CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2024/07/19 22:04:23
Modified files:
lib/libssl : d1_pkt.c ssl_asn1.c ssl_ciph.c ssl_clnt.c
ssl_lib.c ssl_local.h ssl_pkt.c ssl_sess.c
ssl_srvr.c ssl_txt.c t1_enc.c tls13_client.c
tls13_server.c
Log message:
Remove cipher from SSL_SESSION.
For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.
Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).
ok tb@
