commit 26a4cf63ec125f8a4538c4922c6a33cb532786c1
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 15 13:52:48 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:57 2014 +0200
tree 15e1a5e7a007006307a3d1b4bc19fc7a20f63aab
parent a6ace04c5c0ea83056772534eb6ec0fb33160de3

Add retransmission of HelloRequest

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 67aaa98..7c34d0f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1889,6 +1889,10 @@
 }
 #endif /* POLARSSL_ZLIB_SUPPORT */
 
+#if defined(POLARSSL_SSL_SRV_C)
+static int ssl_write_hello_request( ssl_context *ssl );
+#endif
+
 /*
  * Fill the input message buffer by appending data to it.
  * The amount of data already fetched is in ssl->in_left.
@@ -2037,6 +2041,19 @@
 
                 return( POLARSSL_ERR_NET_WANT_READ );
             }
+#if defined(POLARSSL_SSL_SRV_C)
+            else if( ssl->endpoint == SSL_IS_SERVER &&
+                     ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+            {
+                if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+                {
+                    SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+                    return( ret );
+                }
+
+                return( POLARSSL_ERR_NET_WANT_READ );
+            }
+#endif /* POLARSSL_SSL_SRV_C */
         }
 
         if( ret < 0 )
@@ -5722,15 +5739,17 @@
     SSL_DEBUG_MSG( 2, ( "=> read" ) );
 
 #if defined(POLARSSL_SSL_PROTO_DTLS)
-    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL &&
-        ssl->handshake->retransmit_state == SSL_RETRANS_SENDING )
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
     {
         if( ( ret = ssl_flush_output( ssl ) ) != 0 )
             return( ret );
 
-        if( ( ret = ssl_resend( ssl ) ) != 0 )
-            return( ret );
+        if( ssl->handshake != NULL &&
+            ssl->handshake->retransmit_state == SSL_RETRANS_SENDING )
+        {
+            if( ( ret = ssl_resend( ssl ) ) != 0 )
+                return( ret );
+        }
     }
 #endif
 
@@ -5912,6 +5931,21 @@
          * except if handshake (renegotiation) is in progress */
         if( ssl->state == SSL_HANDSHAKE_OVER )
             ssl_set_timer( ssl, 0 );
+
+        /* If we requested renego but received AppData, resend HelloRequest.
+         * Do it now, after setting in_offt, to avoid taking this branch
+         * again if ssl_write_hello_request() returns WANT_WRITE */
+#if defined(POLARSSL_SSL_SRV_C)
+        if( ssl->endpoint == SSL_IS_SERVER &&
+            ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+        {
+            if( ( ret = ssl_write_hello_request( ssl ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "ssl_write_hello_request", ret );
+                return( ret );
+            }
+        }
+#endif /* POLARSSL_SSL_SRV_C */
 #endif
     }