mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-01 13:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move update of in_xxx fields outside of ssl_prepare_record_content()

Browse Source 
Multiple record attributes such as content type and payload length
may change during record decryption, and the legacy in_xxx fields
in the SSL context therefore need to be updated after the record
decryption routine ssl_decrypt_buf() has been called.

After the previous commit has made ssl_prepare_record_content()
independent of the in_xxx fields, setting them can be moved
outside of ssl_prepare_record_content(), which is what this
commit does.
This commit is contained in:
Hanno Becker 2019-07-12 09:37:30 +01:00
parent 58ef0bf19f
commit 8685c822c1
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
library/ssl_tls.c
View File

@ -5202,19 +5202,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
old_msg_type, rec->type ) ); old_msg_type, rec->type ) );
} }
/* The record content type may change during decryption,
* so re-read it. */
ssl->in_msgtype = rec->type;
/* Also update the input buffer, because unfortunately
* the server-side ssl_parse_client_hello() reparses the
* record header when receiving a ClientHello initiating
* a renegotiation. */
ssl->in_hdr[0] = rec->type;
ssl->in_msg = rec->buf + rec->data_offset;
ssl->in_msglen = rec->data_len;
ssl->in_len[0] = (unsigned char)( rec->data_len >> 8 );
ssl->in_len[1] = (unsigned char)( rec->data_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
rec->buf + rec->data_offset, rec->data_len ); rec->buf + rec->data_offset, rec->data_len );
@ -6174,6 +6161,19 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
} }
} }
/* The record content type may change during decryption,
* so re-read it. */
ssl->in_msgtype = rec.type;
/* Also update the input buffer, because unfortunately
* the server-side ssl_parse_client_hello() reparses the
* record header when receiving a ClientHello initiating
* a renegotiation. */
ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len;
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
ssl->in_len[1] = (unsigned char)( rec.data_len );
return( 0 ); return( 0 );
} }