From: jsing <jsing@openbsd.org>
Date: Fri, 19 Jul 2024 08:54:31 +0000 (+0000)
Subject: Move client ciphers from SSL_SESSION to SSL_HANDSHAKE.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1a5be6e3b22e7b507250238d6ef44fa798694c23;p=openbsd

Move client ciphers from SSL_SESSION to SSL_HANDSHAKE.

SSL_SESSION has a 'ciphers' member which contains a list of ciphers
that were advertised by the client. Move this from SSL_SESSION to
SSL_HANDSHAKE and rename it to match reality.

ok tb@
---

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 5fc42ca200b..38e7ba7f192 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.254 2024/07/16 14:38:04 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.255 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1478,6 +1478,8 @@ ssl3_free(SSL *s)
 	tls_buffer_free(s->s3->handshake_fragment);
 
 	freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
+
+	sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
 	sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
 	sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
 	sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
@@ -1522,6 +1524,8 @@ ssl3_clear(SSL *s)
 	s->s3->hs.sigalgs = NULL;
 	s->s3->hs.sigalgs_len = 0;
 
+	sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
+	s->s3->hs.client_ciphers = NULL;
 	sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
 	s->s3->hs.peer_certs = NULL;
 	sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index d78cb2ac3a1..4b86b70db85 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.326 2024/07/11 13:48:52 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.327 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1528,9 +1528,9 @@ LSSL_ALIAS(SSL_get_ciphers);
 STACK_OF(SSL_CIPHER) *
 SSL_get_client_ciphers(const SSL *s)
 {
-	if (s == NULL || s->session == NULL || !s->server)
+	if (s == NULL || !s->server)
 		return NULL;
-	return s->session->ciphers;
+	return s->s3->hs.client_ciphers;
 }
 LSSL_ALIAS(SSL_get_client_ciphers);
 
@@ -1713,10 +1713,10 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 	char *end;
 	int i;
 
-	if (!s->server || s->session == NULL || len < 2)
+	if (!s->server || len < 2)
 		return NULL;
 
-	if ((client_ciphers = s->session->ciphers) == NULL)
+	if ((client_ciphers = s->s3->hs.client_ciphers) == NULL)
 		return NULL;
 	if ((server_ciphers = SSL_get_ciphers(s)) == NULL)
 		return NULL;
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index c002c9b34f0..e9b6a62bbe1 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.19 2024/07/16 14:38:04 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.20 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -443,8 +443,6 @@ struct ssl_session_st {
 					 * needs to be used to load
 					 * the 'cipher' structure */
 
-	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
 	char *tlsext_hostname;
 
 	/* Session resumption - RFC 5077 and RFC 8446. */
@@ -568,6 +566,9 @@ typedef struct ssl_handshake_st {
 	/* Cipher being negotiated in this handshake. */
 	const SSL_CIPHER *cipher;
 
+	/* Ciphers sent by the client. */
+	STACK_OF(SSL_CIPHER) *client_ciphers;
+
 	/* Extensions seen in this handshake. */
 	uint32_t extensions_seen;
 
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index cb985cadb56..76f194ca78c 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.125 2024/03/27 06:47:52 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.126 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,11 +290,6 @@ ssl_session_dup(SSL_SESSION *sess, int include_ticket)
 	copy->cipher = sess->cipher;
 	copy->cipher_id = sess->cipher_id;
 
-	if (sess->ciphers != NULL) {
-		if ((copy->ciphers = sk_SSL_CIPHER_dup(sess->ciphers)) == NULL)
-			goto err;
-	}
-
 	if (sess->tlsext_hostname != NULL) {
 		copy->tlsext_hostname = strdup(sess->tlsext_hostname);
 		if (copy->tlsext_hostname == NULL)
@@ -881,8 +876,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
 
 	X509_free(ss->peer_cert);
 
-	sk_SSL_CIPHER_free(ss->ciphers);
-
 	free(ss->tlsext_hostname);
 	free(ss->tlsext_tick);
 	free(ss->tlsext_ecpointformatlist);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index e9f14dc6107..d6b7de1efdd 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.161 2024/06/25 14:10:45 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.162 2024/07/19 08:54:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1078,13 +1078,13 @@ ssl3_get_client_hello(SSL *s)
 		s->hit = 1;
 		s->session->verify_result = X509_V_OK;
 
-		sk_SSL_CIPHER_free(s->session->ciphers);
-		s->session->ciphers = ciphers;
+		sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
+		s->s3->hs.client_ciphers = ciphers;
 		ciphers = NULL;
 
 		/* Check if some cipher was preferred by the callback. */
 		if (pref_cipher == NULL)
-			pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+			pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
 			    SSL_get_ciphers(s));
 		if (pref_cipher == NULL) {
 			al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1094,7 +1094,7 @@ ssl3_get_client_hello(SSL *s)
 		s->session->cipher = pref_cipher;
 
 		sk_SSL_CIPHER_free(s->cipher_list);
-		s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+		s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers);
 	}
 
 	/*
@@ -1108,11 +1108,11 @@ ssl3_get_client_hello(SSL *s)
 			SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
 			goto fatal_err;
 		}
-		sk_SSL_CIPHER_free(s->session->ciphers);
-		s->session->ciphers = ciphers;
+		sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
+		s->s3->hs.client_ciphers = ciphers;
 		ciphers = NULL;
 
-		if ((c = ssl3_choose_cipher(s, s->session->ciphers,
+		if ((c = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
 		    SSL_get_ciphers(s))) == NULL) {
 			al = SSL_AD_HANDSHAKE_FAILURE;
 			SSLerror(s, SSL_R_NO_SHARED_CIPHER);
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index dfeb1e01663..f9cdbdd690e 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.106 2023/06/10 15:34:36 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.107 2024/07/19 08:54:31 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -275,8 +275,8 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 	}
 	ctx->hs->cipher = cipher;
 
-	sk_SSL_CIPHER_free(s->session->ciphers);
-	s->session->ciphers = ciphers;
+	sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
+	s->s3->hs.client_ciphers = ciphers;
 	ciphers = NULL;
 
 	/* Ensure only the NULL compression method is advertised. */