Auto-renegotiate before sequence number wrapping

This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-04 21:04:22 +01:00
parent fa4238838a
commit b445805283

View file

@ -4273,6 +4273,33 @@ int ssl_renegotiate( ssl_context *ssl )
return( ret ); return( ret );
} }
/*
* Check record counters and renegotiate if they're above the limit.
*/
static int ssl_check_ctr_renegotiate( ssl_context *ssl )
{
static const unsigned char ctr_limit[8] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00
};
if( ssl->state != SSL_HANDSHAKE_OVER ||
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
{
return( 0 );
}
// TODO: adapt for DTLS
if( memcmp( ssl->in_ctr, ctr_limit, 8 ) <= 0 &&
memcmp( ssl->out_ctr, ctr_limit, 8 ) <= 0 )
{
return( 0 );
}
SSL_DEBUG_MSG( 2, ( "record counter about to wrap: renegotiate" ) );
return( ssl_renegotiate( ssl ) );
}
#endif /* POLARSSL_SSL_RENEGOTIATION */ #endif /* POLARSSL_SSL_RENEGOTIATION */
/* /*
@ -4285,6 +4312,14 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
SSL_DEBUG_MSG( 2, ( "=> read" ) ); SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
return( ret );
}
#endif
if( ssl->state != SSL_HANDSHAKE_OVER ) if( ssl->state != SSL_HANDSHAKE_OVER )
{ {
ret = ssl_handshake( ssl ); ret = ssl_handshake( ssl );
@ -4457,6 +4492,14 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
SSL_DEBUG_MSG( 2, ( "=> write" ) ); SSL_DEBUG_MSG( 2, ( "=> write" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
return( ret );
}
#endif
if( ssl->state != SSL_HANDSHAKE_OVER ) if( ssl->state != SSL_HANDSHAKE_OVER )
{ {
if( ( ret = ssl_handshake( ssl ) ) != 0 ) if( ( ret = ssl_handshake( ssl ) ) != 0 )