forked from wolfSSL/wolfssl
add AlertCount to detect dos attempt
This commit is contained in:
toddouska
@@ -11273,6 +11273,11 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
|
|||||||
ssl->heap);
|
ssl->heap);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) {
|
||||||
|
WOLFSSL_MSG("Alert count exceeded");
|
||||||
|
return ALERT_COUNT_E;
|
||||||
|
}
|
||||||
|
|
||||||
/* make sure can read the message */
|
/* make sure can read the message */
|
||||||
if (*inOutIdx + ALERT_SIZE > totalSz)
|
if (*inOutIdx + ALERT_SIZE > totalSz)
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
@@ -14276,6 +14281,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
|||||||
case MCAST_HIGHWATER_CB_E:
|
case MCAST_HIGHWATER_CB_E:
|
||||||
return "Multicast highwater callback returned error";
|
return "Multicast highwater callback returned error";
|
||||||
|
|
||||||
|
case ALERT_COUNT_E:
|
||||||
|
return "Alert Count exceeded error";
|
||||||
|
|
||||||
default :
|
default :
|
||||||
return "unknown error number";
|
return "unknown error number";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -162,6 +162,7 @@ enum wolfSSL_ErrorCodes {
|
|||||||
EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */
|
EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */
|
||||||
INVALID_PARAMETER = -425, /* Security parameter invalid */
|
INVALID_PARAMETER = -425, /* Security parameter invalid */
|
||||||
MCAST_HIGHWATER_CB_E = -426, /* Multicast highwater cb err */
|
MCAST_HIGHWATER_CB_E = -426, /* Multicast highwater cb err */
|
||||||
|
ALERT_COUNT_E = -427, /* Alert Count exceeded err */
|
||||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||||
|
|
||||||
/* begin negotiation parameter errors */
|
/* begin negotiation parameter errors */
|
||||||
|
|||||||
@@ -2907,6 +2907,7 @@ typedef struct Options {
|
|||||||
byte acceptState; /* nonblocking resume */
|
byte acceptState; /* nonblocking resume */
|
||||||
byte asyncState; /* sub-state for enum asyncState */
|
byte asyncState; /* sub-state for enum asyncState */
|
||||||
byte buildMsgState; /* sub-state for enum buildMsgState */
|
byte buildMsgState; /* sub-state for enum buildMsgState */
|
||||||
|
byte alertCount; /* detect warning dos attempt */
|
||||||
#ifdef WOLFSSL_MULTICAST
|
#ifdef WOLFSSL_MULTICAST
|
||||||
word16 mcastID; /* Multicast group ID */
|
word16 mcastID; /* Multicast group ID */
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1631,6 +1631,11 @@ extern void uITRON4_free(void *p) ;
|
|||||||
#define ED25519_SMALL
|
#define ED25519_SMALL
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_ALERT_COUNT_MAX
|
||||||
|
#define WOLFSSL_ALERT_COUNT_MAX 5
|
||||||
|
#endif
|
||||||
|
|
||||||
/* warning for not using harden build options (default with ./configure) */
|
/* warning for not using harden build options (default with ./configure) */
|
||||||
#ifndef WC_NO_HARDEN
|
#ifndef WC_NO_HARDEN
|
||||||
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
|
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
|
||||||
|
|||||||
Reference in New Issue
Block a user