Remove cipher from SSL_SESSION.

For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.

Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).

ok tb@

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index df9581a3ce..cf32ca8cd6 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.128 2023/07/02 20:16:47 tb Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.129 2024/07/20 04:04:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -596,7 +596,7 @@ dtls1_read_handshake_unexpected(SSL *s)
                  * It should be impossible to hit this, but keep the safety
                  * harness for now...
                  */
-                if (s->session == NULL || s->session->cipher == NULL)
+                if (s->session == NULL || s->s3->hs.cipher == NULL)
                         return 1;
 
                 /*
@@ -650,7 +650,7 @@ dtls1_read_handshake_unexpected(SSL *s)
                         return -1;
                 }
 
-                if (s->session == NULL || s->session->cipher == NULL) {
+                if (s->session == NULL || s->s3->hs.cipher == NULL) {
                         SSLerror(s, ERR_R_INTERNAL_ERROR);
                         return -1;
                 }