1 files changed, 23 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 91080e9360..ad7fe4d575 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.287 2022/01/14 09:10:11 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -732,10 +732,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
 {
        size_t  ret;
-        ret = S3I(s)->hs.finished_len;
+        ret = s->s3->hs.finished_len;
        if (count > ret)
                count = ret;
-        memcpy(buf, S3I(s)->hs.finished, count);
+        memcpy(buf, s->s3->hs.finished, count);
        return (ret);
 }
@@ -745,10 +745,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
 {
        size_t  ret;
-        ret = S3I(s)->hs.peer_finished_len;
+        ret = s->s3->hs.peer_finished_len;
        if (count > ret)
                count = ret;
-        memcpy(buf, S3I(s)->hs.peer_finished, count);
+        memcpy(buf, s->s3->hs.peer_finished, count);
        return (ret);
 }
@@ -1294,7 +1294,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
                return (1);
        case SSL_CTRL_GET_RI_SUPPORT:
                if (s->s3)
-                        return (S3I(s)->send_connection_binding);
+                        return (s->s3->send_connection_binding);
                else return (0);
        default:
                if (SSL_is_dtls(s))
@@ -1837,8 +1837,8 @@ void
 SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
    unsigned int *len)
 {
-        *data = ssl->s3->internal->alpn_selected;
+        *data = ssl->s3->alpn_selected;
-        *len = ssl->s3->internal->alpn_selected_len;
+        *len = ssl->s3->alpn_selected_len;
 }
 void
@@ -2224,8 +2224,8 @@ ssl_using_ecc_cipher(SSL *s)
 {
        unsigned long alg_a, alg_k;
-        alg_a = S3I(s)->hs.cipher->algorithm_auth;
+        alg_a = s->s3->hs.cipher->algorithm_auth;
-        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+        alg_k = s->s3->hs.cipher->algorithm_mkey;
        return s->session->tlsext_ecpointformatlist != NULL &&
            s->session->tlsext_ecpointformatlist_length > 0 &&
@@ -2235,7 +2235,7 @@ ssl_using_ecc_cipher(SSL *s)
 int
 ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
 {
-        const SSL_CIPHER *cs = S3I(s)->hs.cipher;
+        const SSL_CIPHER *cs = s->s3->hs.cipher;
        unsigned long alg_a;
        alg_a = cs->algorithm_auth;
@@ -2259,9 +2259,9 @@ ssl_get_server_send_pkey(const SSL *s)
        int i;
        c = s->cert;
-        ssl_set_cert_masks(c, S3I(s)->hs.cipher);
+        ssl_set_cert_masks(c, s->s3->hs.cipher);
-        alg_a = S3I(s)->hs.cipher->algorithm_auth;
+        alg_a = s->s3->hs.cipher->algorithm_auth;
        if (alg_a & SSL_aECDSA) {
                i = SSL_PKEY_ECC;
@@ -2319,9 +2319,9 @@ ssl_dhe_params_auto_key_bits(SSL *s)
        if (s->cert->dhe_params_auto == 2) {
                key_bits = 1024;
-        } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
+        } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
                key_bits = 1024;
-                if (S3I(s)->hs.cipher->strength_bits == 256)
+                if (s->s3->hs.cipher->strength_bits == 256)
                        key_bits = 3072;
        } else {
                if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2352,7 +2352,7 @@ ssl_should_update_external_cache(SSL *s, int mode)
                return 1;
        /* If it's TLS 1.3, do it to match OpenSSL */
-        if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)
+        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
                return 1;
        return 0;
@@ -2377,7 +2377,7 @@ ssl_should_update_internal_cache(SSL *s, int mode)
                return 0;
        /* If we are lesser than TLS 1.3, Cache it. */
-        if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
                return 1;
        /* Below this we consider TLS 1.3 or later */
@@ -2556,7 +2556,7 @@ SSL_get_error(const SSL *s, int i)
        if (i == 0) {
                if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-                    (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
+                    (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
                        return (SSL_ERROR_ZERO_RETURN);
        }
        return (SSL_ERROR_SYSCALL);
@@ -2589,7 +2589,7 @@ SSL_set_accept_state(SSL *s)
 {
        s->server = 1;
        s->internal->shutdown = 0;
-        S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
+        s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
        s->internal->handshake_func = s->method->ssl_accept;
        ssl_clear_cipher_state(s);
 }
@@ -2599,7 +2599,7 @@ SSL_set_connect_state(SSL *s)
 {
        s->server = 0;
        s->internal->shutdown = 0;
-        S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
+        s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
        s->internal->handshake_func = s->method->ssl_connect;
        ssl_clear_cipher_state(s);
 }
@@ -2731,7 +2731,7 @@ SSL_dup(SSL *s)
        ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
        ret->internal->shutdown = s->internal->shutdown;
        /* SSL_dup does not really work at any state, though */
-        S3I(ret)->hs.state = S3I(s)->hs.state;
+        ret->s3->hs.state = s->s3->hs.state;
        ret->internal->rstate = s->internal->rstate;
        /*
@@ -3018,13 +3018,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
 int
 SSL_state(const SSL *ssl)
 {
-        return (S3I(ssl)->hs.state);
+        return (ssl->s3->hs.state);
 }
 void
 SSL_set_state(SSL *ssl, int state)
 {
-        S3I(ssl)->hs.state = state;
+        ssl->s3->hs.state = state;
 }
 void

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 91080e9360..ad7fe4d575 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.287 2022/01/14 09:10:11 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -732,10 +732,10 @@ SSL_get_finished(const SSL s, void buf, size_t count)
732	{	732	{
733	size_t ret;	733	size_t ret;
734		734
735	ret = S3I(s)->hs.finished_len;	735	ret = s->s3->hs.finished_len;
736	if (count > ret)	736	if (count > ret)
737	count = ret;	737	count = ret;
738	memcpy(buf, S3I(s)->hs.finished, count);	738	memcpy(buf, s->s3->hs.finished, count);
739	return (ret);	739	return (ret);
740	}	740	}
741		741
@@ -745,10 +745,10 @@ SSL_get_peer_finished(const SSL s, void buf, size_t count)
745	{	745	{
746	size_t ret;	746	size_t ret;
747		747
748	ret = S3I(s)->hs.peer_finished_len;	748	ret = s->s3->hs.peer_finished_len;
749	if (count > ret)	749	if (count > ret)
750	count = ret;	750	count = ret;
751	memcpy(buf, S3I(s)->hs.peer_finished, count);	751	memcpy(buf, s->s3->hs.peer_finished, count);
752	return (ret);	752	return (ret);
753	}	753	}
754		754
@@ -1294,7 +1294,7 @@ SSL_ctrl(SSL s, int cmd, long larg, void parg)
1294	return (1);	1294	return (1);
1295	case SSL_CTRL_GET_RI_SUPPORT:	1295	case SSL_CTRL_GET_RI_SUPPORT:
1296	if (s->s3)	1296	if (s->s3)
1297	return (S3I(s)->send_connection_binding);	1297	return (s->s3->send_connection_binding);
1298	else return (0);	1298	else return (0);
1299	default:	1299	default:
1300	if (SSL_is_dtls(s))	1300	if (SSL_is_dtls(s))
@@ -1837,8 +1837,8 @@ void
1837	SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,	1837	SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
1838	unsigned int *len)	1838	unsigned int *len)
1839	{	1839	{
1840	*data = ssl->s3->internal->alpn_selected;	1840	*data = ssl->s3->alpn_selected;
1841	*len = ssl->s3->internal->alpn_selected_len;	1841	*len = ssl->s3->alpn_selected_len;
1842	}	1842	}
1843		1843
1844	void	1844	void
@@ -2224,8 +2224,8 @@ ssl_using_ecc_cipher(SSL *s)
2224	{	2224	{
2225	unsigned long alg_a, alg_k;	2225	unsigned long alg_a, alg_k;
2226		2226
2227	alg_a = S3I(s)->hs.cipher->algorithm_auth;	2227	alg_a = s->s3->hs.cipher->algorithm_auth;
2228	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2228	alg_k = s->s3->hs.cipher->algorithm_mkey;
2229		2229
2230	return s->session->tlsext_ecpointformatlist != NULL &&	2230	return s->session->tlsext_ecpointformatlist != NULL &&
2231	s->session->tlsext_ecpointformatlist_length > 0 &&	2231	s->session->tlsext_ecpointformatlist_length > 0 &&
@@ -2235,7 +2235,7 @@ ssl_using_ecc_cipher(SSL *s)
2235	int	2235	int
2236	ssl_check_srvr_ecc_cert_and_alg(SSL s, X509 x)	2236	ssl_check_srvr_ecc_cert_and_alg(SSL s, X509 x)
2237	{	2237	{
2238	const SSL_CIPHER *cs = S3I(s)->hs.cipher;	2238	const SSL_CIPHER *cs = s->s3->hs.cipher;
2239	unsigned long alg_a;	2239	unsigned long alg_a;
2240		2240
2241	alg_a = cs->algorithm_auth;	2241	alg_a = cs->algorithm_auth;
@@ -2259,9 +2259,9 @@ ssl_get_server_send_pkey(const SSL *s)
2259	int i;	2259	int i;
2260		2260
2261	c = s->cert;	2261	c = s->cert;
2262	ssl_set_cert_masks(c, S3I(s)->hs.cipher);	2262	ssl_set_cert_masks(c, s->s3->hs.cipher);
2263		2263
2264	alg_a = S3I(s)->hs.cipher->algorithm_auth;	2264	alg_a = s->s3->hs.cipher->algorithm_auth;
2265		2265
2266	if (alg_a & SSL_aECDSA) {	2266	if (alg_a & SSL_aECDSA) {
2267	i = SSL_PKEY_ECC;	2267	i = SSL_PKEY_ECC;
@@ -2319,9 +2319,9 @@ ssl_dhe_params_auto_key_bits(SSL *s)
2319		2319
2320	if (s->cert->dhe_params_auto == 2) {	2320	if (s->cert->dhe_params_auto == 2) {
2321	key_bits = 1024;	2321	key_bits = 1024;
2322	} else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {	2322	} else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
2323	key_bits = 1024;	2323	key_bits = 1024;
2324	if (S3I(s)->hs.cipher->strength_bits == 256)	2324	if (s->s3->hs.cipher->strength_bits == 256)
2325	key_bits = 3072;	2325	key_bits = 3072;
2326	} else {	2326	} else {
2327	if ((cpk = ssl_get_server_send_pkey(s)) == NULL)	2327	if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2352,7 +2352,7 @@ ssl_should_update_external_cache(SSL *s, int mode)
2352	return 1;	2352	return 1;
2353		2353
2354	/* If it's TLS 1.3, do it to match OpenSSL */	2354	/* If it's TLS 1.3, do it to match OpenSSL */
2355	if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)	2355	if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
2356	return 1;	2356	return 1;
2357		2357
2358	return 0;	2358	return 0;
@@ -2377,7 +2377,7 @@ ssl_should_update_internal_cache(SSL *s, int mode)
2377	return 0;	2377	return 0;
2378		2378
2379	/* If we are lesser than TLS 1.3, Cache it. */	2379	/* If we are lesser than TLS 1.3, Cache it. */
2380	if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)	2380	if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
2381	return 1;	2381	return 1;
2382		2382
2383	/* Below this we consider TLS 1.3 or later */	2383	/* Below this we consider TLS 1.3 or later */
@@ -2556,7 +2556,7 @@ SSL_get_error(const SSL *s, int i)
2556		2556
2557	if (i == 0) {	2557	if (i == 0) {
2558	if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&	2558	if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2559	(S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))	2559	(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2560	return (SSL_ERROR_ZERO_RETURN);	2560	return (SSL_ERROR_ZERO_RETURN);
2561	}	2561	}
2562	return (SSL_ERROR_SYSCALL);	2562	return (SSL_ERROR_SYSCALL);
@@ -2589,7 +2589,7 @@ SSL_set_accept_state(SSL *s)
2589	{	2589	{
2590	s->server = 1;	2590	s->server = 1;
2591	s->internal->shutdown = 0;	2591	s->internal->shutdown = 0;
2592	S3I(s)->hs.state = SSL_ST_ACCEPT\|SSL_ST_BEFORE;	2592	s->s3->hs.state = SSL_ST_ACCEPT\|SSL_ST_BEFORE;
2593	s->internal->handshake_func = s->method->ssl_accept;	2593	s->internal->handshake_func = s->method->ssl_accept;
2594	ssl_clear_cipher_state(s);	2594	ssl_clear_cipher_state(s);
2595	}	2595	}
@@ -2599,7 +2599,7 @@ SSL_set_connect_state(SSL *s)
2599	{	2599	{
2600	s->server = 0;	2600	s->server = 0;
2601	s->internal->shutdown = 0;	2601	s->internal->shutdown = 0;
2602	S3I(s)->hs.state = SSL_ST_CONNECT\|SSL_ST_BEFORE;	2602	s->s3->hs.state = SSL_ST_CONNECT\|SSL_ST_BEFORE;
2603	s->internal->handshake_func = s->method->ssl_connect;	2603	s->internal->handshake_func = s->method->ssl_connect;
2604	ssl_clear_cipher_state(s);	2604	ssl_clear_cipher_state(s);
2605	}	2605	}
@@ -2731,7 +2731,7 @@ SSL_dup(SSL *s)
2731	ret->internal->quiet_shutdown = s->internal->quiet_shutdown;	2731	ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
2732	ret->internal->shutdown = s->internal->shutdown;	2732	ret->internal->shutdown = s->internal->shutdown;
2733	/* SSL_dup does not really work at any state, though */	2733	/* SSL_dup does not really work at any state, though */
2734	S3I(ret)->hs.state = S3I(s)->hs.state;	2734	ret->s3->hs.state = s->s3->hs.state;
2735	ret->internal->rstate = s->internal->rstate;	2735	ret->internal->rstate = s->internal->rstate;
2736		2736
2737	/*	2737	/*
@@ -3018,13 +3018,13 @@ void (SSL_get_info_callback(const SSL ssl))(const SSL *ssl, int type, int val)
3018	int	3018	int
3019	SSL_state(const SSL *ssl)	3019	SSL_state(const SSL *ssl)
3020	{	3020	{
3021	return (S3I(ssl)->hs.state);	3021	return (ssl->s3->hs.state);
3022	}	3022	}
3023		3023
3024	void	3024	void
3025	SSL_set_state(SSL *ssl, int state)	3025	SSL_set_state(SSL *ssl, int state)
3026	{	3026	{
3027	S3I(ssl)->hs.state = state;	3027	ssl->s3->hs.state = state;
3028	}	3028	}
3029		3029
3030	void	3030	void