TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 83cdffc437ad8b265e41eaf8a4f88e1658328be2^! / .
commit83cdffc437ad8b265e41eaf8a4f88e1658328be2[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Mar 10 21:20:29 2014 +0100
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Mar 13 19:25:06 2014 +0100
treed8dd87a79cf50b67e69b8f46cbbb447ab0da79d9
parent3c599f11b03a5bec57187b92f3dcef9ab15f91b5 [diff]
Forbid sequence number wrapping

diff --git a/ChangeLog b/ChangeLog
index 9ce5b83..89d159f 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -19,6 +19,7 @@
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
    * Check notBefore timestamp of certificates and CRLs from the future.
+   * Forbid sequence number wrapping
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of

diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 33a2c88..ae46014 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h

@@ -89,7 +89,7 @@
  * ECP       4   7 (Started from top)
  * MD        5   4
  * CIPHER    6   6
- * SSL       6   8 (Started from top)
+ * SSL       6   9 (Started from top)
  * SSL       7   31
  *
  * Module dependent error code (5 bits 0x.00.-0x.F8.)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d610052..1904ac9 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -139,6 +139,7 @@
 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unkown identity received (eg, PSK identity) */
 #define POLARSSL_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
 
 /*
  * Various constants

diff --git a/library/error.c b/library/error.c
index 64dc0f5..4aa167f 100644
--- a/library/error.c
+++ b/library/error.c

@@ -433,6 +433,8 @@
             snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" );
         if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
             snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
+        if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
+            snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
 #endif /* POLARSSL_SSL_TLS_C */
 
 #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4f3095c..20cb9bd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1309,6 +1309,13 @@
         if( ++ssl->out_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
 
     return( 0 );
@@ -1775,6 +1782,13 @@
         if( ++ssl->in_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
 
     return( 0 );