mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 18:15:37 +01:00
Add length of CID to additional data used for record protection
Quoting the CID draft 04:
- Block Ciphers:
MAC(MAC_write_key, seq_num +
tls12_cid + // New input
DTLSPlaintext.version +
cid + // New input
cid_length + // New input
length_of_DTLSInnerPlaintext + // New input
DTLSInnerPlaintext.content + // New input
DTLSInnerPlaintext.real_type + // New input
DTLSInnerPlaintext.zeros // New input
)
And similar for AEAD and Encrypt-then-MAC.
This commit is contained in:
Hanno Becker
parent
99abf51056
commit
acadb0a8c9
@ -1628,7 +1628,7 @@ static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
|
|||||||
#endif /* MBEDTLS_SSL_CID */
|
#endif /* MBEDTLS_SSL_CID */
|
||||||
|
|
||||||
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
|
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
|
||||||
* and 13 + CID-length Bytes if the CID extension is enabled. */
|
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
|
||||||
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
size_t *add_data_len,
|
size_t *add_data_len,
|
||||||
mbedtls_record *rec )
|
mbedtls_record *rec )
|
||||||
@ -1655,9 +1655,10 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CID)
|
#if defined(MBEDTLS_SSL_CID)
|
||||||
memcpy( add_data + 11, rec->cid, rec->cid_len );
|
memcpy( add_data + 11, rec->cid, rec->cid_len );
|
||||||
add_data[11 + rec->cid_len + 0] = ( rec->data_len >> 8 ) & 0xFF;
|
add_data[11 + rec->cid_len + 0] = rec->cid_len;
|
||||||
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 0 ) & 0xFF;
|
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
|
||||||
*add_data_len = 13 + rec->cid_len;
|
add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
|
||||||
|
*add_data_len = 13 + 1 + rec->cid_len;
|
||||||
#else /* MBEDTLS_SSL_CID */
|
#else /* MBEDTLS_SSL_CID */
|
||||||
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
|
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
|
||||||
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
|
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
|
||||||
@ -1674,7 +1675,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_cipher_mode_t mode;
|
mbedtls_cipher_mode_t mode;
|
||||||
int auth_done = 0;
|
int auth_done = 0;
|
||||||
unsigned char * data;
|
unsigned char * data;
|
||||||
unsigned char add_data[13 + MBEDTLS_SSL_CID_LEN_MAX ];
|
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_LEN_MAX ];
|
||||||
size_t add_data_len;
|
size_t add_data_len;
|
||||||
size_t post_avail;
|
size_t post_avail;
|
||||||
|
|
||||||
@ -2114,7 +2115,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
size_t padlen = 0, correct = 1;
|
size_t padlen = 0, correct = 1;
|
||||||
#endif
|
#endif
|
||||||
unsigned char* data;
|
unsigned char* data;
|
||||||
unsigned char add_data[13 + MBEDTLS_SSL_CID_LEN_MAX ];
|
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_LEN_MAX ];
|
||||||
size_t add_data_len;
|
size_t add_data_len;
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEBUG_C)
|
#if !defined(MBEDTLS_DEBUG_C)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user