Garbage collect s->internal->type

This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...

The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.

This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.

ok jsing

1 files changed, 3 insertions, 3 deletions

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 6625286dafb..789ab012131 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.25 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -181,7 +181,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		S3I(s)->tmp.finish_md_len = md_len;
 
 		/* Copy finished so we can use it for renegotiation checks. */
-		if (s->internal->type == SSL_ST_CONNECT) {
+		if (!s->server) {
 			memcpy(S3I(s)->previous_client_finished,
 			    S3I(s)->tmp.finish_md, md_len);
 			S3I(s)->previous_client_finished_len = md_len;
@@ -285,7 +285,7 @@ ssl3_get_finished(SSL *s, int a, int b)
 
 	/* Copy finished so we can use it for renegotiation checks. */
 	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
-	if (s->internal->type == SSL_ST_ACCEPT) {
+	if (s->server) {
 		memcpy(S3I(s)->previous_client_finished,
 		    S3I(s)->tmp.peer_finish_md, md_len);
 		S3I(s)->previous_client_finished_len = md_len;