1 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 789ab01213..4851231a8f 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -176,25 +176,25 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
                if (tls1_final_finish_mac(s, sender, slen,
-                    S3I(s)->tmp.finish_md) != md_len)
+                    S3I(s)->hs.finished) != md_len)
                        return (0);
-                S3I(s)->tmp.finish_md_len = md_len;
+                S3I(s)->hs.finished_len = md_len;
                /* Copy finished so we can use it for renegotiation checks. */
                if (!s->server) {
                        memcpy(S3I(s)->previous_client_finished,
-                            S3I(s)->tmp.finish_md, md_len);
+                            S3I(s)->hs.finished, md_len);
                        S3I(s)->previous_client_finished_len = md_len;
                } else {
                        memcpy(S3I(s)->previous_server_finished,
-                            S3I(s)->tmp.finish_md, md_len);
+                            S3I(s)->hs.finished, md_len);
                        S3I(s)->previous_server_finished_len = md_len;
                }
                if (!ssl3_handshake_msg_start(s, &cbb, &finished,
                    SSL3_MT_FINISHED))
                        goto err;
-                if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len))
+                if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len))
                        goto err;
                if (!ssl3_handshake_msg_finish(s, &cbb))
                        goto err;
@@ -235,9 +235,9 @@ ssl3_take_mac(SSL *s)
                slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
        }
-        S3I(s)->tmp.peer_finish_md_len =
+        S3I(s)->hs.peer_finished_len =
            tls1_final_finish_mac(s, sender, slen,
-                S3I(s)->tmp.peer_finish_md);
+                S3I(s)->hs.peer_finished);
 }
 int
@@ -270,14 +270,14 @@ ssl3_get_finished(SSL *s, int a, int b)
        CBS_init(&cbs, s->internal->init_msg, n);
-        if (S3I(s)->tmp.peer_finish_md_len != md_len ||
+        if (S3I(s)->hs.peer_finished_len != md_len ||
            CBS_len(&cbs) != md_len) {
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
                goto fatal_err;
        }
-        if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
+        if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) {
                al = SSL_AD_DECRYPT_ERROR;
                SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
                goto fatal_err;
@@ -287,11 +287,11 @@ ssl3_get_finished(SSL *s, int a, int b)
        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
        if (s->server) {
                memcpy(S3I(s)->previous_client_finished,
-                    S3I(s)->tmp.peer_finish_md, md_len);
+                    S3I(s)->hs.peer_finished, md_len);
                S3I(s)->previous_client_finished_len = md_len;
        } else {
                memcpy(S3I(s)->previous_server_finished,
-                    S3I(s)->tmp.peer_finish_md, md_len);
+                    S3I(s)->hs.peer_finished, md_len);
                S3I(s)->previous_server_finished_len = md_len;
        }

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 789ab01213..4851231a8f 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */	1	/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -176,25 +176,25 @@ ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
176	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);	176	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
177		177
178	if (tls1_final_finish_mac(s, sender, slen,	178	if (tls1_final_finish_mac(s, sender, slen,
179	S3I(s)->tmp.finish_md) != md_len)	179	S3I(s)->hs.finished) != md_len)
180	return (0);	180	return (0);
181	S3I(s)->tmp.finish_md_len = md_len;	181	S3I(s)->hs.finished_len = md_len;
182		182
183	/* Copy finished so we can use it for renegotiation checks. */	183	/* Copy finished so we can use it for renegotiation checks. */
184	if (!s->server) {	184	if (!s->server) {
185	memcpy(S3I(s)->previous_client_finished,	185	memcpy(S3I(s)->previous_client_finished,
186	S3I(s)->tmp.finish_md, md_len);	186	S3I(s)->hs.finished, md_len);
187	S3I(s)->previous_client_finished_len = md_len;	187	S3I(s)->previous_client_finished_len = md_len;
188	} else {	188	} else {
189	memcpy(S3I(s)->previous_server_finished,	189	memcpy(S3I(s)->previous_server_finished,
190	S3I(s)->tmp.finish_md, md_len);	190	S3I(s)->hs.finished, md_len);
191	S3I(s)->previous_server_finished_len = md_len;	191	S3I(s)->previous_server_finished_len = md_len;
192	}	192	}
193		193
194	if (!ssl3_handshake_msg_start(s, &cbb, &finished,	194	if (!ssl3_handshake_msg_start(s, &cbb, &finished,
195	SSL3_MT_FINISHED))	195	SSL3_MT_FINISHED))
196	goto err;	196	goto err;
197	if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len))	197	if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len))
198	goto err;	198	goto err;
199	if (!ssl3_handshake_msg_finish(s, &cbb))	199	if (!ssl3_handshake_msg_finish(s, &cbb))
200	goto err;	200	goto err;
@@ -235,9 +235,9 @@ ssl3_take_mac(SSL *s)
235	slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;	235	slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
236	}	236	}
237		237
238	S3I(s)->tmp.peer_finish_md_len =	238	S3I(s)->hs.peer_finished_len =
239	tls1_final_finish_mac(s, sender, slen,	239	tls1_final_finish_mac(s, sender, slen,
240	S3I(s)->tmp.peer_finish_md);	240	S3I(s)->hs.peer_finished);
241	}	241	}
242		242
243	int	243	int
@@ -270,14 +270,14 @@ ssl3_get_finished(SSL *s, int a, int b)
270		270
271	CBS_init(&cbs, s->internal->init_msg, n);	271	CBS_init(&cbs, s->internal->init_msg, n);
272		272
273	if (S3I(s)->tmp.peer_finish_md_len != md_len \|\|	273	if (S3I(s)->hs.peer_finished_len != md_len \|\|
274	CBS_len(&cbs) != md_len) {	274	CBS_len(&cbs) != md_len) {
275	al = SSL_AD_DECODE_ERROR;	275	al = SSL_AD_DECODE_ERROR;
276	SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);	276	SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
277	goto fatal_err;	277	goto fatal_err;
278	}	278	}
279		279
280	if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {	280	if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) {
281	al = SSL_AD_DECRYPT_ERROR;	281	al = SSL_AD_DECRYPT_ERROR;
282	SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);	282	SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
283	goto fatal_err;	283	goto fatal_err;
@@ -287,11 +287,11 @@ ssl3_get_finished(SSL *s, int a, int b)
287	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);	287	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
288	if (s->server) {	288	if (s->server) {
289	memcpy(S3I(s)->previous_client_finished,	289	memcpy(S3I(s)->previous_client_finished,
290	S3I(s)->tmp.peer_finish_md, md_len);	290	S3I(s)->hs.peer_finished, md_len);
291	S3I(s)->previous_client_finished_len = md_len;	291	S3I(s)->previous_client_finished_len = md_len;
292	} else {	292	} else {
293	memcpy(S3I(s)->previous_server_finished,	293	memcpy(S3I(s)->previous_server_finished,
294	S3I(s)->tmp.peer_finish_md, md_len);	294	S3I(s)->hs.peer_finished, md_len);
295	S3I(s)->previous_server_finished_len = md_len;	295	S3I(s)->previous_server_finished_len = md_len;
296	}	296	}
297		297