mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-02 16:21:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Limit HelloRequest retransmission if not enforced

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-10-15 15:07:45 +02:00 committed by Paul Bakker
parent 26a4cf63ec
commit df3acd82e2
2 changed files with 52 additions and 13 deletions
include/polarssl
ssl.h
library
ssl_tls.c

17
include/polarssl/ssl.h

@ -224,7 +224,7 @@
#define SSL_INITIAL_HANDSHAKE 0 #define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 /* In progress */ #define SSL_RENEGOTIATION 1 /* In progress */
#define SSL_RENEGOTIATION_DONE 2 /* Done */ #define SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ #define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
#define SSL_LEGACY_RENEGOTIATION 0 #define SSL_LEGACY_RENEGOTIATION 0
@ -760,7 +760,9 @@ struct _ssl_context
int state; /*!< SSL handshake: current state */ int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */ int transport; /*!< Transport: stream or datagram */
int renegotiation; /*!< Initial or renegotiation */ int renegotiation; /*!< Initial or renegotiation */
int renego_records_seen; /*!< Records since renego request */ int renego_records_seen; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@ -1816,7 +1818,7 @@ void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy ); void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/** /**
* \brief Enforce server-requested renegotiation. * \brief Enforce renegotiation requests.
* (Default: enforced, max_records = 16) * (Default: enforced, max_records = 16)
* *
* When we request a renegotiation, the peer can comply or * When we request a renegotiation, the peer can comply or
@ -1832,6 +1834,15 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
* The optimal value is highly dependent on the specific usage * The optimal value is highly dependent on the specific usage
* scenario. * scenario.
* *
* \note With DTLS and server-initiated renegotiation, the
* HelloRequest is retransmited every time ssl_read() times
* out or receives Application Data, until:
* - max_records records have beens seen, if it is >= 0, or
* - the number of retransmits that would happen during an
* actual handshake has been reached.
* Please remember the request might be lost a few times
* if you consider setting max_records to a really low value.
*
* \warning On client, the grace period can only happen during * \warning On client, the grace period can only happen during
* ssl_read(), as opposed to ssl_write() and ssl_renegotiate() * ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
* which always behave as if max_record was 0. The reason is, * which always behave as if max_record was 0. The reason is,

48
library/ssl_tls.c

@ -1891,6 +1891,33 @@ static int ssl_decompress_buf( ssl_context *ssl )
#if defined(POLARSSL_SSL_SRV_C) #if defined(POLARSSL_SSL_SRV_C)
static int ssl_write_hello_request( ssl_context *ssl ); static int ssl_write_hello_request( ssl_context *ssl );
#if defined(POLARSSL_SSL_PROTO_DTLS)
static int ssl_resend_hello_request( ssl_context *ssl )
{
/* If renegotiation is not enforced, retransmit until we would reach max
* timeout if we were using the usual handshake doubling scheme */
if( ssl->renego_max_records < 0 )
{
uint32_t ratio = ssl->hs_timeout_max / ssl->hs_timeout_min + 1;
unsigned char doublings = 1;
while( ratio != 0 )
{
++doublings;
ratio >>= 1;
}
if( ++ssl->renego_records_seen > doublings )
{
SSL_DEBUG_MSG( 0, ( "no longer retransmitting hello request" ) );
return( 0 );
}
}
return( ssl_write_hello_request( ssl ) );
}
#endif
#endif #endif
/* /*
@ -2045,9 +2072,9 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
else if( ssl->endpoint == SSL_IS_SERVER && else if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{ {
if( ( ret = ssl_write_hello_request( ssl ) ) != 0 ) if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret ); SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret ); return( ret );
} }
@ -5900,14 +5927,15 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
} }
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{ {
ssl->renego_records_seen++;
if( ssl->renego_max_records >= 0 && if( ssl->renego_max_records >= 0 )
ssl->renego_records_seen > ssl->renego_max_records )
{ {
SSL_DEBUG_MSG( 1, ( "renegotiation requested, " if( ++ssl->renego_records_seen > ssl->renego_max_records )
"but not honored by client" ) ); {
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by client" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
} }
} }
@ -5939,9 +5967,9 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ssl->endpoint == SSL_IS_SERVER && if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{ {
if( ( ret = ssl_write_hello_request( ssl ) ) != 0 ) if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret ); SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret ); return( ret );
} }
} }