mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 22:25:42 +01:00
ssl_tls: Add a flag indicating that encryption succeeded
Protect against encryption skipping by introducing a new flag. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
6c30be8e4b
commit
8ec9e136cf
@ -2589,6 +2589,9 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define ENCRYPTION_SUCCESS 0xCC
|
||||||
|
#define ENCRYPTION_FAIL 0xAA
|
||||||
|
|
||||||
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_ssl_transform *transform,
|
mbedtls_ssl_transform *transform,
|
||||||
mbedtls_record *rec,
|
mbedtls_record *rec,
|
||||||
@ -2601,6 +2604,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
|
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
|
||||||
size_t add_data_len;
|
size_t add_data_len;
|
||||||
size_t post_avail;
|
size_t post_avail;
|
||||||
|
int encryption_status = ENCRYPTION_FAIL;
|
||||||
|
|
||||||
/* The SSL context is only used for debugging purposes! */
|
/* The SSL context is only used for debugging purposes! */
|
||||||
#if !defined(MBEDTLS_DEBUG_C)
|
#if !defined(MBEDTLS_DEBUG_C)
|
||||||
@ -2793,6 +2797,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
encryption_status = ENCRYPTION_SUCCESS;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
|
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
|
||||||
@ -2891,6 +2896,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
encryption_status = ENCRYPTION_SUCCESS;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
|
||||||
data + rec->data_len, transform->taglen );
|
data + rec->data_len, transform->taglen );
|
||||||
|
|
||||||
@ -2994,6 +3001,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
encryption_status = ENCRYPTION_SUCCESS;
|
||||||
|
|
||||||
if( rec->data_len != olen )
|
if( rec->data_len != olen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
@ -3082,7 +3092,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
|
||||||
|
|
||||||
return( 0 );
|
if( encryption_status == ENCRYPTION_SUCCESS )
|
||||||
|
{
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
|
Loading…
Reference in New Issue
Block a user