diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2021-04-19 16:51:57 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2021-04-19 16:51:57 +0000 |
commit | 7e3b0fe1a9a84a696c3e03f9d5e6050fd4b0c181 (patch) | |
tree | 6aa816a8871b9762b7ce893a4b1a6c5445b292d7 /lib/libssl/ssl_srvr.c | |
parent | afeb7e4c58c45e302b008e7d3a1ff84eacddcb47 (diff) |
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_srvr.c')
-rw-r--r-- | lib/libssl/ssl_srvr.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 0f3572a6786..8241a59ac07 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -576,8 +576,8 @@ ssl3_accept(SSL *s) * a client cert, it can be verified. */ if (!tls1_transcript_hash_value(s, - S3I(s)->tmp.cert_verify_md, - sizeof(S3I(s)->tmp.cert_verify_md), + S3I(s)->hs.tls12.cert_verify, + sizeof(S3I(s)->hs.tls12.cert_verify), NULL)) { ret = -1; goto end; @@ -733,7 +733,7 @@ ssl3_accept(SSL *s) /* break; */ } - if (!S3I(s)->tmp.reuse_message && !skip) { + if (!S3I(s)->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; @@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s) type = X509_certificate_type(peer, pkey); } - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - S3I(s)->tmp.reuse_message = 1; + if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { + S3I(s)->hs.tls12.reuse_message = 1; if (peer != NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); @@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s) goto fatal_err; } } else if (pkey->type == EVP_PKEY_RSA) { - verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md, + verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), CBS_len(&signature), pkey->pkey.rsa); if (verify < 0) { @@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s) } } else if (pkey->type == EVP_PKEY_EC) { verify = ECDSA_verify(pkey->save_type, - &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), + &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, CBS_data(&signature), CBS_len(&signature), pkey->pkey.ec); if (verify <= 0) { @@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s) if (!ok) return ((int)n); - if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { + if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); @@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s) al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; } - S3I(s)->tmp.reuse_message = 1; + S3I(s)->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { + if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto fatal_err; |