From c8b5a8326cd9eb6cd2455ad39f44c7213578615d Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Tue, 22 Jan 2019 01:15:38 +0000 Subject: Add a re-implementation of SSL_get1_supported_ciphers(). Part of OpenSSL 1.1 API (pre-licence-change). input schwarze ok jsing --- lib/libssl/Symbols.list | 1 + lib/libssl/ssl.h | 3 ++- lib/libssl/ssl_lib.c | 36 +++++++++++++++++++++++++++++++++++- 3 files changed, 38 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index bae1950899c..410f08e92c3 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -184,6 +184,7 @@ SSL_get0_alpn_selected SSL_get0_next_proto_negotiated SSL_get0_param SSL_get1_session +SSL_get1_supported_ciphers SSL_get_SSL_CTX SSL_get_certificate SSL_get_cipher_list diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index d440e0ccef7..e6ac7689dae 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.163 2019/01/22 01:12:18 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.164 2019/01/22 01:15:37 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1438,6 +1438,7 @@ const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 839bead7557..f5747fa5f98 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.200 2019/01/22 01:12:18 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.201 2019/01/22 01:15:37 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1263,6 +1263,40 @@ SSL_get_client_ciphers(const SSL *s) return s->session->ciphers; } +STACK_OF(SSL_CIPHER) * +SSL_get1_supported_ciphers(SSL *s) +{ + STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers; + const SSL_CIPHER *cipher; + uint16_t min_vers, max_vers; + int i; + + if (s == NULL) + return NULL; + if (!ssl_supported_version_range(s, &min_vers, &max_vers)) + return NULL; + if ((ciphers = SSL_get_ciphers(s)) == NULL) + return NULL; + if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL) + return NULL; + + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) + goto err; + if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) + continue; + if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) + goto err; + } + + if (sk_SSL_CIPHER_num(supported_ciphers) > 0) + return supported_ciphers; + + err: + sk_SSL_CIPHER_free(supported_ciphers); + return NULL; +} + /* * Return a STACK of the ciphers available for the SSL and in order of * algorithm id. -- cgit v1.2.3