From be1d02917370f48d43c5e741fbb7b49e6aaa7484 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 7 Feb 2015 04:17:11 +0000 Subject: Provide a SSL_CIPHER_get_by_value() function that allows a cipher to be retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@ --- src/lib/libssl/s3_lib.c | 9 ++++++++- src/lib/libssl/src/ssl/s3_lib.c | 9 ++++++++- src/lib/libssl/src/ssl/ssl.h | 5 ++++- src/lib/libssl/src/ssl/ssl_ciph.c | 20 +++++++++++++++++++- src/lib/libssl/src/ssl/ssl_locl.h | 3 ++- src/lib/libssl/ssl.h | 5 ++++- src/lib/libssl/ssl_ciph.c | 20 +++++++++++++++++++- src/lib/libssl/ssl_locl.h | 3 ++- 8 files changed, 66 insertions(+), 8 deletions(-) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index c7731b3cf4..a1428907ac 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.92 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1950,9 +1950,16 @@ ssl3_get_cipher_by_id(unsigned int id) cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); if (cp != NULL && cp->valid == 1) return (cp); + return (NULL); } +const SSL_CIPHER * +ssl3_get_cipher_by_value(uint16_t value) +{ + return ssl3_get_cipher_by_id(SSL3_CK_ID | value); +} + uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c) { diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index c7731b3cf4..a1428907ac 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.92 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1950,9 +1950,16 @@ ssl3_get_cipher_by_id(unsigned int id) cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); if (cp != NULL && cp->valid == 1) return (cp); + return (NULL); } +const SSL_CIPHER * +ssl3_get_cipher_by_value(uint16_t value) +{ + return ssl3_get_cipher_by_id(SSL3_CK_ID | value); +} + uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c) { diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 571786dcf6..75103426f3 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.80 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.81 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1545,10 +1545,13 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id); +const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value); int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); +uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index ce82c2705c..96b4099d19 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1525,6 +1525,18 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, return (cipherstack); } +const SSL_CIPHER * +SSL_CIPHER_get_by_id(unsigned int id) +{ + return ssl3_get_cipher_by_id(id); +} + +const SSL_CIPHER * +SSL_CIPHER_get_by_value(uint16_t value) +{ + return ssl3_get_cipher_by_value(value); +} + char * SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { @@ -1728,6 +1740,12 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c) return c->id; } +uint16_t +SSL_CIPHER_get_value(const SSL_CIPHER *c) +{ + return ssl3_cipher_get_value(c); +} + void * SSL_COMP_get_compression_methods(void) { diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 94c0d4a83d..20656682bd 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.85 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.86 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -616,6 +616,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); +const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); int ssl3_renegotiate(SSL *ssl); diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 571786dcf6..75103426f3 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.80 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.81 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1545,10 +1545,13 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id); +const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value); int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); +uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index ce82c2705c..96b4099d19 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1525,6 +1525,18 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, return (cipherstack); } +const SSL_CIPHER * +SSL_CIPHER_get_by_id(unsigned int id) +{ + return ssl3_get_cipher_by_id(id); +} + +const SSL_CIPHER * +SSL_CIPHER_get_by_value(uint16_t value) +{ + return ssl3_get_cipher_by_value(value); +} + char * SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { @@ -1728,6 +1740,12 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c) return c->id; } +uint16_t +SSL_CIPHER_get_value(const SSL_CIPHER *c) +{ + return ssl3_cipher_get_value(c); +} + void * SSL_COMP_get_compression_methods(void) { diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 94c0d4a83d..20656682bd 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.85 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.86 2015/02/07 04:17:11 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -616,6 +616,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); +const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); int ssl3_renegotiate(SSL *ssl); -- cgit v1.2.3-55-g6feb