esp: detect multiple subsequent seq overflows.

Author: philljj

src/test/unit/unit_esp.c

@@ -540,13 +540,15 @@ START_TEST(test_replay_overflow)
         ck_assert_int_eq(ret, 0);
     }
 
-    /* oseq overflow is detected, and is rejected. */
-    frame_len = build_ip_packet(buf, sizeof(buf), WI_IPPROTO_UDP,
-                                ref, sizeof(ref));
-    ip_len    = (uint16_t)(frame_len - ETH_HEADER_LEN);
+    /* all of these should be rejected, oseq overflow is detected. */
+    for (i = 0; i < 10; ++i) {
+        frame_len = build_ip_packet(buf, sizeof(buf), WI_IPPROTO_UDP,
+                                    ref, sizeof(ref));
+        ip_len    = (uint16_t)(frame_len - ETH_HEADER_LEN);
 
-    ret = esp_transport_wrap(ip, &ip_len);
-    ck_assert_int_eq(ret, -1);
+        ret = esp_transport_wrap(ip, &ip_len);
+        ck_assert_int_eq(ret, -1);
+    }
 }
 END_TEST
 

src/wolfesp.c

@@ -1491,6 +1491,7 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
 
     esp_sa->replay.oseq++;
     if (esp_sa->replay.oseq == 0) {
+        esp_sa->replay.oseq--;
         ESP_LOG("error: oseq overflow\n");
         return -1;
     }