1 files changed, 37 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 2726744357..e93298c2db 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.236 2022/08/17 07:39:19 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1656,6 +1656,39 @@ ssl3_clear(SSL *s)
 }
 long
+_SSL_get_shared_group(SSL *s, long n)
+{
+        size_t count;
+        int nid;
+        /* OpenSSL document that they return -1 for clients. They return 0. */
+        if (!s->server)
+                return 0;
+        if (n == -1) {
+                if (!tls1_count_shared_groups(s, &count))
+                        return 0;
+                if (count > LONG_MAX)
+                        count = LONG_MAX;
+                return count;
+        }
+        /* Undocumented special case added for Suite B profile support. */
+        if (n == -2)
+                n = 0;
+        if (n < 0)
+                return 0;
+        if (!tls1_get_shared_group_by_index(s, n, &nid))
+                return NID_undef;
+        return nid;
+}
+long
 _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
 {
        EVP_PKEY *pkey = NULL;
@@ -2075,6 +2108,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        case SSL_CTRL_SET_GROUPS_LIST:
                return SSL_set1_groups_list(s, parg);
+        case SSL_CTRL_GET_SHARED_GROUP:
+                return _SSL_get_shared_group(s, larg);
        /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
        case SSL_CTRL_GET_SERVER_TMP_KEY:
                if (s->server != 0)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 2726744357..e93298c2db 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.236 2022/08/17 07:39:19 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1656,6 +1656,39 @@ ssl3_clear(SSL *s)
1656	}	1656	}
1657		1657
1658	long	1658	long
		1659	_SSL_get_shared_group(SSL *s, long n)
		1660	{
		1661	size_t count;
		1662	int nid;
		1663
		1664	/* OpenSSL document that they return -1 for clients. They return 0. */
		1665	if (!s->server)
		1666	return 0;
		1667
		1668	if (n == -1) {
		1669	if (!tls1_count_shared_groups(s, &count))
		1670	return 0;
		1671
		1672	if (count > LONG_MAX)
		1673	count = LONG_MAX;
		1674
		1675	return count;
		1676	}
		1677
		1678	/* Undocumented special case added for Suite B profile support. */
		1679	if (n == -2)
		1680	n = 0;
		1681
		1682	if (n < 0)
		1683	return 0;
		1684
		1685	if (!tls1_get_shared_group_by_index(s, n, &nid))
		1686	return NID_undef;
		1687
		1688	return nid;
		1689	}
		1690
		1691	long
1659	_SSL_get_peer_tmp_key(SSL s, EVP_PKEY *key)	1692	_SSL_get_peer_tmp_key(SSL s, EVP_PKEY *key)
1660	{	1693	{
1661	EVP_PKEY *pkey = NULL;	1694	EVP_PKEY *pkey = NULL;
@@ -2075,6 +2108,9 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2075	case SSL_CTRL_SET_GROUPS_LIST:	2108	case SSL_CTRL_SET_GROUPS_LIST:
2076	return SSL_set1_groups_list(s, parg);	2109	return SSL_set1_groups_list(s, parg);
2077		2110
		2111	case SSL_CTRL_GET_SHARED_GROUP:
		2112	return _SSL_get_shared_group(s, larg);
		2113
2078	/* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */	2114	/* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
2079	case SSL_CTRL_GET_SERVER_TMP_KEY:	2115	case SSL_CTRL_GET_SERVER_TMP_KEY:
2080	if (s->server != 0)	2116	if (s->server != 0)