5 files changed, 28 insertions, 42 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 01afc72ebd..3bd7d65522 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.200 2020/10/11 12:45:51 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2731,7 +2731,7 @@ ssl_get_algorithm2(SSL *s)
 {
         long    alg2 = S3I(s)->hs.new_cipher->algorithm2;
 
-        if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
+        if (SSL_USE_SHA256_PRF(s) &&
             alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
                 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
         return alg2;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5d41417df8..f2e1cb97f8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.303 2020/10/11 02:44:27 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.304 2020/10/11 12:45:52 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -319,15 +319,19 @@ __BEGIN_HIDDEN_DECLS
 
 /* See if we use signature algorithms extension. */
 #define SSL_USE_SIGALGS(s) \
-        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+        (s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS)
+
+/* See if we use SHA256 default PRF. */
+#define SSL_USE_SHA256_PRF(s) \
+        (s->method->internal->enc_flags & SSL_ENC_FLAG_SHA256_PRF)
 
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_USE_TLS1_2_CIPHERS(s) \
-        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+        (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
 
 /* Allow TLS 1.3 ciphersuites only. */
 #define SSL_USE_TLS1_3_CIPHERS(s) \
-        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS)
+        (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS)
 
 #define SSL_PKEY_RSA            0
 #define SSL_PKEY_ECC            1
@@ -379,7 +383,7 @@ typedef struct ssl_method_internal_st {
             int peek);
         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
 
-        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+        unsigned int enc_flags;         /* SSL_ENC_FLAG_* */
 } SSL_METHOD_INTERNAL;
 
 typedef struct ssl_session_internal_st {
@@ -1063,10 +1067,6 @@ typedef struct sess_cert_st {
 /*#define SSL_DEBUG     */
 /*#define RSA_DEBUG     */
 
-typedef struct ssl3_enc_method {
-        unsigned int enc_flags;
-} SSL3_ENC_METHOD;
-
 /*
  * Flag values for enc_flags.
  */
@@ -1083,6 +1083,14 @@ typedef struct ssl3_enc_method {
 /* Allow TLS 1.3 ciphersuites only. */
 #define SSL_ENC_FLAG_TLS1_3_CIPHERS     (1 << 5)
 
+#define TLSV1_ENC_FLAGS         0
+#define TLSV1_1_ENC_FLAGS       0
+#define TLSV1_2_ENC_FLAGS       (SSL_ENC_FLAG_SIGALGS           | \
+                                 SSL_ENC_FLAG_SHA256_PRF        | \
+                                 SSL_ENC_FLAG_TLS1_2_CIPHERS)
+#define TLSV1_3_ENC_FLAGS       (SSL_ENC_FLAG_SIGALGS           | \
+                                 SSL_ENC_FLAG_TLS1_3_CIPHERS)
+
 /*
  * ssl_aead_ctx_st contains information about an AEAD that is being used to
  * encrypt an SSL connection.
@@ -1123,11 +1131,6 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
 const SSL_METHOD *tls_legacy_method(void);
 const SSL_METHOD *ssl_get_method(uint16_t version);
 
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_1_enc_data;
-extern SSL3_ENC_METHOD TLSv1_2_enc_data;
-extern SSL3_ENC_METHOD TLSv1_3_enc_data;
-
 void ssl_clear_cipher_state(SSL *s);
 void ssl_clear_cipher_read_state(SSL *s);
 void ssl_clear_cipher_write_state(SSL *s);
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 23c7e97b57..e2d5766e0f 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.19 2020/10/11 12:45:52 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,7 +74,7 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
         .ssl_pending = ssl3_pending,
         .ssl_read_bytes = dtls1_read_bytes,
         .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
+        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
 static const SSL_METHOD DTLSv1_method_data = {
@@ -138,7 +138,7 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
         .ssl_pending = tls13_legacy_pending,
         .ssl_read_bytes = tls13_legacy_read_bytes,
         .ssl_write_bytes = tls13_legacy_write_bytes,
-        .ssl3_enc = &TLSv1_3_enc_data,
+        .enc_flags = TLSV1_3_ENC_FLAGS,
 };
 
 static const SSL_METHOD TLS_method_data = {
@@ -166,7 +166,7 @@ static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = {
         .ssl_pending = ssl3_pending,
         .ssl_read_bytes = ssl3_read_bytes,
         .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
 static const SSL_METHOD TLS_legacy_method_data = {
@@ -193,7 +193,7 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
         .ssl_pending = ssl3_pending,
         .ssl_read_bytes = ssl3_read_bytes,
         .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_enc_data,
+        .enc_flags = TLSV1_ENC_FLAGS,
 };
 
 static const SSL_METHOD TLSv1_method_data = {
@@ -220,7 +220,7 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
         .ssl_pending = ssl3_pending,
         .ssl_read_bytes = ssl3_read_bytes,
         .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
+        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
 static const SSL_METHOD TLSv1_1_method_data = {
@@ -247,7 +247,7 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
         .ssl_pending = ssl3_pending,
         .ssl_read_bytes = ssl3_read_bytes,
         .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
 static const SSL_METHOD TLSv1_2_method_data = {
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5635c8ff43..10ca80c4fe 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.177 2020/10/07 08:43:34 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.178 2020/10/11 12:45:52 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,19 +125,6 @@
 static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert,
     SSL_SESSION **psess);
 
-SSL3_ENC_METHOD TLSv1_enc_data = {
-        .enc_flags = 0,
-};
-
-SSL3_ENC_METHOD TLSv1_1_enc_data = {
-        .enc_flags = 0,
-};
-
-SSL3_ENC_METHOD TLSv1_2_enc_data = {
-        .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF|
-            SSL_ENC_FLAG_TLS1_2_CIPHERS,
-};
-
 int
 tls1_new(SSL *s)
 {
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index a9a7fff3e0..463d56372e 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.17 2020/10/11 02:59:47 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.18 2020/10/11 12:45:52 guenther Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -20,10 +20,6 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
 
-SSL3_ENC_METHOD TLSv1_3_enc_data = {
-        .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_TLS1_3_CIPHERS,
-};
-
 static ssize_t
 tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
 {