Set pointer to start of plaintext at record decryption time
The SSL context structure mbedtls_ssl_context contains several pointers ssl->in_hdr, ssl->in_len, ssl->in_iv, ssl->in_msg pointing to various parts of the record header in an incoming record, and they are setup in the static function ssl_update_in_pointers() based on the _expected_ transform for the next incoming record. In particular, the pointer ssl->in_msg is set to where the record plaintext should reside after record decryption, and an assertion double-checks this after each call to ssl_decrypt_buf(). This commit removes the dependency of ssl_update_in_pointers() on the expected incoming transform by setting ssl->in_msg to ssl->in_iv -- the beginning of the record content (potentially including the IV) -- and adjusting ssl->in_msg after calling ssl_decrypt_buf() on a protected record. Care has to be taken to not load ssl->in_msg before calling mbedtls_ssl_read_record(), then, which was previously the case in ssl_parse_server_hello(); the commit fixes that.
This commit is contained in:
parent
82e2a3961c
commit
79594fd0d4
2 changed files with 19 additions and 22 deletions
|
@ -1658,8 +1658,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
|
||||
|
||||
buf = ssl->in_msg;
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
/* No alert on a read error. */
|
||||
|
@ -1667,6 +1665,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
buf = ssl->in_msg;
|
||||
|
||||
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue