From 83cdffc437ad8b265e41eaf8a4f88e1658328be2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Mar 2014 21:20:29 +0100 Subject: [PATCH] Forbid sequence number wrapping --- ChangeLog | 1 + include/polarssl/error.h | 2 +- include/polarssl/ssl.h | 1 + library/error.c | 2 ++ library/ssl_tls.c | 14 ++++++++++++++ 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ce5b8399..89d159ffd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ Security "triple handshake" attack when authentication mode is optional (the attack was already impossible when authentication is required). * Check notBefore timestamp of certificates and CRLs from the future. + * Forbid sequence number wrapping Bugfix * ecp_gen_keypair() does more tries to prevent failure because of diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 33a2c88ea..ae460142f 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -89,7 +89,7 @@ * ECP 4 7 (Started from top) * MD 5 4 * CIPHER 6 6 - * SSL 6 8 (Started from top) + * SSL 6 9 (Started from top) * SSL 7 31 * * Module dependent error code (5 bits 0x.00.-0x.F8.) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index d610052c9..1904ac908 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -139,6 +139,7 @@ #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unkown identity received (eg, PSK identity) */ #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ +#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ /* * Various constants diff --git a/library/error.c b/library/error.c index 64dc0f525..4aa167f61 100644 --- a/library/error.c +++ b/library/error.c @@ -433,6 +433,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" ); if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) ) snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" ); + if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) ) + snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); #endif /* POLARSSL_SSL_TLS_C */ #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4f3095caa..20cb9bdc7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1309,6 +1309,13 @@ static int ssl_encrypt_buf( ssl_context *ssl ) if( ++ssl->out_ctr[i - 1] != 0 ) break; + /* The loops goes to its end iff the counter is wrapping */ + if( i == 0 ) + { + SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); + return( POLARSSL_ERR_SSL_COUNTER_WRAPPING ); + } + SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); return( 0 ); @@ -1775,6 +1782,13 @@ static int ssl_decrypt_buf( ssl_context *ssl ) if( ++ssl->in_ctr[i - 1] != 0 ) break; + /* The loops goes to its end iff the counter is wrapping */ + if( i == 0 ) + { + SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); + return( POLARSSL_ERR_SSL_COUNTER_WRAPPING ); + } + SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); return( 0 );