artulab.com Git - openbsd/commit

author	jsing <jsing@openbsd.org>
	Mon, 22 Jul 2024 14:47:15 +0000 (14:47 +0000)
committer	jsing <jsing@openbsd.org>
	Mon, 22 Jul 2024 14:47:15 +0000 (14:47 +0000)
commit	f4fe6251b363bc47c99c75caa60c829516bf905e
tree	512923dad33e12c6a01c56012867efa7e7b21ca2	tree \| snapshot
parent	5bf94a726016b19f850b257796b635ae6242fc10	commit \| diff

Use cipher suite values instead of IDs.

OpenSSL has had the concept of cipher IDs, which were a way of working
around overlapping cipher suite values between SSLv2 and SSLv3. Given
that we no longer have to deal with this issue, replace the use of IDs
with cipher suite values. In particular, this means that we can stop
mapping back and forth between the two, simplifying things considerably.

While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[]
table is no longer mutable, meaning that ciphers cannot be disabled at
runtime (and we have `#if 0' if we want to do it at compile time).

Clean up the comments and add/update RFC references for cipher suites.

ok tb@

lib/libssl/s3_lib.c		diff \| blob \| history
lib/libssl/ssl_asn1.c		diff \| blob \| history
lib/libssl/ssl_ciph.c		diff \| blob \| history
lib/libssl/ssl_ciphers.c		diff \| blob \| history
lib/libssl/ssl_clnt.c		diff \| blob \| history
lib/libssl/ssl_local.h		diff \| blob \| history
lib/libssl/ssl_pkt.c		diff \| blob \| history
lib/libssl/ssl_sess.c		diff \| blob \| history
lib/libssl/ssl_srvr.c		diff \| blob \| history
lib/libssl/ssl_txt.c		diff \| blob \| history
lib/libssl/tls13_client.c		diff \| blob \| history
lib/libssl/tls13_server.c		diff \| blob \| history