From caed0541a0646684745b19d1f4e6d4e7e2cd59d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 30 Oct 2013 12:47:35 +0100 Subject: [PATCH] Allow ssl_renegotiate() to be called in a loop Previously broken if waiting for network I/O in the middle of a re-handshake initiated by the client. --- include/polarssl/ssl.h | 3 ++- library/ssl_tls.c | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index cbec35216..6808487d8 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -200,7 +200,8 @@ #define SSL_VERIFY_REQUIRED 2 #define SSL_INITIAL_HANDSHAKE 0 -#define SSL_RENEGOTIATION 1 +#define SSL_RENEGOTIATION 1 /* In progress */ +#define SSL_RENEGOTIATION_DONE 2 /* Done */ #define SSL_LEGACY_RENEGOTIATION 0 #define SSL_SECURE_RENEGOTIATION 1 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6dd5cc0ac..f6f3e109d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3023,6 +3023,9 @@ void ssl_handshake_wrapup( ssl_context *ssl ) polarssl_free( ssl->handshake ); ssl->handshake = NULL; + if( ssl->renegotiation == SSL_RENEGOTIATION ) + ssl->renegotiation = SSL_RENEGOTIATION_DONE; + /* * Switch in our now active transform context */ @@ -3977,14 +3980,20 @@ int ssl_renegotiate( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); - if( ssl->state != SSL_HANDSHAKE_OVER ) - return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + /* + * If renegotiation is already in progress, skip checks/init + */ + if( ssl->renegotiation != SSL_RENEGOTIATION ) + { + if( ssl->state != SSL_HANDSHAKE_OVER ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); - ssl->state = SSL_HELLO_REQUEST; - ssl->renegotiation = SSL_RENEGOTIATION; + if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) + return( ret ); - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); + ssl->state = SSL_HELLO_REQUEST; + ssl->renegotiation = SSL_RENEGOTIATION; + } if( ( ret = ssl_handshake( ssl ) ) != 0 ) {