commit c392b240c49a8d29ab1d195177f39ae1383aa791
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Aug 19 17:53:11 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:21 2014 +0200
tree 8fd43bb65c1b1a97acc25f9b41ab1b94f368045c
parent 30d16eb4291d10f0870c3315cff63d295fdc33ed

Fix server-initiated renegotiation with DTLS

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 977a5b2..9ae336a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2027,10 +2027,18 @@
             ssl->out_msglen += 8;
             len += 8;
 
-            /* Write message_seq and update it */
-            ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
-            ssl->out_msg[5] = ( ssl->handshake->msg_seq      ) & 0xFF;
-            ++( ssl->handshake->msg_seq );
+            /* Write message_seq and update it, except for HelloRequest */
+            if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
+            {
+                ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
+                ssl->out_msg[5] = ( ssl->handshake->msg_seq      ) & 0xFF;
+                ++( ssl->handshake->msg_seq );
+            }
+            else
+            {
+                ssl->out_msg[4] = 0;
+                ssl->out_msg[5] = 0;
+            }
 
             /* We don't fragment, so frag_offset = 0 and frag_len = len */
             memset( ssl->out_msg + 6, 0x00, 3 );
@@ -2137,12 +2145,15 @@
         ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
 
     /*
-     * For DTLS, we move data so that is looks like
-     * TLS handshake format to other functions.
+     * For DTLS, we move data so that is looks like TLS handshake format to
+     * other functions.
+     * Except on server after the initial handshake (wait until after
+     * update_checksum() in ssl_parse_client_hello()).
      */
 #if defined(POLARSSL_SSL_PROTO_DTLS)
     if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
-        ssl->state != SSL_HANDSHAKE_OVER )
+        ! ( ssl->endpoint == SSL_IS_SERVER &&
+            ssl->state == SSL_HANDSHAKE_OVER ) )
     {
         // TODO: DTLS: check message_seq
 

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index cea5790..1dac6d6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -868,6 +868,19 @@
             -s "=> renegotiate" \
             -S "write hello request"
 
+run_test    "Renegotiation: DTLS, server-initiated" \
+            "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
+            "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -s "write hello request"
+
 # Tests for auth_mode
 
 run_test    "Authentication: server badcert, client required" \