1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 08818f4870..b2d9883900 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.100 2017/01/23 04:15:28 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.101 2017/01/23 04:55:27 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1227,9 +1227,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                if (end - data < size)
                        goto err;
-                if (s->tlsext_debug_cb)
+                if (s->internal->tlsext_debug_cb)
-                        s->tlsext_debug_cb(s, 0, type, data, size,
+                        s->internal->tlsext_debug_cb(s, 0, type, data, size,
-                            s->tlsext_debug_arg);
+                            s->internal->tlsext_debug_arg);
 /* The servername extension is treated as follows:
   - Only the hostname type is supported with a maximum length of 255.
@@ -1395,8 +1395,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                }
                else if (type == TLSEXT_TYPE_session_ticket) {
-                        if (s->tls_session_ticket_ext_cb &&
+                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
+                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
@@ -1645,9 +1645,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                if (end - data < size)
                        goto err;
-                if (s->tlsext_debug_cb)
+                if (s->internal->tlsext_debug_cb)
-                        s->tlsext_debug_cb(s, 1, type, data, size,
+                        s->internal->tlsext_debug_cb(s, 1, type, data, size,
-                            s->tlsext_debug_arg);
+                            s->internal->tlsext_debug_arg);
                if (type == TLSEXT_TYPE_server_name) {
                        if (s->tlsext_hostname == NULL || size > 0) {
@@ -1690,8 +1690,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                        }
                }
                else if (type == TLSEXT_TYPE_session_ticket) {
-                        if (s->tls_session_ticket_ext_cb &&
+                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
+                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
@@ -2035,7 +2035,7 @@ ssl_check_serverhello_tlsext(SSL *s)
 *   ret: (output) on return, if a ticket was decrypted, then this is set to
 *       point to the resulting session.
 *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
+ * If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key
 * ciphersuite, in which case we have no use for session tickets and one will
 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
 *
@@ -2044,14 +2044,14 @@ ssl_check_serverhello_tlsext(SSL *s)
 *    0: no ticket was found (or was ignored, based on settings).
 *    1: a zero length extension was found, indicating that the client supports
 *       session tickets but doesn't currently have one to offer.
- *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
+ *    2: either s->internal->tls_session_secret_cb was set, or a ticket was offered but
 *       couldn't be decrypted because of a non-fatal error.
 *    3: a ticket was successfully decrypted and *ret was set.
 *
 * Side effects:
 *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
 *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have
 *   a session ticket or we couldn't use the one it gave us, or if
 *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
 *   Otherwise, s->tlsext_ticket_expected is set to 0.
@@ -2119,7 +2119,7 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
                                s->tlsext_ticket_expected = 1;
                                return 1;
                        }
-                        if (s->tls_session_secret_cb) {
+                        if (s->internal->tls_session_secret_cb) {
                                /* Indicate that the ticket couldn't be
                                 * decrypted rather than generating the session
                                 * from ticket now, trigger abbreviated

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 08818f4870..b2d9883900 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.100 2017/01/23 04:15:28 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.101 2017/01/23 04:55:27 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1227,9 +1227,9 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1227	if (end - data < size)	1227	if (end - data < size)
1228	goto err;	1228	goto err;
1229		1229
1230	if (s->tlsext_debug_cb)	1230	if (s->internal->tlsext_debug_cb)
1231	s->tlsext_debug_cb(s, 0, type, data, size,	1231	s->internal->tlsext_debug_cb(s, 0, type, data, size,
1232	s->tlsext_debug_arg);	1232	s->internal->tlsext_debug_arg);
1233	/* The servername extension is treated as follows:	1233	/* The servername extension is treated as follows:
1234		1234
1235	- Only the hostname type is supported with a maximum length of 255.	1235	- Only the hostname type is supported with a maximum length of 255.
@@ -1395,8 +1395,8 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1395	}	1395	}
1396	}	1396	}
1397	else if (type == TLSEXT_TYPE_session_ticket) {	1397	else if (type == TLSEXT_TYPE_session_ticket) {
1398	if (s->tls_session_ticket_ext_cb &&	1398	if (s->internal->tls_session_ticket_ext_cb &&
1399	!s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {	1399	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1400	*al = TLS1_AD_INTERNAL_ERROR;	1400	*al = TLS1_AD_INTERNAL_ERROR;
1401	return 0;	1401	return 0;
1402	}	1402	}
@@ -1645,9 +1645,9 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, size_t n, int al)
1645	if (end - data < size)	1645	if (end - data < size)
1646	goto err;	1646	goto err;
1647		1647
1648	if (s->tlsext_debug_cb)	1648	if (s->internal->tlsext_debug_cb)
1649	s->tlsext_debug_cb(s, 1, type, data, size,	1649	s->internal->tlsext_debug_cb(s, 1, type, data, size,
1650	s->tlsext_debug_arg);	1650	s->internal->tlsext_debug_arg);
1651		1651
1652	if (type == TLSEXT_TYPE_server_name) {	1652	if (type == TLSEXT_TYPE_server_name) {
1653	if (s->tlsext_hostname == NULL \|\| size > 0) {	1653	if (s->tlsext_hostname == NULL \|\| size > 0) {
@@ -1690,8 +1690,8 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, size_t n, int al)
1690	}	1690	}
1691	}	1691	}
1692	else if (type == TLSEXT_TYPE_session_ticket) {	1692	else if (type == TLSEXT_TYPE_session_ticket) {
1693	if (s->tls_session_ticket_ext_cb &&	1693	if (s->internal->tls_session_ticket_ext_cb &&
1694	!s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {	1694	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1695	*al = TLS1_AD_INTERNAL_ERROR;	1695	*al = TLS1_AD_INTERNAL_ERROR;
1696	return 0;	1696	return 0;
1697	}	1697	}
@@ -2035,7 +2035,7 @@ ssl_check_serverhello_tlsext(SSL *s)
2035	* ret: (output) on return, if a ticket was decrypted, then this is set to	2035	* ret: (output) on return, if a ticket was decrypted, then this is set to
2036	* point to the resulting session.	2036	* point to the resulting session.
2037	*	2037	*
2038	* If s->tls_session_secret_cb is set then we are expecting a pre-shared key	2038	* If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key
2039	* ciphersuite, in which case we have no use for session tickets and one will	2039	* ciphersuite, in which case we have no use for session tickets and one will
2040	* never be decrypted, nor will s->tlsext_ticket_expected be set to 1.	2040	* never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
2041	*	2041	*
@@ -2044,14 +2044,14 @@ ssl_check_serverhello_tlsext(SSL *s)
2044	* 0: no ticket was found (or was ignored, based on settings).	2044	* 0: no ticket was found (or was ignored, based on settings).
2045	* 1: a zero length extension was found, indicating that the client supports	2045	* 1: a zero length extension was found, indicating that the client supports
2046	* session tickets but doesn't currently have one to offer.	2046	* session tickets but doesn't currently have one to offer.
2047	* 2: either s->tls_session_secret_cb was set, or a ticket was offered but	2047	* 2: either s->internal->tls_session_secret_cb was set, or a ticket was offered but
2048	* couldn't be decrypted because of a non-fatal error.	2048	* couldn't be decrypted because of a non-fatal error.
2049	* 3: a ticket was successfully decrypted and *ret was set.	2049	* 3: a ticket was successfully decrypted and *ret was set.
2050	*	2050	*
2051	* Side effects:	2051	* Side effects:
2052	* Sets s->tlsext_ticket_expected to 1 if the server will have to issue	2052	* Sets s->tlsext_ticket_expected to 1 if the server will have to issue
2053	* a new session ticket to the client because the client indicated support	2053	* a new session ticket to the client because the client indicated support
2054	* (and s->tls_session_secret_cb is NULL) but the client either doesn't have	2054	* (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have
2055	* a session ticket or we couldn't use the one it gave us, or if	2055	* a session ticket or we couldn't use the one it gave us, or if
2056	* s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.	2056	* s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
2057	* Otherwise, s->tlsext_ticket_expected is set to 0.	2057	* Otherwise, s->tlsext_ticket_expected is set to 0.
@@ -2119,7 +2119,7 @@ tls1_process_ticket(SSL s, const unsigned char session, int session_len,
2119	s->tlsext_ticket_expected = 1;	2119	s->tlsext_ticket_expected = 1;
2120	return 1;	2120	return 1;
2121	}	2121	}
2122	if (s->tls_session_secret_cb) {	2122	if (s->internal->tls_session_secret_cb) {
2123	/* Indicate that the ticket couldn't be	2123	/* Indicate that the ticket couldn't be
2124	* decrypted rather than generating the session	2124	* decrypted rather than generating the session
2125	* from ticket now, trigger abbreviated	2125	* from ticket now, trigger abbreviated