commit bfd0991daae23f6084d9479eee0f306af16bc153
author Hanno Becker <hanno.becker@arm.com> Wed Oct 25 09:34:48 2017 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed Oct 25 09:34:48 2017 +0100
tree a174f1c3f72947c75f2503f7552fddbd7cb24bee
parent 268191a3057363193a7b28d86f42c20eceace390

Fix handling of HS msgs in ssl_read if renegotiation unused

Previously, if `POLARSSL_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `ssl_read` (expecting application data) lead to the connection being
closed. This commit fixes this, restricting the
`POLARSSL_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c722966..ee87bc0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4755,7 +4755,6 @@
             }
         }
 
-#if defined(POLARSSL_SSL_RENEGOTIATION)
         if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
         {
             SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
@@ -4770,6 +4769,7 @@
             }
 #endif
 
+#if defined(POLARSSL_SSL_RENEGOTIATION)
             if( ! ( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
                     ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
                       ssl->allow_legacy_renegotiation ==
@@ -4784,6 +4784,7 @@
                 }
             }
             else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
             {
                 SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
 
@@ -4820,6 +4821,7 @@
 
             return( POLARSSL_ERR_NET_WANT_READ );
         }
+#if defined(POLARSSL_SSL_RENEGOTIATION)
         else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
         {
             ssl->renego_records_seen++;