Fix bug with non-blocking I/O and cookies

2024-11-25 15:05:45 +01:00 · 2014-09-29 17:47:33 +02:00 · 2014-09-29 17:47:33 +02:00 · 579950c2bb
commit 579950c2bb
parent f03651217c
3 changed files with 18 additions and 8 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -516,6 +516,7 @@ typedef enum
    SSL_HANDSHAKE_WRAPUP,
    SSL_HANDSHAKE_OVER,
    SSL_SERVER_NEW_SESSION_TICKET,
+    SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
 }
 ssl_states;

--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -2052,7 +2052,7 @@ static int ssl_write_hello_verify_request( ssl_context *ssl )
    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
    ssl->out_msg[0]  = SSL_HS_HELLO_VERIFY_REQUEST;

-    ssl->state = SSL_CLIENT_HELLO;
+    ssl->state = SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;

    if( ( ret = ssl_write_record( ssl ) ) != 0 )
    {
@ -2084,13 +2084,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
        SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
        SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );

-        if( ( ret = ssl_write_hello_verify_request( ssl ) ) != 0 )
-        {
-            SSL_DEBUG_RET( 1, "ssl_write_hello_verify_request", ret );
-            return( ret );
-        }
-
-        return( POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED );
+        return( ssl_write_hello_verify_request( ssl ) );
    }
 #endif /* POLARSSL_SSL_DTLS_HELLO_VERIFY */

@ -3534,6 +3528,11 @@ int ssl_handshake_server_step( ssl_context *ssl )
            ret = ssl_parse_client_hello( ssl );
            break;

+#if defined(POLARSSL_SSL_PROTO_DTLS)
+        case SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
+            return( POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED );
+#endif
+
        /*
         *  ==>   ServerHello
         *        Certificate
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2046,6 +2046,16 @@ run_test    "DTLS cookie: enabled, IPv6" \
            -c "received hello verify request" \
            -S "SSL - The requested feature is not available"

+run_test    "DTLS cookie: enabled, nbio" \
+            "$P_SRV dtls=1 nbio=2 debug_level=2" \
+            "$P_CLI dtls=1 nbio=2 debug_level=2" \
+            0 \
+            -s "cookie verification failed" \
+            -s "cookie verification passed" \
+            -S "cookie verification skipped" \
+            -c "received hello verify request" \
+            -S "SSL - The requested feature is not available"
+
 # Tests for various cases of client authentication with DTLS
 # (focused on handshake flows and message parsing)