Add length macro for in_ctr

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-11-03 20:22:59 -05:00 · 2021-09-24 10:27:07 +08:00 · 2021-09-24 10:27:07 +08:00 · 957f0fa1f7
commit 957f0fa1f7
parent e06f4532ef
3 changed files with 10 additions and 9 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -593,6 +593,9 @@ union mbedtls_ssl_premaster_secret

 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )

+/* Length of in_ctr buffer in mbedtls_ssl_session */
+#define MBEDTLS_SSL_IN_CTR_LEN 8
+
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -54,8 +54,6 @@
 #include "mbedtls/oid.h"
 #endif

-#define SSL_CONTEXT_INPUT_COUNTER_LEN 8
-
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );

 /*
@ -3651,7 +3649,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
 #endif
        {
            unsigned i;
-            for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
+            for( i = MBEDTLS_SSL_IN_CTR_LEN; i > mbedtls_ssl_ep_len( ssl ); i-- )
                if( ++ssl->in_ctr[i - 1] != 0 )
                    break;

@ -4793,7 +4791,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
    }
    else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );

    mbedtls_ssl_update_in_pointers( ssl );

@ -4883,17 +4881,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
         * ssl_parse_record_header(). */
        ssl->in_ctr = ssl->in_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        ssl->in_cid = ssl->in_ctr +  8;
+        ssl->in_cid = ssl->in_ctr +  MBEDTLS_SSL_IN_CTR_LEN;
        ssl->in_len = ssl->in_cid; /* Default: no CID */
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-        ssl->in_len = ssl->in_ctr + 8;
+        ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_IN_CTR_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
        ssl->in_iv  = ssl->in_len + 2;
    }
    else
 #endif
    {
-        ssl->in_ctr = ssl->in_hdr - 8;
+        ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_IN_CTR_LEN;
        ssl->in_len = ssl->in_hdr + 3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
        ssl->in_cid = ssl->in_len;
@ -5560,7 +5558,7 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
        return;

    ssl->transform_in = transform;
-    mbedtls_platform_zeroize( ssl->in_ctr, SSL_CONTEXT_INPUT_COUNTER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_IN_CTR_LEN );
 }

 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1220,7 +1220,7 @@ read_record_header:
            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
        }

-        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
+        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, MBEDTLS_SSL_IN_CTR_LEN - 2 );

 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
        if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )