yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 23:25:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a double check to protect from glitch

Browse Source 
Check that the encryption has been done for the outbut buffer.
This is to ensure that glitching out the encryption doesn't
result as a unecrypted buffer to be sent.
This commit is contained in:
Jarno Lamsa 2019-11-14 14:13:10 +02:00
parent d05da1fa45
commit acb5eb00ca
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_tls.c
View File

@ -4490,6 +4490,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
{
unsigned i;
size_t protected_record_size;
volatile int encrypted_fi = 0;
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
@ -4544,6 +4545,13 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len;
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
encrypted_fi = 1;
}
//Double check to ensure the encryption has been done
if( ssl->transform_out != NULL && encrypted_fi == 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );