Rename new_cipher to cipher.

This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
author: jsing <> 2021-03-24 18:44:00 +0000
committer: jsing <> 2021-03-24 18:44:00 +0000
commit: ae1702cd90dfc51fd5483baea6488cd99ac9c26b (patch)
tree: 4ba7ed86321d6c92257c882bce631aa4a7f603b8 /src/lib/libssl/ssl_srvr.c
parent: 3ce9712d99b47c9a9db840f6cf8cc970a5f841dd (diff)
download: openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.gz
openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.bz2
openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.zip
1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3dc87a00c8..047087c1c9 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -394,7 +394,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH or anon ECDH. */
-                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->hs.cipher->algorithm_auth &
                            SSL_aNULL)) {
                                if (SSL_is_dtls(s))
                                        dtls1_start_timer(s);
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_A:
                case SSL3_ST_SW_KEY_EXCH_B:
-                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                        /*
                         * Only send if using a DH key exchange.
@@ -459,7 +459,7 @@ ssl3_accept(SSL *s)
                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
                            ((s->session->peer != NULL) &&
                             (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                            ((S3I(s)->hs.new_cipher->algorithm_auth &
+                            ((S3I(s)->hs.cipher->algorithm_auth &
                             SSL_aNULL) && !(s->verify_mode &
                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
                                /* No cert request. */
@@ -542,7 +542,7 @@ ssl3_accept(SSL *s)
                                s->internal->init_num = 0;
                        }
-                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                        if (ret == 2) {
                                /*
                                 * For the ECDH ciphersuites when
@@ -641,7 +641,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CHANGE_A:
                case SSL3_ST_SW_CHANGE_B:
-                        s->session->cipher = S3I(s)->hs.new_cipher;
+                        s->session->cipher = S3I(s)->hs.cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -1122,15 +1122,15 @@ ssl3_get_client_hello(SSL *s)
                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
                        goto fatal_err;
                }
-                S3I(s)->hs.new_cipher = c;
+                S3I(s)->hs.cipher = c;
        } else {
-                S3I(s)->hs.new_cipher = s->session->cipher;
+                S3I(s)->hs.cipher = s->session->cipher;
        }
        if (!tls1_transcript_hash_init(s))
                goto err;
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
            !(s->verify_mode & SSL_VERIFY_PEER))
                tls1_transcript_free(s);
@@ -1144,7 +1144,7 @@ ssl3_get_client_hello(SSL *s)
         * ssl version is set   - sslv3
         * s->session           - The ssl session has been setup.
         * s->internal->hit             - session reuse flag
-         * s->hs.new_cipher     - the new cipher to use.
+         * s->hs.cipher - the new cipher to use.
         */
        /* Handles TLS extensions that we couldn't check earlier */
@@ -1265,7 +1265,7 @@ ssl3_send_server_hello(SSL *s)
                /* Cipher suite. */
                if (!CBB_add_u16(&server_hello,
-                    ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
+                    ssl3_cipher_get_value(S3I(s)->hs.cipher)))
                        goto err;
                /* Compression method (null). */
@@ -1336,7 +1336,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
        if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
                dhp = s->cert->dh_tmp_cb(s, 0,
-                    SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
+                    SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
        if (dhp == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1544,7 +1544,7 @@ ssl3_send_server_key_exchange(SSL *s)
                if (!CBB_init(&cbb_params, 0))
                        goto err;
-                type = S3I(s)->hs.new_cipher->algorithm_mkey;
+                type = S3I(s)->hs.cipher->algorithm_mkey;
                if (type & SSL_kDHE) {
                        if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
                                goto err;
@@ -1564,8 +1564,8 @@ ssl3_send_server_key_exchange(SSL *s)
                        goto err;
                /* Add signature unless anonymous. */
-                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
+                if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
-                        if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
+                        if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
                            &md, &sigalg)) == NULL) {
                                al = SSL_AD_DECODE_ERROR;
                                goto fatal_err;
@@ -2002,7 +2002,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
        int ret = 0;
        /* Get our certificate private key*/
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        if (alg_a & SSL_aGOST01)
                pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
@@ -2081,7 +2081,7 @@ ssl3_get_client_key_exchange(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, n);
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (alg_k & SSL_kRSA) {
                if (ssl3_get_client_kex_rsa(s, &cbs) != 1)
author	jsing <>	2021-03-24 18:44:00 +0000
committer	jsing <>	2021-03-24 18:44:00 +0000
commit	ae1702cd90dfc51fd5483baea6488cd99ac9c26b (patch)
tree	4ba7ed86321d6c92257c882bce631aa4a7f603b8 /src/lib/libssl/ssl_srvr.c
parent	3ce9712d99b47c9a9db840f6cf8cc970a5f841dd (diff)
download	openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.gz openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.bz2 openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3dc87a00c8..047087c1c9 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.99 2021/03/24 18:44:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -394,7 +394,7 @@ ssl3_accept(SSL *s)
394	case SSL3_ST_SW_CERT_A:	394	case SSL3_ST_SW_CERT_A:
395	case SSL3_ST_SW_CERT_B:	395	case SSL3_ST_SW_CERT_B:
396	/* Check if it is anon DH or anon ECDH. */	396	/* Check if it is anon DH or anon ECDH. */
397	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	397	if (!(S3I(s)->hs.cipher->algorithm_auth &
398	SSL_aNULL)) {	398	SSL_aNULL)) {
399	if (SSL_is_dtls(s))	399	if (SSL_is_dtls(s))
400	dtls1_start_timer(s);	400	dtls1_start_timer(s);
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
414		414
415	case SSL3_ST_SW_KEY_EXCH_A:	415	case SSL3_ST_SW_KEY_EXCH_A:
416	case SSL3_ST_SW_KEY_EXCH_B:	416	case SSL3_ST_SW_KEY_EXCH_B:
417	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	417	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
418		418
419	/*	419	/*
420	* Only send if using a DH key exchange.	420	* Only send if using a DH key exchange.
@@ -459,7 +459,7 @@ ssl3_accept(SSL *s)
459	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|	459	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|
460	((s->session->peer != NULL) &&	460	((s->session->peer != NULL) &&
461	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|	461	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|
462	((S3I(s)->hs.new_cipher->algorithm_auth &	462	((S3I(s)->hs.cipher->algorithm_auth &
463	SSL_aNULL) && !(s->verify_mode &	463	SSL_aNULL) && !(s->verify_mode &
464	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {	464	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
465	/* No cert request. */	465	/* No cert request. */
@@ -542,7 +542,7 @@ ssl3_accept(SSL *s)
542	s->internal->init_num = 0;	542	s->internal->init_num = 0;
543	}	543	}
544		544
545	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	545	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
546	if (ret == 2) {	546	if (ret == 2) {
547	/*	547	/*
548	* For the ECDH ciphersuites when	548	* For the ECDH ciphersuites when
@@ -641,7 +641,7 @@ ssl3_accept(SSL *s)
641		641
642	case SSL3_ST_SW_CHANGE_A:	642	case SSL3_ST_SW_CHANGE_A:
643	case SSL3_ST_SW_CHANGE_B:	643	case SSL3_ST_SW_CHANGE_B:
644	s->session->cipher = S3I(s)->hs.new_cipher;	644	s->session->cipher = S3I(s)->hs.cipher;
645	if (!tls1_setup_key_block(s)) {	645	if (!tls1_setup_key_block(s)) {
646	ret = -1;	646	ret = -1;
647	goto end;	647	goto end;
@@ -1122,15 +1122,15 @@ ssl3_get_client_hello(SSL *s)
1122	SSLerror(s, SSL_R_NO_SHARED_CIPHER);	1122	SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1123	goto fatal_err;	1123	goto fatal_err;
1124	}	1124	}
1125	S3I(s)->hs.new_cipher = c;	1125	S3I(s)->hs.cipher = c;
1126	} else {	1126	} else {
1127	S3I(s)->hs.new_cipher = s->session->cipher;	1127	S3I(s)->hs.cipher = s->session->cipher;
1128	}	1128	}
1129		1129
1130	if (!tls1_transcript_hash_init(s))	1130	if (!tls1_transcript_hash_init(s))
1131	goto err;	1131	goto err;
1132		1132
1133	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1133	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1134	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|	1134	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|
1135	!(s->verify_mode & SSL_VERIFY_PEER))	1135	!(s->verify_mode & SSL_VERIFY_PEER))
1136	tls1_transcript_free(s);	1136	tls1_transcript_free(s);
@@ -1144,7 +1144,7 @@ ssl3_get_client_hello(SSL *s)
1144	* ssl version is set - sslv3	1144	* ssl version is set - sslv3
1145	* s->session - The ssl session has been setup.	1145	* s->session - The ssl session has been setup.
1146	* s->internal->hit - session reuse flag	1146	* s->internal->hit - session reuse flag
1147	* s->hs.new_cipher - the new cipher to use.	1147	* s->hs.cipher - the new cipher to use.
1148	*/	1148	*/
1149		1149
1150	/* Handles TLS extensions that we couldn't check earlier */	1150	/* Handles TLS extensions that we couldn't check earlier */
@@ -1265,7 +1265,7 @@ ssl3_send_server_hello(SSL *s)
1265		1265
1266	/* Cipher suite. */	1266	/* Cipher suite. */
1267	if (!CBB_add_u16(&server_hello,	1267	if (!CBB_add_u16(&server_hello,
1268	ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))	1268	ssl3_cipher_get_value(S3I(s)->hs.cipher)))
1269	goto err;	1269	goto err;
1270		1270
1271	/* Compression method (null). */	1271	/* Compression method (null). */
@@ -1336,7 +1336,7 @@ ssl3_send_server_kex_dhe(SSL s, CBB cbb)
1336		1336
1337	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)	1337	if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1338	dhp = s->cert->dh_tmp_cb(s, 0,	1338	dhp = s->cert->dh_tmp_cb(s, 0,
1339	SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));	1339	SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
1340		1340
1341	if (dhp == NULL) {	1341	if (dhp == NULL) {
1342	al = SSL_AD_HANDSHAKE_FAILURE;	1342	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1544,7 +1544,7 @@ ssl3_send_server_key_exchange(SSL *s)
1544	if (!CBB_init(&cbb_params, 0))	1544	if (!CBB_init(&cbb_params, 0))
1545	goto err;	1545	goto err;
1546		1546
1547	type = S3I(s)->hs.new_cipher->algorithm_mkey;	1547	type = S3I(s)->hs.cipher->algorithm_mkey;
1548	if (type & SSL_kDHE) {	1548	if (type & SSL_kDHE) {
1549	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)	1549	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
1550	goto err;	1550	goto err;
@@ -1564,8 +1564,8 @@ ssl3_send_server_key_exchange(SSL *s)
1564	goto err;	1564	goto err;
1565		1565
1566	/* Add signature unless anonymous. */	1566	/* Add signature unless anonymous. */
1567	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {	1567	if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
1568	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,	1568	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
1569	&md, &sigalg)) == NULL) {	1569	&md, &sigalg)) == NULL) {
1570	al = SSL_AD_DECODE_ERROR;	1570	al = SSL_AD_DECODE_ERROR;
1571	goto fatal_err;	1571	goto fatal_err;
@@ -2002,7 +2002,7 @@ ssl3_get_client_kex_gost(SSL s, CBS cbs)
2002	int ret = 0;	2002	int ret = 0;
2003		2003
2004	/* Get our certificate private key*/	2004	/* Get our certificate private key*/
2005	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	2005	alg_a = S3I(s)->hs.cipher->algorithm_auth;
2006	if (alg_a & SSL_aGOST01)	2006	if (alg_a & SSL_aGOST01)
2007	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;	2007	pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2008		2008
@@ -2081,7 +2081,7 @@ ssl3_get_client_key_exchange(SSL *s)
2081		2081
2082	CBS_init(&cbs, s->internal->init_msg, n);	2082	CBS_init(&cbs, s->internal->init_msg, n);
2083		2083
2084	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2084	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2085		2085
2086	if (alg_k & SSL_kRSA) {	2086	if (alg_k & SSL_kRSA) {
2087	if (ssl3_get_client_kex_rsa(s, &cbs) != 1)	2087	if (ssl3_get_client_kex_rsa(s, &cbs) != 1)