From d0beda01f9d0abfaf35ab24089ed219e756add01 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 6 Sep 2017 16:46:50 -0400
Subject: [PATCH] Properly report SSL_session_reused after a renegotiation.

We forgot to reset that value.

Change-Id: Ic869cb61da332983cc40223cbbdf23b455dd9766
Reviewed-on: https://boringssl-review.googlesource.com/20084
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 ssl/handshake_client.cc   | 2 ++
 ssl/test/bssl_shim.cc     | 5 +++++
 ssl/test/runner/runner.go | 3 +++
 3 files changed, 10 insertions(+)

diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index a779b8ad..52d2e944 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -430,6 +430,8 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
 
   ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
+  // |session_reused| must be reset in case this is a renegotiation.
+  ssl->s3->session_reused = false;
 
   // Freeze the version range.
   if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 0c974381..1d48ccaf 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -2407,6 +2407,11 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, SSL *ssl,
       return false;
     }
 
+    if (SSL_session_reused(ssl)) {
+      fprintf(stderr, "Renegotiations should never resume sessions.\n");
+      return false;
+    }
+
     // Re-check authentication properties after a renegotiation. The reported
     // values should remain unchanged even if the server sent different SCT
     // lists.
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 0ce68496..89f0713c 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -7115,6 +7115,9 @@ func addRenegotiationTests() {
 			},
 		},
 		renegotiate: 1,
+		// Test renegotiation after both an initial and resumption
+		// handshake.
+		resumeSession: true,
 		flags: []string{
 			"-renegotiate-freely",
 			"-expect-total-renegotiations", "1",