From b4458052835ab2fbc26504b211792680b294c671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Nov 2014 21:04:22 +0100 Subject: [PATCH] Auto-renegotiate before sequence number wrapping --- library/ssl_tls.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index df57bb1dc..0e97c1110 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4273,6 +4273,33 @@ int ssl_renegotiate( ssl_context *ssl ) return( ret ); } + +/* + * Check record counters and renegotiate if they're above the limit. + */ +static int ssl_check_ctr_renegotiate( ssl_context *ssl ) +{ + static const unsigned char ctr_limit[8] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00 + }; + + if( ssl->state != SSL_HANDSHAKE_OVER || + ssl->renegotiation == SSL_RENEGOTIATION_PENDING || + ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ) + { + return( 0 ); + } + + // TODO: adapt for DTLS + if( memcmp( ssl->in_ctr, ctr_limit, 8 ) <= 0 && + memcmp( ssl->out_ctr, ctr_limit, 8 ) <= 0 ) + { + return( 0 ); + } + + SSL_DEBUG_MSG( 2, ( "record counter about to wrap: renegotiate" ) ); + return( ssl_renegotiate( ssl ) ); +} #endif /* POLARSSL_SSL_RENEGOTIATION */ /* @@ -4285,6 +4312,14 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) SSL_DEBUG_MSG( 2, ( "=> read" ) ); +#if defined(POLARSSL_SSL_RENEGOTIATION) + if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); + return( ret ); + } +#endif + if( ssl->state != SSL_HANDSHAKE_OVER ) { ret = ssl_handshake( ssl ); @@ -4457,6 +4492,14 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) SSL_DEBUG_MSG( 2, ( "=> write" ) ); +#if defined(POLARSSL_SSL_RENEGOTIATION) + if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); + return( ret ); + } +#endif + if( ssl->state != SSL_HANDSHAKE_OVER ) { if( ( ret = ssl_handshake( ssl ) ) != 0 )