1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3dc87a00c8..047087c1c9 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -394,7 +394,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH or anon ECDH. */
-                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->hs.cipher->algorithm_auth &
                            SSL_aNULL)) {
                                if (SSL_is_dtls(s))
                                        dtls1_start_timer(s);
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_A:
                case SSL3_ST_SW_KEY_EXCH_B:
-                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                        /*
                         * Only send if using a DH key exchange.
@@ -459,7 +459,7 @@ ssl3_accept(SSL *s)
                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
                            ((s->session->peer != NULL) &&
                             (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                            ((S3I(s)->hs.new_cipher->algorithm_auth &
+                            ((S3I(s)->hs.cipher->algorithm_auth &
                             SSL_aNULL) && !(s->verify_mode &
                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
                                /* No cert request. */
@@ -542,7 +542,7 @@ ssl3_accept(SSL *s)
                                s->internal->init_num = 0;
                        }
-                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                        if (ret == 2) {
                                /*
                                 * For the ECDH ciphersuites when
@@ -641,7 +641,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CHANGE_A:
                case SSL3_ST_SW_CHANGE_B:
-                        s->session->cipher = S3I(s)->hs.new_cipher;
+                        s->session->cipher = S3I(s)->hs.cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -1122,15 +1122,15 @@ ssl3_get_client_hello(SSL *s)
                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
                        goto fatal_err;
                }
-                S3I(s)->hs.new_cipher = c;
+                S3I(s)->hs.cipher = c;
        } else {
-                S3I(s)->hs.new_cipher = s->session->cipher;
+                S3I(s)->hs.cipher = s->session->cipher;
        }
        if (!tls1_transcript_hash_init(s))
                goto err;
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
            !(s->verify_mode & SSL_VERIFY_PEER))
                tls1_transcript_free(s);
@@ -1144,7 +1144,7 @@ ssl3_get_client_hello(SSL *s)
         * ssl version is set   - sslv3
         * s->session           - The ssl session has been setup.
         * s->internal->hit             - session reuse flag
-         * s->hs.new_cipher     - the new cipher to use.
+         * s->hs.cipher - the new cipher to use.
         */
        /* Handles TLS extensions that we couldn't check earlier */
@@ -1265,7 +1265,7 @@ ssl3_send_server_hello(SSL *s)
                /* Cipher suite. */
                if (!CBB_add_u16(&server_hello,
-                    ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
+                    ssl3_cipher_get_value(S3I(s)->hs.cipher)))
                        goto err;
                /* Compression method (null). */
@@ -1336,7 +1336,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
        if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
                dhp = s->cert->dh_tmp_cb(s, 0,
-                    SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
+                    SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
        if (dhp == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1544,7 +1544,7 @@ ssl3_send_server_key_exchange(SSL *s)
                if (!CBB_init(&cbb_params, 0))
                        goto err;
-                type = S3I(s)->hs.new_cipher->algorithm_mkey;
+                type = S3I(s)->hs.cipher->algorithm_mkey;
                if (type & SSL_kDHE) {
                        if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
                                goto err;
@@ -1564,8 +1564,8 @@ ssl3_send_server_key_exchange(SSL *s)
                        goto err;
                /* Add signature unless anonymous. */
-                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
+                if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
-                        if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
+                        if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
                            &md, &sigalg)) == NULL) {
                                al = SSL_AD_DECODE_ERROR;
                                goto fatal_err;
@@ -2002,7 +2002,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
        int ret = 0;
        /* Get our certificate private key*/
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        if (alg_a & SSL_aGOST01)
                pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
@@ -2081,7 +2081,7 @@ ssl3_get_client_key_exchange(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, n);
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (alg_k & SSL_kRSA) {
                if (ssl3_get_client_kex_rsa(s, &cbs) != 1)

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3dc87a00c8..047087c1c9 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -394,7 +394,7 @@ ssl3_accept(SSL *s)
394	case SSL3_ST_SW_CERT_A:	394	case SSL3_ST_SW_CERT_A:
395	case SSL3_ST_SW_CERT_B:	395	case SSL3_ST_SW_CERT_B:
396	/* Check if it is anon DH or anon ECDH. */	396	/* Check if it is anon DH or anon ECDH. */
397	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	397	if (!(S3I(s)->hs.cipher->algorithm_auth &
398	SSL_aNULL)) {	398	SSL_aNULL)) {
399	if (SSL_is_dtls(s))	399	if (SSL_is_dtls(s))
400	dtls1_start_timer(s);	400	dtls1_start_timer(s);
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
414		414
415	case SSL3_ST_SW_KEY_EXCH_A:	415	case SSL3_ST_SW_KEY_EXCH_A:
416	case SSL3_ST_SW_KEY_EXCH_B:	416	case SSL3_ST_SW_KEY_EXCH_B:
417	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	417	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
418		418
419	/*	419	/*
420	* Only send if using a DH key exchange.	420	* Only send if using a DH key exchange.
@@ -459,7 +459,7 @@ ssl3_accept(SSL *s)
459	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|	459	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|
460	((s->session->peer != NULL) &&	460	((s->session->peer != NULL) &&
461	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|	461	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|
462	((S3I(s)->hs.new_cipher->algorithm_auth &	462	((S3I(s)->hs.cipher->algorithm_auth &
463	SSL_aNULL) && !(s->verify_mode &	463	SSL_aNULL) && !(s->verify_mode &
464	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {	464	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
465	/* No cert request. */	465	/* No cert request. */
@@ -542,7 +542,7 @@ ssl3_accept(SSL *s)
542	s->internal->init_num = 0;	542	s->internal->init_num = 0;
543	}	543	}
544		544
545	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	545	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
546	if (ret == 2) {	546	if (ret == 2) {
547	/*	547	/*
548	* For the ECDH ciphersuites when	548	* For the ECDH ciphersuites when
@@ -641,7 +641,7 @@ ssl3_accept(SSL *s)
641		641
642	case SSL3_ST_SW_CHANGE_A:	642	case SSL3_ST_SW_CHANGE_A:
643	case SSL3_ST_SW_CHANGE_B:	643	case SSL3_ST_SW_CHANGE_B:
644	s->session->cipher = S3I(s)->hs.new_cipher;	644	s->session->cipher = S3I(s)->hs.cipher;
645	if (!tls1_setup_key_block(s)) {	645	if (!tls1_setup_key_block(s)) {
646	ret = -1;	646	ret = -1;
647	goto end;	647	goto end;
@@ -1122,15 +1122,15 @@ ssl3_get_client_hello(SSL *s)
1122	SSLerror(s, SSL_R_NO_SHARED_CIPHER);	1122	SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1123	goto fatal_err;	1123	goto fatal_err;
1124	}	1124	}
1125	S3I(s)->hs.new_cipher = c;	1125	S3I(s)->hs.cipher = c;
1126	} else {	1126	} else {
1127	S3I(s)->hs.new_cipher = s->session->cipher;	1127	S3I(s)->hs.cipher = s->session->cipher;
1128	}	1128	}
1129		1129
1130	if (!tls1_transcript_hash_init(s))	1130	if (!tls1_transcript_hash_init(s))
1131	goto err;	1131	goto err;
1132		1132
1133	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1133	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1134	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|	1134	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|
1135	!(s->verify_mode & SSL_VERIFY_PEER))	1135	!(s->verify_mode & SSL_VERIFY_PEER))
1136	tls1_transcript_free(s);	1136	tls1_transcript_free(s);
@@ -1144,7 +1144,7 @@ ssl3_get_client_hello(SSL *s)
1144	* ssl version is set - sslv3	1144	* ssl version is set - sslv3
1145	* s->session - The ssl session has been setup.	1145	* s->session - The ssl session has been setup.
1146	* s->internal->hit - session reuse flag	1146	* s->internal->hit - session reuse flag
1147	* s->hs.new_cipher - the new cipher to use.	1147	* s->hs.cipher - the new cipher to use.
1148	*/	1148	*/
1149		1149
1150	/* Handles TLS extensions that we couldn't check earlier */	1150	/* Handles TLS extensions that we couldn't check earlier */
@@ -1265,7 +1265,7 @@ ssl3_send_server_hello(SSL *s)
1265		1265
1266	/* Cipher suite. */	1266	/* Cipher suite. */
1267	if (!CBB_add_u16(&server_hello,	1267	if (!CBB_add_u16(&server_hello,
1268	ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))	1268	ssl3_cipher_get_value(S3I(s)->hs.cipher)))
1269	goto err;	1269	goto err;
1270		1270
1271	/* Compression method (null). */	1271	/* Compression method (null). */
@@ -1336,7 +1336,7 @@ ssl3_send_server_kex_dhe(SSL s, CBB cbb)
1336		1336
1337	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)	1337	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1338	dhp = s->cert->dh_tmp_cb(s, 0,	1338	dhp = s->cert->dh_tmp_cb(s, 0,
1339	SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));	1339	SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
1340		1340
1341	if (dhp == NULL) {	1341	if (dhp == NULL) {
1342	al = SSL_AD_HANDSHAKE_FAILURE;	1342	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1544,7 +1544,7 @@ ssl3_send_server_key_exchange(SSL *s)
1544	if (!CBB_init(&cbb_params, 0))	1544	if (!CBB_init(&cbb_params, 0))
1545	goto err;	1545	goto err;
1546		1546
1547	type = S3I(s)->hs.new_cipher->algorithm_mkey;	1547	type = S3I(s)->hs.cipher->algorithm_mkey;
1548	if (type & SSL_kDHE) {	1548	if (type & SSL_kDHE) {
1549	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)	1549	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
1550	goto err;	1550	goto err;
@@ -1564,8 +1564,8 @@ ssl3_send_server_key_exchange(SSL *s)
1564	goto err;	1564	goto err;
1565		1565
1566	/* Add signature unless anonymous. */	1566	/* Add signature unless anonymous. */
1567	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {	1567	if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
1568	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,	1568	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
1569	&md, &sigalg)) == NULL) {	1569	&md, &sigalg)) == NULL) {
1570	al = SSL_AD_DECODE_ERROR;	1570	al = SSL_AD_DECODE_ERROR;
1571	goto fatal_err;	1571	goto fatal_err;
@@ -2002,7 +2002,7 @@ ssl3_get_client_kex_gost(SSL s, CBS cbs)
2002	int ret = 0;	2002	int ret = 0;
2003		2003
2004	/* Get our certificate private key*/	2004	/* Get our certificate private key*/
2005	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	2005	alg_a = S3I(s)->hs.cipher->algorithm_auth;
2006	if (alg_a & SSL_aGOST01)	2006	if (alg_a & SSL_aGOST01)
2007	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;	2007	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2008		2008
@@ -2081,7 +2081,7 @@ ssl3_get_client_key_exchange(SSL *s)
2081		2081
2082	CBS_init(&cbs, s->internal->init_msg, n);	2082	CBS_init(&cbs, s->internal->init_msg, n);
2083		2083
2084	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2084	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2085		2085
2086	if (alg_k & SSL_kRSA) {	2086	if (alg_k & SSL_kRSA) {
2087	if (ssl3_get_client_kex_rsa(s, &cbs) != 1)	2087	if (ssl3_get_client_kex_rsa(s, &cbs) != 1)