Limit HelloRequest retransmission if not enforced

This commit is contained in:
Manuel Pégourié-Gonnard 2014-10-15 15:07:45 +02:00 committed by Paul Bakker
parent 26a4cf63ec
commit df3acd82e2
2 changed files with 52 additions and 13 deletions

View file

@ -224,7 +224,7 @@
#define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 /* In progress */
#define SSL_RENEGOTIATION_DONE 2 /* Done */
#define SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
#define SSL_LEGACY_RENEGOTIATION 0
@ -760,7 +760,9 @@ struct _ssl_context
int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */
int renegotiation; /*!< Initial or renegotiation */
int renego_records_seen; /*!< Records since renego request */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@ -1816,7 +1818,7 @@ void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/**
* \brief Enforce server-requested renegotiation.
* \brief Enforce renegotiation requests.
* (Default: enforced, max_records = 16)
*
* When we request a renegotiation, the peer can comply or
@ -1832,6 +1834,15 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
* The optimal value is highly dependent on the specific usage
* scenario.
*
* \note With DTLS and server-initiated renegotiation, the
* HelloRequest is retransmited every time ssl_read() times
* out or receives Application Data, until:
* - max_records records have beens seen, if it is >= 0, or
* - the number of retransmits that would happen during an
* actual handshake has been reached.
* Please remember the request might be lost a few times
* if you consider setting max_records to a really low value.
*
* \warning On client, the grace period can only happen during
* ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
* which always behave as if max_record was 0. The reason is,

View file

@ -1891,6 +1891,33 @@ static int ssl_decompress_buf( ssl_context *ssl )
#if defined(POLARSSL_SSL_SRV_C)
static int ssl_write_hello_request( ssl_context *ssl );
#if defined(POLARSSL_SSL_PROTO_DTLS)
static int ssl_resend_hello_request( ssl_context *ssl )
{
/* If renegotiation is not enforced, retransmit until we would reach max
* timeout if we were using the usual handshake doubling scheme */
if( ssl->renego_max_records < 0 )
{
uint32_t ratio = ssl->hs_timeout_max / ssl->hs_timeout_min + 1;
unsigned char doublings = 1;
while( ratio != 0 )
{
++doublings;
ratio >>= 1;
}
if( ++ssl->renego_records_seen > doublings )
{
SSL_DEBUG_MSG( 0, ( "no longer retransmitting hello request" ) );
return( 0 );
}
}
return( ssl_write_hello_request( ssl ) );
}
#endif
#endif
/*
@ -2045,9 +2072,9 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
else if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret );
}
@ -5900,16 +5927,17 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
ssl->renego_records_seen++;
if( ssl->renego_max_records >= 0 &&
ssl->renego_records_seen > ssl->renego_max_records )
if( ssl->renego_max_records >= 0 )
{
if( ++ssl->renego_records_seen > ssl->renego_max_records )
{
SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by client" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
}
}
/* Fatal and closure alerts handled by ssl_read_record() */
if( ssl->in_msgtype == SSL_MSG_ALERT )
@ -5939,9 +5967,9 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret );
}
}