commit f07f421759f63fbffa1489153a63cbfc8dddf4d2
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Aug 15 19:04:47 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Aug 19 13:32:15 2014 +0200
tree 0945c50adfeb7a150df41527575c498d4a7ae059
parent a8c0a0dbd0111b426b9ea7b695ba221c73afe36f

Fix server-initiated renego with non-blocking I/O

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index f2e0862..6aab3d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
    * Remove non-existent file from VS projects (found by Peter Vaskovic).
    * ssl_read() could return non-application data records on server while
      renegotation was pending, and on client when a HelloRequest was received.
+   * Server-initiated renegotiation would fail with non-blocking I/O if the
+     write callback returned WANT_WRITE when requesting renegotiation.
 
 Changes
    * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e6c4efd..6e6f6da 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4167,8 +4167,6 @@
         return( ret );
     }
 
-    ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
-
     SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
 
     return( 0 );
@@ -4222,6 +4220,12 @@
         if( ssl->state != SSL_HANDSHAKE_OVER )
             return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
+        ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+
+        /* Did we already try/start sending HelloRequest? */
+        if( ssl->out_left != 0 )
+            return( ssl_flush_output( ssl ) );
+
         return( ssl_write_hello_request( ssl ) );
     }
 #endif /* POLARSSL_SSL_SRV_C */

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e05019f..ed0f19c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -709,6 +709,32 @@
             -S "SSL - An unexpected message was received from our peer" \
             -S "failed"
 
+run_test    "Renegotiation #10 (nbio, enabled, client-initiated)" \
+            "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
+            "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -S "write hello request"
+
+run_test    "Renegotiation #11 (nbio, enabled, server-initiated)" \
+            "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
+            "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -s "write hello request"
+
 # Tests for auth_mode
 
 run_test    "Authentication #1 (server badcert, client required)" \