Move update of in_xxx fields outside of ssl_prepare_record_content()
Multiple record attributes such as content type and payload length
may change during record decryption, and the legacy in_xxx fields
in the SSL context therefore need to be updated after the record
decryption routine ssl_decrypt_buf() has been called.
After the previous commit has made ssl_prepare_record_content()
independent of the in_xxx fields, setting them can be moved
outside of ssl_prepare_record_content(), which is what this
commit does.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 00182f0..49a009d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5038,19 +5038,6 @@
old_msg_type, rec->type ) );
}
- /* The record content type may change during decryption,
- * so re-read it. */
- ssl->in_msgtype = rec->type;
- /* Also update the input buffer, because unfortunately
- * the server-side ssl_parse_client_hello() reparses the
- * record header when receiving a ClientHello initiating
- * a renegotiation. */
- ssl->in_hdr[0] = rec->type;
- ssl->in_msg = rec->buf + rec->data_offset;
- ssl->in_msglen = rec->data_len;
- ssl->in_len[0] = (unsigned char)( rec->data_len >> 8 );
- ssl->in_len[1] = (unsigned char)( rec->data_len );
-
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
rec->buf + rec->data_offset, rec->data_len );
@@ -6010,6 +5997,19 @@
#endif /* MBEDTLS_SSL_PROTO_TLS */
}
+ /* The record content type may change during decryption,
+ * so re-read it. */
+ ssl->in_msgtype = rec.type;
+ /* Also update the input buffer, because unfortunately
+ * the server-side ssl_parse_client_hello() reparses the
+ * record header when receiving a ClientHello initiating
+ * a renegotiation. */
+ ssl->in_hdr[0] = rec.type;
+ ssl->in_msg = rec.buf + rec.data_offset;
+ ssl->in_msglen = rec.data_len;
+ ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
+ ssl->in_len[1] = (unsigned char)( rec.data_len );
+
return( 0 );
}