Allow ssl_renegotiate() to be called in a loop

Previously broken if waiting for network I/O in the middle of a re-handshake initiated by the client.
2024-11-22 22:45:48 +01:00 · 2013-10-30 12:47:35 +01:00 · 2013-10-30 12:47:35 +01:00 · caed0541a0
commit caed0541a0
parent e5e1bb972c
2 changed files with 17 additions and 7 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -200,7 +200,8 @@
 #define SSL_VERIFY_REQUIRED             2

 #define SSL_INITIAL_HANDSHAKE           0
-#define SSL_RENEGOTIATION               1
+#define SSL_RENEGOTIATION               1   /* In progress */
+#define SSL_RENEGOTIATION_DONE          2   /* Done */

 #define SSL_LEGACY_RENEGOTIATION        0
 #define SSL_SECURE_RENEGOTIATION        1
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3023,6 +3023,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
    polarssl_free( ssl->handshake );
    ssl->handshake = NULL;

+    if( ssl->renegotiation == SSL_RENEGOTIATION )
+        ssl->renegotiation =  SSL_RENEGOTIATION_DONE;
+
    /*
     * Switch in our now active transform context
     */
@ -3977,14 +3980,20 @@ int ssl_renegotiate( ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );

-    if( ssl->state != SSL_HANDSHAKE_OVER )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+    /*
+     * If renegotiation is already in progress, skip checks/init
+     */
+    if( ssl->renegotiation != SSL_RENEGOTIATION )
+    {
+        if( ssl->state != SSL_HANDSHAKE_OVER )
+            return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

-    ssl->state = SSL_HELLO_REQUEST;
-    ssl->renegotiation = SSL_RENEGOTIATION;
+        if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+            return( ret );

-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
+        ssl->state = SSL_HELLO_REQUEST;
+        ssl->renegotiation = SSL_RENEGOTIATION;
+    }

    if( ( ret = ssl_handshake( ssl ) ) != 0 )
    {