From 83e485da0e6d59ae7baf4be882b7d2a569774e84 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 5 Feb 2022 14:54:10 +0000
Subject: Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_sigalgs.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'src/lib/libssl/ssl_sigalgs.c')

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index fd96317fde..daf735a8ff 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -209,7 +209,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value)
 	size_t len;
 	int i;
 
-	ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version,
+	ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
 	    &values, &len);
 
 	for (i = 0; i < len; i++) {
@@ -248,7 +248,7 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
 	/* Default signature algorithms used for TLSv1.2 and earlier. */
 	switch (EVP_PKEY_id(pkey)) {
 	case EVP_PKEY_RSA:
-		if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION)
+		if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
 			return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
 	case EVP_PKEY_EC:
@@ -277,7 +277,7 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
 			return 0;
 	}
 
-	if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+	if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
 		return 1;
 
 	/* RSA cannot be used without PSS in TLSv1.3. */
@@ -309,14 +309,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 	 * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
 	 * in which case the server must use the default.
 	 */
-	if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
-	    S3I(s)->hs.sigalgs == NULL)
+	if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
+	    s->s3->hs.sigalgs == NULL)
 		return ssl_sigalg_for_legacy(s, pkey);
 
 	/*
 	 * If we get here, we have client or server sent sigalgs, use one.
 	 */
-	CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+	CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
 	while (CBS_len(&cbs) > 0) {
 		const struct ssl_sigalg *sigalg;
 		uint16_t sigalg_value;
-- 
cgit v1.2.3-55-g6feb