commit 837f0fe831894876098d95b344699d2052287584
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 13:58:53 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Dec 02 10:40:55 2014 +0100
tree b7d1bc429d1ea30d7f99cae84cf84925e889b6f9
parent b4458052835ab2fbc26504b211792680b294c671

Make renego period configurable

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index cfd987b..5969cf9 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -830,6 +830,8 @@
 #if defined(POLARSSL_SSL_RENEGOTIATION)
     int disable_renegotiation;          /*!<  enable/disable renegotiation   */
     int renego_max_records;             /*!<  grace period for renegotiation */
+    unsigned char renego_period[8];     /*!<  value of the record counters
+                                              that triggers renegotiation    */
 #endif
     int allow_legacy_renegotiation;     /*!<  allow legacy renegotiation     */
     const int *ciphersuite_list[4];     /*!<  allowed ciphersuites / version */
@@ -1543,6 +1545,26 @@
  *                 it but allow for a grace period of max_records records.
  */
 void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
+
+/**
+ * \brief          Set record counter threshold for periodic renegotiation.
+ *                 (Default: 2^64 - 256.)
+ *
+ *                 Renegotiation is automatically triggered when a record
+ *                 counter (outgoing or ingoing) crosses the defined
+ *                 threshold. The default value is meant to prevent the
+ *                 connection from being closed when the counter is about to
+ *                 reached its maximal value (it is not allowed to wrap).
+ *
+ *                 Lower values can be used to enforce policies such as "keys
+ *                 must be refreshed every N packets with cipher X".
+ *
+ * \param ssl      SSL context
+ * \param period   The threshold value: a big-endian 64-bit number.
+ *                 Set to 2^64 - 1 to disable periodic renegotiation
+ */
+void ssl_set_renegotiation_period( ssl_context *ssl,
+                                   const unsigned char period[8] );
 #endif /* POLARSSL_SSL_RENEGOTIATION */
 
 /**

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0e97c11..3d16e1c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3404,6 +3404,8 @@
 
 #if defined(POLARSSL_SSL_RENEGOTIATION)
     ssl->renego_max_records = SSL_RENEGO_MAX_RECORDS_DEFAULT;
+    memset( ssl->renego_period, 0xFF, 7 );
+    ssl->renego_period[7] = 0x00;
 #endif
 
 #if defined(POLARSSL_DHM_C)
@@ -4031,6 +4033,12 @@
 {
     ssl->renego_max_records = max_records;
 }
+
+void ssl_set_renegotiation_period( ssl_context *ssl,
+                                   const unsigned char period[8] )
+{
+    memcpy( ssl->renego_period, period, 8 );
+}
 #endif /* POLARSSL_SSL_RENEGOTIATION */
 
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
@@ -4279,10 +4287,6 @@
  */
 static int ssl_check_ctr_renegotiate( ssl_context *ssl )
 {
-    static const unsigned char ctr_limit[8] = {
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00
-    };
-
     if( ssl->state != SSL_HANDSHAKE_OVER ||
         ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
         ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
@@ -4291,13 +4295,13 @@
     }
 
     // TODO: adapt for DTLS
-    if( memcmp( ssl->in_ctr,  ctr_limit, 8 ) <= 0 &&
-        memcmp( ssl->out_ctr, ctr_limit, 8 ) <= 0 )
+    if( memcmp( ssl->in_ctr,  ssl->renego_period, 8 ) <= 0 &&
+        memcmp( ssl->out_ctr, ssl->renego_period, 8 ) <= 0 )
     {
         return( 0 );
     }
 
-    SSL_DEBUG_MSG( 2, ( "record counter about to wrap: renegotiate" ) );
+    SSL_DEBUG_MSG( 0, ( "record counter limit reached: renegotiate" ) );
     return( ssl_renegotiate( ssl ) );
 }
 #endif /* POLARSSL_SSL_RENEGOTIATION */