Limit HelloRequest retransmission if not enforced
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c508734..ad77270 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -224,7 +224,7 @@
#define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1 /* In progress */
-#define SSL_RENEGOTIATION_DONE 2 /* Done */
+#define SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
#define SSL_LEGACY_RENEGOTIATION 0
@@ -760,7 +760,9 @@
int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */
int renegotiation; /*!< Initial or renegotiation */
- int renego_records_seen; /*!< Records since renego request */
+ int renego_records_seen; /*!< Records since renego request, or with DTLS,
+ number of retransmissions of request if
+ renego_max_records is < 0 */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@@ -1816,7 +1818,7 @@
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/**
- * \brief Enforce server-requested renegotiation.
+ * \brief Enforce renegotiation requests.
* (Default: enforced, max_records = 16)
*
* When we request a renegotiation, the peer can comply or
@@ -1832,6 +1834,15 @@
* The optimal value is highly dependent on the specific usage
* scenario.
*
+ * \note With DTLS and server-initiated renegotiation, the
+ * HelloRequest is retransmited every time ssl_read() times
+ * out or receives Application Data, until:
+ * - max_records records have beens seen, if it is >= 0, or
+ * - the number of retransmits that would happen during an
+ * actual handshake has been reached.
+ * Please remember the request might be lost a few times
+ * if you consider setting max_records to a really low value.
+ *
* \warning On client, the grace period can only happen during
* ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
* which always behave as if max_record was 0. The reason is,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7c34d0f..f42a560 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1891,6 +1891,33 @@
#if defined(POLARSSL_SSL_SRV_C)
static int ssl_write_hello_request( ssl_context *ssl );
+
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+static int ssl_resend_hello_request( ssl_context *ssl )
+{
+ /* If renegotiation is not enforced, retransmit until we would reach max
+ * timeout if we were using the usual handshake doubling scheme */
+ if( ssl->renego_max_records < 0 )
+ {
+ uint32_t ratio = ssl->hs_timeout_max / ssl->hs_timeout_min + 1;
+ unsigned char doublings = 1;
+
+ while( ratio != 0 )
+ {
+ ++doublings;
+ ratio >>= 1;
+ }
+
+ if( ++ssl->renego_records_seen > doublings )
+ {
+ SSL_DEBUG_MSG( 0, ( "no longer retransmitting hello request" ) );
+ return( 0 );
+ }
+ }
+
+ return( ssl_write_hello_request( ssl ) );
+}
+#endif
#endif
/*
@@ -2045,9 +2072,9 @@
else if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
- if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+ if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
- SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+ SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret );
}
@@ -5900,14 +5927,15 @@
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
- ssl->renego_records_seen++;
- if( ssl->renego_max_records >= 0 &&
- ssl->renego_records_seen > ssl->renego_max_records )
+ if( ssl->renego_max_records >= 0 )
{
- SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
- "but not honored by client" ) );
- return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ if( ++ssl->renego_records_seen > ssl->renego_max_records )
+ {
+ SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+ "but not honored by client" ) );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
}
}
@@ -5939,9 +5967,9 @@
if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
- if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+ if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
- SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+ SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
return( ret );
}
}