Switch three more renegotiate checks to initial_handshake_complete.
ssl_cipher_list_to_bytes is client-only, so s->renegotiate worked, but
the only reason the other two worked is because s->renegotiate isn't a
lie on the server before ServerHello.
BUG=429450
Change-Id: If68a986c6ec4a0f16e57a6187238e05b50ecedfc
Reviewed-on: https://boringssl-review.googlesource.com/4822
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3a2e0dd..a93134d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1267,7 +1267,7 @@
}
/* Add SCSVs. */
- if (!s->renegotiate) {
+ if (!s->s3->initial_handshake_complete) {
s2n(SSL3_CK_SCSV & 0xffff, p);
}
@@ -1310,7 +1310,7 @@
/* Check for SCSV. */
if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) {
/* SCSV is fatal if renegotiating. */
- if (s->renegotiate) {
+ if (s->s3->initial_handshake_complete) {
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list,
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4b29de5..2b1575b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1638,7 +1638,7 @@
ri_check:
/* Need RI if renegotiating */
- if (!renegotiate_seen && s->renegotiate &&
+ if (!renegotiate_seen && s->s3->initial_handshake_complete &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, ssl_scan_clienthello_tlsext,