diff options
| author | Matt Caswell <matt@openssl.org> | 2020-11-20 17:23:57 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-11-23 09:31:23 +0000 |
| commit | a68eee679a4b85f6846519412e1895c56475959c (patch) | |
| tree | 820c23d80703597540634c1579a3549a27f0bba5 /ssl/ssl_local.h | |
| parent | 97485aec7f16714f309aeb6637bc4faa2f61f98a (diff) | |
Move some libssl global variables into SSL_CTX
disabled_enc_mask et al were global. Now that cipher loading is done
individually for each SSL_CTX, based on the libctx configured for that
SSL_CTX this means that some things will be disabled for one SSL_CTX but
not for another. The global variables set up the potential for different
SSL_CTXs to trample on each other. We move these variables into the SSL_CTX
structure.
Fixes #12040
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13465)
Diffstat (limited to 'ssl/ssl_local.h')
| -rw-r--r-- | ssl/ssl_local.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 3b76084831..3bcf6e7551 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1187,6 +1187,12 @@ struct ssl_ctx_st { TLS_GROUP_INFO *group_list; size_t group_list_len; size_t group_list_max_len; + + /* masks of disabled algorithms */ + uint32_t disabled_enc_mask; + uint32_t disabled_mac_mask; + uint32_t disabled_mkey_mask; + uint32_t disabled_auth_mask; }; typedef struct cert_pkey_st CERT_PKEY; @@ -2389,7 +2395,7 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, +__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, STACK_OF(SSL_CIPHER) **cipher_list_by_id, @@ -2410,7 +2416,7 @@ __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s, __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, size_t *int_overhead, size_t *blocksize, size_t *ext_overhead); -__owur int ssl_cert_is_disabled(size_t idx); +__owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, int all); |