diff options
| author | jsing <> | 2020-09-13 16:49:05 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-13 16:49:05 +0000 |
| commit | 0aa52b54c9a57f9625af2c4445b991cfdd4ad228 (patch) | |
| tree | e245dcd6ff9d7a9822feff50c7792c76ecfa9dba /src/lib/libssl/ssl_locl.h | |
| parent | a328631fddec2556ad8af08ce4de240790c537c9 (diff) | |
| download | openbsd-0aa52b54c9a57f9625af2c4445b991cfdd4ad228.tar.gz openbsd-0aa52b54c9a57f9625af2c4445b991cfdd4ad228.tar.bz2 openbsd-0aa52b54c9a57f9625af2c4445b991cfdd4ad228.zip | |
Implement SSL_{CTX_,}set_ciphersuites().
OpenSSL added a separate API for configuring TLSv1.3 ciphersuites. Provide
this API, while retaining the current behaviour of being able to configure
TLSv1.3 via the existing interface.
Note that this is not currently exposed in the headers/exported symbols.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index df07ca68a6..540afee004 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.290 2020/09/11 17:36:27 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.291 2020/09/13 16:49:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -599,6 +599,8 @@ typedef struct ssl_ctx_internal_st { | |||
| 599 | 599 | ||
| 600 | CRYPTO_EX_DATA ex_data; | 600 | CRYPTO_EX_DATA ex_data; |
| 601 | 601 | ||
| 602 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; | ||
| 603 | |||
| 602 | struct cert_st /* CERT */ *cert; | 604 | struct cert_st /* CERT */ *cert; |
| 603 | 605 | ||
| 604 | /* Default values used when no per-SSL value is defined follow */ | 606 | /* Default values used when no per-SSL value is defined follow */ |
| @@ -743,6 +745,8 @@ typedef struct ssl_internal_st { | |||
| 743 | 745 | ||
| 744 | int hit; /* reusing a previous session */ | 746 | int hit; /* reusing a previous session */ |
| 745 | 747 | ||
| 748 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; | ||
| 749 | |||
| 746 | /* These are the ones being used, the ones in SSL_SESSION are | 750 | /* These are the ones being used, the ones in SSL_SESSION are |
| 747 | * the ones to be 'copied' into these ones */ | 751 | * the ones to be 'copied' into these ones */ |
| 748 | int mac_flags; | 752 | int mac_flags; |
| @@ -1164,7 +1168,12 @@ SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, | |||
| 1164 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); | 1168 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); |
| 1165 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); | 1169 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); |
| 1166 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | 1170 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, |
| 1167 | STACK_OF(SSL_CIPHER) **pref, const char *rule_str); | 1171 | STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) *tls13, |
| 1172 | const char *rule_str); | ||
| 1173 | int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); | ||
| 1174 | int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist, | ||
| 1175 | STACK_OF(SSL_CIPHER) *cipherlist_tls13, | ||
| 1176 | STACK_OF(SSL_CIPHER) **out_cipherlist); | ||
| 1168 | void ssl_update_cache(SSL *s, int mode); | 1177 | void ssl_update_cache(SSL *s, int mode); |
| 1169 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 1178 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 1170 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); | 1179 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); |