1 files changed, 7 insertions, 56 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 867e796529..c595fa31cc 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -273,7 +273,6 @@ ssl3_accept(SSL *s)
                        }
                        s->init_num = 0;
-                        s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
                        if (s->state != SSL_ST_RENEGOTIATE) {
                                /*
@@ -487,21 +486,13 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SR_CERT_A:
                case SSL3_ST_SR_CERT_B:
-                        /* Check for second client hello (MS SGC) */
+                        if (s->s3->tmp.cert_request) {
-                        ret = ssl3_check_client_hello(s);
+                                ret = ssl3_get_client_certificate(s);
-                        if (ret <= 0)
+                                if (ret <= 0)
-                                goto end;
+                                        goto end;
-                        if (ret == 2)
-                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
-                        else {
-                                if (s->s3->tmp.cert_request) {
-                                        ret = ssl3_get_client_certificate(s);
-                                        if (ret <= 0)
-                                                goto end;
-                                }
-                                s->init_num = 0;
-                                s->state = SSL3_ST_SR_KEY_EXCH_A;
                        }
+                        s->init_num = 0;
+                        s->state = SSL3_ST_SR_KEY_EXCH_A;
                        break;
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -765,46 +756,6 @@ ssl3_send_hello_request(SSL *s)
 }
 int
-ssl3_check_client_hello(SSL *s)
-{
-        int ok;
-        long n;
-        /*
-         * This function is called when we really expect a Certificate message,
-         * so permit appropriate message length
-         */
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A,
-            SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok);
-        if (!ok)
-                return ((int)n);
-        s->s3->tmp.reuse_message = 1;
-        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
-                /*
-                 * We only allow the client to restart the handshake once per
-                 * negotiation.
-                 */
-                if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
-                        SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
-                            SSL_R_MULTIPLE_SGC_RESTARTS);
-                        return (-1);
-                }
-                /*
-                 * Throw away what we have done so far in the current handshake,
-                 * which will now be aborted. (A full SSL_clear would be too
-                 * much.)
-                 */
-                DH_free(s->s3->tmp.dh);
-                s->s3->tmp.dh = NULL;
-                EC_KEY_free(s->s3->tmp.ecdh);
-                s->s3->tmp.ecdh = NULL;
-                s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
-                return (2);
-        }
-        return (1);
-}
-int
 ssl3_get_client_hello(SSL *s)
 {
        int i, j, ok, al, ret = -1;

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 867e796529..c595fa31cc 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -273,7 +273,6 @@ ssl3_accept(SSL *s)
273	}	273	}
274		274
275	s->init_num = 0;	275	s->init_num = 0;
276	s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
277		276
278	if (s->state != SSL_ST_RENEGOTIATE) {	277	if (s->state != SSL_ST_RENEGOTIATE) {
279	/*	278	/*
@@ -487,21 +486,13 @@ ssl3_accept(SSL *s)
487		486
488	case SSL3_ST_SR_CERT_A:	487	case SSL3_ST_SR_CERT_A:
489	case SSL3_ST_SR_CERT_B:	488	case SSL3_ST_SR_CERT_B:
490	/* Check for second client hello (MS SGC) */	489	if (s->s3->tmp.cert_request) {
491	ret = ssl3_check_client_hello(s);	490	ret = ssl3_get_client_certificate(s);
492	if (ret <= 0)	491	if (ret <= 0)
493	goto end;	492	goto end;
494	if (ret == 2)
495	s->state = SSL3_ST_SR_CLNT_HELLO_C;
496	else {
497	if (s->s3->tmp.cert_request) {
498	ret = ssl3_get_client_certificate(s);
499	if (ret <= 0)
500	goto end;
501	}
502	s->init_num = 0;
503	s->state = SSL3_ST_SR_KEY_EXCH_A;
504	}	493	}
		494	s->init_num = 0;
		495	s->state = SSL3_ST_SR_KEY_EXCH_A;
505	break;	496	break;
506		497
507	case SSL3_ST_SR_KEY_EXCH_A:	498	case SSL3_ST_SR_KEY_EXCH_A:
@@ -765,46 +756,6 @@ ssl3_send_hello_request(SSL *s)
765	}	756	}
766		757
767	int	758	int
768	ssl3_check_client_hello(SSL *s)
769	{
770	int ok;
771	long n;
772
773	/*
774	* This function is called when we really expect a Certificate message,
775	* so permit appropriate message length
776	*/
777	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A,
778	SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok);
779	if (!ok)
780	return ((int)n);
781	s->s3->tmp.reuse_message = 1;
782	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
783	/*
784	* We only allow the client to restart the handshake once per
785	* negotiation.
786	*/
787	if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
788	SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
789	SSL_R_MULTIPLE_SGC_RESTARTS);
790	return (-1);
791	}
792	/*
793	* Throw away what we have done so far in the current handshake,
794	* which will now be aborted. (A full SSL_clear would be too
795	* much.)
796	*/
797	DH_free(s->s3->tmp.dh);
798	s->s3->tmp.dh = NULL;
799	EC_KEY_free(s->s3->tmp.ecdh);
800	s->s3->tmp.ecdh = NULL;
801	s->s3->flags \|= SSL3_FLAGS_SGC_RESTART_DONE;
802	return (2);
803	}
804	return (1);
805	}
806
807	int
808	ssl3_get_client_hello(SSL *s)	759	ssl3_get_client_hello(SSL *s)
809	{	760	{
810	int i, j, ok, al, ret = -1;	761	int i, j, ok, al, ret = -1;