diff options
author | jsing <> | 2024-07-22 14:47:15 +0000 |
---|---|---|
committer | jsing <> | 2024-07-22 14:47:15 +0000 |
commit | 4fbee6b90386fa14be274db8ba947f951bc6de4c (patch) | |
tree | 888e24c700579e2d75b6c8c0c8c7543008acc2ae /src/lib/libssl/ssl_local.h | |
parent | de2497dade37f29dbde49f4162d9cba984e350cf (diff) | |
download | openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.gz openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.bz2 openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.zip |
Use cipher suite values instead of IDs.
OpenSSL has had the concept of cipher IDs, which were a way of working
around overlapping cipher suite values between SSLv2 and SSLv3. Given
that we no longer have to deal with this issue, replace the use of IDs
with cipher suite values. In particular, this means that we can stop
mapping back and forth between the two, simplifying things considerably.
While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[]
table is no longer mutable, meaning that ciphers cannot be disabled at
runtime (and we have `#if 0' if we want to do it at compile time).
Clean up the comments and add/update RFC references for cipher suites.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r-- | src/lib/libssl/ssl_local.h | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index 79f41e6dc3..34197e5920 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_local.h,v 1.21 2024/07/20 04:04:23 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -339,9 +339,9 @@ struct ssl_comp_st { | |||
339 | }; | 339 | }; |
340 | 340 | ||
341 | struct ssl_cipher_st { | 341 | struct ssl_cipher_st { |
342 | int valid; | 342 | uint16_t value; /* Cipher suite value. */ |
343 | |||
343 | const char *name; /* text name */ | 344 | const char *name; /* text name */ |
344 | unsigned long id; /* id, 4 bytes, first is version */ | ||
345 | 345 | ||
346 | unsigned long algorithm_mkey; /* key exchange algorithm */ | 346 | unsigned long algorithm_mkey; /* key exchange algorithm */ |
347 | unsigned long algorithm_auth; /* server authentication */ | 347 | unsigned long algorithm_auth; /* server authentication */ |
@@ -438,9 +438,7 @@ struct ssl_session_st { | |||
438 | time_t time; | 438 | time_t time; |
439 | int references; | 439 | int references; |
440 | 440 | ||
441 | unsigned long cipher_id; /* when ASN.1 loaded, this | 441 | uint16_t cipher_value; |
442 | * needs to be used to load | ||
443 | * the 'cipher' structure */ | ||
444 | 442 | ||
445 | char *tlsext_hostname; | 443 | char *tlsext_hostname; |
446 | 444 | ||
@@ -1293,9 +1291,7 @@ int ssl3_get_req_cert_types(SSL *s, CBB *cbb); | |||
1293 | int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); | 1291 | int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); |
1294 | int ssl3_num_ciphers(void); | 1292 | int ssl3_num_ciphers(void); |
1295 | const SSL_CIPHER *ssl3_get_cipher(unsigned int u); | 1293 | const SSL_CIPHER *ssl3_get_cipher(unsigned int u); |
1296 | const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned long id); | ||
1297 | const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); | 1294 | const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); |
1298 | uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); | ||
1299 | int ssl3_renegotiate(SSL *ssl); | 1295 | int ssl3_renegotiate(SSL *ssl); |
1300 | 1296 | ||
1301 | int ssl3_renegotiate_check(SSL *ssl); | 1297 | int ssl3_renegotiate_check(SSL *ssl); |