diff options
| author | jsing <> | 2024-07-20 04:04:23 +0000 |
|---|---|---|
| committer | jsing <> | 2024-07-20 04:04:23 +0000 |
| commit | b68193edfb3424eb0f993aec6089c9e057aa5d4d (patch) | |
| tree | b04719de2f91b0f8d7c9c7acb93cef76a89b9948 /src/lib/libssl/ssl_txt.c | |
| parent | cc7dc6e9b7012526aa3797842d226b3a275a7e70 (diff) | |
| download | openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.gz openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.tar.bz2 openbsd-b68193edfb3424eb0f993aec6089c9e057aa5d4d.zip | |
Remove cipher from SSL_SESSION.
For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.
Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_txt.c')
| -rw-r--r-- | src/lib/libssl/ssl_txt.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index ee3d218d68..26b631d5ab 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_txt.c,v 1.37 2023/07/08 16:40:13 beck Exp $ */ | 1 | /* $OpenBSD: ssl_txt.c,v 1.38 2024/07/20 04:04:23 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -108,6 +108,7 @@ LSSL_ALIAS(SSL_SESSION_print_fp); | |||
| 108 | int | 108 | int |
| 109 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 109 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 110 | { | 110 | { |
| 111 | const SSL_CIPHER *cipher; | ||
| 111 | size_t i; | 112 | size_t i; |
| 112 | int ret = 0; | 113 | int ret = 0; |
| 113 | 114 | ||
| @@ -121,15 +122,15 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 121 | ssl_version_string(x->ssl_version)) <= 0) | 122 | ssl_version_string(x->ssl_version)) <= 0) |
| 122 | goto err; | 123 | goto err; |
| 123 | 124 | ||
| 124 | if (x->cipher == NULL) { | 125 | if ((cipher = ssl3_get_cipher_by_id(x->cipher_id)) == NULL) { |
| 125 | if (BIO_printf(bp, " Cipher : %04lX\n", | 126 | if (BIO_printf(bp, " Cipher : %04lX\n", |
| 126 | x->cipher_id & SSL3_CK_VALUE_MASK) <= 0) | 127 | x->cipher_id & SSL3_CK_VALUE_MASK) <= 0) |
| 127 | goto err; | 128 | goto err; |
| 128 | } else { | 129 | } else { |
| 129 | const char *cipher_name = "unknown"; | 130 | const char *cipher_name = "unknown"; |
| 130 | 131 | ||
| 131 | if (x->cipher->name != NULL) | 132 | if (cipher->name != NULL) |
| 132 | cipher_name = x->cipher->name; | 133 | cipher_name = cipher->name; |
| 133 | 134 | ||
| 134 | if (BIO_printf(bp, " Cipher : %s\n", cipher_name) <= 0) | 135 | if (BIO_printf(bp, " Cipher : %s\n", cipher_name) <= 0) |
| 135 | goto err; | 136 | goto err; |