From: jsing Date: Wed, 24 Mar 2021 18:43:59 +0000 (+0000) Subject: Rename new_cipher to cipher. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=661440b7167304f3cb76c0becafae8455175d275;p=openbsd Rename new_cipher to cipher. This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@ --- diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 5e39907d9c6..9df06c51be3 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.205 2021/03/21 18:36:34 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.206 2021/03/24 18:43:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2548,7 +2548,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) { unsigned long alg_k; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST) != 0) { diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 6ce127fb0ba..6625286dafb 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.24 2021/02/20 14:14:16 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.25 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,7 @@ ssl3_take_mac(SSL *s) * If no new cipher setup return immediately: other functions will * set the appropriate error. */ - if (S3I(s)->hs.new_cipher == NULL) + if (S3I(s)->hs.cipher == NULL) return; if (S3I(s)->hs.state & SSL_ST_CONNECT) { diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 1ffd90dc163..ee627a8c1e9 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.120 2021/02/07 15:26:32 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.121 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -563,10 +563,10 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) *md = NULL; - if (S3I(s)->hs.new_cipher == NULL) + if (S3I(s)->hs.cipher == NULL) return 0; - handshake_mac = S3I(s)->hs.new_cipher->algorithm2 & + handshake_mac = S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK; /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 0f602bef7e4..984ade0957e 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -343,7 +343,7 @@ ssl3_connect(SSL *s) break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) @@ -477,7 +477,7 @@ ssl3_connect(SSL *s) S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = S3I(s)->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s) SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto fatal_err; } - S3I(s)->hs.new_cipher = cipher; + S3I(s)->hs.cipher = cipher; if (!tls1_transcript_hash_init(s)) goto err; @@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) tls1_transcript_free(s); @@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) long alg_a; int al; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; sc = SSI(s)->sess_cert; if ((dh = DH_new()) == NULL) { @@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) int nid; int al; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; sc = SSI(s)->sess_cert; /* Only named curves are supported. */ @@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s) EVP_MD_CTX_init(&md_ctx); - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = S3I(s)->hs.cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() @@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s) } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { + if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; @@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) } /* XXX check handshake hash instead. */ - if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) + if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_GostR3411_94; else nid = NID_id_tc26_gost3411_2012_256; @@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s) SESS_CERT *sc; DH *dh; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = S3I(s)->hs.cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 4b215a786de..e3e0c974af3 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.251 2021/03/02 15:43:12 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.252 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2111,8 +2111,8 @@ ssl_using_ecc_cipher(SSL *s) { unsigned long alg_a, alg_k; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; return SSI(s)->tlsext_ecpointformatlist != NULL && SSI(s)->tlsext_ecpointformatlist_length > 0 && @@ -2122,7 +2122,7 @@ ssl_using_ecc_cipher(SSL *s) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - const SSL_CIPHER *cs = S3I(s)->hs.new_cipher; + const SSL_CIPHER *cs = S3I(s)->hs.cipher; unsigned long alg_a; alg_a = cs->algorithm_auth; @@ -2150,9 +2150,9 @@ ssl_get_server_send_pkey(const SSL *s) int i; c = s->cert; - ssl_set_cert_masks(c, S3I(s)->hs.new_cipher); + ssl_set_cert_masks(c, S3I(s)->hs.cipher); - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; @@ -2211,9 +2211,9 @@ ssl_get_auto_dh(SSL *s) if (s->cert->dh_tmp_auto == 2) { keylen = 1024; - } else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { + } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { keylen = 1024; - if (S3I(s)->hs.new_cipher->strength_bits == 256) + if (S3I(s)->hs.cipher->strength_bits == 256) keylen = 3072; } else { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 5f953b8e64e..c8c7ca54720 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.329 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.330 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -483,7 +483,7 @@ typedef struct ssl_handshake_st { int state; /* Cipher being negotiated in this handshake. */ - const SSL_CIPHER *new_cipher; + const SSL_CIPHER *cipher; /* Extensions seen in this handshake. */ uint32_t extensions_seen; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 37bee9e69f0..a93acdfa7f6 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.38 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.39 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1038,7 +1038,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } /* Check we have a cipher to change to */ - if (S3I(s)->hs.new_cipher == NULL) { + if (S3I(s)->hs.cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); goto fatal_err; @@ -1170,7 +1170,7 @@ ssl3_do_change_cipher_spec(SSL *s) return (0); } - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = S3I(s)->hs.cipher; if (!tls1_setup_key_block(s)) return (0); } diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 3dc87a00c80..047087c1c96 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -394,7 +394,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { if (SSL_is_dtls(s)) dtls1_start_timer(s); @@ -414,7 +414,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; /* * Only send if using a DH key exchange. @@ -459,7 +459,7 @@ ssl3_accept(SSL *s) if (!(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->hs.new_cipher->algorithm_auth & + ((S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* No cert request. */ @@ -542,7 +542,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; } - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if (ret == 2) { /* * For the ECDH ciphersuites when @@ -641,7 +641,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = S3I(s)->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -1122,15 +1122,15 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_NO_SHARED_CIPHER); goto fatal_err; } - S3I(s)->hs.new_cipher = c; + S3I(s)->hs.cipher = c; } else { - S3I(s)->hs.new_cipher = s->session->cipher; + S3I(s)->hs.cipher = s->session->cipher; } if (!tls1_transcript_hash_init(s)) goto err; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || !(s->verify_mode & SSL_VERIFY_PEER)) tls1_transcript_free(s); @@ -1144,7 +1144,7 @@ ssl3_get_client_hello(SSL *s) * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->internal->hit - session reuse flag - * s->hs.new_cipher - the new cipher to use. + * s->hs.cipher - the new cipher to use. */ /* Handles TLS extensions that we couldn't check earlier */ @@ -1265,7 +1265,7 @@ ssl3_send_server_hello(SSL *s) /* Cipher suite. */ if (!CBB_add_u16(&server_hello, - ssl3_cipher_get_value(S3I(s)->hs.new_cipher))) + ssl3_cipher_get_value(S3I(s)->hs.cipher))) goto err; /* Compression method (null). */ @@ -1336,7 +1336,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) if (dhp == NULL && s->cert->dh_tmp_cb != NULL) dhp = s->cert->dh_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher)); + SSL_C_PKEYLENGTH(S3I(s)->hs.cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -1544,7 +1544,7 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_init(&cbb_params, 0)) goto err; - type = S3I(s)->hs.new_cipher->algorithm_mkey; + type = S3I(s)->hs.cipher->algorithm_mkey; if (type & SSL_kDHE) { if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1) goto err; @@ -1564,8 +1564,8 @@ ssl3_send_server_key_exchange(SSL *s) goto err; /* Add signature unless anonymous. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher, + if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { + if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher, &md, &sigalg)) == NULL) { al = SSL_AD_DECODE_ERROR; goto fatal_err; @@ -2002,7 +2002,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) int ret = 0; /* Get our certificate private key*/ - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; if (alg_a & SSL_aGOST01) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; @@ -2081,7 +2081,7 @@ ssl3_get_client_key_exchange(SSL *s) CBS_init(&cbs, s->internal->init_msg, n); - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { if (ssl3_get_client_kex_rsa(s, &cbs) != 1) diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 5d889fa6654..b9dcbac6614 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.134 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -343,7 +343,7 @@ tls1_change_cipher_state(SSL *s, int which) if (aead != NULL) { key_len = EVP_AEAD_key_length(aead); - iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); + iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.cipher); } else { key_len = EVP_CIPHER_key_length(cipher); iv_len = EVP_CIPHER_iv_length(cipher); diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 0f3d435c949..78bf15ec591 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.75 2021/03/21 18:36:34 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.76 2021/03/24 18:44:00 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -304,7 +304,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; } /* XXX - move this to hs.tls13? */ - ctx->hs->new_cipher = cipher; + ctx->hs->cipher = cipher; if (compression_method != 0) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; @@ -338,12 +338,12 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx) &shared_key_len)) goto err; - s->session->cipher = ctx->hs->new_cipher; + s->session->cipher = ctx->hs->cipher; s->session->ssl_version = ctx->hs->tls13.server_version; - if ((ctx->aead = tls13_cipher_aead(ctx->hs->new_cipher)) == NULL) + if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) goto err; - if ((ctx->hash = tls13_cipher_hash(ctx->hs->new_cipher)) == NULL) + if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) goto err; if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 658aef2cfee..bac9623a153 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.72 2021/03/21 18:36:34 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.73 2021/03/24 18:44:00 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -249,7 +249,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; goto err; } - ctx->hs->new_cipher = cipher; + ctx->hs->cipher = cipher; sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; @@ -314,7 +314,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) SSL *s = ctx->ssl; uint16_t cipher; - cipher = SSL_CIPHER_get_value(ctx->hs->new_cipher); + cipher = SSL_CIPHER_get_value(ctx->hs->cipher); server_random = s->s3->server_random; if (hrr) { @@ -362,11 +362,11 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) &shared_key, &shared_key_len)) goto err; - s->session->cipher = ctx->hs->new_cipher; + s->session->cipher = ctx->hs->cipher; - if ((ctx->aead = tls13_cipher_aead(ctx->hs->new_cipher)) == NULL) + if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) goto err; - if ((ctx->hash = tls13_cipher_hash(ctx->hs->new_cipher)) == NULL) + if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) goto err; if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)