Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag
This flag is never set by anything so remove it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 51a9266..ac78d2d 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -107,6 +107,7 @@
{
s->statem.state = MSG_FLOW_RENEGOTIATE;
s->statem.in_init = 1;
+ s->statem.request_state = TLS_ST_SW_HELLO_REQ;
}
/*
@@ -259,9 +260,12 @@
s->ctx->stats.sess_connect_renegotiate++;
}
- if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) {
+ if (st->state == MSG_FLOW_UNINITED
+ || st->state == MSG_FLOW_RENEGOTIATE
+ || st->state == MSG_FLOW_FINISHED) {
if (st->state == MSG_FLOW_UNINITED) {
st->hand_state = TLS_ST_BEFORE;
+ st->request_state = TLS_ST_BEFORE;
}
s->server = server;
@@ -318,54 +322,57 @@
goto end;
}
- if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
- if (!ssl3_init_finished_mac(s)) {
- ossl_statem_set_error(s);
- goto end;
+ if (!SSL_IS_TLS13(s)) {
+ if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
+ if (!ssl3_init_finished_mac(s)) {
+ ossl_statem_set_error(s);
+ goto end;
+ }
}
- }
- if (server) {
- if (st->state != MSG_FLOW_RENEGOTIATE) {
- s->ctx->stats.sess_accept++;
- } else if (!s->s3->send_connection_binding &&
- !(s->options &
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * Server attempting to renegotiate with client that doesn't
- * support secure renegotiation.
- */
- SSLerr(SSL_F_STATE_MACHINE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- ossl_statem_set_error(s);
- goto end;
+ if (server) {
+ if (st->state != MSG_FLOW_RENEGOTIATE) {
+ s->ctx->stats.sess_accept++;
+ } else if (!s->s3->send_connection_binding &&
+ !(s->options &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * Server attempting to renegotiate with client that doesn't
+ * support secure renegotiation.
+ */
+ SSLerr(SSL_F_STATE_MACHINE,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ossl_statem_set_error(s);
+ goto end;
+ } else {
+ /*
+ * st->state == MSG_FLOW_RENEGOTIATE, we will just send a
+ * HelloRequest
+ */
+ s->ctx->stats.sess_accept_renegotiate++;
+
+ s->s3->tmp.cert_request = 0;
+ }
} else {
- /*
- * st->state == MSG_FLOW_RENEGOTIATE, we will just send a
- * HelloRequest
- */
- s->ctx->stats.sess_accept_renegotiate++;
+ s->ctx->stats.sess_connect++;
+
+ /* mark client_random uninitialized */
+ memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+ s->hit = 0;
+
+ s->s3->tmp.cert_req = 0;
+
+ if (SSL_IS_DTLS(s)) {
+ st->use_timer = 1;
+ }
}
- s->s3->tmp.cert_request = 0;
- } else {
- s->ctx->stats.sess_connect++;
-
- /* mark client_random uninitialized */
- memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
- s->hit = 0;
-
- s->s3->tmp.cert_req = 0;
-
- if (SSL_IS_DTLS(s)) {
- st->use_timer = 1;
- }
+ st->read_state_first_init = 1;
}
st->state = MSG_FLOW_WRITING;
init_write_state_machine(s);
- st->read_state_first_init = 1;
}
while (st->state != MSG_FLOW_FINISHED) {
@@ -396,7 +403,6 @@
}
}
- st->state = MSG_FLOW_UNINITED;
ret = 1;
end:
