Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Forbid sequence number wrapping

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-10 21:20:29 +01:00
parent 3c599f11b0
commit 83cdffc437
5 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
library/ssl_tls.c
View file

@ -1309,6 +1309,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
if( ++ssl->out_ctr[i - 1] != 0 )
break;
/* The loops goes to its end iff the counter is wrapping */
if( i == 0 )
{
SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
}
SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
return( 0 );
@ -1775,6 +1782,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
if( ++ssl->in_ctr[i - 1] != 0 )
break;
/* The loops goes to its end iff the counter is wrapping */
if( i == 0 )
{
SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
}
SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
return( 0 );