mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-27 06:35:22 +00:00
Fix epoch swapping
This commit is contained in:
parent
6a2bdfaf73
commit
c715aed744
@ -2113,13 +2113,36 @@ static void ssl_swap_epochs( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
|
||||
|
||||
/* Swap transforms */
|
||||
tmp_transform = ssl->transform_out;
|
||||
ssl->transform_out = ssl->handshake->alt_transform_out;
|
||||
ssl->handshake->alt_transform_out = tmp_transform;
|
||||
|
||||
/* Swap epoch + sequence_number */
|
||||
memcpy( tmp_out_ctr, ssl->out_ctr, 8 );
|
||||
memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 );
|
||||
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
|
||||
|
||||
/* Adjust to the newly activated transform */
|
||||
if( ssl->transform_out != NULL &&
|
||||
ssl->minor_ver >= SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
|
||||
ssl->transform_out->fixed_ivlen;
|
||||
}
|
||||
else
|
||||
ssl->out_msg = ssl->out_iv;
|
||||
|
||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||
if( ssl_hw_record_activate != NULL )
|
||||
{
|
||||
if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
|
||||
return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2148,6 +2171,15 @@ int ssl_resend( ssl_context *ssl )
|
||||
int ret;
|
||||
ssl_flight_item *cur = ssl->handshake->cur_msg;
|
||||
|
||||
/* Swap epochs before sending Finished: we can't do it after
|
||||
* sending ChangeCipherSpec, in case write returns WANT_READ.
|
||||
* Must be done before copying, may change out_msg pointer */
|
||||
if( cur->type == SSL_MSG_HANDSHAKE &&
|
||||
cur->p[0] == SSL_HS_FINISHED )
|
||||
{
|
||||
ssl_swap_epochs( ssl );
|
||||
}
|
||||
|
||||
memcpy( ssl->out_msg, cur->p, cur->len );
|
||||
ssl->out_msglen = cur->len;
|
||||
ssl->out_msgtype = cur->type;
|
||||
@ -2156,14 +2188,6 @@ int ssl_resend( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
|
||||
|
||||
/* Swap epochs before sending Finished: we can't do it right after
|
||||
* sending ChangeCipherSpec, in case write returns WANT_READ */
|
||||
if( ssl->out_msgtype == SSL_MSG_HANDSHAKE &&
|
||||
ssl->out_msg[0] == SSL_HS_FINISHED )
|
||||
{
|
||||
ssl_swap_epochs( ssl );
|
||||
}
|
||||
|
||||
if( ( ret = ssl_write_record( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_write_record", ret );
|
||||
|
Loading…
x
Reference in New Issue
Block a user