-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
- {
- char *p;
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int i;
-
- if ((s->session == NULL) || (s->session->ciphers == NULL) ||
- (len < 2))
- return(NULL);
-
- p=buf;
- sk=s->session->ciphers;
-
- if (sk_SSL_CIPHER_num(sk) == 0)
- return NULL;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- int n;
-
- c=sk_SSL_CIPHER_value(sk,i);
- n=strlen(c->name);
- if (n+1 > len)
- {
- if (p != buf)
- --p;
- *p='\0';
- return buf;
- }
- strcpy(p,c->name);
- p+=n;
- *(p++)=':';
- len-=n+1;
- }
- p[-1]='\0';
- return(buf);
- }
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- int (*put_cb)(const SSL_CIPHER *, unsigned char *))
- {
- int i,j=0;
- SSL_CIPHER *c;
- unsigned char *q;
- int empty_reneg_info_scsv = !s->renegotiate;
- /* Set disabled masks for this session */
- ssl_set_client_disabled(s);
-
- if (sk == NULL) return(0);
- q=p;
- if (put_cb == NULL)
- put_cb = s->method->put_cipher_by_char;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- /* Skip disabled ciphers */
- if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
- continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (c->id == SSL3_CK_SCSV)
- {
- if (!empty_reneg_info_scsv)
- continue;
- else
- empty_reneg_info_scsv = 0;
- }
-#endif
- j = put_cb(c,p);
- p+=j;
- }
- /* If p == q, no ciphers; caller indicates an error.
- * Otherwise, add applicable SCSVs. */
- if (p != q)
- {
- if (empty_reneg_info_scsv)
- {
- static SSL_CIPHER scsv =
- {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
- };
- j = put_cb(&scsv,p);
- p+=j;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
- }
- if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
- {
- static SSL_CIPHER scsv =
- {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
- };
- j = put_cb(&scsv,p);
- p+=j;
- }
- }
-
- return(p-q);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp)
- {
- const SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
- int i,n;
-
- if (s->s3)
- s->s3->send_connection_binding = 0;
-
- n=ssl_put_cipher_by_char(s,NULL,NULL);
- if (n == 0 || (num%n) != 0)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- return(NULL);
- }
- if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
- else
- {
- sk= *skp;
- sk_SSL_CIPHER_zero(sk);
- }
-
- if (s->cert->ciphers_raw)
- OPENSSL_free(s->cert->ciphers_raw);
- s->cert->ciphers_raw = BUF_memdup(p, num);
- if (s->cert->ciphers_raw == NULL)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- s->cert->ciphers_rawlen = (size_t)num;
-
- for (i=0; i<num; i+=n)
- {
- /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
- if (s->s3 && (n != 3 || !p[0]) &&
- (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
- (p[n-1] == (SSL3_CK_SCSV & 0xff)))
- {
- /* SCSV fatal if renegotiating */
- if (s->renegotiate)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- goto err;
- }
- s->s3->send_connection_binding = 1;
- p += n;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "SCSV received by server\n");
-#endif
- continue;
- }
-
- /* Check for TLS_FALLBACK_SCSV */
- if ((n != 3 || !p[0]) &&
- (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
- (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff)))
- {
- /* The SCSV indicates that the client previously tried a higher version.
- * Fail if the current version is an unexpected downgrade. */
- if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK);
- if (s->s3)
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
- goto err;
- }
- p += n;
- continue;
- }
-
- c=ssl_get_cipher_by_char(s,p);
- p+=n;
- if (c != NULL)
- {
- if (!sk_SSL_CIPHER_push(sk,c))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
-
- if (skp != NULL)
- *skp=sk;
- return(sk);
-err:
- if ((skp == NULL) || (*skp == NULL))
- sk_SSL_CIPHER_free(sk);
- return(NULL);
- }
-
-
-#ifndef OPENSSL_NO_TLSEXT