Fix renegotiation at incorrect times in DTLS
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2c02190..19fc1f1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2183,7 +2183,7 @@
/**
* \brief Set record counter threshold for periodic renegotiation.
- * (Default: 2^64 - 256.)
+ * (Default: 2^48 - 1)
*
* Renegotiation is automatically triggered when a record
* counter (outgoing or ingoing) crosses the defined
@@ -2194,9 +2194,11 @@
* Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X".
*
+ * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ * the maximum renegotiation period is 2^48 - 1.
+ *
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
- * Set to 2^64 - 1 to disable periodic renegotiation
*/
void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );