summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c112
1 files changed, 56 insertions, 56 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d75ceb9d2d..0d3f09728e 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.162 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -293,7 +293,7 @@ ssl3_connect(SSL *s)
293 break; 293 break;
294 } 294 }
295 /* Check if it is anon DH/ECDH. */ 295 /* Check if it is anon DH/ECDH. */
296 if (!(s->s3->tmp.new_cipher->algorithm_auth & 296 if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
297 SSL_aNULL)) { 297 SSL_aNULL)) {
298 ret = ssl3_get_server_certificate(s); 298 ret = ssl3_get_server_certificate(s);
299 if (ret <= 0) 299 if (ret <= 0)
@@ -341,7 +341,7 @@ ssl3_connect(SSL *s)
341 ret = ssl3_get_server_done(s); 341 ret = ssl3_get_server_done(s);
342 if (ret <= 0) 342 if (ret <= 0)
343 goto end; 343 goto end;
344 if (s->s3->tmp.cert_req) 344 if (S3I(s)->tmp.cert_req)
345 s->state = SSL3_ST_CW_CERT_A; 345 s->state = SSL3_ST_CW_CERT_A;
346 else 346 else
347 s->state = SSL3_ST_CW_KEY_EXCH_A; 347 s->state = SSL3_ST_CW_KEY_EXCH_A;
@@ -381,15 +381,15 @@ ssl3_connect(SSL *s)
381 * message when client's ECDH public key is sent 381 * message when client's ECDH public key is sent
382 * inside the client certificate. 382 * inside the client certificate.
383 */ 383 */
384 if (s->s3->tmp.cert_req == 1) { 384 if (S3I(s)->tmp.cert_req == 1) {
385 s->state = SSL3_ST_CW_CERT_VRFY_A; 385 s->state = SSL3_ST_CW_CERT_VRFY_A;
386 } else { 386 } else {
387 s->state = SSL3_ST_CW_CHANGE_A; 387 s->state = SSL3_ST_CW_CHANGE_A;
388 s->s3->change_cipher_spec = 0; 388 S3I(s)->change_cipher_spec = 0;
389 } 389 }
390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { 390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
391 s->state = SSL3_ST_CW_CHANGE_A; 391 s->state = SSL3_ST_CW_CHANGE_A;
392 s->s3->change_cipher_spec = 0; 392 S3I(s)->change_cipher_spec = 0;
393 } 393 }
394 394
395 s->init_num = 0; 395 s->init_num = 0;
@@ -402,7 +402,7 @@ ssl3_connect(SSL *s)
402 goto end; 402 goto end;
403 s->state = SSL3_ST_CW_CHANGE_A; 403 s->state = SSL3_ST_CW_CHANGE_A;
404 s->init_num = 0; 404 s->init_num = 0;
405 s->s3->change_cipher_spec = 0; 405 S3I(s)->change_cipher_spec = 0;
406 break; 406 break;
407 407
408 case SSL3_ST_CW_CHANGE_A: 408 case SSL3_ST_CW_CHANGE_A:
@@ -412,13 +412,13 @@ ssl3_connect(SSL *s)
412 if (ret <= 0) 412 if (ret <= 0)
413 goto end; 413 goto end;
414 414
415 if (s->s3->next_proto_neg_seen) 415 if (S3I(s)->next_proto_neg_seen)
416 s->state = SSL3_ST_CW_NEXT_PROTO_A; 416 s->state = SSL3_ST_CW_NEXT_PROTO_A;
417 else 417 else
418 s->state = SSL3_ST_CW_FINISHED_A; 418 s->state = SSL3_ST_CW_FINISHED_A;
419 s->init_num = 0; 419 s->init_num = 0;
420 420
421 s->session->cipher = s->s3->tmp.new_cipher; 421 s->session->cipher = S3I(s)->tmp.new_cipher;
422 if (!s->method->ssl3_enc->setup_key_block(s)) { 422 if (!s->method->ssl3_enc->setup_key_block(s)) {
423 ret = -1; 423 ret = -1;
424 goto end; 424 goto end;
@@ -454,21 +454,21 @@ ssl3_connect(SSL *s)
454 /* clear flags */ 454 /* clear flags */
455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
456 if (s->hit) { 456 if (s->hit) {
457 s->s3->tmp.next_state = SSL_ST_OK; 457 S3I(s)->tmp.next_state = SSL_ST_OK;
458 if (s->s3->flags & 458 if (s->s3->flags &
459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
460 s->state = SSL_ST_OK; 460 s->state = SSL_ST_OK;
461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
462 s->s3->delay_buf_pop_ret = 0; 462 S3I(s)->delay_buf_pop_ret = 0;
463 } 463 }
464 } else { 464 } else {
465 /* Allow NewSessionTicket if ticket expected */ 465 /* Allow NewSessionTicket if ticket expected */
466 if (s->tlsext_ticket_expected) 466 if (s->tlsext_ticket_expected)
467 s->s3->tmp.next_state = 467 S3I(s)->tmp.next_state =
468 SSL3_ST_CR_SESSION_TICKET_A; 468 SSL3_ST_CR_SESSION_TICKET_A;
469 else 469 else
470 470
471 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 471 S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;
472 } 472 }
473 s->init_num = 0; 473 s->init_num = 0;
474 break; 474 break;
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
513 goto end; 513 goto end;
514 } 514 }
515 s->rwstate = SSL_NOTHING; 515 s->rwstate = SSL_NOTHING;
516 s->state = s->s3->tmp.next_state; 516 s->state = S3I(s)->tmp.next_state;
517 break; 517 break;
518 518
519 case SSL_ST_OK: 519 case SSL_ST_OK:
@@ -561,7 +561,7 @@ ssl3_connect(SSL *s)
561 } 561 }
562 562
563 /* did we do anything */ 563 /* did we do anything */
564 if (!s->s3->tmp.reuse_message && !skip) { 564 if (!S3I(s)->tmp.reuse_message && !skip) {
565 if (s->debug) { 565 if (s->debug) {
566 if ((ret = BIO_flush(s->wbio)) <= 0) 566 if ((ret = BIO_flush(s->wbio)) <= 0)
567 goto end; 567 goto end;
@@ -742,9 +742,9 @@ ssl3_get_server_hello(SSL *s)
742 CBS_init(&cbs, s->init_msg, n); 742 CBS_init(&cbs, s->init_msg, n);
743 743
744 if (SSL_IS_DTLS(s)) { 744 if (SSL_IS_DTLS(s)) {
745 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 745 if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
746 if (D1I(s)->send_cookie == 0) { 746 if (D1I(s)->send_cookie == 0) {
747 s->s3->tmp.reuse_message = 1; 747 S3I(s)->tmp.reuse_message = 1;
748 return (1); 748 return (1);
749 } else { 749 } else {
750 /* Already sent a cookie. */ 750 /* Already sent a cookie. */
@@ -756,7 +756,7 @@ ssl3_get_server_hello(SSL *s)
756 } 756 }
757 } 757 }
758 758
759 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { 759 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
760 al = SSL_AD_UNEXPECTED_MESSAGE; 760 al = SSL_AD_UNEXPECTED_MESSAGE;
761 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 761 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
762 SSL_R_BAD_MESSAGE_TYPE); 762 SSL_R_BAD_MESSAGE_TYPE);
@@ -887,13 +887,13 @@ ssl3_get_server_hello(SSL *s)
887 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 887 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
888 goto f_err; 888 goto f_err;
889 } 889 }
890 s->s3->tmp.new_cipher = cipher; 890 S3I(s)->tmp.new_cipher = cipher;
891 891
892 /* 892 /*
893 * Don't digest cached records if no sigalgs: we may need them for 893 * Don't digest cached records if no sigalgs: we may need them for
894 * client authentication. 894 * client authentication.
895 */ 895 */
896 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 896 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
897 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && 897 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
898 !tls1_digest_cached_records(s)) { 898 !tls1_digest_cached_records(s)) {
899 al = SSL_AD_INTERNAL_ERROR; 899 al = SSL_AD_INTERNAL_ERROR;
@@ -956,12 +956,12 @@ ssl3_get_server_certificate(SSL *s)
956 if (!ok) 956 if (!ok)
957 return ((int)n); 957 return ((int)n);
958 958
959 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 959 if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
960 s->s3->tmp.reuse_message = 1; 960 S3I(s)->tmp.reuse_message = 1;
961 return (1); 961 return (1);
962 } 962 }
963 963
964 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { 964 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
965 al = SSL_AD_UNEXPECTED_MESSAGE; 965 al = SSL_AD_UNEXPECTED_MESSAGE;
966 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 966 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
967 SSL_R_BAD_MESSAGE_TYPE); 967 SSL_R_BAD_MESSAGE_TYPE);
@@ -1113,7 +1113,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1113 long alg_a; 1113 long alg_a;
1114 int al; 1114 int al;
1115 1115
1116 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1116 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1117 sc = s->session->sess_cert; 1117 sc = s->session->sess_cert;
1118 1118
1119 if (*nn < 0) 1119 if (*nn < 0)
@@ -1280,7 +1280,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1280 int nid; 1280 int nid;
1281 int al; 1281 int al;
1282 1282
1283 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1283 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1284 sc = s->session->sess_cert; 1284 sc = s->session->sess_cert;
1285 1285
1286 if (*nn < 0) 1286 if (*nn < 0)
@@ -1366,8 +1366,8 @@ ssl3_get_server_key_exchange(SSL *s)
1366 const EVP_MD *md = NULL; 1366 const EVP_MD *md = NULL;
1367 RSA *rsa = NULL; 1367 RSA *rsa = NULL;
1368 1368
1369 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1369 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
1370 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1370 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1371 1371
1372 /* 1372 /*
1373 * Use same message size as in ssl3_get_certificate_request() 1373 * Use same message size as in ssl3_get_certificate_request()
@@ -1380,7 +1380,7 @@ ssl3_get_server_key_exchange(SSL *s)
1380 1380
1381 EVP_MD_CTX_init(&md_ctx); 1381 EVP_MD_CTX_init(&md_ctx);
1382 1382
1383 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1383 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1384 /* 1384 /*
1385 * Do not skip server key exchange if this cipher suite uses 1385 * Do not skip server key exchange if this cipher suite uses
1386 * ephemeral keys. 1386 * ephemeral keys.
@@ -1392,7 +1392,7 @@ ssl3_get_server_key_exchange(SSL *s)
1392 goto f_err; 1392 goto f_err;
1393 } 1393 }
1394 1394
1395 s->s3->tmp.reuse_message = 1; 1395 S3I(s)->tmp.reuse_message = 1;
1396 EVP_MD_CTX_cleanup(&md_ctx); 1396 EVP_MD_CTX_cleanup(&md_ctx);
1397 return (1); 1397 return (1);
1398 } 1398 }
@@ -1585,22 +1585,22 @@ ssl3_get_certificate_request(SSL *s)
1585 if (!ok) 1585 if (!ok)
1586 return ((int)n); 1586 return ((int)n);
1587 1587
1588 s->s3->tmp.cert_req = 0; 1588 S3I(s)->tmp.cert_req = 0;
1589 1589
1590 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { 1590 if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
1591 s->s3->tmp.reuse_message = 1; 1591 S3I(s)->tmp.reuse_message = 1;
1592 /* 1592 /*
1593 * If we get here we don't need any cached handshake records 1593 * If we get here we don't need any cached handshake records
1594 * as we wont be doing client auth. 1594 * as we wont be doing client auth.
1595 */ 1595 */
1596 if (s->s3->handshake_buffer) { 1596 if (S3I(s)->handshake_buffer) {
1597 if (!tls1_digest_cached_records(s)) 1597 if (!tls1_digest_cached_records(s))
1598 goto err; 1598 goto err;
1599 } 1599 }
1600 return (1); 1600 return (1);
1601 } 1601 }
1602 1602
1603 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1603 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1604 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1604 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1605 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1605 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1606 SSL_R_WRONG_MESSAGE_TYPE); 1606 SSL_R_WRONG_MESSAGE_TYPE);
@@ -1608,7 +1608,7 @@ ssl3_get_certificate_request(SSL *s)
1608 } 1608 }
1609 1609
1610 /* TLS does not like anon-DH with client cert */ 1610 /* TLS does not like anon-DH with client cert */
1611 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1611 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1612 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1612 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1613 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1613 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1614 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1614 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1632,8 +1632,8 @@ ssl3_get_certificate_request(SSL *s)
1632 if (ctype_num > SSL3_CT_NUMBER) 1632 if (ctype_num > SSL3_CT_NUMBER)
1633 ctype_num = SSL3_CT_NUMBER; 1633 ctype_num = SSL3_CT_NUMBER;
1634 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || 1634 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1635 !CBS_write_bytes(&ctypes, (uint8_t *)s->s3->tmp.ctype, 1635 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1636 sizeof(s->s3->tmp.ctype), NULL)) { 1636 sizeof(S3I(s)->tmp.ctype), NULL)) {
1637 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1637 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1638 SSL_R_DATA_LENGTH_TOO_LONG); 1638 SSL_R_DATA_LENGTH_TOO_LONG);
1639 goto err; 1639 goto err;
@@ -1722,11 +1722,11 @@ ssl3_get_certificate_request(SSL *s)
1722 } 1722 }
1723 1723
1724 /* we should setup a certificate to return.... */ 1724 /* we should setup a certificate to return.... */
1725 s->s3->tmp.cert_req = 1; 1725 S3I(s)->tmp.cert_req = 1;
1726 s->s3->tmp.ctype_num = ctype_num; 1726 S3I(s)->tmp.ctype_num = ctype_num;
1727 if (s->s3->tmp.ca_names != NULL) 1727 if (S3I(s)->tmp.ca_names != NULL)
1728 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1728 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1729 s->s3->tmp.ca_names = ca_sk; 1729 S3I(s)->tmp.ca_names = ca_sk;
1730 ca_sk = NULL; 1730 ca_sk = NULL;
1731 1731
1732 ret = 1; 1732 ret = 1;
@@ -1761,11 +1761,11 @@ ssl3_get_new_session_ticket(SSL *s)
1761 if (!ok) 1761 if (!ok)
1762 return ((int)n); 1762 return ((int)n);
1763 1763
1764 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) { 1764 if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
1765 s->s3->tmp.reuse_message = 1; 1765 S3I(s)->tmp.reuse_message = 1;
1766 return (1); 1766 return (1);
1767 } 1767 }
1768 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1768 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1769 al = SSL_AD_UNEXPECTED_MESSAGE; 1769 al = SSL_AD_UNEXPECTED_MESSAGE;
1770 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1770 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1771 SSL_R_BAD_MESSAGE_TYPE); 1771 SSL_R_BAD_MESSAGE_TYPE);
@@ -2255,7 +2255,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2255 /* 2255 /*
2256 * If we have client certificate, use its secret as peer key. 2256 * If we have client certificate, use its secret as peer key.
2257 */ 2257 */
2258 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2258 if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) {
2259 if (EVP_PKEY_derive_set_peer(pkey_ctx, 2259 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2260 s->cert->key->privatekey) <=0) { 2260 s->cert->key->privatekey) <=0) {
2261 /* 2261 /*
@@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s)
2339 memset(&cbb, 0, sizeof(cbb)); 2339 memset(&cbb, 0, sizeof(cbb));
2340 2340
2341 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2341 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2342 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2342 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2343 2343
2344 if ((sess_cert = s->session->sess_cert) == NULL) { 2344 if ((sess_cert = s->session->sess_cert) == NULL) {
2345 ssl3_send_alert(s, SSL3_AL_FATAL, 2345 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2427,7 +2427,7 @@ ssl3_send_client_verify(SSL *s)
2427 long hdatalen = 0; 2427 long hdatalen = 0;
2428 void *hdata; 2428 void *hdata;
2429 const EVP_MD *md = s->cert->key->digest; 2429 const EVP_MD *md = s->cert->key->digest;
2430 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2430 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer,
2431 &hdata); 2431 &hdata);
2432 if (hdatalen <= 0 || 2432 if (hdatalen <= 0 ||
2433 !tls12_get_sigandhash(p, pkey, md)) { 2433 !tls12_get_sigandhash(p, pkey, md)) {
@@ -2491,7 +2491,7 @@ ssl3_send_client_verify(SSL *s)
2491 int nid; 2491 int nid;
2492 size_t sigsize; 2492 size_t sigsize;
2493 2493
2494 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2494 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2495 if (hdatalen <= 0) { 2495 if (hdatalen <= 0) {
2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2497 ERR_R_INTERNAL_ERROR); 2497 ERR_R_INTERNAL_ERROR);
@@ -2590,7 +2590,7 @@ ssl3_send_client_certificate(SSL *s)
2590 X509_free(x509); 2590 X509_free(x509);
2591 EVP_PKEY_free(pkey); 2591 EVP_PKEY_free(pkey);
2592 if (i == 0) 2592 if (i == 0)
2593 s->s3->tmp.cert_req = 2; 2593 S3I(s)->tmp.cert_req = 2;
2594 2594
2595 /* Ok, we have a cert */ 2595 /* Ok, we have a cert */
2596 s->state = SSL3_ST_CW_CERT_C; 2596 s->state = SSL3_ST_CW_CERT_C;
@@ -2601,7 +2601,7 @@ ssl3_send_client_certificate(SSL *s)
2601 SSL3_MT_CERTIFICATE)) 2601 SSL3_MT_CERTIFICATE))
2602 goto err; 2602 goto err;
2603 if (!ssl3_output_cert_chain(s, &client_cert, 2603 if (!ssl3_output_cert_chain(s, &client_cert,
2604 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) 2604 (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
2605 goto err; 2605 goto err;
2606 if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) 2606 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2607 goto err; 2607 goto err;
@@ -2629,8 +2629,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2629 SESS_CERT *sc; 2629 SESS_CERT *sc;
2630 DH *dh; 2630 DH *dh;
2631 2631
2632 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2632 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2633 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2633 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
2634 2634
2635 /* We don't have a certificate. */ 2635 /* We don't have a certificate. */
2636 if (alg_a & SSL_aNULL) 2636 if (alg_a & SSL_aNULL)
@@ -2740,9 +2740,9 @@ ssl3_check_finished(SSL *s)
2740 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); 2740 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
2741 if (!ok) 2741 if (!ok)
2742 return ((int)n); 2742 return ((int)n);
2743 s->s3->tmp.reuse_message = 1; 2743 S3I(s)->tmp.reuse_message = 1;
2744 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || 2744 if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
2745 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) 2745 (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2746 return (2); 2746 return (2);
2747 2747
2748 return (1); 2748 return (1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 03:14:06 +0000