1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index ce57235cea..9598613516 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.109 2017/05/06 22:24:58 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -152,9 +152,9 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
 void
 tls1_cleanup_key_block(SSL *s)
 {
-        freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length);
+        freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len);
-        S3I(s)->tmp.key_block = NULL;
+        S3I(s)->hs.key_block = NULL;
-        S3I(s)->tmp.key_block_length = 0;
+        S3I(s)->hs.key_block_len = 0;
 }
 int
@@ -417,10 +417,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        aead_ctx->fixed_nonce_len = iv_len;
        aead_ctx->variable_nonce_len = 8;  /* always the case, currently. */
        aead_ctx->variable_nonce_in_record =
-            (S3I(s)->tmp.new_cipher->algorithm2 &
+            (S3I(s)->hs.new_cipher->algorithm2 &
            SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
        aead_ctx->xor_fixed_nonce =
-            S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
+            S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
        aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
        if (aead_ctx->xor_fixed_nonce) {
@@ -464,7 +464,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
        mac_type = S3I(s)->tmp.new_mac_pkey_type;
        if (is_read) {
-                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
                        s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
                else
                        s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -481,7 +481,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
                        goto err;
                s->read_hash = mac_ctx;
        } else {
-                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
                        s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
                else
                        s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -528,15 +528,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
                    mac_secret_size, (unsigned char *)mac_secret);
        }
-        if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
+        if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
                int nid;
-                if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+                if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
                        nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
                else
                        nid = NID_id_tc26_gost_28147_param_Z;
                EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
-                if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
+                if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)
                        EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
        }
@@ -591,7 +591,7 @@ tls1_change_cipher_state(SSL *s, int which)
        if (aead != NULL) {
                key_len = EVP_AEAD_key_length(aead);
-                iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);
+                iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher);
        } else {
                key_len = EVP_CIPHER_key_length(cipher);
                iv_len = EVP_CIPHER_iv_length(cipher);
@@ -603,7 +603,7 @@ tls1_change_cipher_state(SSL *s, int which)
        mac_secret_size = s->s3->tmp.new_mac_secret_size;
-        key_block = S3I(s)->tmp.key_block;
+        key_block = S3I(s)->hs.key_block;
        client_write_mac_secret = key_block;
        key_block += mac_secret_size;
        server_write_mac_secret = key_block;
@@ -627,7 +627,7 @@ tls1_change_cipher_state(SSL *s, int which)
                iv = server_write_iv;
        }
-        if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
+        if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err2;
        }
@@ -663,7 +663,7 @@ tls1_setup_key_block(SSL *s)
        const EVP_MD *mac = NULL;
        int ret = 0;
-        if (S3I(s)->tmp.key_block_length != 0)
+        if (S3I(s)->hs.key_block_len != 0)
                return (1);
        if (s->session->cipher &&
@@ -703,8 +703,8 @@ tls1_setup_key_block(SSL *s)
        }
        key_block_len = (mac_secret_size + key_len + iv_len) * 2;
-        S3I(s)->tmp.key_block_length = key_block_len;
+        S3I(s)->hs.key_block_len = key_block_len;
-        S3I(s)->tmp.key_block = key_block;
+        S3I(s)->hs.key_block = key_block;
        if (!tls1_generate_key_block(s, key_block, key_block_len))
                goto err;

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index ce57235cea..9598613516 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.109 2017/05/06 22:24:58 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -152,9 +152,9 @@ int tls1_PRF(SSL s, const unsigned char secret, size_t secret_len,
152	void	152	void
153	tls1_cleanup_key_block(SSL *s)	153	tls1_cleanup_key_block(SSL *s)
154	{	154	{
155	freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length);	155	freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len);
156	S3I(s)->tmp.key_block = NULL;	156	S3I(s)->hs.key_block = NULL;
157	S3I(s)->tmp.key_block_length = 0;	157	S3I(s)->hs.key_block_len = 0;
158	}	158	}
159		159
160	int	160	int
@@ -417,10 +417,10 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
417	aead_ctx->fixed_nonce_len = iv_len;	417	aead_ctx->fixed_nonce_len = iv_len;
418	aead_ctx->variable_nonce_len = 8; /* always the case, currently. */	418	aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
419	aead_ctx->variable_nonce_in_record =	419	aead_ctx->variable_nonce_in_record =
420	(S3I(s)->tmp.new_cipher->algorithm2 &	420	(S3I(s)->hs.new_cipher->algorithm2 &
421	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;	421	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
422	aead_ctx->xor_fixed_nonce =	422	aead_ctx->xor_fixed_nonce =
423	S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;	423	S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
424	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);	424	aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
425		425
426	if (aead_ctx->xor_fixed_nonce) {	426	if (aead_ctx->xor_fixed_nonce) {
@@ -464,7 +464,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
464	mac_type = S3I(s)->tmp.new_mac_pkey_type;	464	mac_type = S3I(s)->tmp.new_mac_pkey_type;
465		465
466	if (is_read) {	466	if (is_read) {
467	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	467	if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
468	s->internal->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;	468	s->internal->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;
469	else	469	else
470	s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;	470	s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -481,7 +481,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
481	goto err;	481	goto err;
482	s->read_hash = mac_ctx;	482	s->read_hash = mac_ctx;
483	} else {	483	} else {
484	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	484	if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
485	s->internal->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;	485	s->internal->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;
486	else	486	else
487	s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;	487	s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -528,15 +528,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
528	mac_secret_size, (unsigned char *)mac_secret);	528	mac_secret_size, (unsigned char *)mac_secret);
529	}	529	}
530		530
531	if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {	531	if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
532	int nid;	532	int nid;
533	if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)	533	if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
534	nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;	534	nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
535	else	535	else
536	nid = NID_id_tc26_gost_28147_param_Z;	536	nid = NID_id_tc26_gost_28147_param_Z;
537		537
538	EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);	538	EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
539	if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)	539	if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)
540	EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);	540	EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
541	}	541	}
542		542
@@ -591,7 +591,7 @@ tls1_change_cipher_state(SSL *s, int which)
591		591
592	if (aead != NULL) {	592	if (aead != NULL) {
593	key_len = EVP_AEAD_key_length(aead);	593	key_len = EVP_AEAD_key_length(aead);
594	iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);	594	iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher);
595	} else {	595	} else {
596	key_len = EVP_CIPHER_key_length(cipher);	596	key_len = EVP_CIPHER_key_length(cipher);
597	iv_len = EVP_CIPHER_iv_length(cipher);	597	iv_len = EVP_CIPHER_iv_length(cipher);
@@ -603,7 +603,7 @@ tls1_change_cipher_state(SSL *s, int which)
603		603
604	mac_secret_size = s->s3->tmp.new_mac_secret_size;	604	mac_secret_size = s->s3->tmp.new_mac_secret_size;
605		605
606	key_block = S3I(s)->tmp.key_block;	606	key_block = S3I(s)->hs.key_block;
607	client_write_mac_secret = key_block;	607	client_write_mac_secret = key_block;
608	key_block += mac_secret_size;	608	key_block += mac_secret_size;
609	server_write_mac_secret = key_block;	609	server_write_mac_secret = key_block;
@@ -627,7 +627,7 @@ tls1_change_cipher_state(SSL *s, int which)
627	iv = server_write_iv;	627	iv = server_write_iv;
628	}	628	}
629		629
630	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {	630	if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) {
631	SSLerror(s, ERR_R_INTERNAL_ERROR);	631	SSLerror(s, ERR_R_INTERNAL_ERROR);
632	goto err2;	632	goto err2;
633	}	633	}
@@ -663,7 +663,7 @@ tls1_setup_key_block(SSL *s)
663	const EVP_MD *mac = NULL;	663	const EVP_MD *mac = NULL;
664	int ret = 0;	664	int ret = 0;
665		665
666	if (S3I(s)->tmp.key_block_length != 0)	666	if (S3I(s)->hs.key_block_len != 0)
667	return (1);	667	return (1);
668		668
669	if (s->session->cipher &&	669	if (s->session->cipher &&
@@ -703,8 +703,8 @@ tls1_setup_key_block(SSL *s)
703	}	703	}
704	key_block_len = (mac_secret_size + key_len + iv_len) * 2;	704	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
705		705
706	S3I(s)->tmp.key_block_length = key_block_len;	706	S3I(s)->hs.key_block_len = key_block_len;
707	S3I(s)->tmp.key_block = key_block;	707	S3I(s)->hs.key_block = key_block;
708		708
709	if (!tls1_generate_key_block(s, key_block, key_block_len))	709	if (!tls1_generate_key_block(s, key_block, key_block_len))
710	goto err;	710	goto err;