lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Forbid sequence number wrapping

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2014-03-10 21:20:29 +01:00
parent 3c599f11b0
commit 83cdffc437
5 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/error.c
View File

@ -433,6 +433,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" );
if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)

14
library/ssl_tls.c
View File

@ -1309,6 +1309,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
if( ++ssl->out_ctr[i - 1] != 0 )
break;
/* The loops goes to its end iff the counter is wrapping */
if( i == 0 )
{
SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
}
SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
return( 0 );
@ -1775,6 +1782,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
if( ++ssl->in_ctr[i - 1] != 0 )
break;
/* The loops goes to its end iff the counter is wrapping */
if( i == 0 )
{
SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
}
SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
return( 0 );