Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect renegotiation in DTLS #687

Closed
wariua opened this issue Nov 12, 2016 · 4 comments
Closed

Incorrect renegotiation in DTLS #687

wariua opened this issue Nov 12, 2016 · 4 comments
Labels
bug

Comments

@wariua
Copy link

wariua commented Nov 12, 2016

mbedtls_ssl_check_ctr_renegotiate() doesn't take care of the special record counter format in DTLS. It simply compares the full eight bytes. So depending on the current epoch value and conf->renego_period value, it may return an incorrect result.

For example,

in_ctr conf->renego_period expected actual return value
00 00 FF FF FF FF FF 01 FF FF FF FF FF FF FF 00 true false
00 01 00 00 00 00 00 00 00 00 FF FF FF FF FF 00 false true

It is expected to ignore the first two bytes in conf->renego_period and check only the last six bytes of in_ctr/out_ctr in DTLS.
@simonbutcher
Copy link
Contributor

Thanks for the bug report. We'll look into it.

@ciarmcom
Copy link

ARM Internal Ref: IOTSSL-1099

@andresag01 andresag01 mentioned this issue Dec 19, 2016
Merged
@sg-
Copy link

sg- commented Jun 5, 2017

#729 was merged. Should this issue be closed?

@simonbutcher
Copy link
Contributor

Good point. This has been resolved can now be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sg- @wariua @simonbutcher @ciarmcom