summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_local.h
diff options
context:
space:
mode:
authorjsing <>2024-07-22 14:47:15 +0000
committerjsing <>2024-07-22 14:47:15 +0000
commit4fbee6b90386fa14be274db8ba947f951bc6de4c (patch)
tree888e24c700579e2d75b6c8c0c8c7543008acc2ae /src/lib/libssl/ssl_local.h
parentde2497dade37f29dbde49f4162d9cba984e350cf (diff)
downloadopenbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.gz
openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.bz2
openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.zip
Use cipher suite values instead of IDs.
OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r--src/lib/libssl/ssl_local.h12
1 files changed, 4 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 79f41e6dc3..34197e5920 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_local.h,v 1.21 2024/07/20 04:04:23 jsing Exp $ */ 1/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -339,9 +339,9 @@ struct ssl_comp_st {
339}; 339};
340 340
341struct ssl_cipher_st { 341struct ssl_cipher_st {
342 int valid; 342 uint16_t value; /* Cipher suite value. */
343
343 const char *name; /* text name */ 344 const char *name; /* text name */
344 unsigned long id; /* id, 4 bytes, first is version */
345 345
346 unsigned long algorithm_mkey; /* key exchange algorithm */ 346 unsigned long algorithm_mkey; /* key exchange algorithm */
347 unsigned long algorithm_auth; /* server authentication */ 347 unsigned long algorithm_auth; /* server authentication */
@@ -438,9 +438,7 @@ struct ssl_session_st {
438 time_t time; 438 time_t time;
439 int references; 439 int references;
440 440
441 unsigned long cipher_id; /* when ASN.1 loaded, this 441 uint16_t cipher_value;
442 * needs to be used to load
443 * the 'cipher' structure */
444 442
445 char *tlsext_hostname; 443 char *tlsext_hostname;
446 444
@@ -1293,9 +1291,7 @@ int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
1293int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); 1291int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
1294int ssl3_num_ciphers(void); 1292int ssl3_num_ciphers(void);
1295const SSL_CIPHER *ssl3_get_cipher(unsigned int u); 1293const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
1296const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned long id);
1297const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); 1294const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
1298uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c);
1299int ssl3_renegotiate(SSL *ssl); 1295int ssl3_renegotiate(SSL *ssl);
1300 1296
1301int ssl3_renegotiate_check(SSL *ssl); 1297int ssl3_renegotiate_check(SSL *ssl);