summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbeck <>2017-05-06 22:24:58 +0000
committerbeck <>2017-05-06 22:24:58 +0000
commitde2b05d4b4bdc8132abc4507b6d3e48eeba9340b (patch)
tree4bcdcd934dd374037387e49c88e9fc7a9c2362be /src
parent0e5e712591c7f580f436de535348a0d768707768 (diff)
downloadopenbsd-de2b05d4b4bdc8132abc4507b6d3e48eeba9340b.tar.gz
openbsd-de2b05d4b4bdc8132abc4507b6d3e48eeba9340b.tar.bz2
openbsd-de2b05d4b4bdc8132abc4507b6d3e48eeba9340b.zip
Bring in an SSL_HANDSHAKE structure and commence the great shovelling
ok jsing@, gcc@, regress@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_clnt.c24
-rw-r--r--src/lib/libssl/d1_srvr.c24
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/ssl_both.c4
-rw-r--r--src/lib/libssl/ssl_clnt.c34
-rw-r--r--src/lib/libssl/ssl_lib.c12
-rw-r--r--src/lib/libssl/ssl_locl.h24
-rw-r--r--src/lib/libssl/ssl_pkt.c8
-rw-r--r--src/lib/libssl/ssl_srvr.c48
-rw-r--r--src/lib/libssl/t1_enc.c34
-rw-r--r--src/lib/libssl/t1_lib.c14
-rw-r--r--src/regress/lib/libssl/unit/tls_prf.c4
12 files changed, 121 insertions, 115 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 8e4c2586a3..802aa5cde0 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.74 2017/02/07 02:08:38 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.75 2017/05/06 22:24:57 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -268,7 +268,7 @@ dtls1_connect(SSL *s)
268 268
269 if (D1I(s)->send_cookie) { 269 if (D1I(s)->send_cookie) {
270 s->internal->state = SSL3_ST_CW_FLUSH; 270 s->internal->state = SSL3_ST_CW_FLUSH;
271 S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; 271 S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
272 } else 272 } else
273 s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; 273 s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
274 274
@@ -324,7 +324,7 @@ dtls1_connect(SSL *s)
324 break; 324 break;
325 } 325 }
326 /* Check if it is anon DH. */ 326 /* Check if it is anon DH. */
327 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & 327 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
328 SSL_aNULL)) { 328 SSL_aNULL)) {
329 ret = ssl3_get_server_certificate(s); 329 ret = ssl3_get_server_certificate(s);
330 if (ret <= 0) 330 if (ret <= 0)
@@ -372,11 +372,11 @@ dtls1_connect(SSL *s)
372 goto end; 372 goto end;
373 dtls1_stop_timer(s); 373 dtls1_stop_timer(s);
374 if (S3I(s)->tmp.cert_req) 374 if (S3I(s)->tmp.cert_req)
375 S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A; 375 S3I(s)->hs.next_state = SSL3_ST_CW_CERT_A;
376 else 376 else
377 S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; 377 S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A;
378 s->internal->init_num = 0; 378 s->internal->init_num = 0;
379 s->internal->state = S3I(s)->tmp.next_state; 379 s->internal->state = S3I(s)->hs.next_state;
380 break; 380 break;
381 381
382 case SSL3_ST_CW_CERT_A: 382 case SSL3_ST_CW_CERT_A:
@@ -435,7 +435,7 @@ dtls1_connect(SSL *s)
435 s->internal->state = SSL3_ST_CW_FINISHED_A; 435 s->internal->state = SSL3_ST_CW_FINISHED_A;
436 s->internal->init_num = 0; 436 s->internal->init_num = 0;
437 437
438 s->session->cipher = S3I(s)->tmp.new_cipher; 438 s->session->cipher = S3I(s)->hs.new_cipher;
439 if (!tls1_setup_key_block(s)) { 439 if (!tls1_setup_key_block(s)) {
440 ret = -1; 440 ret = -1;
441 goto end; 441 goto end;
@@ -466,7 +466,7 @@ dtls1_connect(SSL *s)
466 /* clear flags */ 466 /* clear flags */
467 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 467 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
468 if (s->internal->hit) { 468 if (s->internal->hit) {
469 S3I(s)->tmp.next_state = SSL_ST_OK; 469 S3I(s)->hs.next_state = SSL_ST_OK;
470 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 470 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
471 s->internal->state = SSL_ST_OK; 471 s->internal->state = SSL_ST_OK;
472 s->s3->flags |= SSL3_FLAGS_POP_BUFFER; 472 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
@@ -476,10 +476,10 @@ dtls1_connect(SSL *s)
476 476
477 /* Allow NewSessionTicket if ticket expected */ 477 /* Allow NewSessionTicket if ticket expected */
478 if (s->internal->tlsext_ticket_expected) 478 if (s->internal->tlsext_ticket_expected)
479 S3I(s)->tmp.next_state = 479 S3I(s)->hs.next_state =
480 SSL3_ST_CR_SESSION_TICKET_A; 480 SSL3_ST_CR_SESSION_TICKET_A;
481 else 481 else
482 S3I(s)->tmp.next_state = 482 S3I(s)->hs.next_state =
483 SSL3_ST_CR_FINISHED_A; 483 SSL3_ST_CR_FINISHED_A;
484 } 484 }
485 s->internal->init_num = 0; 485 s->internal->init_num = 0;
@@ -527,14 +527,14 @@ dtls1_connect(SSL *s)
527 /* If the write error was fatal, stop trying */ 527 /* If the write error was fatal, stop trying */
528 if (!BIO_should_retry(s->wbio)) { 528 if (!BIO_should_retry(s->wbio)) {
529 s->internal->rwstate = SSL_NOTHING; 529 s->internal->rwstate = SSL_NOTHING;
530 s->internal->state = S3I(s)->tmp.next_state; 530 s->internal->state = S3I(s)->hs.next_state;
531 } 531 }
532 532
533 ret = -1; 533 ret = -1;
534 goto end; 534 goto end;
535 } 535 }
536 s->internal->rwstate = SSL_NOTHING; 536 s->internal->rwstate = SSL_NOTHING;
537 s->internal->state = S3I(s)->tmp.next_state; 537 s->internal->state = S3I(s)->hs.next_state;
538 break; 538 break;
539 539
540 case SSL_ST_OK: 540 case SSL_ST_OK:
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 605f0a59ad..1ef8bce56b 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -277,7 +277,7 @@ dtls1_accept(SSL *s)
277 ret = ssl3_send_hello_request(s); 277 ret = ssl3_send_hello_request(s);
278 if (ret <= 0) 278 if (ret <= 0)
279 goto end; 279 goto end;
280 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 280 S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
281 s->internal->state = SSL3_ST_SW_FLUSH; 281 s->internal->state = SSL3_ST_SW_FLUSH;
282 s->internal->init_num = 0; 282 s->internal->init_num = 0;
283 283
@@ -335,7 +335,7 @@ dtls1_accept(SSL *s)
335 if (ret <= 0) 335 if (ret <= 0)
336 goto end; 336 goto end;
337 s->internal->state = SSL3_ST_SW_FLUSH; 337 s->internal->state = SSL3_ST_SW_FLUSH;
338 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 338 S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
339 339
340 /* HelloVerifyRequest resets Finished MAC */ 340 /* HelloVerifyRequest resets Finished MAC */
341 if (!tls1_init_finished_mac(s)) { 341 if (!tls1_init_finished_mac(s)) {
@@ -366,7 +366,7 @@ dtls1_accept(SSL *s)
366 case SSL3_ST_SW_CERT_A: 366 case SSL3_ST_SW_CERT_A:
367 case SSL3_ST_SW_CERT_B: 367 case SSL3_ST_SW_CERT_B:
368 /* Check if it is anon DH. */ 368 /* Check if it is anon DH. */
369 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & 369 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
370 SSL_aNULL)) { 370 SSL_aNULL)) {
371 dtls1_start_timer(s); 371 dtls1_start_timer(s);
372 ret = ssl3_send_server_certificate(s); 372 ret = ssl3_send_server_certificate(s);
@@ -385,7 +385,7 @@ dtls1_accept(SSL *s)
385 385
386 case SSL3_ST_SW_KEY_EXCH_A: 386 case SSL3_ST_SW_KEY_EXCH_A:
387 case SSL3_ST_SW_KEY_EXCH_B: 387 case SSL3_ST_SW_KEY_EXCH_B:
388 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 388 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
389 389
390 /* Only send if using a DH key exchange. */ 390 /* Only send if using a DH key exchange. */
391 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 391 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
@@ -422,7 +422,7 @@ dtls1_accept(SSL *s)
422 if (!(s->verify_mode & SSL_VERIFY_PEER) || 422 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
423 ((s->session->peer != NULL) && 423 ((s->session->peer != NULL) &&
424 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 424 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
425 ((S3I(s)->tmp.new_cipher->algorithm_auth & 425 ((S3I(s)->hs.new_cipher->algorithm_auth &
426 SSL_aNULL) && !(s->verify_mode & 426 SSL_aNULL) && !(s->verify_mode &
427 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { 427 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
428 /* no cert request */ 428 /* no cert request */
@@ -446,7 +446,7 @@ dtls1_accept(SSL *s)
446 ret = ssl3_send_server_done(s); 446 ret = ssl3_send_server_done(s);
447 if (ret <= 0) 447 if (ret <= 0)
448 goto end; 448 goto end;
449 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 449 S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
450 s->internal->state = SSL3_ST_SW_FLUSH; 450 s->internal->state = SSL3_ST_SW_FLUSH;
451 s->internal->init_num = 0; 451 s->internal->init_num = 0;
452 break; 452 break;
@@ -457,14 +457,14 @@ dtls1_accept(SSL *s)
457 /* If the write error was fatal, stop trying */ 457 /* If the write error was fatal, stop trying */
458 if (!BIO_should_retry(s->wbio)) { 458 if (!BIO_should_retry(s->wbio)) {
459 s->internal->rwstate = SSL_NOTHING; 459 s->internal->rwstate = SSL_NOTHING;
460 s->internal->state = S3I(s)->tmp.next_state; 460 s->internal->state = S3I(s)->hs.next_state;
461 } 461 }
462 462
463 ret = -1; 463 ret = -1;
464 goto end; 464 goto end;
465 } 465 }
466 s->internal->rwstate = SSL_NOTHING; 466 s->internal->rwstate = SSL_NOTHING;
467 s->internal->state = S3I(s)->tmp.next_state; 467 s->internal->state = S3I(s)->hs.next_state;
468 break; 468 break;
469 469
470 case SSL3_ST_SR_CERT_A: 470 case SSL3_ST_SR_CERT_A:
@@ -590,7 +590,7 @@ dtls1_accept(SSL *s)
590 case SSL3_ST_SW_CHANGE_A: 590 case SSL3_ST_SW_CHANGE_A:
591 case SSL3_ST_SW_CHANGE_B: 591 case SSL3_ST_SW_CHANGE_B:
592 592
593 s->session->cipher = S3I(s)->tmp.new_cipher; 593 s->session->cipher = S3I(s)->hs.new_cipher;
594 if (!tls1_setup_key_block(s)) { 594 if (!tls1_setup_key_block(s)) {
595 ret = -1; 595 ret = -1;
596 goto end; 596 goto end;
@@ -625,10 +625,10 @@ dtls1_accept(SSL *s)
625 goto end; 625 goto end;
626 s->internal->state = SSL3_ST_SW_FLUSH; 626 s->internal->state = SSL3_ST_SW_FLUSH;
627 if (s->internal->hit) { 627 if (s->internal->hit) {
628 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; 628 S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
629 629
630 } else { 630 } else {
631 S3I(s)->tmp.next_state = SSL_ST_OK; 631 S3I(s)->hs.next_state = SSL_ST_OK;
632 } 632 }
633 s->internal->init_num = 0; 633 s->internal->init_num = 0;
634 break; 634 break;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 0f05b8f2fe..f728eb7648 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.141 2017/05/06 20:37:24 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.142 2017/05/06 22:24:57 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2504,7 +2504,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2504 int ret = 0; 2504 int ret = 0;
2505 unsigned long alg_k; 2505 unsigned long alg_k;
2506 2506
2507 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2507 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2508 2508
2509#ifndef OPENSSL_NO_GOST 2509#ifndef OPENSSL_NO_GOST
2510 if ((alg_k & SSL_kGOST)) { 2510 if ((alg_k & SSL_kGOST)) {
@@ -2720,7 +2720,7 @@ ssl3_renegotiate_check(SSL *s)
2720long 2720long
2721ssl_get_algorithm2(SSL *s) 2721ssl_get_algorithm2(SSL *s)
2722{ 2722{
2723 long alg2 = S3I(s)->tmp.new_cipher->algorithm2; 2723 long alg2 = S3I(s)->hs.new_cipher->algorithm2;
2724 2724
2725 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2725 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2726 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2726 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index d1a0879b72..13c39e85b2 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.7 2017/03/05 14:24:12 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.8 2017/05/06 22:24:57 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -224,7 +224,7 @@ ssl3_take_mac(SSL *s)
224 * If no new cipher setup return immediately: other functions will 224 * If no new cipher setup return immediately: other functions will
225 * set the appropriate error. 225 * set the appropriate error.
226 */ 226 */
227 if (S3I(s)->tmp.new_cipher == NULL) 227 if (S3I(s)->hs.new_cipher == NULL)
228 return; 228 return;
229 229
230 if (s->internal->state & SSL_ST_CONNECT) { 230 if (s->internal->state & SSL_ST_CONNECT) {
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 6fb5eca4b3..f6ca3e7f3c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.12 2017/04/10 06:09:32 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -292,7 +292,7 @@ ssl3_connect(SSL *s)
292 break; 292 break;
293 } 293 }
294 /* Check if it is anon DH/ECDH. */ 294 /* Check if it is anon DH/ECDH. */
295 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & 295 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
296 SSL_aNULL)) { 296 SSL_aNULL)) {
297 ret = ssl3_get_server_certificate(s); 297 ret = ssl3_get_server_certificate(s);
298 if (ret <= 0) 298 if (ret <= 0)
@@ -417,7 +417,7 @@ ssl3_connect(SSL *s)
417 s->internal->state = SSL3_ST_CW_FINISHED_A; 417 s->internal->state = SSL3_ST_CW_FINISHED_A;
418 s->internal->init_num = 0; 418 s->internal->init_num = 0;
419 419
420 s->session->cipher = S3I(s)->tmp.new_cipher; 420 s->session->cipher = S3I(s)->hs.new_cipher;
421 if (!tls1_setup_key_block(s)) { 421 if (!tls1_setup_key_block(s)) {
422 ret = -1; 422 ret = -1;
423 goto end; 423 goto end;
@@ -453,7 +453,7 @@ ssl3_connect(SSL *s)
453 /* clear flags */ 453 /* clear flags */
454 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 454 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
455 if (s->internal->hit) { 455 if (s->internal->hit) {
456 S3I(s)->tmp.next_state = SSL_ST_OK; 456 S3I(s)->hs.next_state = SSL_ST_OK;
457 if (s->s3->flags & 457 if (s->s3->flags &
458 SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 458 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
459 s->internal->state = SSL_ST_OK; 459 s->internal->state = SSL_ST_OK;
@@ -463,11 +463,11 @@ ssl3_connect(SSL *s)
463 } else { 463 } else {
464 /* Allow NewSessionTicket if ticket expected */ 464 /* Allow NewSessionTicket if ticket expected */
465 if (s->internal->tlsext_ticket_expected) 465 if (s->internal->tlsext_ticket_expected)
466 S3I(s)->tmp.next_state = 466 S3I(s)->hs.next_state =
467 SSL3_ST_CR_SESSION_TICKET_A; 467 SSL3_ST_CR_SESSION_TICKET_A;
468 else 468 else
469 469
470 S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; 470 S3I(s)->hs.next_state = SSL3_ST_CR_FINISHED_A;
471 } 471 }
472 s->internal->init_num = 0; 472 s->internal->init_num = 0;
473 break; 473 break;
@@ -512,7 +512,7 @@ ssl3_connect(SSL *s)
512 goto end; 512 goto end;
513 } 513 }
514 s->internal->rwstate = SSL_NOTHING; 514 s->internal->rwstate = SSL_NOTHING;
515 s->internal->state = S3I(s)->tmp.next_state; 515 s->internal->state = S3I(s)->hs.next_state;
516 break; 516 break;
517 517
518 case SSL_ST_OK: 518 case SSL_ST_OK:
@@ -899,7 +899,7 @@ ssl3_get_server_hello(SSL *s)
899 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 899 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
900 goto f_err; 900 goto f_err;
901 } 901 }
902 S3I(s)->tmp.new_cipher = cipher; 902 S3I(s)->hs.new_cipher = cipher;
903 903
904 if (!tls1_handshake_hash_init(s)) 904 if (!tls1_handshake_hash_init(s))
905 goto err; 905 goto err;
@@ -908,7 +908,7 @@ ssl3_get_server_hello(SSL *s)
908 * Don't digest cached records if no sigalgs: we may need them for 908 * Don't digest cached records if no sigalgs: we may need them for
909 * client authentication. 909 * client authentication.
910 */ 910 */
911 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 911 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
912 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && 912 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
913 !tls1_digest_cached_records(s)) { 913 !tls1_digest_cached_records(s)) {
914 al = SSL_AD_INTERNAL_ERROR; 914 al = SSL_AD_INTERNAL_ERROR;
@@ -1116,7 +1116,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1116 long alg_a; 1116 long alg_a;
1117 int al; 1117 int al;
1118 1118
1119 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 1119 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
1120 sc = SSI(s)->sess_cert; 1120 sc = SSI(s)->sess_cert;
1121 1121
1122 if (*nn < 0) 1122 if (*nn < 0)
@@ -1283,7 +1283,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1283 int nid; 1283 int nid;
1284 int al; 1284 int al;
1285 1285
1286 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 1286 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
1287 sc = SSI(s)->sess_cert; 1287 sc = SSI(s)->sess_cert;
1288 1288
1289 if (*nn < 0) 1289 if (*nn < 0)
@@ -1368,8 +1368,8 @@ ssl3_get_server_key_exchange(SSL *s)
1368 const EVP_MD *md = NULL; 1368 const EVP_MD *md = NULL;
1369 RSA *rsa = NULL; 1369 RSA *rsa = NULL;
1370 1370
1371 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 1371 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
1372 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 1372 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
1373 1373
1374 /* 1374 /*
1375 * Use same message size as in ssl3_get_certificate_request() 1375 * Use same message size as in ssl3_get_certificate_request()
@@ -1590,7 +1590,7 @@ ssl3_get_certificate_request(SSL *s)
1590 } 1590 }
1591 1591
1592 /* TLS does not like anon-DH with client cert */ 1592 /* TLS does not like anon-DH with client cert */
1593 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1593 if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
1594 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1594 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1595 SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1595 SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1596 goto err; 1596 goto err;
@@ -2274,7 +2274,7 @@ ssl3_send_client_key_exchange(SSL *s)
2274 memset(&cbb, 0, sizeof(cbb)); 2274 memset(&cbb, 0, sizeof(cbb));
2275 2275
2276 if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { 2276 if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
2277 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2277 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2278 2278
2279 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2279 if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2280 ssl3_send_alert(s, SSL3_AL_FATAL, 2280 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2558,8 +2558,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2558 SESS_CERT *sc; 2558 SESS_CERT *sc;
2559 DH *dh; 2559 DH *dh;
2560 2560
2561 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2561 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2562 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 2562 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2563 2563
2564 /* We don't have a certificate. */ 2564 /* We don't have a certificate. */
2565 if (alg_a & SSL_aNULL) 2565 if (alg_a & SSL_aNULL)
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c49b79df0b..76b2f8a8c4 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.159 2017/05/06 20:37:25 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.160 2017/05/06 22:24:57 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2088,7 +2088,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2088int 2088int
2089ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2089ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2090{ 2090{
2091 const SSL_CIPHER *cs = S3I(s)->tmp.new_cipher; 2091 const SSL_CIPHER *cs = S3I(s)->hs.new_cipher;
2092 unsigned long alg_a; 2092 unsigned long alg_a;
2093 2093
2094 alg_a = cs->algorithm_auth; 2094 alg_a = cs->algorithm_auth;
@@ -2116,9 +2116,9 @@ ssl_get_server_send_pkey(const SSL *s)
2116 int i; 2116 int i;
2117 2117
2118 c = s->cert; 2118 c = s->cert;
2119 ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher); 2119 ssl_set_cert_masks(c, S3I(s)->hs.new_cipher);
2120 2120
2121 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 2121 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2122 2122
2123 if (alg_a & SSL_aECDSA) { 2123 if (alg_a & SSL_aECDSA) {
2124 i = SSL_PKEY_ECC; 2124 i = SSL_PKEY_ECC;
@@ -2189,9 +2189,9 @@ ssl_get_auto_dh(SSL *s)
2189 2189
2190 if (s->cert->dh_tmp_auto == 2) { 2190 if (s->cert->dh_tmp_auto == 2) {
2191 keylen = 1024; 2191 keylen = 1024;
2192 } else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 2192 } else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
2193 keylen = 1024; 2193 keylen = 1024;
2194 if (S3I(s)->tmp.new_cipher->strength_bits == 256) 2194 if (S3I(s)->hs.new_cipher->strength_bits == 256)
2195 keylen = 3072; 2195 keylen = 3072;
2196 } else { 2196 } else {
2197 if ((cpk = ssl_get_server_send_pkey(s)) == NULL) 2197 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b52b03149a..410fc04688 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.179 2017/05/06 20:37:25 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.180 2017/05/06 22:24:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -431,6 +431,18 @@ typedef struct ssl_session_internal_st {
431} SSL_SESSION_INTERNAL; 431} SSL_SESSION_INTERNAL;
432#define SSI(s) (s->session->internal) 432#define SSI(s) (s->session->internal)
433 433
434typedef struct ssl_handshake_st {
435 /* used when SSL_ST_FLUSH_DATA is entered */
436 int next_state;
437
438 /* new_cipher is the cipher being negotiated in this handshake. */
439 const SSL_CIPHER *new_cipher;
440
441 /* key_block is the record-layer key block for TLS 1.2 and earlier. */
442 int key_block_len;
443 unsigned char *key_block;
444} SSL_HANDSHAKE;
445
434typedef struct ssl_ctx_internal_st { 446typedef struct ssl_ctx_internal_st {
435 uint16_t min_version; 447 uint16_t min_version;
436 uint16_t max_version; 448 uint16_t max_version;
@@ -824,6 +836,8 @@ typedef struct ssl3_state_internal_st {
824 836
825 int in_read_app_data; 837 int in_read_app_data;
826 838
839 SSL_HANDSHAKE hs;
840
827 struct { 841 struct {
828 /* actually only needs to be 16+20 */ 842 /* actually only needs to be 16+20 */
829 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 843 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -837,17 +851,12 @@ typedef struct ssl3_state_internal_st {
837 unsigned long message_size; 851 unsigned long message_size;
838 int message_type; 852 int message_type;
839 853
840 /* used to hold the new cipher we are going to use */
841 const SSL_CIPHER *new_cipher;
842 DH *dh; 854 DH *dh;
843 855
844 EC_KEY *ecdh; /* holds short lived ECDH key */ 856 EC_KEY *ecdh; /* holds short lived ECDH key */
845 857
846 uint8_t *x25519; 858 uint8_t *x25519;
847 859
848 /* used when SSL_ST_FLUSH_DATA is entered */
849 int next_state;
850
851 int reuse_message; 860 int reuse_message;
852 861
853 /* used for certificate requests */ 862 /* used for certificate requests */
@@ -856,9 +865,6 @@ typedef struct ssl3_state_internal_st {
856 char ctype[SSL3_CT_NUMBER]; 865 char ctype[SSL3_CT_NUMBER];
857 STACK_OF(X509_NAME) *ca_names; 866 STACK_OF(X509_NAME) *ca_names;
858 867
859 int key_block_length;
860 unsigned char *key_block;
861
862 const EVP_CIPHER *new_sym_enc; 868 const EVP_CIPHER *new_sym_enc;
863 const EVP_AEAD *new_aead; 869 const EVP_AEAD *new_aead;
864 const EVP_MD *new_hash; 870 const EVP_MD *new_hash;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index f49cc45efd..953f3c118f 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1235,7 +1235,7 @@ start:
1235 } 1235 }
1236 1236
1237 /* Check we have a cipher to change to */ 1237 /* Check we have a cipher to change to */
1238 if (S3I(s)->tmp.new_cipher == NULL) { 1238 if (S3I(s)->hs.new_cipher == NULL) {
1239 al = SSL_AD_UNEXPECTED_MESSAGE; 1239 al = SSL_AD_UNEXPECTED_MESSAGE;
1240 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); 1240 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1241 goto f_err; 1241 goto f_err;
@@ -1360,14 +1360,14 @@ ssl3_do_change_cipher_spec(SSL *s)
1360 else 1360 else
1361 i = SSL3_CHANGE_CIPHER_CLIENT_READ; 1361 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1362 1362
1363 if (S3I(s)->tmp.key_block == NULL) { 1363 if (S3I(s)->hs.key_block == NULL) {
1364 if (s->session == NULL || s->session->master_key_length == 0) { 1364 if (s->session == NULL || s->session->master_key_length == 0) {
1365 /* might happen if dtls1_read_bytes() calls this */ 1365 /* might happen if dtls1_read_bytes() calls this */
1366 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); 1366 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1367 return (0); 1367 return (0);
1368 } 1368 }
1369 1369
1370 s->session->cipher = S3I(s)->tmp.new_cipher; 1370 s->session->cipher = S3I(s)->hs.new_cipher;
1371 if (!tls1_setup_key_block(s)) 1371 if (!tls1_setup_key_block(s))
1372 return (0); 1372 return (0);
1373 } 1373 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ea1aed26b3..35a9ace527 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -275,7 +275,7 @@ ssl3_accept(SSL *s)
275 ret = ssl3_send_hello_request(s); 275 ret = ssl3_send_hello_request(s);
276 if (ret <= 0) 276 if (ret <= 0)
277 goto end; 277 goto end;
278 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; 278 S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
279 s->internal->state = SSL3_ST_SW_FLUSH; 279 s->internal->state = SSL3_ST_SW_FLUSH;
280 s->internal->init_num = 0; 280 s->internal->init_num = 0;
281 281
@@ -324,7 +324,7 @@ ssl3_accept(SSL *s)
324 case SSL3_ST_SW_CERT_A: 324 case SSL3_ST_SW_CERT_A:
325 case SSL3_ST_SW_CERT_B: 325 case SSL3_ST_SW_CERT_B:
326 /* Check if it is anon DH or anon ECDH. */ 326 /* Check if it is anon DH or anon ECDH. */
327 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & 327 if (!(S3I(s)->hs.new_cipher->algorithm_auth &
328 SSL_aNULL)) { 328 SSL_aNULL)) {
329 ret = ssl3_send_server_certificate(s); 329 ret = ssl3_send_server_certificate(s);
330 if (ret <= 0) 330 if (ret <= 0)
@@ -342,7 +342,7 @@ ssl3_accept(SSL *s)
342 342
343 case SSL3_ST_SW_KEY_EXCH_A: 343 case SSL3_ST_SW_KEY_EXCH_A:
344 case SSL3_ST_SW_KEY_EXCH_B: 344 case SSL3_ST_SW_KEY_EXCH_B:
345 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 345 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
346 346
347 /* 347 /*
348 * Only send if using a DH key exchange. 348 * Only send if using a DH key exchange.
@@ -385,7 +385,7 @@ ssl3_accept(SSL *s)
385 if (!(s->verify_mode & SSL_VERIFY_PEER) || 385 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
386 ((s->session->peer != NULL) && 386 ((s->session->peer != NULL) &&
387 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 387 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
388 ((S3I(s)->tmp.new_cipher->algorithm_auth & 388 ((S3I(s)->hs.new_cipher->algorithm_auth &
389 SSL_aNULL) && !(s->verify_mode & 389 SSL_aNULL) && !(s->verify_mode &
390 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { 390 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
391 /* No cert request */ 391 /* No cert request */
@@ -413,7 +413,7 @@ ssl3_accept(SSL *s)
413 ret = ssl3_send_server_done(s); 413 ret = ssl3_send_server_done(s);
414 if (ret <= 0) 414 if (ret <= 0)
415 goto end; 415 goto end;
416 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 416 S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
417 s->internal->state = SSL3_ST_SW_FLUSH; 417 s->internal->state = SSL3_ST_SW_FLUSH;
418 s->internal->init_num = 0; 418 s->internal->init_num = 0;
419 break; 419 break;
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
438 } 438 }
439 s->internal->rwstate = SSL_NOTHING; 439 s->internal->rwstate = SSL_NOTHING;
440 440
441 s->internal->state = S3I(s)->tmp.next_state; 441 s->internal->state = S3I(s)->hs.next_state;
442 break; 442 break;
443 443
444 case SSL3_ST_SR_CERT_A: 444 case SSL3_ST_SR_CERT_A:
@@ -457,7 +457,7 @@ ssl3_accept(SSL *s)
457 ret = ssl3_get_client_key_exchange(s); 457 ret = ssl3_get_client_key_exchange(s);
458 if (ret <= 0) 458 if (ret <= 0)
459 goto end; 459 goto end;
460 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 460 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
461 if (ret == 2) { 461 if (ret == 2) {
462 /* 462 /*
463 * For the ECDH ciphersuites when 463 * For the ECDH ciphersuites when
@@ -579,7 +579,7 @@ ssl3_accept(SSL *s)
579 case SSL3_ST_SW_CHANGE_A: 579 case SSL3_ST_SW_CHANGE_A:
580 case SSL3_ST_SW_CHANGE_B: 580 case SSL3_ST_SW_CHANGE_B:
581 581
582 s->session->cipher = S3I(s)->tmp.new_cipher; 582 s->session->cipher = S3I(s)->hs.new_cipher;
583 if (!tls1_setup_key_block(s)) { 583 if (!tls1_setup_key_block(s)) {
584 ret = -1; 584 ret = -1;
585 goto end; 585 goto end;
@@ -613,13 +613,13 @@ ssl3_accept(SSL *s)
613 if (s->internal->hit) { 613 if (s->internal->hit) {
614 if (S3I(s)->next_proto_neg_seen) { 614 if (S3I(s)->next_proto_neg_seen) {
615 s->s3->flags |= SSL3_FLAGS_CCS_OK; 615 s->s3->flags |= SSL3_FLAGS_CCS_OK;
616 S3I(s)->tmp.next_state = 616 S3I(s)->hs.next_state =
617 SSL3_ST_SR_NEXT_PROTO_A; 617 SSL3_ST_SR_NEXT_PROTO_A;
618 } else 618 } else
619 S3I(s)->tmp.next_state = 619 S3I(s)->hs.next_state =
620 SSL3_ST_SR_FINISHED_A; 620 SSL3_ST_SR_FINISHED_A;
621 } else 621 } else
622 S3I(s)->tmp.next_state = SSL_ST_OK; 622 S3I(s)->hs.next_state = SSL_ST_OK;
623 s->internal->init_num = 0; 623 s->internal->init_num = 0;
624 break; 624 break;
625 625
@@ -1024,15 +1024,15 @@ ssl3_get_client_hello(SSL *s)
1024 SSLerror(s, SSL_R_NO_SHARED_CIPHER); 1024 SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1025 goto f_err; 1025 goto f_err;
1026 } 1026 }
1027 S3I(s)->tmp.new_cipher = c; 1027 S3I(s)->hs.new_cipher = c;
1028 } else { 1028 } else {
1029 S3I(s)->tmp.new_cipher = s->session->cipher; 1029 S3I(s)->hs.new_cipher = s->session->cipher;
1030 } 1030 }
1031 1031
1032 if (!tls1_handshake_hash_init(s)) 1032 if (!tls1_handshake_hash_init(s))
1033 goto err; 1033 goto err;
1034 1034
1035 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 1035 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
1036 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || 1036 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
1037 !(s->verify_mode & SSL_VERIFY_PEER)) { 1037 !(s->verify_mode & SSL_VERIFY_PEER)) {
1038 if (!tls1_digest_cached_records(s)) { 1038 if (!tls1_digest_cached_records(s)) {
@@ -1050,7 +1050,7 @@ ssl3_get_client_hello(SSL *s)
1050 * ssl version is set - sslv3 1050 * ssl version is set - sslv3
1051 * s->session - The ssl session has been setup. 1051 * s->session - The ssl session has been setup.
1052 * s->internal->hit - session reuse flag 1052 * s->internal->hit - session reuse flag
1053 * s->tmp.new_cipher - the new cipher to use. 1053 * s->hs.new_cipher - the new cipher to use.
1054 */ 1054 */
1055 1055
1056 /* Handles TLS extensions that we couldn't check earlier */ 1056 /* Handles TLS extensions that we couldn't check earlier */
@@ -1134,7 +1134,7 @@ ssl3_send_server_hello(SSL *s)
1134 1134
1135 /* Cipher suite. */ 1135 /* Cipher suite. */
1136 if (!CBB_add_u16(&cbb, 1136 if (!CBB_add_u16(&cbb,
1137 ssl3_cipher_get_value(S3I(s)->tmp.new_cipher))) 1137 ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
1138 goto err; 1138 goto err;
1139 1139
1140 /* Compression method. */ 1140 /* Compression method. */
@@ -1207,7 +1207,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1207 1207
1208 if (dhp == NULL && s->cert->dh_tmp_cb != NULL) 1208 if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1209 dhp = s->cert->dh_tmp_cb(s, 0, 1209 dhp = s->cert->dh_tmp_cb(s, 0,
1210 SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); 1210 SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
1211 1211
1212 if (dhp == NULL) { 1212 if (dhp == NULL) {
1213 al = SSL_AD_HANDSHAKE_FAILURE; 1213 al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1282,7 +1282,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1282 ecdhp = EC_KEY_new_by_curve_name(nid); 1282 ecdhp = EC_KEY_new_by_curve_name(nid);
1283 } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) { 1283 } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
1284 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 1284 ecdhp = s->cert->ecdh_tmp_cb(s, 0,
1285 SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); 1285 SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
1286 } 1286 }
1287 if (ecdhp == NULL) { 1287 if (ecdhp == NULL) {
1288 al = SSL_AD_HANDSHAKE_FAILURE; 1288 al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1458,7 +1458,7 @@ ssl3_send_server_key_exchange(SSL *s)
1458 1458
1459 EVP_MD_CTX_init(&md_ctx); 1459 EVP_MD_CTX_init(&md_ctx);
1460 if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) { 1460 if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
1461 type = S3I(s)->tmp.new_cipher->algorithm_mkey; 1461 type = S3I(s)->hs.new_cipher->algorithm_mkey;
1462 1462
1463 buf = s->internal->init_buf; 1463 buf = s->internal->init_buf;
1464 1464
@@ -1480,9 +1480,9 @@ ssl3_send_server_key_exchange(SSL *s)
1480 if (!CBB_finish(&cbb, &params, &params_len)) 1480 if (!CBB_finish(&cbb, &params, &params_len))
1481 goto err; 1481 goto err;
1482 1482
1483 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { 1483 if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
1484 if ((pkey = ssl_get_sign_pkey( 1484 if ((pkey = ssl_get_sign_pkey(
1485 s, S3I(s)->tmp.new_cipher, &md)) == NULL) { 1485 s, S3I(s)->hs.new_cipher, &md)) == NULL) {
1486 al = SSL_AD_DECODE_ERROR; 1486 al = SSL_AD_DECODE_ERROR;
1487 goto f_err; 1487 goto f_err;
1488 } 1488 }
@@ -2028,7 +2028,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2028 int ret = 0; 2028 int ret = 0;
2029 2029
2030 /* Get our certificate private key*/ 2030 /* Get our certificate private key*/
2031 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 2031 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2032 if (alg_a & SSL_aGOST01) 2032 if (alg_a & SSL_aGOST01)
2033 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; 2033 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2034 2034
@@ -2105,7 +2105,7 @@ ssl3_get_client_key_exchange(SSL *s)
2105 2105
2106 p = (unsigned char *)s->internal->init_msg; 2106 p = (unsigned char *)s->internal->init_msg;
2107 2107
2108 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2108 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2109 2109
2110 if (alg_k & SSL_kRSA) { 2110 if (alg_k & SSL_kRSA) {
2111 if (ssl3_get_client_kex_rsa(s, p, n) != 1) 2111 if (ssl3_get_client_kex_rsa(s, p, n) != 1)
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index ce57235cea..9598613516 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.109 2017/05/06 22:24:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -152,9 +152,9 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
152void 152void
153tls1_cleanup_key_block(SSL *s) 153tls1_cleanup_key_block(SSL *s)
154{ 154{
155 freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length); 155 freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len);
156 S3I(s)->tmp.key_block = NULL; 156 S3I(s)->hs.key_block = NULL;
157 S3I(s)->tmp.key_block_length = 0; 157 S3I(s)->hs.key_block_len = 0;
158} 158}
159 159
160int 160int
@@ -417,10 +417,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
417 aead_ctx->fixed_nonce_len = iv_len; 417 aead_ctx->fixed_nonce_len = iv_len;
418 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ 418 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
419 aead_ctx->variable_nonce_in_record = 419 aead_ctx->variable_nonce_in_record =
420 (S3I(s)->tmp.new_cipher->algorithm2 & 420 (S3I(s)->hs.new_cipher->algorithm2 &
421 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; 421 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
422 aead_ctx->xor_fixed_nonce = 422 aead_ctx->xor_fixed_nonce =
423 S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; 423 S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
424 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); 424 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
425 425
426 if (aead_ctx->xor_fixed_nonce) { 426 if (aead_ctx->xor_fixed_nonce) {
@@ -464,7 +464,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
464 mac_type = S3I(s)->tmp.new_mac_pkey_type; 464 mac_type = S3I(s)->tmp.new_mac_pkey_type;
465 465
466 if (is_read) { 466 if (is_read) {
467 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 467 if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
468 s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; 468 s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
469 else 469 else
470 s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; 470 s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -481,7 +481,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
481 goto err; 481 goto err;
482 s->read_hash = mac_ctx; 482 s->read_hash = mac_ctx;
483 } else { 483 } else {
484 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 484 if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
485 s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; 485 s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
486 else 486 else
487 s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; 487 s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -528,15 +528,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
528 mac_secret_size, (unsigned char *)mac_secret); 528 mac_secret_size, (unsigned char *)mac_secret);
529 } 529 }
530 530
531 if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { 531 if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
532 int nid; 532 int nid;
533 if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) 533 if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
534 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; 534 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
535 else 535 else
536 nid = NID_id_tc26_gost_28147_param_Z; 536 nid = NID_id_tc26_gost_28147_param_Z;
537 537
538 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); 538 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
539 if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) 539 if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)
540 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); 540 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
541 } 541 }
542 542
@@ -591,7 +591,7 @@ tls1_change_cipher_state(SSL *s, int which)
591 591
592 if (aead != NULL) { 592 if (aead != NULL) {
593 key_len = EVP_AEAD_key_length(aead); 593 key_len = EVP_AEAD_key_length(aead);
594 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher); 594 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher);
595 } else { 595 } else {
596 key_len = EVP_CIPHER_key_length(cipher); 596 key_len = EVP_CIPHER_key_length(cipher);
597 iv_len = EVP_CIPHER_iv_length(cipher); 597 iv_len = EVP_CIPHER_iv_length(cipher);
@@ -603,7 +603,7 @@ tls1_change_cipher_state(SSL *s, int which)
603 603
604 mac_secret_size = s->s3->tmp.new_mac_secret_size; 604 mac_secret_size = s->s3->tmp.new_mac_secret_size;
605 605
606 key_block = S3I(s)->tmp.key_block; 606 key_block = S3I(s)->hs.key_block;
607 client_write_mac_secret = key_block; 607 client_write_mac_secret = key_block;
608 key_block += mac_secret_size; 608 key_block += mac_secret_size;
609 server_write_mac_secret = key_block; 609 server_write_mac_secret = key_block;
@@ -627,7 +627,7 @@ tls1_change_cipher_state(SSL *s, int which)
627 iv = server_write_iv; 627 iv = server_write_iv;
628 } 628 }
629 629
630 if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { 630 if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) {
631 SSLerror(s, ERR_R_INTERNAL_ERROR); 631 SSLerror(s, ERR_R_INTERNAL_ERROR);
632 goto err2; 632 goto err2;
633 } 633 }
@@ -663,7 +663,7 @@ tls1_setup_key_block(SSL *s)
663 const EVP_MD *mac = NULL; 663 const EVP_MD *mac = NULL;
664 int ret = 0; 664 int ret = 0;
665 665
666 if (S3I(s)->tmp.key_block_length != 0) 666 if (S3I(s)->hs.key_block_len != 0)
667 return (1); 667 return (1);
668 668
669 if (s->session->cipher && 669 if (s->session->cipher &&
@@ -703,8 +703,8 @@ tls1_setup_key_block(SSL *s)
703 } 703 }
704 key_block_len = (mac_secret_size + key_len + iv_len) * 2; 704 key_block_len = (mac_secret_size + key_len + iv_len) * 2;
705 705
706 S3I(s)->tmp.key_block_length = key_block_len; 706 S3I(s)->hs.key_block_len = key_block_len;
707 S3I(s)->tmp.key_block = key_block; 707 S3I(s)->hs.key_block = key_block;
708 708
709 if (!tls1_generate_key_block(s, key_block, key_block_len)) 709 if (!tls1_generate_key_block(s, key_block, key_block_len))
710 goto err; 710 goto err;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index a42e414dec..2cb47a215c 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.115 2017/02/07 02:08:38 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.116 2017/05/06 22:24:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -998,8 +998,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
998 unsigned char *ret = p; 998 unsigned char *ret = p;
999 int next_proto_neg_seen; 999 int next_proto_neg_seen;
1000 1000
1001 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 1001 alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
1002 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 1002 alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
1003 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && 1003 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
1004 SSI(s)->tlsext_ecpointformatlist != NULL; 1004 SSI(s)->tlsext_ecpointformatlist != NULL;
1005 1005
@@ -1107,8 +1107,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1107 } 1107 }
1108#endif 1108#endif
1109 1109
1110 if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 || 1110 if (((S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x80 ||
1111 (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) && 1111 (S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x81) &&
1112 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { 1112 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
1113 static const unsigned char cryptopro_ext[36] = { 1113 static const unsigned char cryptopro_ext[36] = {
1114 0xfd, 0xe8, /*65000*/ 1114 0xfd, 0xe8, /*65000*/
@@ -1986,8 +1986,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1986 * suite, then if server returns an EC point formats lists extension 1986 * suite, then if server returns an EC point formats lists extension
1987 * it must contain uncompressed. 1987 * it must contain uncompressed.
1988 */ 1988 */
1989 unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 1989 unsigned long alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
1990 unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; 1990 unsigned long alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
1991 if ((s->internal->tlsext_ecpointformatlist != NULL) && 1991 if ((s->internal->tlsext_ecpointformatlist != NULL) &&
1992 (s->internal->tlsext_ecpointformatlist_length > 0) && 1992 (s->internal->tlsext_ecpointformatlist_length > 0) &&
1993 (SSI(s)->tlsext_ecpointformatlist != NULL) && 1993 (SSI(s)->tlsext_ecpointformatlist != NULL) &&
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
index 5040ba2ce3..2eacb12af3 100644
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ b/src/regress/lib/libssl/unit/tls_prf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_prf.c,v 1.3 2017/03/25 13:37:40 jsing Exp $ */ 1/* $OpenBSD: tls_prf.c,v 1.4 2017/05/06 22:24:58 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -197,7 +197,7 @@ do_tls_prf_test(int test_no, struct tls_prf_test *tpt)
197 goto failure; 197 goto failure;
198 } 198 }
199 199
200 S3I(ssl)->tmp.new_cipher = cipher; 200 S3I(ssl)->hs.new_cipher = cipher;
201 201
202 for (len = 1; len <= TLS_PRF_OUT_LEN; len++) { 202 for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
203 memset(out, 'A', TLS_PRF_OUT_LEN); 203 memset(out, 'A', TLS_PRF_OUT_LEN);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:58:08 +0000