Fix client-initiated renegotiation with DTLS

library/ssl_srv.c

@@ -1253,6 +1253,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
             SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
             return( ret );
         }
+
+    /* Done reading this record, get ready for the next one */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+        if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+            ssl->next_record_offset = msg_len + ssl_hdr_len( ssl );
+        else
+#endif
+            ssl->in_left = 0;
     }
     else
     {
@@ -1441,7 +1449,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
                        buf + cookie_offset + 1, cookie_len );
 
 #if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
-        if( ssl->f_cookie_check != NULL )
+        if( ssl->f_cookie_check != NULL &&
+            ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
         {
             if( ssl->f_cookie_check( ssl->p_cookie,
                                      buf + cookie_offset + 1, cookie_len,
@@ -1784,8 +1793,6 @@ have_ciphersuite:
     ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
     ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
 
-    /* ClientHello can't be bundled with another record in same datagram */
-    ssl->in_left = 0;
     ssl->state++;
 
     SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );

library/ssl_tls.c

@@ -2141,7 +2141,8 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
      * TLS handshake format to other functions.
      */
 #if defined(POLARSSL_SSL_PROTO_DTLS)
-    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+        ssl->state != SSL_HANDSHAKE_OVER )
     {
         // TODO: DTLS: check message_seq
 
@@ -2289,11 +2290,13 @@ int ssl_read_record( ssl_context *ssl )
         return( ret );
     }
 
-#if defined(POLARSSL_SSL_PROTO_DTLS)
     /* Done reading this record, get ready for the next one */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
     if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
         ssl->next_record_offset = ssl->in_msglen + ssl_hdr_len( ssl );
+    else
 #endif
+        ssl->in_left = 0;
 
     SSL_DEBUG_BUF( 4, "input record from network",
                    ssl->in_hdr, ssl_hdr_len( ssl ) + ssl->in_msglen );
@@ -2402,12 +2405,6 @@ int ssl_read_record( ssl_context *ssl )
         }
     }
 
-    /* With DTLS there might be other records in the same datagram */
-#if defined(POLARSSL_SSL_PROTO_DTLS)
-    if( ssl->transport != SSL_TRANSPORT_DATAGRAM )
-#endif
-    ssl->in_left = 0;
-
     SSL_DEBUG_MSG( 2, ( "<= read record" ) );
 
     return( 0 );

tests/ssl-opt.sh

@@ -855,6 +855,19 @@ run_test    "Renegotiation: gnutls server, client-initiated" \
             -C "error" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
+run_test    "Renegotiation: DTLS, client-initiated" \
+            "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -S "write hello request"
+
 # Tests for auth_mode
 
 run_test    "Authentication: server badcert, client required" \