diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5786f657e..0991926b3 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1243,14 +1243,15 @@ static inline int mbedtls_ssl_get_renego_status( #endif } -static inline int mbedtls_ssl_conf_get_disable_renego( +static inline int mbedtls_ssl_conf_is_renegotiation_enabled( const mbedtls_ssl_config *conf ) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - return( conf->disable_renegotiation ); + return( conf->disable_renegotiation == + MBEDTLS_SSL_RENEGOTIATION_ENABLED ); #else (void) conf; - return( MBEDTLS_SSL_RENEGOTIATION_DISABLED ); + return( 0 ); #endif } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 42ccb780b..d43912ddc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -10030,7 +10030,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || - ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) + ! mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) ) { return( 0 ); } @@ -10855,8 +10855,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, /* ... with an AEAD ciphersuite. */ mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 || /* Renegotation is disabled. */ - mbedtls_ssl_conf_get_disable_renego( ssl->conf ) - != MBEDTLS_SSL_RENEGOTIATION_DISABLED ) + mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -11079,8 +11078,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, MBEDTLS_SSL_MINOR_VERSION_3 || mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) > MBEDTLS_SSL_MINOR_VERSION_3 || - mbedtls_ssl_conf_get_disable_renego( ssl->conf ) - != MBEDTLS_SSL_RENEGOTIATION_DISABLED ) + mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); }