1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index fd96317fde..daf735a8ff 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */
 /*
 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -209,7 +209,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value)
        size_t len;
        int i;
-        ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version,
+        ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
            &values, &len);
        for (i = 0; i < len; i++) {
@@ -248,7 +248,7 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
        /* Default signature algorithms used for TLSv1.2 and earlier. */
        switch (EVP_PKEY_id(pkey)) {
        case EVP_PKEY_RSA:
-                if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION)
+                if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
                        return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
                return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
        case EVP_PKEY_EC:
@@ -277,7 +277,7 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
                        return 0;
        }
-        if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
                return 1;
        /* RSA cannot be used without PSS in TLSv1.3. */
@@ -309,14 +309,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
         * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
         * in which case the server must use the default.
         */
-        if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
+        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
-            S3I(s)->hs.sigalgs == NULL)
+            s->s3->hs.sigalgs == NULL)
                return ssl_sigalg_for_legacy(s, pkey);
        /*
         * If we get here, we have client or server sent sigalgs, use one.
         */
-        CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+        CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
        while (CBS_len(&cbs) > 0) {
                const struct ssl_sigalg *sigalg;
                uint16_t sigalg_value;

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index fd96317fde..daf735a8ff 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */	1	/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -209,7 +209,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value)
209	size_t len;	209	size_t len;
210	int i;	210	int i;
211		211
212	ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version,	212	ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
213	&values, &len);	213	&values, &len);
214		214
215	for (i = 0; i < len; i++) {	215	for (i = 0; i < len; i++) {
@@ -248,7 +248,7 @@ ssl_sigalg_for_legacy(SSL s, EVP_PKEY pkey)
248	/* Default signature algorithms used for TLSv1.2 and earlier. */	248	/* Default signature algorithms used for TLSv1.2 and earlier. */
249	switch (EVP_PKEY_id(pkey)) {	249	switch (EVP_PKEY_id(pkey)) {
250	case EVP_PKEY_RSA:	250	case EVP_PKEY_RSA:
251	if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION)	251	if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
252	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);	252	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
253	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);	253	return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
254	case EVP_PKEY_EC:	254	case EVP_PKEY_EC:
@@ -277,7 +277,7 @@ ssl_sigalg_pkey_ok(SSL s, const struct ssl_sigalg sigalg, EVP_PKEY *pkey)
277	return 0;	277	return 0;
278	}	278	}
279		279
280	if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)	280	if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
281	return 1;	281	return 1;
282		282
283	/* RSA cannot be used without PSS in TLSv1.3. */	283	/* RSA cannot be used without PSS in TLSv1.3. */
@@ -309,14 +309,14 @@ ssl_sigalg_select(SSL s, EVP_PKEY pkey)
309	* RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,	309	* RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
310	* in which case the server must use the default.	310	* in which case the server must use the default.
311	*/	311	*/
312	if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&	312	if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
313	S3I(s)->hs.sigalgs == NULL)	313	s->s3->hs.sigalgs == NULL)
314	return ssl_sigalg_for_legacy(s, pkey);	314	return ssl_sigalg_for_legacy(s, pkey);
315		315
316	/*	316	/*
317	* If we get here, we have client or server sent sigalgs, use one.	317	* If we get here, we have client or server sent sigalgs, use one.
318	*/	318	*/
319	CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);	319	CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
320	while (CBS_len(&cbs) > 0) {	320	while (CBS_len(&cbs) > 0) {
321	const struct ssl_sigalg *sigalg;	321	const struct ssl_sigalg *sigalg;
322	uint16_t sigalg_value;	322	uint16_t sigalg_value;