From fa74af0cfa834edbfe5d02ec22fe7c53699770a3 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 Dec 2011 19:49:20 -0500
Subject: [PATCH] Revert "Also handle needless renegotiations in SSL_write()."

This reverts commit e2b3527106e0747f652e2f28fa087d9874e0e2ce.
---
 src/common/tortls.c | 32 ++++++++------------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 65c26cc515..ddb5ea1efc 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1260,17 +1260,6 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
   return NULL;
 }
 
-/** Return true if the <b>tls</b> object has completed more
- *  renegotiations than needed for the Tor protocol. */
-static INLINE int
-tor_tls_got_excess_renegotiations(tor_tls_t *tls)
-{
-  /** The Tor v2 server handshake needs a single renegotiation after
-      the initial SSL handshake. This means that if we ever see more
-      than 2 handshakes, we raise the flag. */
-  return (tls->server_handshake_count > 2) ? 1 : 0;
-}
-
 #ifdef V2_HANDSHAKE_SERVER
 /** Return true iff the cipher list suggested by the client for <b>ssl</b> is
  * a list that indicates that the client knows how to do the v2 TLS connection
@@ -1648,12 +1637,6 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
 
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
 
-  if (tor_tls_got_excess_renegotiations(tls)) {
-    log_info(LD_NET, "Detected excess renegotiation from %s!", ADDR(tls));
-
-    return TOR_TLS_ERROR_MISC;
-  }
-
 #ifdef V2_HANDSHAKE_SERVER
   if (tls->got_renegotiate) {
     tor_assert(tls->server_handshake_count == 2);
@@ -1666,6 +1649,14 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
     tls->got_renegotiate = 0;
 
     return r;
+  } else if (tls->server_handshake_count > 2) {
+    /* If we get more than 2 handshakes, it means that our peer is
+       trying to re-renegotiate. Return an error. */
+    tor_assert(tls->server_handshake_count == 3);
+
+    log_info(LD_NET, "Detected excess renegotiation from %s!", ADDR(tls));
+
+    return TOR_TLS_ERROR_MISC;
   }
 #endif
 
@@ -1705,13 +1696,6 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
   }
   r = SSL_write(tls->ssl, cp, (int)n);
   err = tor_tls_get_error(tls, r, 0, "writing", LOG_INFO, LD_NET);
-
-  if (tor_tls_got_excess_renegotiations(tls)) {
-    log_info(LD_NET, "Detected excess renegotiation from %s!", ADDR(tls));
-
-    return TOR_TLS_ERROR_MISC;
-  }
-
   if (err == TOR_TLS_DONE) {
     return r;
   }