5 files changed, 48 insertions, 40 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 06941530c6..0f602bef7e 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.86 2021/03/11 17:14:46 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -278,7 +278,7 @@ ssl3_connect(SSL *s)
                        if (SSL_is_dtls(s) && D1I(s)->send_cookie) {
                                S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
-                                S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+                                S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
                        } else
                                S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
@@ -509,14 +509,14 @@ ssl3_connect(SSL *s)
                        /* clear flags */
                        if (s->internal->hit) {
-                                S3I(s)->hs.next_state = SSL_ST_OK;
+                                S3I(s)->hs.tls12.next_state = SSL_ST_OK;
                        } else {
                                /* Allow NewSessionTicket if ticket expected */
                                if (s->internal->tlsext_ticket_expected)
-                                        S3I(s)->hs.next_state =
+                                        S3I(s)->hs.tls12.next_state =
                                            SSL3_ST_CR_SESSION_TICKET_A;
                                else
-                                        S3I(s)->hs.next_state =
+                                        S3I(s)->hs.tls12.next_state =
                                            SSL3_ST_CR_FINISHED_A;
                        }
                        s->internal->init_num = 0;
@@ -567,14 +567,14 @@ ssl3_connect(SSL *s)
                                        /* If the write error was fatal, stop trying */
                                        if (!BIO_should_retry(s->wbio)) {
                                                s->internal->rwstate = SSL_NOTHING;
-                                                S3I(s)->hs.state = S3I(s)->hs.next_state;
+                                                S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
                                        }
                                }
                                ret = -1;
                                goto end;
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        S3I(s)->hs.state = S3I(s)->hs.next_state;
+                        S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
                        break;
                case SSL_ST_OK:
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 33eb3bba7d..5f953b8e64 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.328 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.329 2021/03/24 18:40:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -416,6 +416,15 @@ typedef struct cert_pkey_st {
        STACK_OF(X509) *chain;
 } CERT_PKEY;
+typedef struct ssl_handshake_tls12_st {
+        /* Used when SSL_ST_FLUSH_DATA is entered. */
+        int next_state;
+        /* Record-layer key block for TLS 1.2 and earlier. */
+        unsigned char *key_block;
+        size_t key_block_len;
+} SSL_HANDSHAKE_TLS12;
 typedef struct ssl_handshake_tls13_st {
        int use_legacy;
        int hrr;
@@ -466,27 +475,25 @@ typedef struct ssl_handshake_st {
         */
        uint16_t negotiated_tls_version;
-        SSL_HANDSHAKE_TLS13 tls13;
+        /*
+         * Current handshake state - contains one of the SSL3_ST_* values and
-        /* state contains one of the SSL3_ST_* values. */
+         * is used by the TLSv1.2 state machine, as well as being updated by
+         * the TLSv1.3 stack due to it being exposed externally.
+         */
        int state;
-        /* used when SSL_ST_FLUSH_DATA is entered */
+        /* Cipher being negotiated in this handshake. */
-        int next_state;
-        /*  new_cipher is the cipher being negotiated in this handshake. */
        const SSL_CIPHER *new_cipher;
-        /* key_block is the record-layer key block for TLS 1.2 and earlier. */
-        size_t key_block_len;
-        unsigned char *key_block;
        /* Extensions seen in this handshake. */
        uint32_t extensions_seen;
        /* sigalgs offered in this handshake in wire form */
-        size_t sigalgs_len;
        uint8_t *sigalgs;
+        size_t sigalgs_len;
+        SSL_HANDSHAKE_TLS12 tls12;
+        SSL_HANDSHAKE_TLS13 tls13;
 } SSL_HANDSHAKE;
 struct tls12_record_layer;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 5b1af504fb..37bee9e69f 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.37 2021/03/10 18:27:02 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.38 2021/03/24 18:40:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1163,7 +1163,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        else
                i = SSL3_CHANGE_CIPHER_CLIENT_READ;
-        if (S3I(s)->hs.key_block == NULL) {
+        if (S3I(s)->hs.tls12.key_block == NULL) {
                if (s->session == NULL || s->session->master_key_length == 0) {
                        /* might happen if dtls1_read_bytes() calls this */
                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 19fedde87a..3dc87a00c8 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -290,9 +290,9 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (SSL_is_dtls(s))
-                                S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+                                S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        else
-                                S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
+                                S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
@@ -365,7 +365,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
-                        S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+                        S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        /* HelloVerifyRequest resets Finished MAC. */
                        tls1_transcript_reset(s);
@@ -488,7 +488,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_server_done(s);
                        if (ret <= 0)
                                goto end;
-                        S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
+                        S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        break;
@@ -510,14 +510,14 @@ ssl3_accept(SSL *s)
                                        /* If the write error was fatal, stop trying. */
                                        if (!BIO_should_retry(s->wbio)) {
                                                s->internal->rwstate = SSL_NOTHING;
-                                                S3I(s)->hs.state = S3I(s)->hs.next_state;
+                                                S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
                                        }
                                }
                                ret = -1;
                                goto end;
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        S3I(s)->hs.state = S3I(s)->hs.next_state;
+                        S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
@@ -674,10 +674,10 @@ ssl3_accept(SSL *s)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        if (s->internal->hit) {
-                                S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
+                                S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
                                tls1_transcript_free(s);
                        } else
-                                S3I(s)->hs.next_state = SSL_ST_OK;
+                                S3I(s)->hs.tls12.next_state = SSL_ST_OK;
                        s->internal->init_num = 0;
                        break;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 05a5b1d953..5d889fa665 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.133 2021/02/27 14:20:50 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.134 2021/03/24 18:40:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -152,9 +152,9 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
 void
 tls1_cleanup_key_block(SSL *s)
 {
-        freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len);
+        freezero(S3I(s)->hs.tls12.key_block, S3I(s)->hs.tls12.key_block_len);
-        S3I(s)->hs.key_block = NULL;
+        S3I(s)->hs.tls12.key_block = NULL;
-        S3I(s)->hs.key_block_len = 0;
+        S3I(s)->hs.tls12.key_block_len = 0;
 }
 void
@@ -351,7 +351,7 @@ tls1_change_cipher_state(SSL *s, int which)
        mac_secret_size = S3I(s)->tmp.new_mac_secret_size;
-        key_block = S3I(s)->hs.key_block;
+        key_block = S3I(s)->hs.tls12.key_block;
        client_write_mac_secret = key_block;
        key_block += mac_secret_size;
        server_write_mac_secret = key_block;
@@ -375,7 +375,8 @@ tls1_change_cipher_state(SSL *s, int which)
                iv = server_write_iv;
        }
-        if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) {
+        if (key_block - S3I(s)->hs.tls12.key_block !=
+            S3I(s)->hs.tls12.key_block_len) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
        }
@@ -410,7 +411,7 @@ tls1_setup_key_block(SSL *s)
        const EVP_MD *mac_hash = NULL;
        int ret = 0;
-        if (S3I(s)->hs.key_block_len != 0)
+        if (S3I(s)->hs.tls12.key_block_len != 0)
                return (1);
        if (s->session->cipher &&
@@ -451,8 +452,8 @@ tls1_setup_key_block(SSL *s)
        }
        key_block_len = (mac_secret_size + key_len + iv_len) * 2;
-        S3I(s)->hs.key_block_len = key_block_len;
+        S3I(s)->hs.tls12.key_block_len = key_block_len;
-        S3I(s)->hs.key_block = key_block;
+        S3I(s)->hs.tls12.key_block = key_block;
        if (!tls1_generate_key_block(s, key_block, key_block_len))
                goto err;

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 06941530c6..0f602bef7e 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.86 2021/03/11 17:14:46 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -278,7 +278,7 @@ ssl3_connect(SSL *s)
278		278
279	if (SSL_is_dtls(s) && D1I(s)->send_cookie) {	279	if (SSL_is_dtls(s) && D1I(s)->send_cookie) {
280	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;	280	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
281	S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;	281	S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
282	} else	282	} else
283	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;	283	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
284		284
@@ -509,14 +509,14 @@ ssl3_connect(SSL *s)
509		509
510	/* clear flags */	510	/* clear flags */
511	if (s->internal->hit) {	511	if (s->internal->hit) {
512	S3I(s)->hs.next_state = SSL_ST_OK;	512	S3I(s)->hs.tls12.next_state = SSL_ST_OK;
513	} else {	513	} else {
514	/* Allow NewSessionTicket if ticket expected */	514	/* Allow NewSessionTicket if ticket expected */
515	if (s->internal->tlsext_ticket_expected)	515	if (s->internal->tlsext_ticket_expected)
516	S3I(s)->hs.next_state =	516	S3I(s)->hs.tls12.next_state =
517	SSL3_ST_CR_SESSION_TICKET_A;	517	SSL3_ST_CR_SESSION_TICKET_A;
518	else	518	else
519	S3I(s)->hs.next_state =	519	S3I(s)->hs.tls12.next_state =
520	SSL3_ST_CR_FINISHED_A;	520	SSL3_ST_CR_FINISHED_A;
521	}	521	}
522	s->internal->init_num = 0;	522	s->internal->init_num = 0;
@@ -567,14 +567,14 @@ ssl3_connect(SSL *s)
567	/* If the write error was fatal, stop trying */	567	/* If the write error was fatal, stop trying */
568	if (!BIO_should_retry(s->wbio)) {	568	if (!BIO_should_retry(s->wbio)) {
569	s->internal->rwstate = SSL_NOTHING;	569	s->internal->rwstate = SSL_NOTHING;
570	S3I(s)->hs.state = S3I(s)->hs.next_state;	570	S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
571	}	571	}
572	}	572	}
573	ret = -1;	573	ret = -1;
574	goto end;	574	goto end;
575	}	575	}
576	s->internal->rwstate = SSL_NOTHING;	576	s->internal->rwstate = SSL_NOTHING;
577	S3I(s)->hs.state = S3I(s)->hs.next_state;	577	S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
578	break;	578	break;
579		579
580	case SSL_ST_OK:	580	case SSL_ST_OK:


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 33eb3bba7d..5f953b8e64 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.328 2021/03/21 18:36:34 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.329 2021/03/24 18:40:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -416,6 +416,15 @@ typedef struct cert_pkey_st {
416	STACK_OF(X509) *chain;	416	STACK_OF(X509) *chain;
417	} CERT_PKEY;	417	} CERT_PKEY;
418		418
		419	typedef struct ssl_handshake_tls12_st {
		420	/* Used when SSL_ST_FLUSH_DATA is entered. */
		421	int next_state;
		422
		423	/* Record-layer key block for TLS 1.2 and earlier. */
		424	unsigned char *key_block;
		425	size_t key_block_len;
		426	} SSL_HANDSHAKE_TLS12;
		427
419	typedef struct ssl_handshake_tls13_st {	428	typedef struct ssl_handshake_tls13_st {
420	int use_legacy;	429	int use_legacy;
421	int hrr;	430	int hrr;
@@ -466,27 +475,25 @@ typedef struct ssl_handshake_st {
466	*/	475	*/
467	uint16_t negotiated_tls_version;	476	uint16_t negotiated_tls_version;
468		477
469	SSL_HANDSHAKE_TLS13 tls13;	478	/*
470		479	* Current handshake state - contains one of the SSL3_ST_* values and
471	/* state contains one of the SSL3_ST_* values. */	480	* is used by the TLSv1.2 state machine, as well as being updated by
		481	* the TLSv1.3 stack due to it being exposed externally.
		482	*/
472	int state;	483	int state;
473		484
474	/* used when SSL_ST_FLUSH_DATA is entered */	485	/* Cipher being negotiated in this handshake. */
475	int next_state;
476
477	/* new_cipher is the cipher being negotiated in this handshake. */
478	const SSL_CIPHER *new_cipher;	486	const SSL_CIPHER *new_cipher;
479		487
480	/* key_block is the record-layer key block for TLS 1.2 and earlier. */
481	size_t key_block_len;
482	unsigned char *key_block;
483
484	/* Extensions seen in this handshake. */	488	/* Extensions seen in this handshake. */
485	uint32_t extensions_seen;	489	uint32_t extensions_seen;
486		490
487	/* sigalgs offered in this handshake in wire form */	491	/* sigalgs offered in this handshake in wire form */
488	size_t sigalgs_len;
489	uint8_t *sigalgs;	492	uint8_t *sigalgs;
		493	size_t sigalgs_len;
		494
		495	SSL_HANDSHAKE_TLS12 tls12;
		496	SSL_HANDSHAKE_TLS13 tls13;
490	} SSL_HANDSHAKE;	497	} SSL_HANDSHAKE;
491		498
492	struct tls12_record_layer;	499	struct tls12_record_layer;


diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 5b1af504fb..37bee9e69f 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.37 2021/03/10 18:27:02 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.38 2021/03/24 18:40:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1163,7 +1163,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1163	else	1163	else
1164	i = SSL3_CHANGE_CIPHER_CLIENT_READ;	1164	i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1165		1165
1166	if (S3I(s)->hs.key_block == NULL) {	1166	if (S3I(s)->hs.tls12.key_block == NULL) {
1167	if (s->session == NULL \|\| s->session->master_key_length == 0) {	1167	if (s->session == NULL \|\| s->session->master_key_length == 0) {
1168	/* might happen if dtls1_read_bytes() calls this */	1168	/* might happen if dtls1_read_bytes() calls this */
1169	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);	1169	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 19fedde87a..3dc87a00c8 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -290,9 +290,9 @@ ssl3_accept(SSL *s)
290	if (ret <= 0)	290	if (ret <= 0)
291	goto end;	291	goto end;
292	if (SSL_is_dtls(s))	292	if (SSL_is_dtls(s))
293	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;	293	S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
294	else	294	else
295	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;	295	S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
296	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	296	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
297	s->internal->init_num = 0;	297	s->internal->init_num = 0;
298		298
@@ -365,7 +365,7 @@ ssl3_accept(SSL *s)
365	if (ret <= 0)	365	if (ret <= 0)
366	goto end;	366	goto end;
367	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	367	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
368	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;	368	S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
369		369
370	/* HelloVerifyRequest resets Finished MAC. */	370	/* HelloVerifyRequest resets Finished MAC. */
371	tls1_transcript_reset(s);	371	tls1_transcript_reset(s);
@@ -488,7 +488,7 @@ ssl3_accept(SSL *s)
488	ret = ssl3_send_server_done(s);	488	ret = ssl3_send_server_done(s);
489	if (ret <= 0)	489	if (ret <= 0)
490	goto end;	490	goto end;
491	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;	491	S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
492	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	492	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
493	s->internal->init_num = 0;	493	s->internal->init_num = 0;
494	break;	494	break;
@@ -510,14 +510,14 @@ ssl3_accept(SSL *s)
510	/* If the write error was fatal, stop trying. */	510	/* If the write error was fatal, stop trying. */
511	if (!BIO_should_retry(s->wbio)) {	511	if (!BIO_should_retry(s->wbio)) {
512	s->internal->rwstate = SSL_NOTHING;	512	s->internal->rwstate = SSL_NOTHING;
513	S3I(s)->hs.state = S3I(s)->hs.next_state;	513	S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
514	}	514	}
515	}	515	}
516	ret = -1;	516	ret = -1;
517	goto end;	517	goto end;
518	}	518	}
519	s->internal->rwstate = SSL_NOTHING;	519	s->internal->rwstate = SSL_NOTHING;
520	S3I(s)->hs.state = S3I(s)->hs.next_state;	520	S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
521	break;	521	break;
522		522
523	case SSL3_ST_SR_CERT_A:	523	case SSL3_ST_SR_CERT_A:
@@ -674,10 +674,10 @@ ssl3_accept(SSL *s)
674	goto end;	674	goto end;
675	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	675	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
676	if (s->internal->hit) {	676	if (s->internal->hit) {
677	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;	677	S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
678	tls1_transcript_free(s);	678	tls1_transcript_free(s);
679	} else	679	} else
680	S3I(s)->hs.next_state = SSL_ST_OK;	680	S3I(s)->hs.tls12.next_state = SSL_ST_OK;
681	s->internal->init_num = 0;	681	s->internal->init_num = 0;
682	break;	682	break;
683		683


diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 05a5b1d953..5d889fa665 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.133 2021/02/27 14:20:50 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.134 2021/03/24 18:40:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -152,9 +152,9 @@ int tls1_PRF(SSL s, const unsigned char secret, size_t secret_len,
152	void	152	void
153	tls1_cleanup_key_block(SSL *s)	153	tls1_cleanup_key_block(SSL *s)
154	{	154	{
155	freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len);	155	freezero(S3I(s)->hs.tls12.key_block, S3I(s)->hs.tls12.key_block_len);
156	S3I(s)->hs.key_block = NULL;	156	S3I(s)->hs.tls12.key_block = NULL;
157	S3I(s)->hs.key_block_len = 0;	157	S3I(s)->hs.tls12.key_block_len = 0;
158	}	158	}
159		159
160	void	160	void
@@ -351,7 +351,7 @@ tls1_change_cipher_state(SSL *s, int which)
351		351
352	mac_secret_size = S3I(s)->tmp.new_mac_secret_size;	352	mac_secret_size = S3I(s)->tmp.new_mac_secret_size;
353		353
354	key_block = S3I(s)->hs.key_block;	354	key_block = S3I(s)->hs.tls12.key_block;
355	client_write_mac_secret = key_block;	355	client_write_mac_secret = key_block;
356	key_block += mac_secret_size;	356	key_block += mac_secret_size;
357	server_write_mac_secret = key_block;	357	server_write_mac_secret = key_block;
@@ -375,7 +375,8 @@ tls1_change_cipher_state(SSL *s, int which)
375	iv = server_write_iv;	375	iv = server_write_iv;
376	}	376	}
377		377
378	if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) {	378	if (key_block - S3I(s)->hs.tls12.key_block !=
		379	S3I(s)->hs.tls12.key_block_len) {
379	SSLerror(s, ERR_R_INTERNAL_ERROR);	380	SSLerror(s, ERR_R_INTERNAL_ERROR);
380	goto err;	381	goto err;
381	}	382	}
@@ -410,7 +411,7 @@ tls1_setup_key_block(SSL *s)
410	const EVP_MD *mac_hash = NULL;	411	const EVP_MD *mac_hash = NULL;
411	int ret = 0;	412	int ret = 0;
412		413
413	if (S3I(s)->hs.key_block_len != 0)	414	if (S3I(s)->hs.tls12.key_block_len != 0)
414	return (1);	415	return (1);
415		416
416	if (s->session->cipher &&	417	if (s->session->cipher &&
@@ -451,8 +452,8 @@ tls1_setup_key_block(SSL *s)
451	}	452	}
452	key_block_len = (mac_secret_size + key_len + iv_len) * 2;	453	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
453		454
454	S3I(s)->hs.key_block_len = key_block_len;	455	S3I(s)->hs.tls12.key_block_len = key_block_len;
455	S3I(s)->hs.key_block = key_block;	456	S3I(s)->hs.tls12.key_block = key_block;
456		457
457	if (!tls1_generate_key_block(s, key_block, key_block_len))	458	if (!tls1_generate_key_block(s, key_block, key_block_len))
458	goto err;	459	goto err;