mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 20:45:45 +00:00
Auto-renegotiate before sequence number wrapping
This commit is contained in:
parent
fa4238838a
commit
b445805283
|
@ -4273,6 +4273,33 @@ int ssl_renegotiate( ssl_context *ssl )
|
|||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check record counters and renegotiate if they're above the limit.
|
||||
*/
|
||||
static int ssl_check_ctr_renegotiate( ssl_context *ssl )
|
||||
{
|
||||
static const unsigned char ctr_limit[8] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00
|
||||
};
|
||||
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER ||
|
||||
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
|
||||
ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
// TODO: adapt for DTLS
|
||||
if( memcmp( ssl->in_ctr, ctr_limit, 8 ) <= 0 &&
|
||||
memcmp( ssl->out_ctr, ctr_limit, 8 ) <= 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "record counter about to wrap: renegotiate" ) );
|
||||
return( ssl_renegotiate( ssl ) );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_RENEGOTIATION */
|
||||
|
||||
/*
|
||||
|
@ -4285,6 +4312,14 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> read" ) );
|
||||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
ret = ssl_handshake( ssl );
|
||||
|
@ -4457,6 +4492,14 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write" ) );
|
||||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
if( ( ret = ssl_handshake( ssl ) ) != 0 )
|
||||
|
|
Loading…
Reference in a new issue