-/* $OpenBSD: s3_lib.c,v 1.205 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.206 2021/03/24 18:43:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
unsigned long alg_k;
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if ((alg_k & SSL_kGOST) != 0) {
-/* $OpenBSD: ssl_both.c,v 1.24 2021/02/20 14:14:16 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.25 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* If no new cipher setup return immediately: other functions will
* set the appropriate error.
*/
- if (S3I(s)->hs.new_cipher == NULL)
+ if (S3I(s)->hs.cipher == NULL)
return;
if (S3I(s)->hs.state & SSL_ST_CONNECT) {
-/* $OpenBSD: ssl_ciph.c,v 1.120 2021/02/07 15:26:32 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.121 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*md = NULL;
- if (S3I(s)->hs.new_cipher == NULL)
+ if (S3I(s)->hs.cipher == NULL)
return 0;
- handshake_mac = S3I(s)->hs.new_cipher->algorithm2 &
+ handshake_mac = S3I(s)->hs.cipher->algorithm2 &
SSL_HANDSHAKE_MAC_MASK;
/* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
-/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
break;
}
/* Check if it is anon DH/ECDH. */
- if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+ if (!(S3I(s)->hs.cipher->algorithm_auth &
SSL_aNULL)) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
- s->session->cipher = S3I(s)->hs.new_cipher;
+ s->session->cipher = S3I(s)->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
goto end;
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
goto fatal_err;
}
- S3I(s)->hs.new_cipher = cipher;
+ S3I(s)->hs.cipher = cipher;
if (!tls1_transcript_hash_init(s))
goto err;
* Don't digest cached records if no sigalgs: we may need them for
* client authentication.
*/
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
tls1_transcript_free(s);
long alg_a;
int al;
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
sc = SSI(s)->sess_cert;
if ((dh = DH_new()) == NULL) {
int nid;
int al;
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
sc = SSI(s)->sess_cert;
/* Only named curves are supported. */
EVP_MD_CTX_init(&md_ctx);
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
/*
* Use same message size as in ssl3_get_certificate_request()
}
/* TLS does not like anon-DH with client cert */
- if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
+ if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
goto err;
}
/* XXX check handshake hash instead. */
- if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+ if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
nid = NID_id_GostR3411_94;
else
nid = NID_id_tc26_gost3411_2012_256;
memset(&cbb, 0, sizeof(cbb));
if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if ((sess_cert = SSI(s)->sess_cert) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL,
SESS_CERT *sc;
DH *dh;
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
/* We don't have a certificate. */
if (alg_a & SSL_aNULL)
-/* $OpenBSD: ssl_lib.c,v 1.251 2021/03/02 15:43:12 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.252 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
unsigned long alg_a, alg_k;
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
return SSI(s)->tlsext_ecpointformatlist != NULL &&
SSI(s)->tlsext_ecpointformatlist_length > 0 &&
int
ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
- const SSL_CIPHER *cs = S3I(s)->hs.new_cipher;
+ const SSL_CIPHER *cs = S3I(s)->hs.cipher;
unsigned long alg_a;
alg_a = cs->algorithm_auth;
int i;
c = s->cert;
- ssl_set_cert_masks(c, S3I(s)->hs.new_cipher);
+ ssl_set_cert_masks(c, S3I(s)->hs.cipher);
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
if (alg_a & SSL_aECDSA) {
i = SSL_PKEY_ECC;
if (s->cert->dh_tmp_auto == 2) {
keylen = 1024;
- } else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
+ } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
keylen = 1024;
- if (S3I(s)->hs.new_cipher->strength_bits == 256)
+ if (S3I(s)->hs.cipher->strength_bits == 256)
keylen = 3072;
} else {
if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
-/* $OpenBSD: ssl_locl.h,v 1.329 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.330 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int state;
/* Cipher being negotiated in this handshake. */
- const SSL_CIPHER *new_cipher;
+ const SSL_CIPHER *cipher;
/* Extensions seen in this handshake. */
uint32_t extensions_seen;
-/* $OpenBSD: ssl_pkt.c,v 1.38 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.39 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
/* Check we have a cipher to change to */
- if (S3I(s)->hs.new_cipher == NULL) {
+ if (S3I(s)->hs.cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
goto fatal_err;
return (0);
}
- s->session->cipher = S3I(s)->hs.new_cipher;
+ s->session->cipher = S3I(s)->hs.cipher;
if (!tls1_setup_key_block(s))
return (0);
}
-/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH. */
- if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+ if (!(S3I(s)->hs.cipher->algorithm_auth &
SSL_aNULL)) {
if (SSL_is_dtls(s))
dtls1_start_timer(s);
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
/*
* Only send if using a DH key exchange.
if (!(s->verify_mode & SSL_VERIFY_PEER) ||
((s->session->peer != NULL) &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- ((S3I(s)->hs.new_cipher->algorithm_auth &
+ ((S3I(s)->hs.cipher->algorithm_auth &
SSL_aNULL) && !(s->verify_mode &
SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
/* No cert request. */
s->internal->init_num = 0;
}
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if (ret == 2) {
/*
* For the ECDH ciphersuites when
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
- s->session->cipher = S3I(s)->hs.new_cipher;
+ s->session->cipher = S3I(s)->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
goto end;
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
goto fatal_err;
}
- S3I(s)->hs.new_cipher = c;
+ S3I(s)->hs.cipher = c;
} else {
- S3I(s)->hs.new_cipher = s->session->cipher;
+ S3I(s)->hs.cipher = s->session->cipher;
}
if (!tls1_transcript_hash_init(s))
goto err;
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
!(s->verify_mode & SSL_VERIFY_PEER))
tls1_transcript_free(s);
* ssl version is set - sslv3
* s->session - The ssl session has been setup.
* s->internal->hit - session reuse flag
- * s->hs.new_cipher - the new cipher to use.
+ * s->hs.cipher - the new cipher to use.
*/
/* Handles TLS extensions that we couldn't check earlier */
/* Cipher suite. */
if (!CBB_add_u16(&server_hello,
- ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
+ ssl3_cipher_get_value(S3I(s)->hs.cipher)))
goto err;
/* Compression method (null). */
if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
dhp = s->cert->dh_tmp_cb(s, 0,
- SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
+ SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
if (dhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
if (!CBB_init(&cbb_params, 0))
goto err;
- type = S3I(s)->hs.new_cipher->algorithm_mkey;
+ type = S3I(s)->hs.cipher->algorithm_mkey;
if (type & SSL_kDHE) {
if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
goto err;
goto err;
/* Add signature unless anonymous. */
- if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
- if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
+ if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
+ if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
&md, &sigalg)) == NULL) {
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
int ret = 0;
/* Get our certificate private key*/
- alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+ alg_a = S3I(s)->hs.cipher->algorithm_auth;
if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
CBS_init(&cbs, s->internal->init_msg, n);
- alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+ alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
if (ssl3_get_client_kex_rsa(s, &cbs) != 1)
-/* $OpenBSD: t1_enc.c,v 1.134 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (aead != NULL) {
key_len = EVP_AEAD_key_length(aead);
- iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher);
+ iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.cipher);
} else {
key_len = EVP_CIPHER_key_length(cipher);
iv_len = EVP_CIPHER_iv_length(cipher);
-/* $OpenBSD: tls13_client.c,v 1.75 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.76 2021/03/24 18:44:00 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
goto err;
}
/* XXX - move this to hs.tls13? */
- ctx->hs->new_cipher = cipher;
+ ctx->hs->cipher = cipher;
if (compression_method != 0) {
ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
&shared_key_len))
goto err;
- s->session->cipher = ctx->hs->new_cipher;
+ s->session->cipher = ctx->hs->cipher;
s->session->ssl_version = ctx->hs->tls13.server_version;
- if ((ctx->aead = tls13_cipher_aead(ctx->hs->new_cipher)) == NULL)
+ if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)
goto err;
- if ((ctx->hash = tls13_cipher_hash(ctx->hs->new_cipher)) == NULL)
+ if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL)
goto err;
if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)
-/* $OpenBSD: tls13_server.c,v 1.72 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.73 2021/03/24 18:44:00 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
goto err;
}
- ctx->hs->new_cipher = cipher;
+ ctx->hs->cipher = cipher;
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = ciphers;
SSL *s = ctx->ssl;
uint16_t cipher;
- cipher = SSL_CIPHER_get_value(ctx->hs->new_cipher);
+ cipher = SSL_CIPHER_get_value(ctx->hs->cipher);
server_random = s->s3->server_random;
if (hrr) {
&shared_key, &shared_key_len))
goto err;
- s->session->cipher = ctx->hs->new_cipher;
+ s->session->cipher = ctx->hs->cipher;
- if ((ctx->aead = tls13_cipher_aead(ctx->hs->new_cipher)) == NULL)
+ if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)
goto err;
- if ((ctx->hash = tls13_cipher_hash(ctx->hs->new_cipher)) == NULL)
+ if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL)
goto err;
if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)
projects / openbsd / commitdiff