1 files changed, 14 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 0f602bef7e..984ade0957 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -343,7 +343,7 @@ ssl3_connect(SSL *s)
                                break;
                        }
                        /* Check if it is anon DH/ECDH. */
-                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->hs.cipher->algorithm_auth &
                            SSL_aNULL)) {
                                ret = ssl3_get_server_certificate(s);
                                if (ret <= 0)
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
                        S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
                        s->internal->init_num = 0;
-                        s->session->cipher = S3I(s)->hs.new_cipher;
+                        s->session->cipher = S3I(s)->hs.cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s)
                SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
                goto fatal_err;
        }
-        S3I(s)->hs.new_cipher = cipher;
+        S3I(s)->hs.cipher = cipher;
        if (!tls1_transcript_hash_init(s))
                goto err;
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
         * Don't digest cached records if no sigalgs: we may need them for
         * client authentication.
         */
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
                tls1_transcript_free(s);
@@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        long alg_a;
        int al;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        sc = SSI(s)->sess_cert;
        if ((dh = DH_new()) == NULL) {
@@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        int nid;
        int al;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        sc = SSI(s)->sess_cert;
        /* Only named curves are supported. */
@@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s)
        EVP_MD_CTX_init(&md_ctx);
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        /*
         * Use same message size as in ssl3_get_certificate_request()
@@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s)
        }
        /* TLS does not like anon-DH with client cert */
-        if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
+        if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
                SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
                goto err;
@@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        }
        /* XXX check handshake hash instead. */
-        if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+        if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
                nid = NID_id_GostR3411_94;
        else
                nid = NID_id_tc26_gost3411_2012_256;
@@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
        if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
-                alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                if ((sess_cert = SSI(s)->sess_cert) == NULL) {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
        SESS_CERT       *sc;
        DH              *dh;
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        /* We don't have a certificate. */
        if (alg_a & SSL_aNULL)

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0f602bef7e..984ade0957 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -343,7 +343,7 @@ ssl3_connect(SSL *s)
343	break;	343	break;
344	}	344	}
345	/* Check if it is anon DH/ECDH. */	345	/* Check if it is anon DH/ECDH. */
346	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	346	if (!(S3I(s)->hs.cipher->algorithm_auth &
347	SSL_aNULL)) {	347	SSL_aNULL)) {
348	ret = ssl3_get_server_certificate(s);	348	ret = ssl3_get_server_certificate(s);
349	if (ret <= 0)	349	if (ret <= 0)
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
477	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;	477	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
478	s->internal->init_num = 0;	478	s->internal->init_num = 0;
479		479
480	s->session->cipher = S3I(s)->hs.new_cipher;	480	s->session->cipher = S3I(s)->hs.cipher;
481	if (!tls1_setup_key_block(s)) {	481	if (!tls1_setup_key_block(s)) {
482	ret = -1;	482	ret = -1;
483	goto end;	483	goto end;
@@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s)
1054	SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);	1054	SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1055	goto fatal_err;	1055	goto fatal_err;
1056	}	1056	}
1057	S3I(s)->hs.new_cipher = cipher;	1057	S3I(s)->hs.cipher = cipher;
1058		1058
1059	if (!tls1_transcript_hash_init(s))	1059	if (!tls1_transcript_hash_init(s))
1060	goto err;	1060	goto err;
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
1063	* Don't digest cached records if no sigalgs: we may need them for	1063	* Don't digest cached records if no sigalgs: we may need them for
1064	* client authentication.	1064	* client authentication.
1065	*/	1065	*/
1066	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1066	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1067	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)))	1067	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)))
1068	tls1_transcript_free(s);	1068	tls1_transcript_free(s);
1069		1069
@@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1276	long alg_a;	1276	long alg_a;
1277	int al;	1277	int al;
1278		1278
1279	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1279	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1280	sc = SSI(s)->sess_cert;	1280	sc = SSI(s)->sess_cert;
1281		1281
1282	if ((dh = DH_new()) == NULL) {	1282	if ((dh = DH_new()) == NULL) {
@@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1404	int nid;	1404	int nid;
1405	int al;	1405	int al;
1406		1406
1407	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1407	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1408	sc = SSI(s)->sess_cert;	1408	sc = SSI(s)->sess_cert;
1409		1409
1410	/* Only named curves are supported. */	1410	/* Only named curves are supported. */
@@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s)
1483		1483
1484	EVP_MD_CTX_init(&md_ctx);	1484	EVP_MD_CTX_init(&md_ctx);
1485		1485
1486	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1486	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1487	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1487	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1488		1488
1489	/*	1489	/*
1490	* Use same message size as in ssl3_get_certificate_request()	1490	* Use same message size as in ssl3_get_certificate_request()
@@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s)
1682	}	1682	}
1683		1683
1684	/* TLS does not like anon-DH with client cert */	1684	/* TLS does not like anon-DH with client cert */
1685	if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {	1685	if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
1686	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);	1686	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1687	SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);	1687	SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1688	goto err;	1688	goto err;
@@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)
2251	}	2251	}
2252		2252
2253	/* XXX check handshake hash instead. */	2253	/* XXX check handshake hash instead. */
2254	if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)	2254	if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
2255	nid = NID_id_GostR3411_94;	2255	nid = NID_id_GostR3411_94;
2256	else	2256	else
2257	nid = NID_id_tc26_gost3411_2012_256;	2257	nid = NID_id_tc26_gost3411_2012_256;
@@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s)
2314	memset(&cbb, 0, sizeof(cbb));	2314	memset(&cbb, 0, sizeof(cbb));
2315		2315
2316	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {	2316	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2317	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2317	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2318		2318
2319	if ((sess_cert = SSI(s)->sess_cert) == NULL) {	2319	if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2320	ssl3_send_alert(s, SSL3_AL_FATAL,	2320	ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2726	SESS_CERT *sc;	2726	SESS_CERT *sc;
2727	DH *dh;	2727	DH *dh;
2728		2728
2729	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2729	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2730	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	2730	alg_a = S3I(s)->hs.cipher->algorithm_auth;
2731		2731
2732	/* We don't have a certificate. */	2732	/* We don't have a certificate. */
2733	if (alg_a & SSL_aNULL)	2733	if (alg_a & SSL_aNULL)