summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_local.h
diff options
context:
space:
mode:
authorjsing <>2024-07-20 04:04:23 +0000
committerjsing <>2024-07-20 04:04:23 +0000
commitb68193edfb3424eb0f993aec6089c9e057aa5d4d (patch)
treeb04719de2f91b0f8d7c9c7acb93cef76a89b9948 /src/lib/libssl/ssl_local.h
parentcc7dc6e9b7012526aa3797842d226b3a275a7e70 (diff)
downloadopenbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.gz
openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.bz2
openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.zip
Remove cipher from SSL_SESSION.
For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_local.h')
-rw-r--r--src/lib/libssl/ssl_local.h7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index e9b6a62bbe..79f41e6dc3 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_local.h,v 1.20 2024/07/19 08:54:31 jsing Exp $ */ 1/* $OpenBSD: ssl_local.h,v 1.21 2024/07/20 04:04:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -438,7 +438,6 @@ struct ssl_session_st {
438 time_t time; 438 time_t time;
439 int references; 439 int references;
440 440
441 const SSL_CIPHER *cipher;
442 unsigned long cipher_id; /* when ASN.1 loaded, this 441 unsigned long cipher_id; /* when ASN.1 loaded, this
443 * needs to be used to load 442 * needs to be used to load
444 * the 'cipher' structure */ 443 * the 'cipher' structure */
@@ -1267,9 +1266,9 @@ int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist,
1267 STACK_OF(SSL_CIPHER) *cipherlist_tls13, 1266 STACK_OF(SSL_CIPHER) *cipherlist_tls13,
1268 STACK_OF(SSL_CIPHER) **out_cipherlist); 1267 STACK_OF(SSL_CIPHER) **out_cipherlist);
1269void ssl_update_cache(SSL *s, int mode); 1268void ssl_update_cache(SSL *s, int mode);
1270int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 1269int ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc,
1271 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); 1270 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
1272int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); 1271int ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead);
1273int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md); 1272int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md);
1274 1273
1275int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); 1274int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);