Add a re-implementation of SSL_get1_supported_ciphers().

Part of OpenSSL 1.1 API (pre-licence-change). input schwarze ok jsing
author: tb <> 2019-01-22 01:15:37 +0000
committer: tb <> 2019-01-22 01:15:37 +0000
commit: fbdf216114c12c4b5deb8b0478b2a28344479c96 (patch)
tree: bc4460332c715886a6f27f9656f8b5c8b0fa84bd /src
parent: bd68e8ca28679b15d2f2db1e696ed66903f425a6 (diff)
download: openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.tar.gz
openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.tar.bz2
openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.zip
3 files changed, 38 insertions, 2 deletions
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index bae1950899..410f08e92c 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -184,6 +184,7 @@ SSL_get0_alpn_selected
 SSL_get0_next_proto_negotiated
 SSL_get0_param
 SSL_get1_session
+SSL_get1_supported_ciphers
 SSL_get_SSL_CTX
 SSL_get_certificate
 SSL_get_cipher_list
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d440e0ccef..e6ac7689da 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.163 2019/01/22 01:12:18 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.164 2019/01/22 01:15:37 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1438,6 +1438,7 @@ const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 839bead755..f5747fa5f9 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.200 2019/01/22 01:12:18 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.201 2019/01/22 01:15:37 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1263,6 +1263,40 @@ SSL_get_client_ciphers(const SSL *s)
        return s->session->ciphers;
 }
+STACK_OF(SSL_CIPHER) *
+SSL_get1_supported_ciphers(SSL *s)
+{
+        STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
+        const SSL_CIPHER *cipher;
+        uint16_t min_vers, max_vers;
+        int i;
+        if (s == NULL)
+                return NULL;
+        if (!ssl_supported_version_range(s, &min_vers, &max_vers))
+                return NULL;
+        if ((ciphers = SSL_get_ciphers(s)) == NULL)
+                return NULL;
+        if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
+                return NULL;
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+                if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
+                        goto err;
+                if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers))
+                        continue;
+                if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
+                        goto err;
+        }
+        if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
+                return supported_ciphers;
+ err:
+        sk_SSL_CIPHER_free(supported_ciphers);
+        return NULL;
+}
 /*
 * Return a STACK of the ciphers available for the SSL and in order of
 * algorithm id.
author	tb <>	2019-01-22 01:15:37 +0000
committer	tb <>	2019-01-22 01:15:37 +0000
commit	fbdf216114c12c4b5deb8b0478b2a28344479c96 (patch)
tree	bc4460332c715886a6f27f9656f8b5c8b0fa84bd /src
parent	bd68e8ca28679b15d2f2db1e696ed66903f425a6 (diff)
download	openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.tar.gz openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.tar.bz2 openbsd-fbdf216114c12c4b5deb8b0478b2a28344479c96.zip

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list index bae1950899..410f08e92c 100644 --- a/src/lib/libssl/Symbols.list +++ b/src/lib/libssl/Symbols.list
@@ -184,6 +184,7 @@ SSL_get0_alpn_selected
184	SSL_get0_next_proto_negotiated	184	SSL_get0_next_proto_negotiated
185	SSL_get0_param	185	SSL_get0_param
186	SSL_get1_session	186	SSL_get1_session
		187	SSL_get1_supported_ciphers
187	SSL_get_SSL_CTX	188	SSL_get_SSL_CTX
188	SSL_get_certificate	189	SSL_get_certificate
189	SSL_get_cipher_list	190	SSL_get_cipher_list


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index d440e0ccef..e6ac7689da 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.163 2019/01/22 01:12:18 tb Exp $ */	1	/* $OpenBSD: ssl.h,v 1.164 2019/01/22 01:15:37 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1438,6 +1438,7 @@ const SSL_METHOD DTLSv1_client_method(void); / DTLSv1.0 */
1438		1438
1439	STACK_OF(SSL_CIPHER) SSL_get_ciphers(const SSL s);	1439	STACK_OF(SSL_CIPHER) SSL_get_ciphers(const SSL s);
1440	STACK_OF(SSL_CIPHER) SSL_get_client_ciphers(const SSL s);	1440	STACK_OF(SSL_CIPHER) SSL_get_client_ciphers(const SSL s);
		1441	STACK_OF(SSL_CIPHER) SSL_get1_supported_ciphers(SSL s);
1441		1442
1442	int SSL_do_handshake(SSL *s);	1443	int SSL_do_handshake(SSL *s);
1443	int SSL_renegotiate(SSL *s);	1444	int SSL_renegotiate(SSL *s);


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 839bead755..f5747fa5f9 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.200 2019/01/22 01:12:18 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.201 2019/01/22 01:15:37 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1263,6 +1263,40 @@ SSL_get_client_ciphers(const SSL *s)
1263	return s->session->ciphers;	1263	return s->session->ciphers;
1264	}	1264	}
1265		1265
		1266	STACK_OF(SSL_CIPHER) *
		1267	SSL_get1_supported_ciphers(SSL *s)
		1268	{
		1269	STACK_OF(SSL_CIPHER) supported_ciphers = NULL, ciphers;
		1270	const SSL_CIPHER *cipher;
		1271	uint16_t min_vers, max_vers;
		1272	int i;
		1273
		1274	if (s == NULL)
		1275	return NULL;
		1276	if (!ssl_supported_version_range(s, &min_vers, &max_vers))
		1277	return NULL;
		1278	if ((ciphers = SSL_get_ciphers(s)) == NULL)
		1279	return NULL;
		1280	if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
		1281	return NULL;
		1282
		1283	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
		1284	if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
		1285	goto err;
		1286	if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers))
		1287	continue;
		1288	if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
		1289	goto err;
		1290	}
		1291
		1292	if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
		1293	return supported_ciphers;
		1294
		1295	err:
		1296	sk_SSL_CIPHER_free(supported_ciphers);
		1297	return NULL;
		1298	}
		1299
1266	/*	1300	/*
1267	* Return a STACK of the ciphers available for the SSL and in order of	1301	* Return a STACK of the ciphers available for the SSL and in order of
1268	* algorithm id.	1302	* algorithm id.