Merge 'iotssl-1099-incorrect-renego-dtls'

Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times.
2026-02-19 00:39:46 +00:00 · 2017-02-02 23:47:08 +00:00
parent d9440b15e6 692ad84e5c
commit 1d4db5b7b5
5 changed files with 55 additions and 12 deletions
--- a/5
+++ b/5
@@ -9,6 +9,11 @@ Bugfix
   * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and
     x509_csr.c that are reported when building mbed TLS with a config.h that
     does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562
+   * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that
+     would compare 64 bits of the record counter instead of 48 bits as indicated
+     in RFC 6347 Section 4.3.1. This could cause the execution of the
+     renegotiation routines at unexpected times when the protocol is DTLS. Found
+     by wariua. #687

 = mbed TLS 2.4.1 branch released 2016-12-13