Merge pull request #2926 from gilles-peskine-arm/pk_signature_max_size-tls-rm_521
Remove unused test data file
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4e7c01b..dc39a96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4878,6 +4878,25 @@
( (uint64_t) buf[5] ) );
}
+static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
+{
+ int ret;
+ unsigned char *original_in_ctr;
+
+ // save original in_ctr
+ original_in_ctr = ssl->in_ctr;
+
+ // use counter from record
+ ssl->in_ctr = record_in_ctr;
+
+ ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
+
+ // restore the counter
+ ssl->in_ctr = original_in_ctr;
+
+ return ret;
+}
+
/*
* Return 0 if sequence number is acceptable, -1 otherwise
*/
@@ -5383,7 +5402,8 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/* For records from the correct epoch, check whether their
* sequence number has been seen before. */
- else if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
+ else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
+ &rec->ctr[0] ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index ffbf436..23e3f78 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -264,17 +264,16 @@
void *p_rng )
{
int ret;
- unsigned char output_buf[4096];
size_t olen = 0;
- if( ( ret = mbedtls_x509write_csr_der( ctx, output_buf, sizeof(output_buf),
+ if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size,
f_rng, p_rng ) ) < 0 )
{
return( ret );
}
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
- output_buf + sizeof(output_buf) - ret,
+ buf + size - ret,
ret, buf, size, &olen ) ) != 0 )
{
return( ret );