TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-30 09:01:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2021-12-13 12:35:08 +01:00
parent 8dc7b243ae
commit 75b596fc3c
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
library/ssl_cookie.c
View File

@@ -250,15 +250,18 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
ret = ( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
if( ret != 0 )
return( ret );
goto exit;
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
return( -1 );
{
ret = -1;
goto exit;
}
#if defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time( NULL );
@@ -272,8 +275,13 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
( (unsigned long) cookie[3] );
if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
return( -1 );
{
ret = -1;
goto exit;
}
return( 0 );
exit:
mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
return( ret );
}
#endif /* MBEDTLS_SSL_COOKIE_C */