diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d2f436138..2b75267e8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -593,7 +593,7 @@ union mbedtls_ssl_premaster_secret #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) -/* Length of in_ctr buffer in mbedtls_ssl_session */ +/* Length in number of bytes of the TLS sequence number */ #define MBEDTLS_SSL_COUNTER_LEN 8 #ifdef __cplusplus diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 25e3ca3ec..e636762c5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2101,7 +2101,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) { mbedtls_ssl_transform *tmp_transform; - unsigned char tmp_out_ctr[8]; + unsigned char tmp_out_ctr[MBEDTLS_SSL_COUNTER_LEN]; if( ssl->transform_out == ssl->handshake->alt_transform_out ) { @@ -2117,9 +2117,11 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = tmp_transform; /* Swap epoch + sequence_number */ - memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); - memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, sizeof( ssl->cur_out_ctr ) ); - memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, sizeof( ssl->handshake->alt_out_ctr ) ); + memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( tmp_out_ctr ) ); + memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, + sizeof( ssl->cur_out_ctr ) ); + memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, + sizeof( ssl->handshake->alt_out_ctr ) ); /* Adjust to the newly activated transform */ mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); @@ -2562,7 +2564,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, ssl->conf->transport, ssl->out_hdr + 1 ); - memcpy( ssl->out_ctr, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); + memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN ); MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); if( ssl->transform_out != NULL ) @@ -2574,7 +2576,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) rec.data_len = ssl->out_msglen; rec.data_offset = ssl->out_msg - rec.buf; - memcpy( &rec.ctr[0], ssl->out_ctr, MBEDTLS_SSL_COUNTER_LEN ); + memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) ); mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, ssl->conf->transport, rec.ver ); rec.type = ssl->out_msgtype; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 79c160ea4..e27fdff5e 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1221,7 +1221,7 @@ read_record_header: } memcpy( &ssl->cur_out_ctr[2], ssl->in_ctr + 2, - MBEDTLS_SSL_COUNTER_LEN - 2 ); + sizeof( ssl->cur_out_ctr ) - 2 ); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b22db47b5..58b81ff26 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2821,7 +2821,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) /* Remember current epoch settings for resending */ ssl->handshake->alt_transform_out = ssl->transform_out; memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, - sizeof( ssl->cur_out_ctr ) ); + sizeof( ssl->handshake->alt_out_ctr ) ); /* Set sequence_number to zero */ mbedtls_platform_zeroize( &ssl->cur_out_ctr[2], @@ -5778,11 +5778,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - used += 8; + used += MBEDTLS_SSL_COUNTER_LEN; if( used <= buf_len ) { - memcpy( p, ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); - p += 8; + memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_COUNTER_LEN ); + p += MBEDTLS_SSL_COUNTER_LEN; } #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -6040,7 +6040,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) ); p += sizeof( ssl->cur_out_ctr );