1 files changed, 76 insertions, 76 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 67ad1ae924..a8998b4dec 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -146,26 +146,26 @@
 void
 tls1_cleanup_key_block(SSL *s)
 {
-        if (s->s3->tmp.key_block != NULL) {
+        if (S3I(s)->tmp.key_block != NULL) {
-                explicit_bzero(s->s3->tmp.key_block,
+                explicit_bzero(S3I(s)->tmp.key_block,
-                    s->s3->tmp.key_block_length);
+                    S3I(s)->tmp.key_block_length);
-                free(s->s3->tmp.key_block);
+                free(S3I(s)->tmp.key_block);
-                s->s3->tmp.key_block = NULL;
+                S3I(s)->tmp.key_block = NULL;
        }
-        s->s3->tmp.key_block_length = 0;
+        S3I(s)->tmp.key_block_length = 0;
 }
 int
 tls1_init_finished_mac(SSL *s)
 {
-        BIO_free(s->s3->handshake_buffer);
+        BIO_free(S3I(s)->handshake_buffer);
        tls1_free_digest_list(s);
-        s->s3->handshake_buffer = BIO_new(BIO_s_mem());
+        S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
-        if (s->s3->handshake_buffer == NULL)
+        if (S3I(s)->handshake_buffer == NULL)
                return (0);
-        (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
+        (void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE);
        return (1);
 }
@@ -177,15 +177,15 @@ tls1_free_digest_list(SSL *s)
        if (s == NULL)
                return;
-        if (s->s3->handshake_dgst == NULL)
+        if (S3I(s)->handshake_dgst == NULL)
                return;
        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (s->s3->handshake_dgst[i])
+                if (S3I(s)->handshake_dgst[i])
-                        EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
+                        EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
        }
-        free(s->s3->handshake_dgst);
+        free(S3I(s)->handshake_dgst);
-        s->s3->handshake_dgst = NULL;
+        S3I(s)->handshake_dgst = NULL;
 }
 int
@@ -193,16 +193,16 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
 {
        int i;
-        if (s->s3->handshake_buffer &&
+        if (S3I(s)->handshake_buffer &&
            !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
-                BIO_write(s->s3->handshake_buffer, (void *)buf, len);
+                BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);
                return 1;
        }
        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (s->s3->handshake_dgst[i] == NULL)
+                if (S3I(s)->handshake_dgst[i] == NULL)
                        continue;
-                if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len)) {
+                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
                        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
                        return 0;
                }
@@ -221,12 +221,12 @@ tls1_digest_cached_records(SSL *s)
        tls1_free_digest_list(s);
-        s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
+        S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
-        if (s->s3->handshake_dgst == NULL) {
+        if (S3I(s)->handshake_dgst == NULL) {
                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
        if (hdatalen <= 0) {
                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
                    SSL_R_BAD_HANDSHAKE_LENGTH);
@@ -238,17 +238,17 @@ tls1_digest_cached_records(SSL *s)
                if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL)
                        continue;
-                s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
+                S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
-                if (s->s3->handshake_dgst[i] == NULL) {
+                if (S3I(s)->handshake_dgst[i] == NULL) {
                        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
                            ERR_R_MALLOC_FAILURE);
                        goto err;
                }
-                if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) {
+                if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
                        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
                        goto err;
                }
-                if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
+                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
                    hdatalen)) {
                        SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
                        goto err;
@@ -256,8 +256,8 @@ tls1_digest_cached_records(SSL *s)
        }
        if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
-                BIO_free(s->s3->handshake_buffer);
+                BIO_free(S3I(s)->handshake_buffer);
-                s->s3->handshake_buffer = NULL;
+                S3I(s)->handshake_buffer = NULL;
        }
        return 1;
@@ -457,7 +457,7 @@ static int
 tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
    unsigned key_len, const unsigned char *iv, unsigned iv_len)
 {
-        const EVP_AEAD *aead = s->s3->tmp.new_aead;
+        const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
        SSL_AEAD_CTX *aead_ctx;
        if (is_read) {
@@ -482,10 +482,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        aead_ctx->fixed_nonce_len = iv_len;
        aead_ctx->variable_nonce_len = 8;  /* always the case, currently. */
        aead_ctx->variable_nonce_in_record =
-            (s->s3->tmp.new_cipher->algorithm2 &
+            (S3I(s)->tmp.new_cipher->algorithm2 &
            SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
        aead_ctx->xor_fixed_nonce =
-            s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
+            S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
        aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
        if (aead_ctx->xor_fixed_nonce) {
@@ -526,12 +526,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
        const EVP_MD *mac;
        int mac_type;
-        cipher = s->s3->tmp.new_sym_enc;
+        cipher = S3I(s)->tmp.new_sym_enc;
-        mac = s->s3->tmp.new_hash;
+        mac = S3I(s)->tmp.new_hash;
-        mac_type = s->s3->tmp.new_mac_pkey_type;
+        mac_type = S3I(s)->tmp.new_mac_pkey_type;
        if (is_read) {
-                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
                        s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
                else
                        s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -548,7 +548,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
                        goto err;
                s->read_hash = mac_ctx;
        } else {
-                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
                        s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
                else
                        s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -595,15 +595,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
                    mac_secret_size, (unsigned char *)mac_secret);
        }
-        if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
+        if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
                int nid;
-                if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+                if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
                        nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
                else
                        nid = NID_id_tc26_gost_28147_param_Z;
                EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
-                if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
+                if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
                        EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
        }
@@ -628,8 +628,8 @@ tls1_change_cipher_state(SSL *s, int which)
        char is_read, use_client_keys;
-        cipher = s->s3->tmp.new_sym_enc;
+        cipher = S3I(s)->tmp.new_sym_enc;
-        aead = s->s3->tmp.new_aead;
+        aead = S3I(s)->tmp.new_aead;
        /*
         * is_read is true if we have just read a ChangeCipherSpec message,
@@ -652,13 +652,13 @@ tls1_change_cipher_state(SSL *s, int which)
         * dtls1_reset_seq_numbers().
         */
        if (!SSL_IS_DTLS(s)) {
-                seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
+                seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
                memset(seq, 0, SSL3_SEQUENCE_SIZE);
        }
        if (aead != NULL) {
                key_len = EVP_AEAD_key_length(aead);
-                iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);
+                iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);
        } else {
                key_len = EVP_CIPHER_key_length(cipher);
                iv_len = EVP_CIPHER_iv_length(cipher);
@@ -670,7 +670,7 @@ tls1_change_cipher_state(SSL *s, int which)
        mac_secret_size = s->s3->tmp.new_mac_secret_size;
-        key_block = s->s3->tmp.key_block;
+        key_block = S3I(s)->tmp.key_block;
        client_write_mac_secret = key_block;
        key_block += mac_secret_size;
        server_write_mac_secret = key_block;
@@ -694,17 +694,17 @@ tls1_change_cipher_state(SSL *s, int which)
                iv = server_write_iv;
        }
-        if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
+        if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
                goto err2;
        }
        if (is_read) {
-                memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);
+                memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
-                s->s3->read_mac_secret_size = mac_secret_size;
+                S3I(s)->read_mac_secret_size = mac_secret_size;
        } else {
-                memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);
+                memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
-                s->s3->write_mac_secret_size = mac_secret_size;
+                S3I(s)->write_mac_secret_size = mac_secret_size;
        }
        if (aead != NULL) {
@@ -730,7 +730,7 @@ tls1_setup_key_block(SSL *s)
        const EVP_MD *mac = NULL;
        int ret = 0;
-        if (s->s3->tmp.key_block_length != 0)
+        if (S3I(s)->tmp.key_block_length != 0)
                return (1);
        if (s->session->cipher &&
@@ -757,10 +757,10 @@ tls1_setup_key_block(SSL *s)
                        iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
        }
-        s->s3->tmp.new_aead = aead;
+        S3I(s)->tmp.new_aead = aead;
-        s->s3->tmp.new_sym_enc = cipher;
+        S3I(s)->tmp.new_sym_enc = cipher;
-        s->s3->tmp.new_hash = mac;
+        S3I(s)->tmp.new_hash = mac;
-        s->s3->tmp.new_mac_pkey_type = mac_type;
+        S3I(s)->tmp.new_mac_pkey_type = mac_type;
        s->s3->tmp.new_mac_secret_size = mac_secret_size;
        tls1_cleanup_key_block(s);
@@ -772,8 +772,8 @@ tls1_setup_key_block(SSL *s)
        }
        key_block_len = (mac_secret_size + key_len + iv_len) * 2;
-        s->s3->tmp.key_block_length = key_block_len;
+        S3I(s)->tmp.key_block_length = key_block_len;
-        s->s3->tmp.key_block = key_block;
+        S3I(s)->tmp.key_block = key_block;
        if ((tmp_block = malloc(key_block_len)) == NULL) {
                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
@@ -789,15 +789,15 @@ tls1_setup_key_block(SSL *s)
                 * Enable vulnerability countermeasure for CBC ciphers with
                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
                 */
-                s->s3->need_empty_fragments = 1;
+                S3I(s)->need_empty_fragments = 1;
                if (s->session->cipher != NULL) {
                        if (s->session->cipher->algorithm_enc == SSL_eNULL)
-                                s->s3->need_empty_fragments = 0;
+                                S3I(s)->need_empty_fragments = 0;
 #ifndef OPENSSL_NO_RC4
                        if (s->session->cipher->algorithm_enc == SSL_RC4)
-                                s->s3->need_empty_fragments = 0;
+                                S3I(s)->need_empty_fragments = 0;
 #endif
                }
        }
@@ -834,12 +834,12 @@ tls1_enc(SSL *s, int send)
        if (send) {
                aead = s->aead_write_ctx;
-                rec = &s->s3->wrec;
+                rec = &S3I(s)->wrec;
-                seq = s->s3->write_sequence;
+                seq = S3I(s)->write_sequence;
        } else {
                aead = s->aead_read_ctx;
-                rec = &s->s3->rrec;
+                rec = &S3I(s)->rrec;
-                seq = s->s3->read_sequence;
+                seq = S3I(s)->read_sequence;
        }
        if (aead) {
@@ -1102,14 +1102,14 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
        unsigned int ret;
        int i;
-        if (s->s3->handshake_buffer)
+        if (S3I(s)->handshake_buffer)
                if (!tls1_digest_cached_records(s))
                        return 0;
        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (s->s3->handshake_dgst[i] &&
+                if (S3I(s)->handshake_dgst[i] &&
-                    EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
+                    EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
-                        d = s->s3->handshake_dgst[i];
+                        d = S3I(s)->handshake_dgst[i];
                        break;
                }
        }
@@ -1141,7 +1141,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
        q = buf;
-        if (s->s3->handshake_buffer)
+        if (S3I(s)->handshake_buffer)
                if (!tls1_digest_cached_records(s))
                        return 0;
@@ -1150,7 +1150,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
        for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
                if (ssl_get_algorithm2(s) & mask) {
                        int hashsize = EVP_MD_size(md);
-                        EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+                        EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];
                        if (!hdgst || hashsize < 0 ||
                            hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
                                /* internal error: 'buf' is too small for this cipersuite! */
@@ -1193,12 +1193,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
        int t;
        if (send) {
-                rec = &(ssl->s3->wrec);
+                rec = &(ssl->s3->internal->wrec);
-                seq = &(ssl->s3->write_sequence[0]);
+                seq = &(ssl->s3->internal->write_sequence[0]);
                hash = ssl->write_hash;
        } else {
-                rec = &(ssl->s3->rrec);
+                rec = &(ssl->s3->internal->rrec);
-                seq = &(ssl->s3->read_sequence[0]);
+                seq = &(ssl->s3->internal->read_sequence[0]);
                hash = ssl->read_hash;
        }
@@ -1241,8 +1241,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                if (!ssl3_cbc_digest_record(mac_ctx,
                    md, &md_size, header, rec->input,
                    rec->length + md_size, orig_len,
-                    ssl->s3->read_mac_secret,
+                    ssl->s3->internal->read_mac_secret,
-                    ssl->s3->read_mac_secret_size))
+                    ssl->s3->internal->read_mac_secret_size))
                        return -1;
        } else {
                EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 67ad1ae924..a8998b4dec 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -146,26 +146,26 @@
146	void	146	void
147	tls1_cleanup_key_block(SSL *s)	147	tls1_cleanup_key_block(SSL *s)
148	{	148	{
149	if (s->s3->tmp.key_block != NULL) {	149	if (S3I(s)->tmp.key_block != NULL) {
150	explicit_bzero(s->s3->tmp.key_block,	150	explicit_bzero(S3I(s)->tmp.key_block,
151	s->s3->tmp.key_block_length);	151	S3I(s)->tmp.key_block_length);
152	free(s->s3->tmp.key_block);	152	free(S3I(s)->tmp.key_block);
153	s->s3->tmp.key_block = NULL;	153	S3I(s)->tmp.key_block = NULL;
154	}	154	}
155	s->s3->tmp.key_block_length = 0;	155	S3I(s)->tmp.key_block_length = 0;
156	}	156	}
157		157
158	int	158	int
159	tls1_init_finished_mac(SSL *s)	159	tls1_init_finished_mac(SSL *s)
160	{	160	{
161	BIO_free(s->s3->handshake_buffer);	161	BIO_free(S3I(s)->handshake_buffer);
162	tls1_free_digest_list(s);	162	tls1_free_digest_list(s);
163		163
164	s->s3->handshake_buffer = BIO_new(BIO_s_mem());	164	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
165	if (s->s3->handshake_buffer == NULL)	165	if (S3I(s)->handshake_buffer == NULL)
166	return (0);	166	return (0);
167		167
168	(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);	168	(void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE);
169		169
170	return (1);	170	return (1);
171	}	171	}
@@ -177,15 +177,15 @@ tls1_free_digest_list(SSL *s)
177		177
178	if (s == NULL)	178	if (s == NULL)
179	return;	179	return;
180	if (s->s3->handshake_dgst == NULL)	180	if (S3I(s)->handshake_dgst == NULL)
181	return;	181	return;
182		182
183	for (i = 0; i < SSL_MAX_DIGEST; i++) {	183	for (i = 0; i < SSL_MAX_DIGEST; i++) {
184	if (s->s3->handshake_dgst[i])	184	if (S3I(s)->handshake_dgst[i])
185	EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);	185	EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
186	}	186	}
187	free(s->s3->handshake_dgst);	187	free(S3I(s)->handshake_dgst);
188	s->s3->handshake_dgst = NULL;	188	S3I(s)->handshake_dgst = NULL;
189	}	189	}
190		190
191	int	191	int
@@ -193,16 +193,16 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
193	{	193	{
194	int i;	194	int i;
195		195
196	if (s->s3->handshake_buffer &&	196	if (S3I(s)->handshake_buffer &&
197	!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {	197	!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
198	BIO_write(s->s3->handshake_buffer, (void *)buf, len);	198	BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);
199	return 1;	199	return 1;
200	}	200	}
201		201
202	for (i = 0; i < SSL_MAX_DIGEST; i++) {	202	for (i = 0; i < SSL_MAX_DIGEST; i++) {
203	if (s->s3->handshake_dgst[i] == NULL)	203	if (S3I(s)->handshake_dgst[i] == NULL)
204	continue;	204	continue;
205	if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len)) {	205	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
206	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);	206	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
207	return 0;	207	return 0;
208	}	208	}
@@ -221,12 +221,12 @@ tls1_digest_cached_records(SSL *s)
221		221
222	tls1_free_digest_list(s);	222	tls1_free_digest_list(s);
223		223
224	s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));	224	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
225	if (s->s3->handshake_dgst == NULL) {	225	if (S3I(s)->handshake_dgst == NULL) {
226	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);	226	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
227	goto err;	227	goto err;
228	}	228	}
229	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);	229	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
230	if (hdatalen <= 0) {	230	if (hdatalen <= 0) {
231	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,	231	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
232	SSL_R_BAD_HANDSHAKE_LENGTH);	232	SSL_R_BAD_HANDSHAKE_LENGTH);
@@ -238,17 +238,17 @@ tls1_digest_cached_records(SSL *s)
238	if ((mask & ssl_get_algorithm2(s)) == 0 \|\| md == NULL)	238	if ((mask & ssl_get_algorithm2(s)) == 0 \|\| md == NULL)
239	continue;	239	continue;
240		240
241	s->s3->handshake_dgst[i] = EVP_MD_CTX_create();	241	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
242	if (s->s3->handshake_dgst[i] == NULL) {	242	if (S3I(s)->handshake_dgst[i] == NULL) {
243	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,	243	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
244	ERR_R_MALLOC_FAILURE);	244	ERR_R_MALLOC_FAILURE);
245	goto err;	245	goto err;
246	}	246	}
247	if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) {	247	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
248	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);	248	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
249	goto err;	249	goto err;
250	}	250	}
251	if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,	251	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
252	hdatalen)) {	252	hdatalen)) {
253	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);	253	SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
254	goto err;	254	goto err;
@@ -256,8 +256,8 @@ tls1_digest_cached_records(SSL *s)
256	}	256	}
257		257
258	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {	258	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
259	BIO_free(s->s3->handshake_buffer);	259	BIO_free(S3I(s)->handshake_buffer);
260	s->s3->handshake_buffer = NULL;	260	S3I(s)->handshake_buffer = NULL;
261	}	261	}
262		262
263	return 1;	263	return 1;
@@ -457,7 +457,7 @@ static int
457	tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,	457	tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
458	unsigned key_len, const unsigned char *iv, unsigned iv_len)	458	unsigned key_len, const unsigned char *iv, unsigned iv_len)
459	{	459	{
460	const EVP_AEAD *aead = s->s3->tmp.new_aead;	460	const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
461	SSL_AEAD_CTX *aead_ctx;	461	SSL_AEAD_CTX *aead_ctx;
462		462
463	if (is_read) {	463	if (is_read) {
@@ -482,10 +482,10 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
482	aead_ctx->fixed_nonce_len = iv_len;	482	aead_ctx->fixed_nonce_len = iv_len;
483	aead_ctx->variable_nonce_len = 8; /* always the case, currently. */	483	aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
484	aead_ctx->variable_nonce_in_record =	484	aead_ctx->variable_nonce_in_record =
485	(s->s3->tmp.new_cipher->algorithm2 &	485	(S3I(s)->tmp.new_cipher->algorithm2 &
486	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;	486	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
487	aead_ctx->xor_fixed_nonce =	487	aead_ctx->xor_fixed_nonce =
488	s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;	488	S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
489	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);	489	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
490		490
491	if (aead_ctx->xor_fixed_nonce) {	491	if (aead_ctx->xor_fixed_nonce) {
@@ -526,12 +526,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
526	const EVP_MD *mac;	526	const EVP_MD *mac;
527	int mac_type;	527	int mac_type;
528		528
529	cipher = s->s3->tmp.new_sym_enc;	529	cipher = S3I(s)->tmp.new_sym_enc;
530	mac = s->s3->tmp.new_hash;	530	mac = S3I(s)->tmp.new_hash;
531	mac_type = s->s3->tmp.new_mac_pkey_type;	531	mac_type = S3I(s)->tmp.new_mac_pkey_type;
532		532
533	if (is_read) {	533	if (is_read) {
534	if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	534	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
535	s->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;	535	s->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;
536	else	536	else
537	s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;	537	s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -548,7 +548,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
548	goto err;	548	goto err;
549	s->read_hash = mac_ctx;	549	s->read_hash = mac_ctx;
550	} else {	550	} else {
551	if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	551	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
552	s->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;	552	s->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;
553	else	553	else
554	s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;	554	s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -595,15 +595,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
595	mac_secret_size, (unsigned char *)mac_secret);	595	mac_secret_size, (unsigned char *)mac_secret);
596	}	596	}
597		597
598	if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {	598	if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
599	int nid;	599	int nid;
600	if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)	600	if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
601	nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;	601	nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
602	else	602	else
603	nid = NID_id_tc26_gost_28147_param_Z;	603	nid = NID_id_tc26_gost_28147_param_Z;
604		604
605	EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);	605	EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
606	if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)	606	if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
607	EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);	607	EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
608	}	608	}
609		609
@@ -628,8 +628,8 @@ tls1_change_cipher_state(SSL *s, int which)
628	char is_read, use_client_keys;	628	char is_read, use_client_keys;
629		629
630		630
631	cipher = s->s3->tmp.new_sym_enc;	631	cipher = S3I(s)->tmp.new_sym_enc;
632	aead = s->s3->tmp.new_aead;	632	aead = S3I(s)->tmp.new_aead;
633		633
634	/*	634	/*
635	* is_read is true if we have just read a ChangeCipherSpec message,	635	* is_read is true if we have just read a ChangeCipherSpec message,
@@ -652,13 +652,13 @@ tls1_change_cipher_state(SSL *s, int which)
652	* dtls1_reset_seq_numbers().	652	* dtls1_reset_seq_numbers().
653	*/	653	*/
654	if (!SSL_IS_DTLS(s)) {	654	if (!SSL_IS_DTLS(s)) {
655	seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;	655	seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
656	memset(seq, 0, SSL3_SEQUENCE_SIZE);	656	memset(seq, 0, SSL3_SEQUENCE_SIZE);
657	}	657	}
658		658
659	if (aead != NULL) {	659	if (aead != NULL) {
660	key_len = EVP_AEAD_key_length(aead);	660	key_len = EVP_AEAD_key_length(aead);
661	iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);	661	iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);
662	} else {	662	} else {
663	key_len = EVP_CIPHER_key_length(cipher);	663	key_len = EVP_CIPHER_key_length(cipher);
664	iv_len = EVP_CIPHER_iv_length(cipher);	664	iv_len = EVP_CIPHER_iv_length(cipher);
@@ -670,7 +670,7 @@ tls1_change_cipher_state(SSL *s, int which)
670		670
671	mac_secret_size = s->s3->tmp.new_mac_secret_size;	671	mac_secret_size = s->s3->tmp.new_mac_secret_size;
672		672
673	key_block = s->s3->tmp.key_block;	673	key_block = S3I(s)->tmp.key_block;
674	client_write_mac_secret = key_block;	674	client_write_mac_secret = key_block;
675	key_block += mac_secret_size;	675	key_block += mac_secret_size;
676	server_write_mac_secret = key_block;	676	server_write_mac_secret = key_block;
@@ -694,17 +694,17 @@ tls1_change_cipher_state(SSL *s, int which)
694	iv = server_write_iv;	694	iv = server_write_iv;
695	}	695	}
696		696
697	if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {	697	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
698	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);	698	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
699	goto err2;	699	goto err2;
700	}	700	}
701		701
702	if (is_read) {	702	if (is_read) {
703	memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);	703	memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
704	s->s3->read_mac_secret_size = mac_secret_size;	704	S3I(s)->read_mac_secret_size = mac_secret_size;
705	} else {	705	} else {
706	memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);	706	memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
707	s->s3->write_mac_secret_size = mac_secret_size;	707	S3I(s)->write_mac_secret_size = mac_secret_size;
708	}	708	}
709		709
710	if (aead != NULL) {	710	if (aead != NULL) {
@@ -730,7 +730,7 @@ tls1_setup_key_block(SSL *s)
730	const EVP_MD *mac = NULL;	730	const EVP_MD *mac = NULL;
731	int ret = 0;	731	int ret = 0;
732		732
733	if (s->s3->tmp.key_block_length != 0)	733	if (S3I(s)->tmp.key_block_length != 0)
734	return (1);	734	return (1);
735		735
736	if (s->session->cipher &&	736	if (s->session->cipher &&
@@ -757,10 +757,10 @@ tls1_setup_key_block(SSL *s)
757	iv_len = EVP_GCM_TLS_FIXED_IV_LEN;	757	iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
758	}	758	}
759		759
760	s->s3->tmp.new_aead = aead;	760	S3I(s)->tmp.new_aead = aead;
761	s->s3->tmp.new_sym_enc = cipher;	761	S3I(s)->tmp.new_sym_enc = cipher;
762	s->s3->tmp.new_hash = mac;	762	S3I(s)->tmp.new_hash = mac;
763	s->s3->tmp.new_mac_pkey_type = mac_type;	763	S3I(s)->tmp.new_mac_pkey_type = mac_type;
764	s->s3->tmp.new_mac_secret_size = mac_secret_size;	764	s->s3->tmp.new_mac_secret_size = mac_secret_size;
765		765
766	tls1_cleanup_key_block(s);	766	tls1_cleanup_key_block(s);
@@ -772,8 +772,8 @@ tls1_setup_key_block(SSL *s)
772	}	772	}
773	key_block_len = (mac_secret_size + key_len + iv_len) * 2;	773	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
774		774
775	s->s3->tmp.key_block_length = key_block_len;	775	S3I(s)->tmp.key_block_length = key_block_len;
776	s->s3->tmp.key_block = key_block;	776	S3I(s)->tmp.key_block = key_block;
777		777
778	if ((tmp_block = malloc(key_block_len)) == NULL) {	778	if ((tmp_block = malloc(key_block_len)) == NULL) {
779	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);	779	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
@@ -789,15 +789,15 @@ tls1_setup_key_block(SSL *s)
789	* Enable vulnerability countermeasure for CBC ciphers with	789	* Enable vulnerability countermeasure for CBC ciphers with
790	* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)	790	* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
791	*/	791	*/
792	s->s3->need_empty_fragments = 1;	792	S3I(s)->need_empty_fragments = 1;
793		793
794	if (s->session->cipher != NULL) {	794	if (s->session->cipher != NULL) {
795	if (s->session->cipher->algorithm_enc == SSL_eNULL)	795	if (s->session->cipher->algorithm_enc == SSL_eNULL)
796	s->s3->need_empty_fragments = 0;	796	S3I(s)->need_empty_fragments = 0;
797		797
798	#ifndef OPENSSL_NO_RC4	798	#ifndef OPENSSL_NO_RC4
799	if (s->session->cipher->algorithm_enc == SSL_RC4)	799	if (s->session->cipher->algorithm_enc == SSL_RC4)
800	s->s3->need_empty_fragments = 0;	800	S3I(s)->need_empty_fragments = 0;
801	#endif	801	#endif
802	}	802	}
803	}	803	}
@@ -834,12 +834,12 @@ tls1_enc(SSL *s, int send)
834		834
835	if (send) {	835	if (send) {
836	aead = s->aead_write_ctx;	836	aead = s->aead_write_ctx;
837	rec = &s->s3->wrec;	837	rec = &S3I(s)->wrec;
838	seq = s->s3->write_sequence;	838	seq = S3I(s)->write_sequence;
839	} else {	839	} else {
840	aead = s->aead_read_ctx;	840	aead = s->aead_read_ctx;
841	rec = &s->s3->rrec;	841	rec = &S3I(s)->rrec;
842	seq = s->s3->read_sequence;	842	seq = S3I(s)->read_sequence;
843	}	843	}
844		844
845	if (aead) {	845	if (aead) {
@@ -1102,14 +1102,14 @@ tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1102	unsigned int ret;	1102	unsigned int ret;
1103	int i;	1103	int i;
1104		1104
1105	if (s->s3->handshake_buffer)	1105	if (S3I(s)->handshake_buffer)
1106	if (!tls1_digest_cached_records(s))	1106	if (!tls1_digest_cached_records(s))
1107	return 0;	1107	return 0;
1108		1108
1109	for (i = 0; i < SSL_MAX_DIGEST; i++) {	1109	for (i = 0; i < SSL_MAX_DIGEST; i++) {
1110	if (s->s3->handshake_dgst[i] &&	1110	if (S3I(s)->handshake_dgst[i] &&
1111	EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {	1111	EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
1112	d = s->s3->handshake_dgst[i];	1112	d = S3I(s)->handshake_dgst[i];
1113	break;	1113	break;
1114	}	1114	}
1115	}	1115	}
@@ -1141,7 +1141,7 @@ tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)
1141		1141
1142	q = buf;	1142	q = buf;
1143		1143
1144	if (s->s3->handshake_buffer)	1144	if (S3I(s)->handshake_buffer)
1145	if (!tls1_digest_cached_records(s))	1145	if (!tls1_digest_cached_records(s))
1146	return 0;	1146	return 0;
1147		1147
@@ -1150,7 +1150,7 @@ tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)
1150	for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {	1150	for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
1151	if (ssl_get_algorithm2(s) & mask) {	1151	if (ssl_get_algorithm2(s) & mask) {
1152	int hashsize = EVP_MD_size(md);	1152	int hashsize = EVP_MD_size(md);
1153	EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];	1153	EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];
1154	if (!hdgst \|\| hashsize < 0 \|\|	1154	if (!hdgst \|\| hashsize < 0 \|\|
1155	hashsize > (int)(sizeof buf - (size_t)(q - buf))) {	1155	hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
1156	/* internal error: 'buf' is too small for this cipersuite! */	1156	/* internal error: 'buf' is too small for this cipersuite! */
@@ -1193,12 +1193,12 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1193	int t;	1193	int t;
1194		1194
1195	if (send) {	1195	if (send) {
1196	rec = &(ssl->s3->wrec);	1196	rec = &(ssl->s3->internal->wrec);
1197	seq = &(ssl->s3->write_sequence[0]);	1197	seq = &(ssl->s3->internal->write_sequence[0]);
1198	hash = ssl->write_hash;	1198	hash = ssl->write_hash;
1199	} else {	1199	} else {
1200	rec = &(ssl->s3->rrec);	1200	rec = &(ssl->s3->internal->rrec);
1201	seq = &(ssl->s3->read_sequence[0]);	1201	seq = &(ssl->s3->internal->read_sequence[0]);
1202	hash = ssl->read_hash;	1202	hash = ssl->read_hash;
1203	}	1203	}
1204		1204
@@ -1241,8 +1241,8 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1241	if (!ssl3_cbc_digest_record(mac_ctx,	1241	if (!ssl3_cbc_digest_record(mac_ctx,
1242	md, &md_size, header, rec->input,	1242	md, &md_size, header, rec->input,
1243	rec->length + md_size, orig_len,	1243	rec->length + md_size, orig_len,
1244	ssl->s3->read_mac_secret,	1244	ssl->s3->internal->read_mac_secret,
1245	ssl->s3->read_mac_secret_size))	1245	ssl->s3->internal->read_mac_secret_size))
1246	return -1;	1246	return -1;
1247	} else {	1247	} else {
1248	EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));	1248	EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));