Fix bug in handling of DTLS client hard reconnect
We keep track of the current epoch and record sequence number in out_ctr,
which was overwritten when writing the record containing the
HelloVerifyRequest starting from out_buf. We can avoid that by only using the
rest of the buffer.
Using MBEDTLS_SSL_MAX_CONTENT_LEN as the buffer size is still correct, as it
was a pretty conservative value when starting from out_buf.
Note: this bug was also fixed unknowingly in 2.13 by introducing a new buffer
that holds the current value of the sequence number (including epoch), while
working on datagram packing: 198594709baa82d55bba4e5ee442ffb5ffe886b4
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b82e24f..5f6ae62 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3598,13 +3598,16 @@
int ret;
size_t len;
+ /* Use out_msg as temporary buffer for writing out HelloVerifyRequest,
+ * because the output buffer's already around. Don't use out_buf though,
+ * as we don't want to overwrite out_ctr. */
ret = ssl_check_dtls_clihlo_cookie(
ssl->conf->f_cookie_write,
ssl->conf->f_cookie_check,
ssl->conf->p_cookie,
ssl->cli_id, ssl->cli_id_len,
ssl->in_buf, ssl->in_left,
- ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
+ ssl->out_msg, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
@@ -3613,11 +3616,11 @@
int send_ret;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
- ssl->out_buf, len );
+ ssl->out_msg, len );
/* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
- send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
+ send_ret = ssl->f_send( ssl->p_bio, ssl->out_msg, len );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
(void) send_ret;