x509write_crt.c Avoid use of large stack buffers in mbedtls_x509_write_crt_pem() 2019-05-04 08:13:23 +01:00
x509write_csr.c Add new function mbedtls_asn1_write_named_bitstring() 2019-02-28 09:36:30 +00:00