Rename badmac_seen to badmac_seen_or_in_hsfraglen

Prepare to unify two fields of the `mbedtls_ssl_context` structure: `badmac_seen` (always present but only used in DTLS) and `in_hsfraglen` (always present but only used in non-DTLS TLS). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-25 06:39:04 +08:00 · 2025-02-17 16:10:14 +01:00 · 2025-02-17 16:10:14 +01:00 · f6a676d93f
commit f6a676d93f
parent 69f8f45e6f
3 changed files with 15 additions and 6 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1724,7 +1724,16 @@ struct mbedtls_ssl_context {
    int MBEDTLS_PRIVATE(early_data_state);
 #endif

-    unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */
+    /** Multipurpose field.
+     *
+     * - DTLS: records with a bad MAC received.
+     * - TLS: accumulated length of handshake fragments (up to ::in_hslen).
+     *
+     * This field is multipurpose in order to preserve the ABI in the
+     * Mbed TLS 3.6 LTS branch. Until 3.6.2, it was only used in DTLS
+     * and called `badmac_seen`.
+     */
+    unsigned MBEDTLS_PRIVATE(badmac_seen_or_in_hsfraglen);

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
    /** Callback to customize X.509 certificate chain verification          */
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -5033,8 +5033,8 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl)
                }

                if (ssl->conf->badmac_limit != 0) {
-                    ++ssl->badmac_seen;
-                    if (ssl->badmac_seen >= ssl->conf->badmac_limit) {
+                    ++ssl->badmac_seen_or_in_hsfraglen;
+                    if (ssl->badmac_seen_or_in_hsfraglen >= ssl->conf->badmac_limit) {
                        MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
                        return MBEDTLS_ERR_SSL_INVALID_MAC;
                    }
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5021,7 +5021,7 @@ static const unsigned char ssl_serialized_context_header[] = {
 *  uint8 in_cid<0..2^8-1>      // Connection ID: expected incoming value
 *  uint8 out_cid<0..2^8-1>     // Connection ID: outgoing value to use
 *  // fields from ssl_context
- *  uint32 badmac_seen;         // DTLS: number of records with failing MAC
+ *  uint32 badmac_seen_or_in_hsfraglen;         // DTLS: number of records with failing MAC
 *  uint64 in_window_top;       // DTLS: last validated record seq_num
 *  uint64 in_window;           // DTLS: bitmask for replay protection
 *  uint8 disable_datagram_packing; // DTLS: only one record per datagram
@ -5163,7 +5163,7 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
     */
    used += 4;
    if (used <= buf_len) {
-        MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
+        MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0);
        p += 4;
    }

@ -5393,7 +5393,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
    }

-    ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
+    ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0);
    p += 4;

 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)