wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improvement to wolfSSL_write to not allow for VERIFY_MAC_ERROR or DECRYPT_ERROR errors. This resolves possible end user application implentation issue where a wolfSSL_read failure isn't handled and a wolfSSL_write is done anyways.

Browse Source
This commit is contained in:
David Garske
2019-04-12 11:29:28 -07:00
parent 364bf50a94
commit 68390b1ba3
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/internal.c
View File

@ -15223,14 +15223,18 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
ssl->error = 0; ssl->error = 0;
} }
#ifdef WOLFSSL_DTLS /* don't allow write after decrypt or mac error */
if (ssl->options.dtls) { if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) {
/* In DTLS mode, we forgive some errors and allow the session /* For DTLS allow these possible errors and allow the session
* to continue despite them. */ to continue despite them */
if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) if (ssl->options.dtls) {
ssl->error = 0; ssl->error = 0;
}
else {
WOLFSSL_MSG("Not allowing write after decrypt or mac error");
return WOLFSSL_FATAL_ERROR;
}
} }
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) { if (ssl->earlyData != no_early_data) {