Rename badmac_seen to badmac_seen_or_in_hsfraglen
Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fb91b94..1ad8f5a 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5033,8 +5033,8 @@
}
if (ssl->conf->badmac_limit != 0) {
- ++ssl->badmac_seen;
- if (ssl->badmac_seen >= ssl->conf->badmac_limit) {
+ ++ssl->badmac_seen_or_in_hsfraglen;
+ if (ssl->badmac_seen_or_in_hsfraglen >= ssl->conf->badmac_limit) {
MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
return MBEDTLS_ERR_SSL_INVALID_MAC;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c39494..f8cd74b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5021,7 +5021,7 @@
* uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
* uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
* // fields from ssl_context
- * uint32 badmac_seen; // DTLS: number of records with failing MAC
+ * uint32 badmac_seen_or_in_hsfraglen; // DTLS: number of records with failing MAC
* uint64 in_window_top; // DTLS: last validated record seq_num
* uint64 in_window; // DTLS: bitmask for replay protection
* uint8 disable_datagram_packing; // DTLS: only one record per datagram
@@ -5163,7 +5163,7 @@
*/
used += 4;
if (used <= buf_len) {
- MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
+ MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0);
p += 4;
}
@@ -5393,7 +5393,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
+ ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)