TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cb72cd2ec3e82458e0fcc5dbfe89dae1edd4ee99^! / . / library / ssl_tls.c
commitcb72cd2ec3e82458e0fcc5dbfe89dae1edd4ee99[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Feb 17 16:36:36 2025 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Feb 17 16:36:36 2025 +0100
treecc0f4bea6c849c5ca1eee237e3b2515db75f4bdf
parentb710599e4ac1138a67fb87a8c08a2690c0ea2fed [diff] [blame]
Don't reset badmac_seen on a DTLS client reconnect

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8428b38..7f74248 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1488,10 +1488,15 @@
     ssl->in_msgtype = 0;
     ssl->in_msglen  = 0;
     ssl->in_hslen   = 0;
-    ssl->badmac_seen_or_in_hsfraglen = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
 
+    /* TLS: reset in_hsfraglen, which is part of message parsing.
+     * DTLS: on a client reconnect, don't reset badmac_seen. */
+    if (!partial) {
+        ssl->badmac_seen_or_in_hsfraglen = 0;
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;
     ssl->in_epoch = 0;