Add support for SSL_get_shared_ciphers() in TLSv1.3

As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server
some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due
to missing support for SSL_get_shared_ciphers(). This fixes the parts
related to shared ciphers.

ok beck inoguchi jsing

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 2062d4956c..0b079c1d83 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.68 2021/01/07 16:26:31 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.69 2021/01/09 10:41:48 tb Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -250,6 +250,10 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
         }
         S3I(s)->hs.new_cipher = cipher;
 
+        sk_SSL_CIPHER_free(s->session->ciphers);
+        s->session->ciphers = ciphers;
+        ciphers = NULL;
+
         /* Ensure only the NULL compression method is advertised. */
         if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only,
             sizeof(tls13_compression_null_only))) {