summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-04-19 16:51:57 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-04-19 16:51:57 +0000
commit7e3b0fe1a9a84a696c3e03f9d5e6050fd4b0c181 (patch)
tree6aa816a8871b9762b7ce893a4b1a6c5445b292d7 /lib/libssl/ssl_srvr.c
parentafeb7e4c58c45e302b008e7d3a1ff84eacddcb47 (diff)
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct. ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_srvr.c')
-rw-r--r--lib/libssl/ssl_srvr.c22
1 files changed, 11 insertions, 11 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 0f3572a6786..8241a59ac07 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -576,8 +576,8 @@ ssl3_accept(SSL *s)
* a client cert, it can be verified.
*/
if (!tls1_transcript_hash_value(s,
- S3I(s)->tmp.cert_verify_md,
- sizeof(S3I(s)->tmp.cert_verify_md),
+ S3I(s)->hs.tls12.cert_verify,
+ sizeof(S3I(s)->hs.tls12.cert_verify),
NULL)) {
ret = -1;
goto end;
@@ -733,7 +733,7 @@ ssl3_accept(SSL *s)
/* break; */
}
- if (!S3I(s)->tmp.reuse_message && !skip) {
+ if (!S3I(s)->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
@@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s)
type = X509_certificate_type(peer, pkey);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ S3I(s)->hs.tls12.reuse_message = 1;
if (peer != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s)
goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
- verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
+ verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.rsa);
if (verify < 0) {
@@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s)
}
} else if (pkey->type == EVP_PKEY_EC) {
verify = ECDSA_verify(pkey->save_type,
- &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.ec);
if (verify <= 0) {
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
@@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s)
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto fatal_err;