artulab.com Git - openbsd/commit

author	jsing <jsing@openbsd.org>
	Sat, 20 Jul 2024 04:04:23 +0000 (04:04 +0000)
committer	jsing <jsing@openbsd.org>
	Sat, 20 Jul 2024 04:04:23 +0000 (04:04 +0000)
commit	387303bbbb9d754b4fb827b18476432ebdba1f40
tree	fcfba0b0076159bab3ef3d23295eb6301332fcd9	tree \| snapshot
parent	9c4c1a6ff154df900c0b48496cb7a09e1d2a98b8	commit \| diff

Remove cipher from SSL_SESSION.

For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.

Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).

ok tb@

lib/libssl/d1_pkt.c		diff \| blob \| history
lib/libssl/ssl_asn1.c		diff \| blob \| history
lib/libssl/ssl_ciph.c		diff \| blob \| history
lib/libssl/ssl_clnt.c		diff \| blob \| history
lib/libssl/ssl_lib.c		diff \| blob \| history
lib/libssl/ssl_local.h		diff \| blob \| history
lib/libssl/ssl_pkt.c		diff \| blob \| history
lib/libssl/ssl_sess.c		diff \| blob \| history
lib/libssl/ssl_srvr.c		diff \| blob \| history
lib/libssl/ssl_txt.c		diff \| blob \| history
lib/libssl/t1_enc.c		diff \| blob \| history
lib/libssl/tls13_client.c		diff \| blob \| history
lib/libssl/tls13_server.c		diff \| blob \| history