Merge pull request #2920 from gilles-peskine-arm/pk_signature_max_size-tls
Use MBEDTLS_PK_SIGNATURE_MAX_SIZE
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4e7c01b..dc39a96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4878,6 +4878,25 @@
( (uint64_t) buf[5] ) );
}
+static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
+{
+ int ret;
+ unsigned char *original_in_ctr;
+
+ // save original in_ctr
+ original_in_ctr = ssl->in_ctr;
+
+ // use counter from record
+ ssl->in_ctr = record_in_ctr;
+
+ ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
+
+ // restore the counter
+ ssl->in_ctr = original_in_ctr;
+
+ return ret;
+}
+
/*
* Return 0 if sequence number is acceptable, -1 otherwise
*/
@@ -5383,7 +5402,8 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/* For records from the correct epoch, check whether their
* sequence number has been seen before. */
- else if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
+ else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
+ &rec->ctr[0] ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );