eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

_SSL_DTLS_BADMAC_LIMIT config.h option removed

Browse source 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz 2021-05-11 13:13:51 +02:00
parent b7abba28e3
commit 46cccb8f39
8 changed files with 0 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

5
include/mbedtls/check_config.h
View file

@ -700,11 +700,6 @@
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2) !defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites" #error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"

11
include/mbedtls/config.h
View file

@ -1748,17 +1748,6 @@
*/ */
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
*
* Enable support for a limit of records with bad MAC.
*
* See mbedtls_ssl_conf_dtls_badmac_limit().
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
/** /**
* \def MBEDTLS_SSL_SESSION_TICKETS * \def MBEDTLS_SSL_SESSION_TICKETS
* *

7
include/mbedtls/ssl.h
View file

@ -1151,9 +1151,7 @@ struct mbedtls_ssl_config
that triggers renegotiation */ that triggers renegotiation */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned int badmac_limit; /*!< limit of records with a bad MAC */ unsigned int badmac_limit; /*!< limit of records with a bad MAC */
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
@ -1226,10 +1224,7 @@ struct mbedtls_ssl_context
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */ int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned badmac_seen; /*!< records with a bad MAC received */ unsigned badmac_seen; /*!< records with a bad MAC received */
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */ /** Callback to customize X.509 certificate chain verification */
@ -2261,7 +2256,6 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
/** /**
* \brief Set a limit on the number of records with a bad MAC * \brief Set a limit on the number of records with a bad MAC
* before terminating the connection. * before terminating the connection.
@ -2286,7 +2280,6 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
* many bogus packets. * many bogus packets.
*/ */
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)

2
library/ssl_msg.c
View file

@ -4499,14 +4499,12 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( ssl->conf->badmac_limit != 0 && if( ssl->conf->badmac_limit != 0 &&
++ssl->badmac_seen >= ssl->conf->badmac_limit ) ++ssl->badmac_seen >= ssl->conf->badmac_limit )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC ); return( MBEDTLS_ERR_SSL_INVALID_MAC );
} }
#endif
/* As above, invalid records cause /* As above, invalid records cause
* dismissal of the whole datagram. */ * dismissal of the whole datagram. */

10
library/ssl_tls.c
View file

@ -3390,12 +3390,10 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
} }
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{ {
conf->badmac_limit = limit; conf->badmac_limit = limit;
} }
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -5418,11 +5416,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u #define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u #define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
#else
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 0u
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u #define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
@ -5639,7 +5633,6 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
/* /*
* Saved fields from top-level ssl_context structure * Saved fields from top-level ssl_context structure
*/ */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
used += 4; used += 4;
if( used <= buf_len ) if( used <= buf_len )
{ {
@ -5648,7 +5641,6 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
used += 16; used += 16;
@ -5904,7 +5896,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
/* /*
* Saved fields from top-level ssl_context structure * Saved fields from top-level ssl_context structure
*/ */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( (size_t)( end - p ) < 4 ) if( (size_t)( end - p ) < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -5913,7 +5904,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
( (uint32_t) p[2] << 8 ) | ( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] ); ( (uint32_t) p[3] );
p += 4; p += 4;
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( (size_t)( end - p ) < 16 ) if( (size_t)( end - p ) < 16 )

1
programs/ssl/ssl_context_info.c
View file

@ -872,7 +872,6 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len )
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag ); print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag ); print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag ); print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );

6
programs/ssl/ssl_server2.c
View file

@ -363,12 +363,8 @@ int main( void )
#define USAGE_ANTI_REPLAY "" #define USAGE_ANTI_REPLAY ""
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define USAGE_BADMAC_LIMIT \ #define USAGE_BADMAC_LIMIT \
" badmac_limit=%%d default: (library default: disabled)\n" " badmac_limit=%%d default: (library default: disabled)\n"
#else
#define USAGE_BADMAC_LIMIT ""
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \ #define USAGE_DTLS \
@ -2685,10 +2681,8 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay ); mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT ) if( opt.badmac_limit != DFL_BADMAC_LIMIT )
mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit ); mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
#endif
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */

4
tests/context-info.sh
View file

@ -214,7 +214,6 @@ run_test "Default configuration, server" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \ -u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@ -238,7 +237,6 @@ run_test "Default configuration, client" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \ -u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@ -345,7 +343,6 @@ run_test "Minimal configuration, server" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \ -n "MBEDTLS_SSL_ALPN$" \
@ -357,7 +354,6 @@ run_test "Minimal configuration, client" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \ -n "MBEDTLS_SSL_ALPN$" \