Fix server-initiated renego with non-blocking I/O

2024-11-22 10:45:36 +01:00 · 2014-08-15 19:04:47 +02:00 · 2014-08-15 19:04:47 +02:00 · f07f421759
commit f07f421759
parent a8c0a0dbd0
3 changed files with 34 additions and 2 deletions
--- a/2
+++ b/2
@ -12,6 +12,8 @@ Bugfix
   * Remove non-existent file from VS projects (found by Peter Vaskovic).
   * ssl_read() could return non-application data records on server while
     renegotation was pending, and on client when a HelloRequest was received.
+   * Server-initiated renegotiation would fail with non-blocking I/O if the
+     write callback returned WANT_WRITE when requesting renegotiation.

 Changes
   * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4167,8 +4167,6 @@ static int ssl_write_hello_request( ssl_context *ssl )
        return( ret );
    }

-    ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
-
    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );

    return( 0 );
@ -4222,6 +4220,12 @@ int ssl_renegotiate( ssl_context *ssl )
        if( ssl->state != SSL_HANDSHAKE_OVER )
            return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

+        ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+
+        /* Did we already try/start sending HelloRequest? */
+        if( ssl->out_left != 0 )
+            return( ssl_flush_output( ssl ) );
+
        return( ssl_write_hello_request( ssl ) );
    }
 #endif /* POLARSSL_SSL_SRV_C */
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -709,6 +709,32 @@ run_test    "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
            -S "SSL - An unexpected message was received from our peer" \
            -S "failed"

+run_test    "Renegotiation #10 (nbio, enabled, client-initiated)" \
+            "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
+            "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -S "write hello request"
+
+run_test    "Renegotiation #11 (nbio, enabled, server-initiated)" \
+            "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
+            "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -s "write hello request"
+
 # Tests for auth_mode

 run_test    "Authentication #1 (server badcert, client required)" \