3 files changed, 19 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index f5287b2580..86d1b6e10b 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.335 2021/04/19 17:03:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.336 2021/04/19 17:26:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -528,6 +528,8 @@ int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
    size_t *overhead);
 int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
 int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
+const EVP_AEAD *tls12_record_layer_aead(struct tls12_record_layer *rl);
+const EVP_CIPHER *tls12_record_layer_cipher(struct tls12_record_layer *rl);
 void tls12_record_layer_set_aead(struct tls12_record_layer *rl,
    const EVP_AEAD *aead);
 void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
@@ -951,9 +953,6 @@ typedef struct ssl3_state_internal_st {
                char ctype[SSL3_CT_NUMBER];
                STACK_OF(X509_NAME) *ca_names;
-                const EVP_CIPHER *new_sym_enc;
-                const EVP_AEAD *new_aead;
                int cert_request;
        } tmp;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 613eb4cf18..6b3d40d8ec 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.137 2021/04/19 17:03:39 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.138 2021/04/19 17:26:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -312,8 +312,8 @@ tls1_change_cipher_state(SSL *s, int which)
        const EVP_AEAD *aead;
        char is_read, use_client_keys;
-        cipher = S3I(s)->tmp.new_sym_enc;
+        aead = tls12_record_layer_aead(s->internal->rl);
-        aead = S3I(s)->tmp.new_aead;
+        cipher = tls12_record_layer_cipher(s->internal->rl);
        /*
         * is_read is true if we have just read a ChangeCipherSpec message,
@@ -424,8 +424,6 @@ tls1_setup_key_block(SSL *s)
        if (!ssl_get_handshake_evp_md(s, &handshake_hash))
                return (0);
-        S3I(s)->tmp.new_aead = aead;
-        S3I(s)->tmp.new_sym_enc = cipher;
        S3I(s)->hs.tls12.mac_secret_size = mac_secret_size;
        tls12_record_layer_set_aead(s->internal->rl, aead);
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 6cf8b31c63..7e29f4ed65 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.25 2021/03/29 16:19:15 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.26 2021/04/19 17:26:39 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -254,6 +254,18 @@ tls12_record_layer_write_protected(struct tls12_record_layer *rl)
        return tls12_record_protection_engaged(rl->write);
 }
+const EVP_AEAD *
+tls12_record_layer_aead(struct tls12_record_layer *rl)
+{
+        return rl->aead;
+}
+const EVP_CIPHER *
+tls12_record_layer_cipher(struct tls12_record_layer *rl)
+{
+        return rl->cipher;
+}
 void
 tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead)
 {