commit 20f6e97c7ed44312ac6a9f89c5e7914b99580d36
author David Benjamin <davidben@chromium.org> Fri May 15 21:51:49 2015 -0400
committer Adam Langley <agl@google.com> Thu May 21 18:31:55 2015 +0000
tree a231cc4823e23e9e702dc62d8b3bcc6deac13fd3
parent d23d5a5a8b41e1c3281bab995f3f601ac2e0e5d8

Switch three more renegotiate checks to initial_handshake_complete.

ssl_cipher_list_to_bytes is client-only, so s->renegotiate worked, but
the only reason the other two worked is because s->renegotiate isn't a
lie on the server before ServerHello.

BUG=429450

Change-Id: If68a986c6ec4a0f16e57a6187238e05b50ecedfc
Reviewed-on: https://boringssl-review.googlesource.com/4822
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3a2e0dd..a93134d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1267,7 +1267,7 @@
   }
 
   /* Add SCSVs. */
-  if (!s->renegotiate) {
+  if (!s->s3->initial_handshake_complete) {
     s2n(SSL3_CK_SCSV & 0xffff, p);
   }
 
@@ -1310,7 +1310,7 @@
     /* Check for SCSV. */
     if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) {
       /* SCSV is fatal if renegotiating. */
-      if (s->renegotiate) {
+      if (s->s3->initial_handshake_complete) {
         OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list,
                           SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4b29de5..2b1575b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1638,7 +1638,7 @@
 ri_check:
   /* Need RI if renegotiating */
 
-  if (!renegotiate_seen && s->renegotiate &&
+  if (!renegotiate_seen && s->s3->initial_handshake_complete &&
       !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
     *out_alert = SSL_AD_HANDSHAKE_FAILURE;
     OPENSSL_PUT_ERROR(SSL, ssl_scan_clienthello_tlsext,