From 74ace59dc62907f1d4062d5ae1b1de1ba750d007 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 25 Oct 2022 17:26:58 +0100
Subject: [PATCH] Fix macro-spanning ifs in ssl_srv.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_srv.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2dda6bed0d..0563c0b590 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1454,6 +1454,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
 
+    int renegotiating = 0;
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 read_record_header:
 #endif
@@ -1463,8 +1464,10 @@ read_record_header:
      * ClientHello, which doesn't use the same record layer format.
      */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+        renegotiating = 1;
 #endif
+    if( !renegotiating )
     {
         if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
         {
@@ -1477,9 +1480,12 @@ read_record_header:
     buf = ssl->in_hdr;
 
 #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+    int is_dtls = 0;
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        is_dtls = 1;
 #endif
+    if( !is_dtls )
         if( ( buf[0] & 0x80 ) != 0 )
             return( ssl_parse_client_hello_v2( ssl ) );
 #endif