1 files changed, 24 insertions, 24 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ea1aed26b3..35a9ace527 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -275,7 +275,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_hello_request(s);
                        if (ret <= 0)
                                goto end;
-                        S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
+                        S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
                        s->internal->state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
@@ -324,7 +324,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH or anon ECDH. */
-                        if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
                            SSL_aNULL)) {
                                ret = ssl3_send_server_certificate(s);
                                if (ret <= 0)
@@ -342,7 +342,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_A:
                case SSL3_ST_SW_KEY_EXCH_B:
-                        alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
                        /*
                         * Only send if using a DH key exchange.
@@ -385,7 +385,7 @@ ssl3_accept(SSL *s)
                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
                            ((s->session->peer != NULL) &&
                             (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                            ((S3I(s)->tmp.new_cipher->algorithm_auth &
+                            ((S3I(s)->hs.new_cipher->algorithm_auth &
                             SSL_aNULL) && !(s->verify_mode &
                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
                                /* No cert request */
@@ -413,7 +413,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_server_done(s);
                        if (ret <= 0)
                                goto end;
-                        S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
+                        S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
                        s->internal->state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        break;
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->internal->state = S3I(s)->tmp.next_state;
+                        s->internal->state = S3I(s)->hs.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
@@ -457,7 +457,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_get_client_key_exchange(s);
                        if (ret <= 0)
                                goto end;
-                        alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
                        if (ret == 2) {
                                /*
                                 * For the ECDH ciphersuites when
@@ -579,7 +579,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CHANGE_A:
                case SSL3_ST_SW_CHANGE_B:
-                        s->session->cipher = S3I(s)->tmp.new_cipher;
+                        s->session->cipher = S3I(s)->hs.new_cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -613,13 +613,13 @@ ssl3_accept(SSL *s)
                        if (s->internal->hit) {
                                if (S3I(s)->next_proto_neg_seen) {
                                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                                        S3I(s)->tmp.next_state =
+                                        S3I(s)->hs.next_state =
                                            SSL3_ST_SR_NEXT_PROTO_A;
                                } else
-                                        S3I(s)->tmp.next_state =
+                                        S3I(s)->hs.next_state =
                                            SSL3_ST_SR_FINISHED_A;
                        } else
-                                S3I(s)->tmp.next_state = SSL_ST_OK;
+                                S3I(s)->hs.next_state = SSL_ST_OK;
                        s->internal->init_num = 0;
                        break;
@@ -1024,15 +1024,15 @@ ssl3_get_client_hello(SSL *s)
                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
                        goto f_err;
                }
-                S3I(s)->tmp.new_cipher = c;
+                S3I(s)->hs.new_cipher = c;
        } else {
-                S3I(s)->tmp.new_cipher = s->session->cipher;
+                S3I(s)->hs.new_cipher = s->session->cipher;
        }
        if (!tls1_handshake_hash_init(s))
                goto err;
-        alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
            !(s->verify_mode & SSL_VERIFY_PEER)) {
                if (!tls1_digest_cached_records(s)) {
@@ -1050,7 +1050,7 @@ ssl3_get_client_hello(SSL *s)
         * ssl version is set   - sslv3
         * s->session           - The ssl session has been setup.
         * s->internal->hit             - session reuse flag
-         * s->tmp.new_cipher    - the new cipher to use.
+         * s->hs.new_cipher     - the new cipher to use.
         */
        /* Handles TLS extensions that we couldn't check earlier */
@@ -1134,7 +1134,7 @@ ssl3_send_server_hello(SSL *s)
                /* Cipher suite. */
                if (!CBB_add_u16(&cbb,
-                    ssl3_cipher_get_value(S3I(s)->tmp.new_cipher)))
+                    ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
                        goto err;
                /* Compression method. */
@@ -1207,7 +1207,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
        if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
                dhp = s->cert->dh_tmp_cb(s, 0,
-                    SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));
+                    SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
        if (dhp == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1282,7 +1282,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
                        ecdhp = EC_KEY_new_by_curve_name(nid);
        } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
                ecdhp = s->cert->ecdh_tmp_cb(s, 0,
-                    SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));
+                    SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
        }
        if (ecdhp == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1458,7 +1458,7 @@ ssl3_send_server_key_exchange(SSL *s)
        EVP_MD_CTX_init(&md_ctx);
        if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
-                type = S3I(s)->tmp.new_cipher->algorithm_mkey;
+                type = S3I(s)->hs.new_cipher->algorithm_mkey;
                buf = s->internal->init_buf;
@@ -1480,9 +1480,9 @@ ssl3_send_server_key_exchange(SSL *s)
                if (!CBB_finish(&cbb, &params, &params_len))
                        goto err;
-                if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
+                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
                        if ((pkey = ssl_get_sign_pkey(
-                            s, S3I(s)->tmp.new_cipher, &md)) == NULL) {
+                            s, S3I(s)->hs.new_cipher, &md)) == NULL) {
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
@@ -2028,7 +2028,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
        int ret = 0;
        /* Get our certificate private key*/
-        alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
        if (alg_a & SSL_aGOST01)
                pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
@@ -2105,7 +2105,7 @@ ssl3_get_client_key_exchange(SSL *s)
        p = (unsigned char *)s->internal->init_msg;
-        alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
        if (alg_k & SSL_kRSA) {
                if (ssl3_get_client_kex_rsa(s, p, n) != 1)

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index ea1aed26b3..35a9ace527 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -275,7 +275,7 @@ ssl3_accept(SSL *s)
275	ret = ssl3_send_hello_request(s);	275	ret = ssl3_send_hello_request(s);
276	if (ret <= 0)	276	if (ret <= 0)
277	goto end;	277	goto end;
278	S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;	278	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
279	s->internal->state = SSL3_ST_SW_FLUSH;	279	s->internal->state = SSL3_ST_SW_FLUSH;
280	s->internal->init_num = 0;	280	s->internal->init_num = 0;
281		281
@@ -324,7 +324,7 @@ ssl3_accept(SSL *s)
324	case SSL3_ST_SW_CERT_A:	324	case SSL3_ST_SW_CERT_A:
325	case SSL3_ST_SW_CERT_B:	325	case SSL3_ST_SW_CERT_B:
326	/* Check if it is anon DH or anon ECDH. */	326	/* Check if it is anon DH or anon ECDH. */
327	if (!(S3I(s)->tmp.new_cipher->algorithm_auth &	327	if (!(S3I(s)->hs.new_cipher->algorithm_auth &
328	SSL_aNULL)) {	328	SSL_aNULL)) {
329	ret = ssl3_send_server_certificate(s);	329	ret = ssl3_send_server_certificate(s);
330	if (ret <= 0)	330	if (ret <= 0)
@@ -342,7 +342,7 @@ ssl3_accept(SSL *s)
342		342
343	case SSL3_ST_SW_KEY_EXCH_A:	343	case SSL3_ST_SW_KEY_EXCH_A:
344	case SSL3_ST_SW_KEY_EXCH_B:	344	case SSL3_ST_SW_KEY_EXCH_B:
345	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;	345	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
346		346
347	/*	347	/*
348	* Only send if using a DH key exchange.	348	* Only send if using a DH key exchange.
@@ -385,7 +385,7 @@ ssl3_accept(SSL *s)
385	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|	385	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|
386	((s->session->peer != NULL) &&	386	((s->session->peer != NULL) &&
387	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|	387	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|
388	((S3I(s)->tmp.new_cipher->algorithm_auth &	388	((S3I(s)->hs.new_cipher->algorithm_auth &
389	SSL_aNULL) && !(s->verify_mode &	389	SSL_aNULL) && !(s->verify_mode &
390	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {	390	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
391	/* No cert request */	391	/* No cert request */
@@ -413,7 +413,7 @@ ssl3_accept(SSL *s)
413	ret = ssl3_send_server_done(s);	413	ret = ssl3_send_server_done(s);
414	if (ret <= 0)	414	if (ret <= 0)
415	goto end;	415	goto end;
416	S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;	416	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
417	s->internal->state = SSL3_ST_SW_FLUSH;	417	s->internal->state = SSL3_ST_SW_FLUSH;
418	s->internal->init_num = 0;	418	s->internal->init_num = 0;
419	break;	419	break;
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
438	}	438	}
439	s->internal->rwstate = SSL_NOTHING;	439	s->internal->rwstate = SSL_NOTHING;
440		440
441	s->internal->state = S3I(s)->tmp.next_state;	441	s->internal->state = S3I(s)->hs.next_state;
442	break;	442	break;
443		443
444	case SSL3_ST_SR_CERT_A:	444	case SSL3_ST_SR_CERT_A:
@@ -457,7 +457,7 @@ ssl3_accept(SSL *s)
457	ret = ssl3_get_client_key_exchange(s);	457	ret = ssl3_get_client_key_exchange(s);
458	if (ret <= 0)	458	if (ret <= 0)
459	goto end;	459	goto end;
460	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;	460	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
461	if (ret == 2) {	461	if (ret == 2) {
462	/*	462	/*
463	* For the ECDH ciphersuites when	463	* For the ECDH ciphersuites when
@@ -579,7 +579,7 @@ ssl3_accept(SSL *s)
579	case SSL3_ST_SW_CHANGE_A:	579	case SSL3_ST_SW_CHANGE_A:
580	case SSL3_ST_SW_CHANGE_B:	580	case SSL3_ST_SW_CHANGE_B:
581		581
582	s->session->cipher = S3I(s)->tmp.new_cipher;	582	s->session->cipher = S3I(s)->hs.new_cipher;
583	if (!tls1_setup_key_block(s)) {	583	if (!tls1_setup_key_block(s)) {
584	ret = -1;	584	ret = -1;
585	goto end;	585	goto end;
@@ -613,13 +613,13 @@ ssl3_accept(SSL *s)
613	if (s->internal->hit) {	613	if (s->internal->hit) {
614	if (S3I(s)->next_proto_neg_seen) {	614	if (S3I(s)->next_proto_neg_seen) {
615	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	615	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
616	S3I(s)->tmp.next_state =	616	S3I(s)->hs.next_state =
617	SSL3_ST_SR_NEXT_PROTO_A;	617	SSL3_ST_SR_NEXT_PROTO_A;
618	} else	618	} else
619	S3I(s)->tmp.next_state =	619	S3I(s)->hs.next_state =
620	SSL3_ST_SR_FINISHED_A;	620	SSL3_ST_SR_FINISHED_A;
621	} else	621	} else
622	S3I(s)->tmp.next_state = SSL_ST_OK;	622	S3I(s)->hs.next_state = SSL_ST_OK;
623	s->internal->init_num = 0;	623	s->internal->init_num = 0;
624	break;	624	break;
625		625
@@ -1024,15 +1024,15 @@ ssl3_get_client_hello(SSL *s)
1024	SSLerror(s, SSL_R_NO_SHARED_CIPHER);	1024	SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1025	goto f_err;	1025	goto f_err;
1026	}	1026	}
1027	S3I(s)->tmp.new_cipher = c;	1027	S3I(s)->hs.new_cipher = c;
1028	} else {	1028	} else {
1029	S3I(s)->tmp.new_cipher = s->session->cipher;	1029	S3I(s)->hs.new_cipher = s->session->cipher;
1030	}	1030	}
1031		1031
1032	if (!tls1_handshake_hash_init(s))	1032	if (!tls1_handshake_hash_init(s))
1033	goto err;	1033	goto err;
1034		1034
1035	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;	1035	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
1036	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|	1036	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|
1037	!(s->verify_mode & SSL_VERIFY_PEER)) {	1037	!(s->verify_mode & SSL_VERIFY_PEER)) {
1038	if (!tls1_digest_cached_records(s)) {	1038	if (!tls1_digest_cached_records(s)) {
@@ -1050,7 +1050,7 @@ ssl3_get_client_hello(SSL *s)
1050	* ssl version is set - sslv3	1050	* ssl version is set - sslv3
1051	* s->session - The ssl session has been setup.	1051	* s->session - The ssl session has been setup.
1052	* s->internal->hit - session reuse flag	1052	* s->internal->hit - session reuse flag
1053	* s->tmp.new_cipher - the new cipher to use.	1053	* s->hs.new_cipher - the new cipher to use.
1054	*/	1054	*/
1055		1055
1056	/* Handles TLS extensions that we couldn't check earlier */	1056	/* Handles TLS extensions that we couldn't check earlier */
@@ -1134,7 +1134,7 @@ ssl3_send_server_hello(SSL *s)
1134		1134
1135	/* Cipher suite. */	1135	/* Cipher suite. */
1136	if (!CBB_add_u16(&cbb,	1136	if (!CBB_add_u16(&cbb,
1137	ssl3_cipher_get_value(S3I(s)->tmp.new_cipher)))	1137	ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
1138	goto err;	1138	goto err;
1139		1139
1140	/* Compression method. */	1140	/* Compression method. */
@@ -1207,7 +1207,7 @@ ssl3_send_server_kex_dhe(SSL s, CBB cbb)
1207		1207
1208	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)	1208	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1209	dhp = s->cert->dh_tmp_cb(s, 0,	1209	dhp = s->cert->dh_tmp_cb(s, 0,
1210	SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));	1210	SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
1211		1211
1212	if (dhp == NULL) {	1212	if (dhp == NULL) {
1213	al = SSL_AD_HANDSHAKE_FAILURE;	1213	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1282,7 +1282,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1282	ecdhp = EC_KEY_new_by_curve_name(nid);	1282	ecdhp = EC_KEY_new_by_curve_name(nid);
1283	} else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {	1283	} else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
1284	ecdhp = s->cert->ecdh_tmp_cb(s, 0,	1284	ecdhp = s->cert->ecdh_tmp_cb(s, 0,
1285	SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));	1285	SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
1286	}	1286	}
1287	if (ecdhp == NULL) {	1287	if (ecdhp == NULL) {
1288	al = SSL_AD_HANDSHAKE_FAILURE;	1288	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1458,7 +1458,7 @@ ssl3_send_server_key_exchange(SSL *s)
1458		1458
1459	EVP_MD_CTX_init(&md_ctx);	1459	EVP_MD_CTX_init(&md_ctx);
1460	if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {	1460	if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
1461	type = S3I(s)->tmp.new_cipher->algorithm_mkey;	1461	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1462		1462
1463	buf = s->internal->init_buf;	1463	buf = s->internal->init_buf;
1464		1464
@@ -1480,9 +1480,9 @@ ssl3_send_server_key_exchange(SSL *s)
1480	if (!CBB_finish(&cbb, &params, &params_len))	1480	if (!CBB_finish(&cbb, &params, &params_len))
1481	goto err;	1481	goto err;
1482		1482
1483	if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {	1483	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
1484	if ((pkey = ssl_get_sign_pkey(	1484	if ((pkey = ssl_get_sign_pkey(
1485	s, S3I(s)->tmp.new_cipher, &md)) == NULL) {	1485	s, S3I(s)->hs.new_cipher, &md)) == NULL) {
1486	al = SSL_AD_DECODE_ERROR;	1486	al = SSL_AD_DECODE_ERROR;
1487	goto f_err;	1487	goto f_err;
1488	}	1488	}
@@ -2028,7 +2028,7 @@ ssl3_get_client_kex_gost(SSL s, unsigned char p, long n)
2028	int ret = 0;	2028	int ret = 0;
2029		2029
2030	/* Get our certificate private key*/	2030	/* Get our certificate private key*/
2031	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;	2031	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2032	if (alg_a & SSL_aGOST01)	2032	if (alg_a & SSL_aGOST01)
2033	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;	2033	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2034		2034
@@ -2105,7 +2105,7 @@ ssl3_get_client_key_exchange(SSL *s)
2105		2105
2106	p = (unsigned char *)s->internal->init_msg;	2106	p = (unsigned char *)s->internal->init_msg;
2107		2107
2108	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;	2108	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2109		2109
2110	if (alg_k & SSL_kRSA) {	2110	if (alg_k & SSL_kRSA) {
2111	if (ssl3_get_client_kex_rsa(s, p, n) != 1)	2111	if (ssl3_get_client_kex_rsa(s, p, n) != 1)