1 files changed, 33 insertions, 66 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c3912c3ebd..70b6fff6bf 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.127 2022/01/06 18:23:56 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.128 2022/01/08 12:59:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1076,7 +1076,6 @@ ssl3_get_server_certificate(SSL *s)
        X509 *x = NULL;
        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
-        SESS_CERT *sc;
        EVP_PKEY *pkey = NULL;
        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
@@ -1154,20 +1153,11 @@ ssl3_get_server_certificate(SSL *s)
        }
        ERR_clear_error(); /* but we keep s->verify_result */
-        sc = ssl_sess_cert_new();
-        if (sc == NULL)
-                goto err;
-        ssl_sess_cert_free(s->session->sess_cert);
-        s->session->sess_cert = sc;
-        sc->cert_chain = sk;
        /*
         * Inconsistency alert: cert_chain does include the peer's
         * certificate, which we don't include in s3_srvr.c
         */
        x = sk_X509_value(sk, 0);
-        sk = NULL;
-        /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
        pkey = X509_get_pubkey(x);
@@ -1185,20 +1175,21 @@ ssl3_get_server_certificate(SSL *s)
                SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
                goto fatal_err;
        }
+        s->session->peer_cert_type = i;
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = sk;
+        sk = NULL;
-        sc->peer_cert_type = i;
        X509_up_ref(x);
-        /*
+        X509_free(s->session->peer_pkeys[i].x509);
-         * Why would the following ever happen?
+        s->session->peer_pkeys[i].x509 = x;
-         * We just created sc a couple of lines ago.
+        s->session->peer_key = &s->session->peer_pkeys[i];
-         */
-        X509_free(sc->peer_pkeys[i].x509);
-        sc->peer_pkeys[i].x509 = x;
-        sc->peer_key = &(sc->peer_pkeys[i]);
-        X509_free(s->session->peer);
        X509_up_ref(x);
+        X509_free(s->session->peer);
        s->session->peer = x;
        s->session->verify_result = s->verify_result;
        x = NULL;
@@ -1225,11 +1216,9 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 {
        int nid = NID_dhKeyAgreement;
        int invalid_params, invalid_key;
-        SESS_CERT *sc;
        long alg_a;
        alg_a = S3I(s)->hs.cipher->algorithm_auth;
-        sc = s->session->sess_cert;
        tls_key_share_free(S3I(s)->hs.key_share);
        if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
@@ -1254,7 +1243,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
        if (alg_a & SSL_aRSA)
-                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
+                *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
        else
                /* XXX - Anonymous DH, so no certificate or pkey. */
                *pkey = NULL;
@@ -1275,11 +1264,9 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        CBS public;
        uint8_t curve_type;
        uint16_t curve_id;
-        SESS_CERT *sc;
        long alg_a;
        alg_a = S3I(s)->hs.cipher->algorithm_auth;
-        sc = s->session->sess_cert;
        if (!CBS_get_u8(cbs, &curve_type))
                goto decode_err;
@@ -1319,9 +1306,9 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
         * and ECDSA.
         */
        if (alg_a & SSL_aRSA)
-                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
+                *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
        else if (alg_a & SSL_aECDSA)
-                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);
+                *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_ECC].x509);
        else
                /* XXX - Anonymous ECDH, so no certificate or pkey. */
                *pkey = NULL;
@@ -1381,12 +1368,6 @@ ssl3_get_server_key_exchange(SSL *s)
                return (1);
        }
-        if (s->session->sess_cert == NULL) {
-                s->session->sess_cert = ssl_sess_cert_new();
-                if (s->session->sess_cert == NULL)
-                        goto err;
-        }
        param = CBS_data(&cbs);
        param_len = CBS_len(&cbs);
@@ -1823,7 +1804,7 @@ ssl3_get_server_done(SSL *s)
 }
 static int
-ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
+ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
 {
        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
        unsigned char *enc_pms = NULL;
@@ -1838,7 +1819,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
         * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
         */
-        pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509);
+        pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
        if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
@@ -1890,7 +1871,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 }
 static int
-ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
+ssl3_send_client_kex_dhe(SSL *s, CBB *cbb)
 {
        uint8_t *key = NULL;
        size_t key_len = 0;
@@ -1922,7 +1903,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 }
 static int
-ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
+ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
 {
        uint8_t *key = NULL;
        size_t key_len = 0;
@@ -1961,7 +1942,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
 }
 static int
-ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
+ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
 {
        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
        EVP_PKEY *pub_key = NULL;
@@ -1975,7 +1956,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        CBB gostblob;
        /* Get server sertificate PKEY and create ctx from it */
-        peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
+        peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
        if (peer_cert == NULL) {
                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
                goto err;
@@ -2074,7 +2055,6 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 int
 ssl3_send_client_key_exchange(SSL *s)
 {
-        SESS_CERT *sess_cert;
        unsigned long alg_k;
        CBB cbb, kex;
@@ -2083,28 +2063,21 @@ ssl3_send_client_key_exchange(SSL *s)
        if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
                alg_k = S3I(s)->hs.cipher->algorithm_mkey;
-                if ((sess_cert = s->session->sess_cert) == NULL) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
                if (!ssl3_handshake_msg_start(s, &cbb, &kex,
                    SSL3_MT_CLIENT_KEY_EXCHANGE))
                        goto err;
                if (alg_k & SSL_kRSA) {
-                        if (!ssl3_send_client_kex_rsa(s, sess_cert, &kex))
+                        if (!ssl3_send_client_kex_rsa(s, &kex))
                                goto err;
                } else if (alg_k & SSL_kDHE) {
-                        if (!ssl3_send_client_kex_dhe(s, sess_cert, &kex))
+                        if (!ssl3_send_client_kex_dhe(s, &kex))
                                goto err;
                } else if (alg_k & SSL_kECDHE) {
-                        if (!ssl3_send_client_kex_ecdhe(s, sess_cert, &kex))
+                        if (!ssl3_send_client_kex_ecdhe(s, &kex))
                                goto err;
                } else if (alg_k & SSL_kGOST) {
-                        if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)
+                        if (ssl3_send_client_kex_gost(s, &kex) != 1)
                                goto err;
                } else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2481,11 +2454,10 @@ ssl3_send_client_certificate(SSL *s)
 int
 ssl3_check_cert_and_algorithm(SSL *s)
 {
-        int              i, idx;
+        long alg_k, alg_a;
-        long             alg_k, alg_a;
+        EVP_PKEY *pkey = NULL;
-        EVP_PKEY        *pkey = NULL;
-        SESS_CERT       *sc;
        int nid = NID_undef;
+        int i, idx;
        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2494,21 +2466,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
        if (alg_a & SSL_aNULL)
                return (1);
-        sc = s->session->sess_cert;
-        if (sc == NULL) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
        if (S3I(s)->hs.key_share != NULL)
                nid = tls_key_share_nid(S3I(s)->hs.key_share);
        /* This is the passed certificate. */
-        idx = sc->peer_cert_type;
+        idx = s->session->peer_cert_type;
        if (idx == SSL_PKEY_ECC) {
                if (ssl_check_srvr_ecc_cert_and_alg(
-                    sc->peer_pkeys[idx].x509, s) == 0) {
+                    s->session->peer_pkeys[idx].x509, s) == 0) {
                        /* check failed */
                        SSLerror(s, SSL_R_BAD_ECC_CERT);
                        goto fatal_err;
@@ -2516,8 +2482,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
                        return (1);
                }
        }
-        pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
+        pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);
-        i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
+        i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);
        EVP_PKEY_free(pkey);
        /* Check that we have a certificate if we require one. */
@@ -2536,9 +2502,10 @@ ssl3_check_cert_and_algorithm(SSL *s)
        }
        return (1);
 fatal_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- err:
        return (0);
 }

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index c3912c3ebd..70b6fff6bf 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.127 2022/01/06 18:23:56 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.128 2022/01/08 12:59:58 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1076,7 +1076,6 @@ ssl3_get_server_certificate(SSL *s)
1076	X509 *x = NULL;	1076	X509 *x = NULL;
1077	const unsigned char *q;	1077	const unsigned char *q;
1078	STACK_OF(X509) *sk = NULL;	1078	STACK_OF(X509) *sk = NULL;
1079	SESS_CERT *sc;
1080	EVP_PKEY *pkey = NULL;	1079	EVP_PKEY *pkey = NULL;
1081		1080
1082	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,	1081	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
@@ -1154,20 +1153,11 @@ ssl3_get_server_certificate(SSL *s)
1154	}	1153	}
1155	ERR_clear_error(); /* but we keep s->verify_result */	1154	ERR_clear_error(); /* but we keep s->verify_result */
1156		1155
1157	sc = ssl_sess_cert_new();
1158	if (sc == NULL)
1159	goto err;
1160	ssl_sess_cert_free(s->session->sess_cert);
1161	s->session->sess_cert = sc;
1162
1163	sc->cert_chain = sk;
1164	/*	1156	/*
1165	* Inconsistency alert: cert_chain does include the peer's	1157	* Inconsistency alert: cert_chain does include the peer's
1166	* certificate, which we don't include in s3_srvr.c	1158	* certificate, which we don't include in s3_srvr.c
1167	*/	1159	*/
1168	x = sk_X509_value(sk, 0);	1160	x = sk_X509_value(sk, 0);
1169	sk = NULL;
1170	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1171		1161
1172	pkey = X509_get_pubkey(x);	1162	pkey = X509_get_pubkey(x);
1173		1163
@@ -1185,20 +1175,21 @@ ssl3_get_server_certificate(SSL *s)
1185	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);	1175	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1186	goto fatal_err;	1176	goto fatal_err;
1187	}	1177	}
		1178	s->session->peer_cert_type = i;
		1179
		1180	sk_X509_pop_free(s->session->cert_chain, X509_free);
		1181	s->session->cert_chain = sk;
		1182	sk = NULL;
1188		1183
1189	sc->peer_cert_type = i;
1190	X509_up_ref(x);	1184	X509_up_ref(x);
1191	/*	1185	X509_free(s->session->peer_pkeys[i].x509);
1192	* Why would the following ever happen?	1186	s->session->peer_pkeys[i].x509 = x;
1193	* We just created sc a couple of lines ago.	1187	s->session->peer_key = &s->session->peer_pkeys[i];
1194	*/
1195	X509_free(sc->peer_pkeys[i].x509);
1196	sc->peer_pkeys[i].x509 = x;
1197	sc->peer_key = &(sc->peer_pkeys[i]);
1198		1188
1199	X509_free(s->session->peer);
1200	X509_up_ref(x);	1189	X509_up_ref(x);
		1190	X509_free(s->session->peer);
1201	s->session->peer = x;	1191	s->session->peer = x;
		1192
1202	s->session->verify_result = s->verify_result;	1193	s->session->verify_result = s->verify_result;
1203		1194
1204	x = NULL;	1195	x = NULL;
@@ -1225,11 +1216,9 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1225	{	1216	{
1226	int nid = NID_dhKeyAgreement;	1217	int nid = NID_dhKeyAgreement;
1227	int invalid_params, invalid_key;	1218	int invalid_params, invalid_key;
1228	SESS_CERT *sc;
1229	long alg_a;	1219	long alg_a;
1230		1220
1231	alg_a = S3I(s)->hs.cipher->algorithm_auth;	1221	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1232	sc = s->session->sess_cert;
1233		1222
1234	tls_key_share_free(S3I(s)->hs.key_share);	1223	tls_key_share_free(S3I(s)->hs.key_share);
1235	if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)	1224	if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
@@ -1254,7 +1243,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1254	}	1243	}
1255		1244
1256	if (alg_a & SSL_aRSA)	1245	if (alg_a & SSL_aRSA)
1257	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);	1246	*pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
1258	else	1247	else
1259	/* XXX - Anonymous DH, so no certificate or pkey. */	1248	/* XXX - Anonymous DH, so no certificate or pkey. */
1260	*pkey = NULL;	1249	*pkey = NULL;
@@ -1275,11 +1264,9 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1275	CBS public;	1264	CBS public;
1276	uint8_t curve_type;	1265	uint8_t curve_type;
1277	uint16_t curve_id;	1266	uint16_t curve_id;
1278	SESS_CERT *sc;
1279	long alg_a;	1267	long alg_a;
1280		1268
1281	alg_a = S3I(s)->hs.cipher->algorithm_auth;	1269	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1282	sc = s->session->sess_cert;
1283		1270
1284	if (!CBS_get_u8(cbs, &curve_type))	1271	if (!CBS_get_u8(cbs, &curve_type))
1285	goto decode_err;	1272	goto decode_err;
@@ -1319,9 +1306,9 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1319	* and ECDSA.	1306	* and ECDSA.
1320	*/	1307	*/
1321	if (alg_a & SSL_aRSA)	1308	if (alg_a & SSL_aRSA)
1322	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);	1309	*pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
1323	else if (alg_a & SSL_aECDSA)	1310	else if (alg_a & SSL_aECDSA)
1324	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);	1311	*pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_ECC].x509);
1325	else	1312	else
1326	/* XXX - Anonymous ECDH, so no certificate or pkey. */	1313	/* XXX - Anonymous ECDH, so no certificate or pkey. */
1327	*pkey = NULL;	1314	*pkey = NULL;
@@ -1381,12 +1368,6 @@ ssl3_get_server_key_exchange(SSL *s)
1381	return (1);	1368	return (1);
1382	}	1369	}
1383		1370
1384	if (s->session->sess_cert == NULL) {
1385	s->session->sess_cert = ssl_sess_cert_new();
1386	if (s->session->sess_cert == NULL)
1387	goto err;
1388	}
1389
1390	param = CBS_data(&cbs);	1371	param = CBS_data(&cbs);
1391	param_len = CBS_len(&cbs);	1372	param_len = CBS_len(&cbs);
1392		1373
@@ -1823,7 +1804,7 @@ ssl3_get_server_done(SSL *s)
1823	}	1804	}
1824		1805
1825	static int	1806	static int
1826	ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)	1807	ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1827	{	1808	{
1828	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];	1809	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
1829	unsigned char *enc_pms = NULL;	1810	unsigned char *enc_pms = NULL;
@@ -1838,7 +1819,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1838	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.	1819	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
1839	*/	1820	*/
1840		1821
1841	pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509);	1822	pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
1842	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {	1823	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
1843	SSLerror(s, ERR_R_INTERNAL_ERROR);	1824	SSLerror(s, ERR_R_INTERNAL_ERROR);
1844	goto err;	1825	goto err;
@@ -1890,7 +1871,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1890	}	1871	}
1891		1872
1892	static int	1873	static int
1893	ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)	1874	ssl3_send_client_kex_dhe(SSL s, CBB cbb)
1894	{	1875	{
1895	uint8_t *key = NULL;	1876	uint8_t *key = NULL;
1896	size_t key_len = 0;	1877	size_t key_len = 0;
@@ -1922,7 +1903,7 @@ ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
1922	}	1903	}
1923		1904
1924	static int	1905	static int
1925	ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sc, CBB *cbb)	1906	ssl3_send_client_kex_ecdhe(SSL s, CBB cbb)
1926	{	1907	{
1927	uint8_t *key = NULL;	1908	uint8_t *key = NULL;
1928	size_t key_len = 0;	1909	size_t key_len = 0;
@@ -1961,7 +1942,7 @@ ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sc, CBB *cbb)
1961	}	1942	}
1962		1943
1963	static int	1944	static int
1964	ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)	1945	ssl3_send_client_kex_gost(SSL s, CBB cbb)
1965	{	1946	{
1966	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];	1947	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
1967	EVP_PKEY *pub_key = NULL;	1948	EVP_PKEY *pub_key = NULL;
@@ -1975,7 +1956,7 @@ ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)
1975	CBB gostblob;	1956	CBB gostblob;
1976		1957
1977	/* Get server sertificate PKEY and create ctx from it */	1958	/* Get server sertificate PKEY and create ctx from it */
1978	peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;	1959	peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
1979	if (peer_cert == NULL) {	1960	if (peer_cert == NULL) {
1980	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);	1961	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
1981	goto err;	1962	goto err;
@@ -2074,7 +2055,6 @@ ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)
2074	int	2055	int
2075	ssl3_send_client_key_exchange(SSL *s)	2056	ssl3_send_client_key_exchange(SSL *s)
2076	{	2057	{
2077	SESS_CERT *sess_cert;
2078	unsigned long alg_k;	2058	unsigned long alg_k;
2079	CBB cbb, kex;	2059	CBB cbb, kex;
2080		2060
@@ -2083,28 +2063,21 @@ ssl3_send_client_key_exchange(SSL *s)
2083	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {	2063	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2084	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2064	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2085		2065
2086	if ((sess_cert = s->session->sess_cert) == NULL) {
2087	ssl3_send_alert(s, SSL3_AL_FATAL,
2088	SSL_AD_UNEXPECTED_MESSAGE);
2089	SSLerror(s, ERR_R_INTERNAL_ERROR);
2090	goto err;
2091	}
2092
2093	if (!ssl3_handshake_msg_start(s, &cbb, &kex,	2066	if (!ssl3_handshake_msg_start(s, &cbb, &kex,
2094	SSL3_MT_CLIENT_KEY_EXCHANGE))	2067	SSL3_MT_CLIENT_KEY_EXCHANGE))
2095	goto err;	2068	goto err;
2096		2069
2097	if (alg_k & SSL_kRSA) {	2070	if (alg_k & SSL_kRSA) {
2098	if (!ssl3_send_client_kex_rsa(s, sess_cert, &kex))	2071	if (!ssl3_send_client_kex_rsa(s, &kex))
2099	goto err;	2072	goto err;
2100	} else if (alg_k & SSL_kDHE) {	2073	} else if (alg_k & SSL_kDHE) {
2101	if (!ssl3_send_client_kex_dhe(s, sess_cert, &kex))	2074	if (!ssl3_send_client_kex_dhe(s, &kex))
2102	goto err;	2075	goto err;
2103	} else if (alg_k & SSL_kECDHE) {	2076	} else if (alg_k & SSL_kECDHE) {
2104	if (!ssl3_send_client_kex_ecdhe(s, sess_cert, &kex))	2077	if (!ssl3_send_client_kex_ecdhe(s, &kex))
2105	goto err;	2078	goto err;
2106	} else if (alg_k & SSL_kGOST) {	2079	} else if (alg_k & SSL_kGOST) {
2107	if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)	2080	if (ssl3_send_client_kex_gost(s, &kex) != 1)
2108	goto err;	2081	goto err;
2109	} else {	2082	} else {
2110	ssl3_send_alert(s, SSL3_AL_FATAL,	2083	ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2481,11 +2454,10 @@ ssl3_send_client_certificate(SSL *s)
2481	int	2454	int
2482	ssl3_check_cert_and_algorithm(SSL *s)	2455	ssl3_check_cert_and_algorithm(SSL *s)
2483	{	2456	{
2484	int i, idx;	2457	long alg_k, alg_a;
2485	long alg_k, alg_a;	2458	EVP_PKEY *pkey = NULL;
2486	EVP_PKEY *pkey = NULL;
2487	SESS_CERT *sc;
2488	int nid = NID_undef;	2459	int nid = NID_undef;
		2460	int i, idx;
2489		2461
2490	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2462	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2491	alg_a = S3I(s)->hs.cipher->algorithm_auth;	2463	alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2494,21 +2466,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
2494	if (alg_a & SSL_aNULL)	2466	if (alg_a & SSL_aNULL)
2495	return (1);	2467	return (1);
2496		2468
2497	sc = s->session->sess_cert;
2498	if (sc == NULL) {
2499	SSLerror(s, ERR_R_INTERNAL_ERROR);
2500	goto err;
2501	}
2502
2503	if (S3I(s)->hs.key_share != NULL)	2469	if (S3I(s)->hs.key_share != NULL)
2504	nid = tls_key_share_nid(S3I(s)->hs.key_share);	2470	nid = tls_key_share_nid(S3I(s)->hs.key_share);
2505		2471
2506	/* This is the passed certificate. */	2472	/* This is the passed certificate. */
2507		2473
2508	idx = sc->peer_cert_type;	2474	idx = s->session->peer_cert_type;
2509	if (idx == SSL_PKEY_ECC) {	2475	if (idx == SSL_PKEY_ECC) {
2510	if (ssl_check_srvr_ecc_cert_and_alg(	2476	if (ssl_check_srvr_ecc_cert_and_alg(
2511	sc->peer_pkeys[idx].x509, s) == 0) {	2477	s->session->peer_pkeys[idx].x509, s) == 0) {
2512	/* check failed */	2478	/* check failed */
2513	SSLerror(s, SSL_R_BAD_ECC_CERT);	2479	SSLerror(s, SSL_R_BAD_ECC_CERT);
2514	goto fatal_err;	2480	goto fatal_err;
@@ -2516,8 +2482,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2516	return (1);	2482	return (1);
2517	}	2483	}
2518	}	2484	}
2519	pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);	2485	pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);
2520	i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);	2486	i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);
2521	EVP_PKEY_free(pkey);	2487	EVP_PKEY_free(pkey);
2522		2488
2523	/* Check that we have a certificate if we require one. */	2489	/* Check that we have a certificate if we require one. */
@@ -2536,9 +2502,10 @@ ssl3_check_cert_and_algorithm(SSL *s)
2536	}	2502	}
2537		2503
2538	return (1);	2504	return (1);
		2505
2539	fatal_err:	2506	fatal_err:
2540	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);	2507	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2541	err:	2508
2542	return (0);	2509	return (0);
2543	}	2510	}
2544		2511