lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Rename badmac_seen to badmac_seen_or_in_hsfraglen

Browse Source 
Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-02-17 16:10:14 +01:00
parent 69f8f45e6f
commit f6a676d93f
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_msg.c
View File

@ -5033,8 +5033,8 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
}
if (ssl->conf->badmac_limit != 0) {
++ssl->badmac_seen;
if (ssl->badmac_seen >= ssl->conf->badmac_limit) {
++ssl->badmac_seen_or_in_hsfraglen;
if (ssl->badmac_seen_or_in_hsfraglen >= ssl->conf->badmac_limit) {
MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
return MBEDTLS_ERR_SSL_INVALID_MAC;
}

6
library/ssl_tls.c
View File

@ -5021,7 +5021,7 @@ static const unsigned char ssl_serialized_context_header[] = {
* uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
* uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
* // fields from ssl_context
* uint32 badmac_seen; // DTLS: number of records with failing MAC
* uint32 badmac_seen_or_in_hsfraglen; // DTLS: number of records with failing MAC
* uint64 in_window_top; // DTLS: last validated record seq_num
* uint64 in_window; // DTLS: bitmask for replay protection
* uint8 disable_datagram_packing; // DTLS: only one record per datagram
@ -5163,7 +5163,7 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
*/
used += 4;
if (used <= buf_len) {
MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0);
p += 4;
}
@ -5393,7 +5393,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)