1 files changed, 8 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7ed3094c3e..b2af8fd7c9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.323 2021/02/25 17:06:05 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.324 2021/02/27 14:20:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -483,6 +483,9 @@ int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
 int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
 void tls12_record_layer_set_aead(struct tls12_record_layer *rl,
    const EVP_AEAD *aead);
+void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
+    const EVP_CIPHER *cipher, const EVP_MD *handshake_hash,
+    const EVP_MD *mac_hash);
 void tls12_record_layer_set_version(struct tls12_record_layer *rl,
    uint16_t version);
 void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
@@ -494,16 +497,8 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
 void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
 void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
 void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl);
-int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl,
+void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl,
-    SSL_AEAD_CTX *aead_ctx);
+    EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash);
-int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl,
-    SSL_AEAD_CTX *aead_ctx);
-int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
-    EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
-int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
-    EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
-int tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl,
-    const uint8_t *mac_key, size_t mac_key_len);
 int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
    const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key,
    size_t key_len, const uint8_t *iv, size_t iv_len);
@@ -774,9 +769,6 @@ typedef struct ssl_internal_st {
        STACK_OF(SSL_CIPHER) *cipher_list_tls13;
-        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
        struct tls12_record_layer *rl;
        /* session info */
@@ -902,8 +894,6 @@ typedef struct ssl3_state_internal_st {
        SSL_HANDSHAKE_TLS13 hs_tls13;
        struct  {
-                int new_mac_secret_size;
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
                unsigned char finish_md[EVP_MAX_MD_SIZE];
@@ -931,8 +921,8 @@ typedef struct ssl3_state_internal_st {
                const EVP_CIPHER *new_sym_enc;
                const EVP_AEAD *new_aead;
-                const EVP_MD *new_hash;
+                int new_mac_secret_size;
-                int new_mac_pkey_type;
                int cert_request;
        } tmp;

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7ed3094c3e..b2af8fd7c9 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.323 2021/02/25 17:06:05 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.324 2021/02/27 14:20:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -483,6 +483,9 @@ int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
483	int tls12_record_layer_write_protected(struct tls12_record_layer *rl);	483	int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
484	void tls12_record_layer_set_aead(struct tls12_record_layer *rl,	484	void tls12_record_layer_set_aead(struct tls12_record_layer *rl,
485	const EVP_AEAD *aead);	485	const EVP_AEAD *aead);
		486	void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
		487	const EVP_CIPHER cipher, const EVP_MD handshake_hash,
		488	const EVP_MD *mac_hash);
486	void tls12_record_layer_set_version(struct tls12_record_layer *rl,	489	void tls12_record_layer_set_version(struct tls12_record_layer *rl,
487	uint16_t version);	490	uint16_t version);
488	void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,	491	void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
@@ -494,16 +497,8 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
494	void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);	497	void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
495	void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);	498	void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
496	void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl);	499	void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl);
497	int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl,	500	void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl,
498	SSL_AEAD_CTX *aead_ctx);	501	EVP_CIPHER_CTX cipher, EVP_MD_CTX hash);
499	int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl,
500	SSL_AEAD_CTX *aead_ctx);
501	int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
502	EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX hash_ctx, int stream_mac);
503	int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
504	EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX hash_ctx, int stream_mac);
505	int tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl,
506	const uint8_t *mac_key, size_t mac_key_len);
507	int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,	502	int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
508	const uint8_t mac_key, size_t mac_key_len, const uint8_t key,	503	const uint8_t mac_key, size_t mac_key_len, const uint8_t key,
509	size_t key_len, const uint8_t *iv, size_t iv_len);	504	size_t key_len, const uint8_t *iv, size_t iv_len);
@@ -774,9 +769,6 @@ typedef struct ssl_internal_st {
774		769
775	STACK_OF(SSL_CIPHER) *cipher_list_tls13;	770	STACK_OF(SSL_CIPHER) *cipher_list_tls13;
776		771
777	EVP_CIPHER_CTX enc_write_ctx; / cryptographic state */
778	EVP_MD_CTX write_hash; / used for mac generation */
779
780	struct tls12_record_layer *rl;	772	struct tls12_record_layer *rl;
781		773
782	/* session info */	774	/* session info */
@@ -902,8 +894,6 @@ typedef struct ssl3_state_internal_st {
902	SSL_HANDSHAKE_TLS13 hs_tls13;	894	SSL_HANDSHAKE_TLS13 hs_tls13;
903		895
904	struct {	896	struct {
905	int new_mac_secret_size;
906
907	unsigned char cert_verify_md[EVP_MAX_MD_SIZE];	897	unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
908		898
909	unsigned char finish_md[EVP_MAX_MD_SIZE];	899	unsigned char finish_md[EVP_MAX_MD_SIZE];
@@ -931,8 +921,8 @@ typedef struct ssl3_state_internal_st {
931		921
932	const EVP_CIPHER *new_sym_enc;	922	const EVP_CIPHER *new_sym_enc;
933	const EVP_AEAD *new_aead;	923	const EVP_AEAD *new_aead;
934	const EVP_MD *new_hash;	924	int new_mac_secret_size;
935	int new_mac_pkey_type;	925
936	int cert_request;	926	int cert_request;
937	} tmp;	927	} tmp;
938		928