summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_ciph.c
diff options
context:
space:
mode:
authorTomas Mraz <tomas@openssl.org>2022-06-20 17:11:28 +0200
committerHugo Landau <hlandau@openssl.org>2022-07-28 11:04:28 +0200
commit38b051a1fedc79ebf24a96de2e9a326ad3665baf (patch)
treee32fa2a0a5cf8572b48b3cb8a1aac2a20d0b439f /ssl/ssl_ciph.c
parentAdd some documentation for the BIO_s_mem() datagram capability (diff)
downloadopenssl-38b051a1fedc79ebf24a96de2e9a326ad3665baf.tar.xz
openssl-38b051a1fedc79ebf24a96de2e9a326ad3665baf.zip
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r--ssl/ssl_ciph.c33
1 files changed, 21 insertions, 12 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 1608cb1324..e519d20362 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -625,14 +625,15 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return ctx->ssl_digest_methods[idx];
}
-const EVP_MD *ssl_handshake_md(SSL *s)
+const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
{
- return ssl_md(s->ctx, ssl_get_algorithm2(s));
+ return ssl_md(SSL_CONNECTION_GET_CTX(s), ssl_get_algorithm2(s));
}
-const EVP_MD *ssl_prf_md(SSL *s)
+const EVP_MD *ssl_prf_md(SSL_CONNECTION *s)
{
- return ssl_md(s->ctx, ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
+ return ssl_md(SSL_CONNECTION_GET_CTX(s),
+ ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
}
#define ITEM_SEP(a) \
@@ -1431,15 +1432,22 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
int SSL_set_ciphersuites(SSL *s, const char *str)
{
STACK_OF(SSL_CIPHER) *cipher_list;
- int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
+ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+ int ret;
- if (s->cipher_list == NULL) {
+ if (sc == NULL)
+ return 0;
+
+ ret = set_ciphersuites(&(sc->tls13_ciphersuites), str);
+
+ if (sc->cipher_list == NULL) {
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
- s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
+ sc->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
}
- if (ret && s->cipher_list != NULL)
- return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id,
- s->tls13_ciphersuites);
+ if (ret && sc->cipher_list != NULL)
+ return update_cipher_list(s->ctx, &sc->cipher_list,
+ &sc->cipher_list_by_id,
+ sc->tls13_ciphersuites);
return ret;
}
@@ -2096,10 +2104,11 @@ int SSL_COMP_get_id(const SSL_COMP *comp)
#endif
}
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *s,
+ const unsigned char *ptr,
int all)
{
- const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+ const SSL_CIPHER *c = SSL_CONNECTION_GET_SSL(s)->method->get_cipher_by_char(ptr);
if (c == NULL || (!all && c->valid == 0))
return NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 11:29:33 +0100