X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=9f4040d7015fcdc4dd7be1295fc90dbcdd0a4c37;hb=17160033765480453be0a41335fa6b833691c049;hp=cc9b965778e5bcf4e13e1930823d1dfa394d038f;hpb=09599b52d4e295c380512ba39958a11994d63401;p=openssl.git diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cc9b965778..9f4040d701 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1342,6 +1342,33 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) return(NULL); } +STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) + { + STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; + int i; + ciphers = SSL_get_ciphers(s); + if (!ciphers) + return NULL; + ssl_set_client_disabled(s); + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) + { + const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); + if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED)) + { + if (!sk) + sk = sk_SSL_CIPHER_new_null(); + if (!sk) + return NULL; + if (!sk_SSL_CIPHER_push(sk, c)) + { + sk_SSL_CIPHER_free(sk); + return NULL; + } + } + } + return sk; + } + /** return a STACK of the ciphers available for the SSL and in order of * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) @@ -1432,6 +1459,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) p=buf; sk=s->session->ciphers; + + if (sk_SSL_CIPHER_num(sk) == 0) + return NULL; + for (i=0; icert; unsigned char *q; int no_scsv = s->renegotiate; /* Set disabled masks for this session */ @@ -1472,9 +1502,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, { c=sk_SSL_CIPHER_value(sk,i); /* Skip disabled ciphers */ - if (c->algorithm_ssl & ct->mask_ssl || - c->algorithm_mkey & ct->mask_k || - c->algorithm_auth & ct->mask_a) + if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED)) continue; #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL if (c->id == SSL3_CK_SCSV) @@ -1851,65 +1879,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, *len = ssl->s3->alpn_selected_len; } -int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - cli_supp_data_first_cb_fn fn1, - cli_supp_data_second_cb_fn fn2, void* arg) - { - size_t i; - cli_supp_data_record* record; - - /* Check for duplicates */ - for (i=0; i < ctx->cli_supp_data_records_count; i++) - if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type) - return 0; - - ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records, - (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record)); - if (!ctx->cli_supp_data_records) - { - ctx->cli_supp_data_records_count = 0; - return 0; - } - ctx->cli_supp_data_records_count++; - record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1]; - record->supp_data_type = supp_data_type; - record->fn1 = fn1; - record->fn2 = fn2; - record->arg = arg; - return 1; - } - -int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - srv_supp_data_first_cb_fn fn1, - srv_supp_data_second_cb_fn fn2, void* arg) - { - size_t i; - srv_supp_data_record* record; - - /* Check for duplicates */ - for (i=0; i < ctx->srv_supp_data_records_count; i++) - if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type) - return 0; - - ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records, - (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record)); - if (!ctx->srv_supp_data_records) - { - ctx->srv_supp_data_records_count = 0; - return 0; - } - ctx->srv_supp_data_records_count++; - record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1]; - record->supp_data_type = supp_data_type; - record->fn1 = fn1; - record->fn2 = fn2; - record->arg = arg; - - return 1; - } - #endif /* !OPENSSL_NO_TLSEXT */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -2113,10 +2082,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->custom_cli_ext_records_count = 0; ret->custom_srv_ext_records = NULL; ret->custom_srv_ext_records_count = 0; - ret->cli_supp_data_records = NULL; - ret->cli_supp_data_records_count = 0; - ret->srv_supp_data_records = NULL; - ret->srv_supp_data_records_count = 0; #ifndef OPENSSL_NO_BUF_FREELISTS ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); @@ -2258,8 +2223,6 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_TLSEXT OPENSSL_free(a->custom_cli_ext_records); OPENSSL_free(a->custom_srv_ext_records); - OPENSSL_free(a->cli_supp_data_records); - OPENSSL_free(a->srv_supp_data_records); #endif #ifndef OPENSSL_NO_ENGINE if (a->client_cert_engine) @@ -3616,6 +3579,67 @@ int SSL_is_server(SSL *s) return s->server; } +void SSL_set_security_level(SSL *s, int level) + { + s->cert->sec_level = level; + } + +int SSL_get_security_level(const SSL *s) + { + return s->cert->sec_level; + } + +void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) + { + s->cert->sec_cb = cb; + } + +int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) + { + return s->cert->sec_cb; + } + +void SSL_set0_security_ex_data(SSL *s, void *ex) + { + s->cert->sec_ex = ex; + } + +void *SSL_get0_security_ex_data(const SSL *s) + { + return s->cert->sec_ex; + } + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) + { + ctx->cert->sec_level = level; + } + +int SSL_CTX_get_security_level(const SSL_CTX *ctx) + { + return ctx->cert->sec_level; + } + +void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) + { + ctx->cert->sec_cb = cb; + } + +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) + { + return ctx->cert->sec_cb; + } + +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex) + { + ctx->cert->sec_ex = ex; + } + +void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) + { + return ctx->cert->sec_ex; + } + + #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) #include "../crypto/bio/bss_file.c" #endif