Allow ssl_renegotiate() to be called in a loop

Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.

include/polarssl/ssl.h

@@ -200,7 +200,8 @@
 #define SSL_VERIFY_REQUIRED             2
 
 #define SSL_INITIAL_HANDSHAKE           0
-#define SSL_RENEGOTIATION               1
+#define SSL_RENEGOTIATION               1   /* In progress */
+#define SSL_RENEGOTIATION_DONE          2   /* Done */
 
 #define SSL_LEGACY_RENEGOTIATION        0
 #define SSL_SECURE_RENEGOTIATION        1

library/ssl_tls.c

@@ -3023,6 +3023,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
     polarssl_free( ssl->handshake );
     ssl->handshake = NULL;
 
+    if( ssl->renegotiation == SSL_RENEGOTIATION )
+        ssl->renegotiation =  SSL_RENEGOTIATION_DONE;
+
     /*
      * Switch in our now active transform context
      */
@@ -3977,15 +3980,21 @@ int ssl_renegotiate( ssl_context *ssl )
 
     SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
 
+    /*
+     * If renegotiation is already in progress, skip checks/init
+     */
+    if( ssl->renegotiation != SSL_RENEGOTIATION )
+    {
         if( ssl->state != SSL_HANDSHAKE_OVER )
             return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
-    ssl->state = SSL_HELLO_REQUEST;
-    ssl->renegotiation = SSL_RENEGOTIATION;
-
         if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
             return( ret );
 
+        ssl->state = SSL_HELLO_REQUEST;
+        ssl->renegotiation = SSL_RENEGOTIATION;
+    }
+
     if( ( ret = ssl_handshake( ssl ) ) != 0 )
     {
         SSL_DEBUG_RET( 1, "ssl_handshake", ret );