ssl_tls12_server.c: Document replay check and update in ssl_parse_client_hello()

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-04-08 13:27:19 +02:00 · 2026-01-12 12:45:40 +01:00
parent 0a8c35d273
commit 17acd871c1
1 changed files with 3 additions and 0 deletions
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -981,6 +981,9 @@ read_record_header:
        memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2,
               sizeof(ssl->cur_out_ctr) - 2);

+    /* Check for record replay and then update the window. This replicates what
+     * is done in `ssl_get_next_record()` when the record is not fetched through
+     * `mbedtls_ssl_read_record()`. */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
        if (mbedtls_ssl_dtls_replay_check(ssl) != 0) {
            MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding"));