1 files changed, 21 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 92113c2953..6b43b565b9 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.90 2021/04/11 07:06:01 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -623,7 +623,7 @@ ssl3_connect(SSL *s)
                }
                /* did we do anything */
-                if (!S3I(s)->tmp.reuse_message && !skip) {
+                if (!S3I(s)->hs.tls12.reuse_message && !skip) {
                        if (s->internal->debug) {
                                if ((ret = BIO_flush(s->wbio)) <= 0)
                                        goto end;
@@ -804,9 +804,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
        if (!ok)
                return ((int)n);
-        if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+        if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
                D1I(s)->send_cookie = 0;
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                return (1);
        }
@@ -878,9 +878,9 @@ ssl3_get_server_hello(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, n);
        if (SSL_is_dtls(s)) {
-                if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
                        if (D1I(s)->send_cookie == 0) {
-                                S3I(s)->tmp.reuse_message = 1;
+                                S3I(s)->hs.tls12.reuse_message = 1;
                                return (1);
                        } else {
                                /* Already sent a cookie. */
@@ -891,7 +891,7 @@ ssl3_get_server_hello(SSL *s)
                }
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
                goto fatal_err;
@@ -1128,12 +1128,12 @@ ssl3_get_server_certificate(SSL *s)
        if (!ok)
                return ((int)n);
-        if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+        if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                return (1);
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
                goto fatal_err;
@@ -1498,7 +1498,7 @@ ssl3_get_server_key_exchange(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, n);
-        if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
                /*
                 * Do not skip server key exchange if this cipher suite uses
                 * ephemeral keys.
@@ -1509,7 +1509,7 @@ ssl3_get_server_key_exchange(SSL *s)
                        goto fatal_err;
                }
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                EVP_MD_CTX_cleanup(&md_ctx);
                return (1);
        }
@@ -1663,8 +1663,8 @@ ssl3_get_certificate_request(SSL *s)
        S3I(s)->tmp.cert_req = 0;
-        if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
+        if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                /*
                 * If we get here we don't need any cached handshake records
                 * as we wont be doing client auth.
@@ -1673,7 +1673,7 @@ ssl3_get_certificate_request(SSL *s)
                return (1);
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
                SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
                goto err;
@@ -1814,11 +1814,11 @@ ssl3_get_new_session_ticket(SSL *s)
        if (!ok)
                return ((int)n);
-        if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
+        if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                return (1);
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
                goto fatal_err;
@@ -2799,9 +2799,9 @@ ssl3_check_finished(SSL *s)
        if (!ok)
                return ((int)n);
-        S3I(s)->tmp.reuse_message = 1;
+        S3I(s)->hs.tls12.reuse_message = 1;
-        if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
+        if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
-            (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+            (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
                return (2);
        return (1);

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 92113c2953..6b43b565b9 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.90 2021/04/11 07:06:01 tb Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -623,7 +623,7 @@ ssl3_connect(SSL *s)
623	}	623	}
624		624
625	/* did we do anything */	625	/* did we do anything */
626	if (!S3I(s)->tmp.reuse_message && !skip) {	626	if (!S3I(s)->hs.tls12.reuse_message && !skip) {
627	if (s->internal->debug) {	627	if (s->internal->debug) {
628	if ((ret = BIO_flush(s->wbio)) <= 0)	628	if ((ret = BIO_flush(s->wbio)) <= 0)
629	goto end;	629	goto end;
@@ -804,9 +804,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
804	if (!ok)	804	if (!ok)
805	return ((int)n);	805	return ((int)n);
806		806
807	if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {	807	if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
808	D1I(s)->send_cookie = 0;	808	D1I(s)->send_cookie = 0;
809	S3I(s)->tmp.reuse_message = 1;	809	S3I(s)->hs.tls12.reuse_message = 1;
810	return (1);	810	return (1);
811	}	811	}
812		812
@@ -878,9 +878,9 @@ ssl3_get_server_hello(SSL *s)
878	CBS_init(&cbs, s->internal->init_msg, n);	878	CBS_init(&cbs, s->internal->init_msg, n);
879		879
880	if (SSL_is_dtls(s)) {	880	if (SSL_is_dtls(s)) {
881	if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {	881	if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
882	if (D1I(s)->send_cookie == 0) {	882	if (D1I(s)->send_cookie == 0) {
883	S3I(s)->tmp.reuse_message = 1;	883	S3I(s)->hs.tls12.reuse_message = 1;
884	return (1);	884	return (1);
885	} else {	885	} else {
886	/* Already sent a cookie. */	886	/* Already sent a cookie. */
@@ -891,7 +891,7 @@ ssl3_get_server_hello(SSL *s)
891	}	891	}
892	}	892	}
893		893
894	if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {	894	if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
895	al = SSL_AD_UNEXPECTED_MESSAGE;	895	al = SSL_AD_UNEXPECTED_MESSAGE;
896	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);	896	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
897	goto fatal_err;	897	goto fatal_err;
@@ -1128,12 +1128,12 @@ ssl3_get_server_certificate(SSL *s)
1128	if (!ok)	1128	if (!ok)
1129	return ((int)n);	1129	return ((int)n);
1130		1130
1131	if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {	1131	if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
1132	S3I(s)->tmp.reuse_message = 1;	1132	S3I(s)->hs.tls12.reuse_message = 1;
1133	return (1);	1133	return (1);
1134	}	1134	}
1135		1135
1136	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {	1136	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
1137	al = SSL_AD_UNEXPECTED_MESSAGE;	1137	al = SSL_AD_UNEXPECTED_MESSAGE;
1138	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);	1138	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1139	goto fatal_err;	1139	goto fatal_err;
@@ -1498,7 +1498,7 @@ ssl3_get_server_key_exchange(SSL *s)
1498		1498
1499	CBS_init(&cbs, s->internal->init_msg, n);	1499	CBS_init(&cbs, s->internal->init_msg, n);
1500		1500
1501	if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {	1501	if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1502	/*	1502	/*
1503	* Do not skip server key exchange if this cipher suite uses	1503	* Do not skip server key exchange if this cipher suite uses
1504	* ephemeral keys.	1504	* ephemeral keys.
@@ -1509,7 +1509,7 @@ ssl3_get_server_key_exchange(SSL *s)
1509	goto fatal_err;	1509	goto fatal_err;
1510	}	1510	}
1511		1511
1512	S3I(s)->tmp.reuse_message = 1;	1512	S3I(s)->hs.tls12.reuse_message = 1;
1513	EVP_MD_CTX_cleanup(&md_ctx);	1513	EVP_MD_CTX_cleanup(&md_ctx);
1514	return (1);	1514	return (1);
1515	}	1515	}
@@ -1663,8 +1663,8 @@ ssl3_get_certificate_request(SSL *s)
1663		1663
1664	S3I(s)->tmp.cert_req = 0;	1664	S3I(s)->tmp.cert_req = 0;
1665		1665
1666	if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {	1666	if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
1667	S3I(s)->tmp.reuse_message = 1;	1667	S3I(s)->hs.tls12.reuse_message = 1;
1668	/*	1668	/*
1669	* If we get here we don't need any cached handshake records	1669	* If we get here we don't need any cached handshake records
1670	* as we wont be doing client auth.	1670	* as we wont be doing client auth.
@@ -1673,7 +1673,7 @@ ssl3_get_certificate_request(SSL *s)
1673	return (1);	1673	return (1);
1674	}	1674	}
1675		1675
1676	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {	1676	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1677	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);	1677	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1678	SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);	1678	SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
1679	goto err;	1679	goto err;
@@ -1814,11 +1814,11 @@ ssl3_get_new_session_ticket(SSL *s)
1814	if (!ok)	1814	if (!ok)
1815	return ((int)n);	1815	return ((int)n);
1816		1816
1817	if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {	1817	if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
1818	S3I(s)->tmp.reuse_message = 1;	1818	S3I(s)->hs.tls12.reuse_message = 1;
1819	return (1);	1819	return (1);
1820	}	1820	}
1821	if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {	1821	if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
1822	al = SSL_AD_UNEXPECTED_MESSAGE;	1822	al = SSL_AD_UNEXPECTED_MESSAGE;
1823	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);	1823	SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1824	goto fatal_err;	1824	goto fatal_err;
@@ -2799,9 +2799,9 @@ ssl3_check_finished(SSL *s)
2799	if (!ok)	2799	if (!ok)
2800	return ((int)n);	2800	return ((int)n);
2801		2801
2802	S3I(s)->tmp.reuse_message = 1;	2802	S3I(s)->hs.tls12.reuse_message = 1;
2803	if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) \|\|	2803	if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) \|\|
2804	(S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))	2804	(S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
2805	return (2);	2805	return (2);
2806		2806
2807	return (1);	2807	return (1);