From ae1702cd90dfc51fd5483baea6488cd99ac9c26b Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 24 Mar 2021 18:44:00 +0000 Subject: Rename new_cipher to cipher. This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@ --- src/lib/libssl/ssl_clnt.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'src/lib/libssl/ssl_clnt.c') diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0f602bef7e..984ade0957 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -343,7 +343,7 @@ ssl3_connect(SSL *s) break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) @@ -477,7 +477,7 @@ ssl3_connect(SSL *s) S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = S3I(s)->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s) SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto fatal_err; } - S3I(s)->hs.new_cipher = cipher; + S3I(s)->hs.cipher = cipher; if (!tls1_transcript_hash_init(s)) goto err; @@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) tls1_transcript_free(s); @@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) long alg_a; int al; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; sc = SSI(s)->sess_cert; if ((dh = DH_new()) == NULL) { @@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) int nid; int al; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.cipher->algorithm_auth; sc = SSI(s)->sess_cert; /* Only named curves are supported. */ @@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s) EVP_MD_CTX_init(&md_ctx); - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = S3I(s)->hs.cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() @@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s) } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { + if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; @@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) } /* XXX check handshake hash instead. */ - if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) + if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_GostR3411_94; else nid = NID_id_tc26_gost3411_2012_256; @@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s) SESS_CERT *sc; DH *dh; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = S3I(s)->hs.cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) -- cgit v1.2.3-55-g6feb