Limit HelloRequest retransmission if not enforced

2014-10-15 15:07:45 +02:00 · 2014-10-15 15:07:45 +02:00 · df3acd82e2
commit df3acd82e2
parent 26a4cf63ec
2 changed files with 52 additions and 13 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -224,7 +224,7 @@

 #define SSL_INITIAL_HANDSHAKE           0
 #define SSL_RENEGOTIATION               1   /* In progress */
-#define SSL_RENEGOTIATION_DONE          2   /* Done */
+#define SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
 #define SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */

 #define SSL_LEGACY_RENEGOTIATION        0
@ -760,7 +760,9 @@ struct _ssl_context
    int state;                  /*!< SSL handshake: current state     */
    int transport;              /*!< Transport: stream or datagram    */
    int renegotiation;          /*!< Initial or renegotiation         */
-    int renego_records_seen;    /*!< Records since renego request     */
+    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
+                                  number of retransmissions of request if
+                                  renego_max_records is < 0           */

    int major_ver;              /*!< equal to  SSL_MAJOR_VERSION_3    */
    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
@ -1816,7 +1818,7 @@ void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );

 /**
- * \brief          Enforce server-requested renegotiation.
+ * \brief          Enforce renegotiation requests.
 *                 (Default: enforced, max_records = 16)
 *
 *                 When we request a renegotiation, the peer can comply or
@ -1832,6 +1834,15 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
 *                 The optimal value is highly dependent on the specific usage
 *                 scenario.
 *
+ * \note           With DTLS and server-initiated renegotiation, the
+ *                 HelloRequest is retransmited every time ssl_read() times
+ *                 out or receives Application Data, until:
+ *                 - max_records records have beens seen, if it is >= 0, or
+ *                 - the number of retransmits that would happen during an
+ *                 actual handshake has been reached.
+ *                 Please remember the request might be lost a few times
+ *                 if you consider setting max_records to a really low value.
+ *
 * \warning        On client, the grace period can only happen during
 *                 ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
 *                 which always behave as if max_record was 0. The reason is,
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1891,6 +1891,33 @@ static int ssl_decompress_buf( ssl_context *ssl )

 #if defined(POLARSSL_SSL_SRV_C)
 static int ssl_write_hello_request( ssl_context *ssl );
+
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+static int ssl_resend_hello_request( ssl_context *ssl )
+{
+    /* If renegotiation is not enforced, retransmit until we would reach max
+     * timeout if we were using the usual handshake doubling scheme */
+    if( ssl->renego_max_records < 0 )
+    {
+        uint32_t ratio = ssl->hs_timeout_max / ssl->hs_timeout_min + 1;
+        unsigned char doublings = 1;
+
+        while( ratio != 0 )
+        {
+            ++doublings;
+            ratio >>= 1;
+        }
+
+        if( ++ssl->renego_records_seen > doublings )
+        {
+            SSL_DEBUG_MSG( 0, ( "no longer retransmitting hello request" ) );
+            return( 0 );
+        }
+    }
+
+    return( ssl_write_hello_request( ssl ) );
+}
+#endif
 #endif

 /*
@ -2045,9 +2072,9 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
            else if( ssl->endpoint == SSL_IS_SERVER &&
                     ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
            {
-                if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+                if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
                {
-                    SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+                    SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
                    return( ret );
                }

@ -5900,14 +5927,15 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
        }
        else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
        {
-            ssl->renego_records_seen++;

-            if( ssl->renego_max_records >= 0 &&
-                ssl->renego_records_seen > ssl->renego_max_records )
+            if( ssl->renego_max_records >= 0 )
            {
-                SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
-                                    "but not honored by client" ) );
-                return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+                if( ++ssl->renego_records_seen > ssl->renego_max_records )
+                {
+                    SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+                                        "but not honored by client" ) );
+                    return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+                }
            }
        }

@ -5939,9 +5967,9 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
        if( ssl->endpoint == SSL_IS_SERVER &&
            ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
        {
-            if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+            if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
            {
-                SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+                SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
                return( ret );
            }
        }