diff options
author | jsing <> | 2024-07-20 04:04:23 +0000 |
---|---|---|
committer | jsing <> | 2024-07-20 04:04:23 +0000 |
commit | b68193edfb3424eb0f993aec6089c9e057aa5d4d (patch) | |
tree | b04719de2f91b0f8d7c9c7acb93cef76a89b9948 /src/lib/libssl/ssl_local.h | |
parent | cc7dc6e9b7012526aa3797842d226b3a275a7e70 (diff) | |
download | openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.gz openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.bz2 openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.zip |
Remove cipher from SSL_SESSION.
For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.
Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r-- | src/lib/libssl/ssl_local.h | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index e9b6a62bbe..79f41e6dc3 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_local.h,v 1.20 2024/07/19 08:54:31 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_local.h,v 1.21 2024/07/20 04:04:23 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -438,7 +438,6 @@ struct ssl_session_st { | |||
438 | time_t time; | 438 | time_t time; |
439 | int references; | 439 | int references; |
440 | 440 | ||
441 | const SSL_CIPHER *cipher; | ||
442 | unsigned long cipher_id; /* when ASN.1 loaded, this | 441 | unsigned long cipher_id; /* when ASN.1 loaded, this |
443 | * needs to be used to load | 442 | * needs to be used to load |
444 | * the 'cipher' structure */ | 443 | * the 'cipher' structure */ |
@@ -1267,9 +1266,9 @@ int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist, | |||
1267 | STACK_OF(SSL_CIPHER) *cipherlist_tls13, | 1266 | STACK_OF(SSL_CIPHER) *cipherlist_tls13, |
1268 | STACK_OF(SSL_CIPHER) **out_cipherlist); | 1267 | STACK_OF(SSL_CIPHER) **out_cipherlist); |
1269 | void ssl_update_cache(SSL *s, int mode); | 1268 | void ssl_update_cache(SSL *s, int mode); |
1270 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 1269 | int ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc, |
1271 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); | 1270 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); |
1272 | int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); | 1271 | int ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead); |
1273 | int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md); | 1272 | int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md); |
1274 | 1273 | ||
1275 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); | 1274 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); |