From 1b42f56675b39ba4f1514b328a8dfb6c35b8cb4a Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Fri, 17 Apr 2020 16:43:39 +0300
Subject: [PATCH 84/87] ssl: drop mac_flags field

Use s->session->cipher->algorithm2 instead.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/ssl.h      |  3 ---
 src/lib/libssl/ssl_locl.h |  4 ----
 src/lib/libssl/t1_enc.c   | 16 +++-------------
 3 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1f9095feb..1c5e174b8 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -796,9 +796,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 #define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
 #define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
 
-#define SSL_MAC_FLAG_READ_MAC_STREAM 1
-#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
 #ifndef OPENSSL_NO_SSL_INTERN
 struct ssl_internal_st;
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 2ef7e58f6..f4ad6b5ee 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -723,10 +723,6 @@ typedef struct ssl_internal_st {
 	/* crypto */
 	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
-	/* These are the ones being used, the ones in SSL_SESSION are
-	 * the ones to be 'copied' into these ones */
-	int mac_flags;
-
 	SSL_AEAD_CTX *aead_read_ctx;	/* AEAD context. If non-NULL, then
 					   enc_read_ctx and read_hash are
 					   ignored. */
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 05c45fc31..4c726f73f 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -418,11 +418,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
 	mac_type = S3I(s)->tmp.new_mac_pkey_type;
 
 	if (is_read) {
-		if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-			s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-		else
-			s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
-
 		ssl_clear_cipher_read_state(s);
 
 		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
@@ -432,11 +427,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
 			goto err;
 		s->read_hash = mac_ctx;
 	} else {
-		if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-			s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
-		else
-			s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-
 		/*
 		 * DTLS fragments retain a pointer to the compression, cipher
 		 * and hash contexts, so that it can restore state in order
@@ -958,9 +948,9 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 	size_t md_size, orig_len;
 	EVP_MD_CTX hmac, *mac_ctx;
 	unsigned char header[13];
-	int stream_mac = (send ?
-	    (ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
-	    (ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+	int stream_mac = ssl->session && ssl->session->cipher ?
+		ssl->session->cipher->algorithm2 & TLS1_STREAM_MAC :
+		0;
 	int t;
 
 	if (send) {
-- 
2.17.1