1 files changed, 32 insertions, 32 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 51429d907a..7381286326 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.50 2016/12/30 15:12:45 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -174,23 +174,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
                if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
-                    s->s3->tmp.finish_md) != md_len)
+                    S3I(s)->tmp.finish_md) != md_len)
                        return (0);
-                s->s3->tmp.finish_md_len = md_len;
+                S3I(s)->tmp.finish_md_len = md_len;
                /* Copy finished so we can use it for renegotiation checks. */
                if (s->type == SSL_ST_CONNECT) {
-                        memcpy(s->s3->previous_client_finished,
+                        memcpy(S3I(s)->previous_client_finished,
-                            s->s3->tmp.finish_md, md_len);
+                            S3I(s)->tmp.finish_md, md_len);
-                        s->s3->previous_client_finished_len = md_len;
+                        S3I(s)->previous_client_finished_len = md_len;
                } else {
-                        memcpy(s->s3->previous_server_finished,
+                        memcpy(S3I(s)->previous_server_finished,
-                            s->s3->tmp.finish_md, md_len);
+                            S3I(s)->tmp.finish_md, md_len);
-                        s->s3->previous_server_finished_len = md_len;
+                        S3I(s)->previous_server_finished_len = md_len;
                }
                p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);
-                memcpy(p, s->s3->tmp.finish_md, md_len);
+                memcpy(p, S3I(s)->tmp.finish_md, md_len);
                ssl3_handshake_msg_finish(s, md_len);
                s->state = b;
@@ -213,7 +213,7 @@ ssl3_take_mac(SSL *s)
         * If no new cipher setup return immediately: other functions will
         * set the appropriate error.
         */
-        if (s->s3->tmp.new_cipher == NULL)
+        if (S3I(s)->tmp.new_cipher == NULL)
                return;
        if (s->state & SSL_ST_CONNECT) {
@@ -224,9 +224,9 @@ ssl3_take_mac(SSL *s)
                slen = s->method->ssl3_enc->client_finished_label_len;
        }
-        s->s3->tmp.peer_finish_md_len =
+        S3I(s)->tmp.peer_finish_md_len =
            s->method->ssl3_enc->final_finish_mac(s, sender, slen,
-                s->s3->tmp.peer_finish_md);
+                S3I(s)->tmp.peer_finish_md);
 }
 int
@@ -242,12 +242,12 @@ ssl3_get_finished(SSL *s, int a, int b)
                return ((int)n);
        /* If this occurs, we have missed a message */
-        if (!s->s3->change_cipher_spec) {
+        if (!S3I(s)->change_cipher_spec) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
                goto f_err;
        }
-        s->s3->change_cipher_spec = 0;
+        S3I(s)->change_cipher_spec = 0;
        md_len = s->method->ssl3_enc->finish_mac_length;
@@ -259,14 +259,14 @@ ssl3_get_finished(SSL *s, int a, int b)
        CBS_init(&cbs, s->init_msg, n);
-        if (s->s3->tmp.peer_finish_md_len != md_len ||
+        if (S3I(s)->tmp.peer_finish_md_len != md_len ||
            CBS_len(&cbs) != md_len) {
                al = SSL_AD_DECODE_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
                goto f_err;
        }
-        if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) {
+        if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
                al = SSL_AD_DECRYPT_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
                goto f_err;
@@ -275,13 +275,13 @@ ssl3_get_finished(SSL *s, int a, int b)
        /* Copy finished so we can use it for renegotiation checks. */
        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
        if (s->type == SSL_ST_ACCEPT) {
-                memcpy(s->s3->previous_client_finished,
+                memcpy(S3I(s)->previous_client_finished,
-                    s->s3->tmp.peer_finish_md, md_len);
+                    S3I(s)->tmp.peer_finish_md, md_len);
-                s->s3->previous_client_finished_len = md_len;
+                S3I(s)->previous_client_finished_len = md_len;
        } else {
-                memcpy(s->s3->previous_server_finished,
+                memcpy(S3I(s)->previous_server_finished,
-                    s->s3->tmp.peer_finish_md, md_len);
+                    S3I(s)->tmp.peer_finish_md, md_len);
-                s->s3->previous_server_finished_len = md_len;
+                S3I(s)->previous_server_finished_len = md_len;
        }
        return (1);
@@ -292,8 +292,8 @@ f_err:
 /* for these 2 messages, we need to
 * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
+ * ssl->s3->internal->read_sequence             zero
- * ssl->s3->read_mac_secret             re-init
+ * ssl->s3->internal->read_mac_secret           re-init
 * ssl->session->read_sym_enc           assign
 * ssl->session->read_hash              assign
 */
@@ -416,9 +416,9 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        CBS cbs;
        uint8_t u8;
-        if (s->s3->tmp.reuse_message) {
+        if (S3I(s)->tmp.reuse_message) {
-                s->s3->tmp.reuse_message = 0;
+                S3I(s)->tmp.reuse_message = 0;
-                if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
+                if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,
                            SSL_R_UNEXPECTED_MESSAGE);
@@ -426,7 +426,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                }
                *ok = 1;
                s->init_msg = s->init_buf->data + 4;
-                s->init_num = (int)s->s3->tmp.message_size;
+                s->init_num = (int)S3I(s)->tmp.message_size;
                return s->init_num;
        }
@@ -484,7 +484,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
                        goto err;
                }
-                s->s3->tmp.message_type = u8;
+                S3I(s)->tmp.message_type = u8;
                if (l > (unsigned long)max) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
@@ -496,7 +496,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
                        goto err;
                }
-                s->s3->tmp.message_size = l;
+                S3I(s)->tmp.message_size = l;
                s->state = stn;
                s->init_msg = s->init_buf->data + 4;
@@ -505,7 +505,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        /* next state (stn) */
        p = s->init_msg;
-        n = s->s3->tmp.message_size - s->init_num;
+        n = S3I(s)->tmp.message_size - s->init_num;
        while (n > 0) {
                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
                    &p[s->init_num], n, 0);

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 51429d907a..7381286326 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.50 2016/12/30 15:12:45 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -174,23 +174,23 @@ ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
174	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);	174	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
175		175
176	if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,	176	if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
177	s->s3->tmp.finish_md) != md_len)	177	S3I(s)->tmp.finish_md) != md_len)
178	return (0);	178	return (0);
179	s->s3->tmp.finish_md_len = md_len;	179	S3I(s)->tmp.finish_md_len = md_len;
180		180
181	/* Copy finished so we can use it for renegotiation checks. */	181	/* Copy finished so we can use it for renegotiation checks. */
182	if (s->type == SSL_ST_CONNECT) {	182	if (s->type == SSL_ST_CONNECT) {
183	memcpy(s->s3->previous_client_finished,	183	memcpy(S3I(s)->previous_client_finished,
184	s->s3->tmp.finish_md, md_len);	184	S3I(s)->tmp.finish_md, md_len);
185	s->s3->previous_client_finished_len = md_len;	185	S3I(s)->previous_client_finished_len = md_len;
186	} else {	186	} else {
187	memcpy(s->s3->previous_server_finished,	187	memcpy(S3I(s)->previous_server_finished,
188	s->s3->tmp.finish_md, md_len);	188	S3I(s)->tmp.finish_md, md_len);
189	s->s3->previous_server_finished_len = md_len;	189	S3I(s)->previous_server_finished_len = md_len;
190	}	190	}
191		191
192	p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);	192	p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);
193	memcpy(p, s->s3->tmp.finish_md, md_len);	193	memcpy(p, S3I(s)->tmp.finish_md, md_len);
194	ssl3_handshake_msg_finish(s, md_len);	194	ssl3_handshake_msg_finish(s, md_len);
195		195
196	s->state = b;	196	s->state = b;
@@ -213,7 +213,7 @@ ssl3_take_mac(SSL *s)
213	* If no new cipher setup return immediately: other functions will	213	* If no new cipher setup return immediately: other functions will
214	* set the appropriate error.	214	* set the appropriate error.
215	*/	215	*/
216	if (s->s3->tmp.new_cipher == NULL)	216	if (S3I(s)->tmp.new_cipher == NULL)
217	return;	217	return;
218		218
219	if (s->state & SSL_ST_CONNECT) {	219	if (s->state & SSL_ST_CONNECT) {
@@ -224,9 +224,9 @@ ssl3_take_mac(SSL *s)
224	slen = s->method->ssl3_enc->client_finished_label_len;	224	slen = s->method->ssl3_enc->client_finished_label_len;
225	}	225	}
226		226
227	s->s3->tmp.peer_finish_md_len =	227	S3I(s)->tmp.peer_finish_md_len =
228	s->method->ssl3_enc->final_finish_mac(s, sender, slen,	228	s->method->ssl3_enc->final_finish_mac(s, sender, slen,
229	s->s3->tmp.peer_finish_md);	229	S3I(s)->tmp.peer_finish_md);
230	}	230	}
231		231
232	int	232	int
@@ -242,12 +242,12 @@ ssl3_get_finished(SSL *s, int a, int b)
242	return ((int)n);	242	return ((int)n);
243		243
244	/* If this occurs, we have missed a message */	244	/* If this occurs, we have missed a message */
245	if (!s->s3->change_cipher_spec) {	245	if (!S3I(s)->change_cipher_spec) {
246	al = SSL_AD_UNEXPECTED_MESSAGE;	246	al = SSL_AD_UNEXPECTED_MESSAGE;
247	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);	247	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
248	goto f_err;	248	goto f_err;
249	}	249	}
250	s->s3->change_cipher_spec = 0;	250	S3I(s)->change_cipher_spec = 0;
251		251
252	md_len = s->method->ssl3_enc->finish_mac_length;	252	md_len = s->method->ssl3_enc->finish_mac_length;
253		253
@@ -259,14 +259,14 @@ ssl3_get_finished(SSL *s, int a, int b)
259		259
260	CBS_init(&cbs, s->init_msg, n);	260	CBS_init(&cbs, s->init_msg, n);
261		261
262	if (s->s3->tmp.peer_finish_md_len != md_len \|\|	262	if (S3I(s)->tmp.peer_finish_md_len != md_len \|\|
263	CBS_len(&cbs) != md_len) {	263	CBS_len(&cbs) != md_len) {
264	al = SSL_AD_DECODE_ERROR;	264	al = SSL_AD_DECODE_ERROR;
265	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);	265	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
266	goto f_err;	266	goto f_err;
267	}	267	}
268		268
269	if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) {	269	if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
270	al = SSL_AD_DECRYPT_ERROR;	270	al = SSL_AD_DECRYPT_ERROR;
271	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);	271	SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
272	goto f_err;	272	goto f_err;
@@ -275,13 +275,13 @@ ssl3_get_finished(SSL *s, int a, int b)
275	/* Copy finished so we can use it for renegotiation checks. */	275	/* Copy finished so we can use it for renegotiation checks. */
276	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);	276	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
277	if (s->type == SSL_ST_ACCEPT) {	277	if (s->type == SSL_ST_ACCEPT) {
278	memcpy(s->s3->previous_client_finished,	278	memcpy(S3I(s)->previous_client_finished,
279	s->s3->tmp.peer_finish_md, md_len);	279	S3I(s)->tmp.peer_finish_md, md_len);
280	s->s3->previous_client_finished_len = md_len;	280	S3I(s)->previous_client_finished_len = md_len;
281	} else {	281	} else {
282	memcpy(s->s3->previous_server_finished,	282	memcpy(S3I(s)->previous_server_finished,
283	s->s3->tmp.peer_finish_md, md_len);	283	S3I(s)->tmp.peer_finish_md, md_len);
284	s->s3->previous_server_finished_len = md_len;	284	S3I(s)->previous_server_finished_len = md_len;
285	}	285	}
286		286
287	return (1);	287	return (1);
@@ -292,8 +292,8 @@ f_err:
292		292
293	/* for these 2 messages, we need to	293	/* for these 2 messages, we need to
294	* ssl->enc_read_ctx re-init	294	* ssl->enc_read_ctx re-init
295	* ssl->s3->read_sequence zero	295	* ssl->s3->internal->read_sequence zero
296	* ssl->s3->read_mac_secret re-init	296	* ssl->s3->internal->read_mac_secret re-init
297	* ssl->session->read_sym_enc assign	297	* ssl->session->read_sym_enc assign
298	* ssl->session->read_hash assign	298	* ssl->session->read_hash assign
299	*/	299	*/
@@ -416,9 +416,9 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
416	CBS cbs;	416	CBS cbs;
417	uint8_t u8;	417	uint8_t u8;
418		418
419	if (s->s3->tmp.reuse_message) {	419	if (S3I(s)->tmp.reuse_message) {
420	s->s3->tmp.reuse_message = 0;	420	S3I(s)->tmp.reuse_message = 0;
421	if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {	421	if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
422	al = SSL_AD_UNEXPECTED_MESSAGE;	422	al = SSL_AD_UNEXPECTED_MESSAGE;
423	SSLerr(SSL_F_SSL3_GET_MESSAGE,	423	SSLerr(SSL_F_SSL3_GET_MESSAGE,
424	SSL_R_UNEXPECTED_MESSAGE);	424	SSL_R_UNEXPECTED_MESSAGE);
@@ -426,7 +426,7 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
426	}	426	}
427	*ok = 1;	427	*ok = 1;
428	s->init_msg = s->init_buf->data + 4;	428	s->init_msg = s->init_buf->data + 4;
429	s->init_num = (int)s->s3->tmp.message_size;	429	s->init_num = (int)S3I(s)->tmp.message_size;
430	return s->init_num;	430	return s->init_num;
431	}	431	}
432		432
@@ -484,7 +484,7 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
484	SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);	484	SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
485	goto err;	485	goto err;
486	}	486	}
487	s->s3->tmp.message_type = u8;	487	S3I(s)->tmp.message_type = u8;
488		488
489	if (l > (unsigned long)max) {	489	if (l > (unsigned long)max) {
490	al = SSL_AD_ILLEGAL_PARAMETER;	490	al = SSL_AD_ILLEGAL_PARAMETER;
@@ -496,7 +496,7 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
496	SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);	496	SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
497	goto err;	497	goto err;
498	}	498	}
499	s->s3->tmp.message_size = l;	499	S3I(s)->tmp.message_size = l;
500	s->state = stn;	500	s->state = stn;
501		501
502	s->init_msg = s->init_buf->data + 4;	502	s->init_msg = s->init_buf->data + 4;
@@ -505,7 +505,7 @@ ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
505		505
506	/* next state (stn) */	506	/* next state (stn) */
507	p = s->init_msg;	507	p = s->init_msg;
508	n = s->s3->tmp.message_size - s->init_num;	508	n = S3I(s)->tmp.message_size - s->init_num;
509	while (n > 0) {	509	while (n > 0) {
510	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,	510	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
511	&p[s->init_num], n, 0);	511	&p[s->init_num], n, 0);