From cb72cd2ec3e82458e0fcc5dbfe89dae1edd4ee99 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 17 Feb 2025 16:36:36 +0100
Subject: [PATCH] Don't reset badmac_seen on a DTLS client reconnect

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/ssl_tls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8428b38725..7f74248252 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1488,10 +1488,15 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
     ssl->in_msgtype = 0;
     ssl->in_msglen  = 0;
     ssl->in_hslen   = 0;
-    ssl->badmac_seen_or_in_hsfraglen = 0;
     ssl->keep_current_message = 0;
     ssl->transform_in  = NULL;
 
+    /* TLS: reset in_hsfraglen, which is part of message parsing.
+     * DTLS: on a client reconnect, don't reset badmac_seen. */
+    if (!partial) {
+        ssl->badmac_seen_or_in_hsfraglen = 0;
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;
     ssl->in_epoch = 0;