commit be04673c49945d0607bb224db5cb2264fb645c7a
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Mar 10 21:20:29 2014 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 11:04:19 2014 +0200
tree 0096a3489bbece42c0fa2edfcad0d603f35a7137
parent 50a5c53398b5ffc3cc997a8c7d432a025c8de2f3

Forbid sequence number wrapping

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index f1fc690..fcdfccc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
    * Check notBefore timestamp of certificates and CRLs from the future.
+   * Forbid sequence number wrapping
 
 Bugfix
    * Fixed X.509 hostname comparison (with non-regular characters)

include/polarssl/error.h

diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 94c73a8..8d7da0b 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -80,7 +80,7 @@
  * RSA      4   9
  * MD       5   4
  * CIPHER   6   5
- * SSL      6   2 (Started from top)
+ * SSL      6   3 (Started from top)
  * SSL      7   31
  *
  * Module dependent error code (5 bits 0x.08.-0x.F8.)

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index ad85924..1e52229 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -91,6 +91,7 @@
 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
 
 /*
  * Various constants

library/error.c

diff --git a/library/error.c b/library/error.c
index 46adb27..9f89416 100644
--- a/library/error.c
+++ b/library/error.c
@@ -339,6 +339,8 @@
             snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
         if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION) )
             snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
+        if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
+            snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
 #endif /* POLARSSL_SSL_TLS_C */
 
 #if defined(POLARSSL_X509_PARSE_C)

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d6e9dd3..c42eccc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1191,6 +1191,13 @@
         if( ++ssl->out_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
 
     return( 0 );
@@ -1589,6 +1596,13 @@
         if( ++ssl->in_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
 
     return( 0 );