commit ba958b8bdc8b4348800ad75435583d9f4225f703
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Oct 09 16:13:44 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:50 2014 +0200
tree 14e349eb44dcbc8040480a4f6535571c0333c8c3
parent a9d7d03e3098b6be2fff9cf54297330418778034

Add test for server-initiated renego

Just assuming the HelloRequest isn't lost for now

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ea8696c..fecce58 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2961,9 +2961,12 @@
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
         }
 
-        /* Drop unexpected ApplicationData records */
+        /* Drop unexpected ApplicationData records,
+         * except at the beginning of renegotiations */
         if( ssl->in_msgtype == SSL_MSG_APPLICATION_DATA &&
-            ssl->state != SSL_HANDSHAKE_OVER )
+            ssl->state != SSL_HANDSHAKE_OVER &&
+            ! ( ssl->renegotiation == SSL_RENEGOTIATION &&
+                ssl->state == SSL_SERVER_HELLO ) )
         {
             SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
@@ -5839,8 +5842,10 @@
         ssl->in_offt = ssl->in_msg;
 
 #if defined(POLARSSL_TIMING_C)
-        /* We're going to return something now, cancel timer */
-        ssl_set_timer( ssl, 0 );
+        /* We're going to return something now, cancel timer,
+         * except if handshake (renegotiation) is in progress */
+        if( ssl->state == SSL_HANDSHAKE_OVER )
+            ssl_set_timer( ssl, 0 );
 #endif
     }