1 files changed, 15 insertions, 22 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 683a550ad8..624841a7a4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.227 2022/02/05 18:18:18 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.228 2022/03/17 17:24:37 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2698,35 +2698,28 @@ int
 ssl3_renegotiate(SSL *s)
 {
        if (s->internal->handshake_func == NULL)
-                return (1);
+                return 1;
        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-                return (0);
+                return 0;
        s->s3->renegotiate = 1;
-        return (1);
+        return 1;
 }
 int
 ssl3_renegotiate_check(SSL *s)
 {
-        int     ret = 0;
+        if (!s->s3->renegotiate)
+                return 0;
+        if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0)
+                return 0;
-        if (s->s3->renegotiate) {
+        s->s3->hs.state = SSL_ST_RENEGOTIATE;
-                if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
+        s->s3->renegotiate = 0;
-                    !SSL_in_init(s)) {
+        s->s3->num_renegotiations++;
-                        /*
+        s->s3->total_renegotiations++;
-                         * If we are the server, and we have sent
-                         * a 'RENEGOTIATE' message, we need to go
+        return 1;
-                         * to SSL_ST_ACCEPT.
-                         */
-                        /* SSL_ST_ACCEPT */
-                        s->s3->hs.state = SSL_ST_RENEGOTIATE;
-                        s->s3->renegotiate = 0;
-                        s->s3->num_renegotiations++;
-                        s->s3->total_renegotiations++;
-                        ret = 1;
-                }
-        }
-        return (ret);
 }

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 683a550ad8..624841a7a4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.227 2022/02/05 18:18:18 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.228 2022/03/17 17:24:37 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2698,35 +2698,28 @@ int
2698	ssl3_renegotiate(SSL *s)	2698	ssl3_renegotiate(SSL *s)
2699	{	2699	{
2700	if (s->internal->handshake_func == NULL)	2700	if (s->internal->handshake_func == NULL)
2701	return (1);	2701	return 1;
2702		2702
2703	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)	2703	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2704	return (0);	2704	return 0;
2705		2705
2706	s->s3->renegotiate = 1;	2706	s->s3->renegotiate = 1;
2707	return (1);	2707
		2708	return 1;
2708	}	2709	}
2709		2710
2710	int	2711	int
2711	ssl3_renegotiate_check(SSL *s)	2712	ssl3_renegotiate_check(SSL *s)
2712	{	2713	{
2713	int ret = 0;	2714	if (!s->s3->renegotiate)
		2715	return 0;
		2716	if (SSL_in_init(s) \|\| s->s3->rbuf.left != 0 \|\| s->s3->wbuf.left != 0)
		2717	return 0;
2714		2718
2715	if (s->s3->renegotiate) {	2719	s->s3->hs.state = SSL_ST_RENEGOTIATE;
2716	if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&	2720	s->s3->renegotiate = 0;
2717	!SSL_in_init(s)) {	2721	s->s3->num_renegotiations++;
2718	/*	2722	s->s3->total_renegotiations++;
2719	* If we are the server, and we have sent	2723
2720	* a 'RENEGOTIATE' message, we need to go	2724	return 1;
2721	* to SSL_ST_ACCEPT.
2722	*/
2723	/* SSL_ST_ACCEPT */
2724	s->s3->hs.state = SSL_ST_RENEGOTIATE;
2725	s->s3->renegotiate = 0;
2726	s->s3->num_renegotiations++;
2727	s->s3->total_renegotiations++;
2728	ret = 1;
2729	}
2730	}
2731	return (ret);
2732	}	2725	}