Add counter length macro

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-07-29 11:41:15 +03:00 · 2021-09-28 18:58:59 +08:00
parent 6ca7c7fd6b
commit d9a94fe3d0
5 changed files with 43 additions and 37 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2820,10 +2820,13 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )

        /* Remember current epoch settings for resending */
        ssl->handshake->alt_transform_out = ssl->transform_out;
-        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
+        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
+                sizeof( ssl->cur_out_ctr ) );

        /* Set sequence_number to zero */
-        memset( ssl->cur_out_ctr + 2, 0, 6 );
+        mbedtls_platform_zeroize( &ssl->cur_out_ctr[2],
+                                  sizeof( ssl->cur_out_ctr ) - 2 );
+

        /* Increment epoch */
        for( i = 2; i > 0; i-- )
@ -2839,7 +2842,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
    }
    else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->cur_out_ctr, 0, 8 );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );

    ssl->transform_out = ssl->transform_negotiate;
    ssl->session_out = ssl->session_negotiate;
@ -3324,7 +3327,7 @@ static void ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
    ssl->out_msglen  = 0;
    ssl->out_left    = 0;
    memset( ssl->out_buf, 0, out_buf_len );
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
    ssl->transform_out = NULL;

 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@ -5778,7 +5781,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
    used += 8;
    if( used <= buf_len )
    {
-        memcpy( p, ssl->cur_out_ctr, 8 );
+        memcpy( p, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
        p += 8;
    }

@ -6035,11 +6038,11 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
    ssl->disable_datagram_packing = *p++;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

-    if( (size_t)( end - p ) < 8 )
+    if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

-    memcpy( ssl->cur_out_ctr, p, 8 );
-    p += 8;
+    memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
+    p += sizeof( ssl->cur_out_ctr );

 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    if( (size_t)( end - p ) < 2 )