From ba958b8bdc8b4348800ad75435583d9f4225f703 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 9 Oct 2014 16:13:44 +0200
Subject: [PATCH] Add test for server-initiated renego

Just assuming the HelloRequest isn't lost for now
---
 library/ssl_tls.c         | 13 +++++++++----
 programs/test/udp_proxy.c | 10 ++++++++++
 tests/ssl-opt.sh          | 30 ++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ea8696c04..fecce58c6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2961,9 +2961,12 @@ static int ssl_parse_record_header( ssl_context *ssl )
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
         }
 
-        /* Drop unexpected ApplicationData records */
+        /* Drop unexpected ApplicationData records,
+         * except at the beginning of renegotiations */
         if( ssl->in_msgtype == SSL_MSG_APPLICATION_DATA &&
-            ssl->state != SSL_HANDSHAKE_OVER )
+            ssl->state != SSL_HANDSHAKE_OVER &&
+            ! ( ssl->renegotiation == SSL_RENEGOTIATION &&
+                ssl->state == SSL_SERVER_HELLO ) )
         {
             SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
@@ -5839,8 +5842,10 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
         ssl->in_offt = ssl->in_msg;
 
 #if defined(POLARSSL_TIMING_C)
-        /* We're going to return something now, cancel timer */
-        ssl_set_timer( ssl, 0 );
+        /* We're going to return something now, cancel timer,
+         * except if handshake (renegotiation) is in progress */
+        if( ssl->state == SSL_HANDSHAKE_OVER )
+            ssl_set_timer( ssl, 0 );
 #endif
     }
 
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 782fe62fb..c95b7f34a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -95,6 +95,7 @@ int main( void )
     "                        drop packets larger than N bytes\n"            \
     "    bad_ad=0/1          default: 0 (don't add bad ApplicationData)\n"  \
     "    protect_hvr=0/1     default: 0 (don't protect HelloVerifyRequest)\n" \
+    "    protect_len=%%d     default: (don't protect packets of this size)\n" \
     "\n"                                                                    \
     "    seed=%%d             default: (use current time)\n"                \
     "\n"
@@ -116,6 +117,7 @@ static struct options
     int mtu;                    /* drop packets larger than this            */
     int bad_ad;                 /* inject corrupted ApplicationData record  */
     int protect_hvr;            /* never drop or delay HelloVerifyRequest   */
+    int protect_len;            /* never drop/delay packet of the given size*/
 
     unsigned int seed;          /* seed for "random" events                 */
 } opt;
@@ -207,6 +209,12 @@ static void get_options( int argc, char *argv[] )
             if( opt.protect_hvr < 0 || opt.protect_hvr > 1 )
                 exit_usage( p, q );
         }
+        else if( strcmp( p, "protect_len" ) == 0 )
+        {
+            opt.protect_len = atoi( q );
+            if( opt.protect_len < 0 )
+                exit_usage( p, q );
+        }
         else if( strcmp( p, "seed" ) == 0 )
         {
             opt.seed = atoi( q );
@@ -416,6 +424,7 @@ int handle_message( const char *way, int dst, int src )
           strcmp( cur.type, "ApplicationData" ) != 0 &&
           ! ( opt.protect_hvr &&
               strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
+          cur.len != (size_t) opt.protect_len &&
           dropped[id] < DROP_MAX &&
           rand() % opt.drop == 0 ) )
     {
@@ -428,6 +437,7 @@ int handle_message( const char *way, int dst, int src )
                ! ( opt.protect_hvr &&
                    strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
                prev.dst == 0 &&
+               cur.len != (size_t) opt.protect_len &&
                dropped[id] < DROP_MAX &&
                rand() % opt.delay == 0 ) )
     {
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 372e5a98d..60fb5e73c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2360,6 +2360,36 @@ run_test    "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
 
+needs_more_time 4
+run_test    "DTLS proxy: 3d, min handshake, server-initiated renego" \
+            -p "$P_PXY drop=5 delay=5 duplicate=5 protect_len=41" \
+            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+             psk=abc123 renegotiate=1 renegotiation=1 exchanges=2 \
+             debug_level=2" \
+            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+             renegotiation=1 exchanges=2 debug_level=2 \
+             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
+            0 \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -s "Extra-header:" \
+            -c "HTTP/1.0 200 OK"
+
+needs_more_time 4
+run_test    "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
+            -p "$P_PXY drop=5 delay=5 duplicate=5 protect_len=41" \
+            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+             psk=abc123 renegotiate=1 renegotiation=1 exchanges=2 \
+             debug_level=2 nbio=2" \
+            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+             renegotiation=1 exchanges=2 debug_level=2 nbio=2 \
+             force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
+            0 \
+            -c "=> renegotiate" \
+            -s "=> renegotiate" \
+            -s "Extra-header:" \
+            -c "HTTP/1.0 200 OK"
+
 needs_more_time 3
 run_test    "DTLS proxy: 3d, openssl server" \
             -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \