Add official extension value.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fe795a1a5598c68738e7cde8c11b8e1aa43e6d3e..4720680769f4736da7a62ecb1e3c2744cfb92a3f 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1342,6 +1342,33 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
        return(NULL);
        }
 
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+       {
+       STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+       int i;
+       ciphers = SSL_get_ciphers(s);
+       if (!ciphers)
+               return NULL;
+       ssl_set_client_disabled(s);
+       for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
+               {
+               const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+               if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
+                       {
+                       if (!sk)
+                               sk = sk_SSL_CIPHER_new_null();
+                       if (!sk)
+                               return NULL;
+                       if (!sk_SSL_CIPHER_push(sk, c))
+                               {
+                               sk_SSL_CIPHER_free(sk);
+                               return NULL;
+                               }
+                       }
+               }
+       return sk;
+       }
+
 /** return a STACK of the ciphers available for the SSL and in order of
  * algorithm id */
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
@@ -1432,6 +1459,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 
        p=buf;
        sk=s->session->ciphers;
+
+       if (sk_SSL_CIPHER_num(sk) == 0)
+               return NULL;
+
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
                int n;
@@ -1459,7 +1490,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        {
        int i,j=0;
        SSL_CIPHER *c;
-       CERT *ct = s->cert;
        unsigned char *q;
        int no_scsv = s->renegotiate;
        /* Set disabled masks for this session */
@@ -1472,9 +1502,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                {
                c=sk_SSL_CIPHER_value(sk,i);
                /* Skip disabled ciphers */
-               if (c->algorithm_ssl & ct->mask_ssl ||
-                       c->algorithm_mkey & ct->mask_k ||
-                       c->algorithm_auth & ct->mask_a)
+               if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
                        continue;
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
                if (c->id == SSL3_CK_SCSV)
@@ -2353,8 +2381,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        rsa_tmp=rsa_tmp_export=0;
 #endif
 #ifndef OPENSSL_NO_DH
-       dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-       dh_tmp_export=(c->dh_tmp_cb != NULL ||
+       dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+       dh_tmp_export= !c->dh_tmp_auto && (c->dh_tmp_cb != NULL ||
                (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
 #else
        dh_tmp=dh_tmp_export=0;
@@ -2411,20 +2439,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                emask_k|=SSL_kRSA;
 
 #if 0
-       /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+       /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
        if (    (dh_tmp || dh_rsa || dh_dsa) &&
                (rsa_enc || rsa_sign || dsa_sign))
-               mask_k|=SSL_kEDH;
+               mask_k|=SSL_kDHE;
        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
                (rsa_enc || rsa_sign || dsa_sign))
-               emask_k|=SSL_kEDH;
+               emask_k|=SSL_kDHE;
 #endif
 
        if (dh_tmp_export)
-               emask_k|=SSL_kEDH;
+               emask_k|=SSL_kDHE;
 
        if (dh_tmp)
-               mask_k|=SSL_kEDH;
+               mask_k|=SSL_kDHE;
 
        if (dh_rsa) mask_k|=SSL_kDHr;
        if (dh_rsa_export) emask_k|=SSL_kDHr;
@@ -2522,8 +2550,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
        if (have_ecdh_tmp)
                {
-               mask_k|=SSL_kEECDH;
-               emask_k|=SSL_kEECDH;
+               mask_k|=SSL_kECDHE;
+               emask_k|=SSL_kECDHE;
                }
 #endif
 
@@ -2635,6 +2663,8 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
        int i;
 
        c = s->cert;
+       if (!s->s3 || !s->s3->tmp.new_cipher)
+               return NULL;
        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
@@ -2750,6 +2780,11 @@ void ssl_update_cache(SSL *s,int mode)
                }
        }
 
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+       {
+       return ctx->method;
+       }
+
 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
        {
        return(s->method);
@@ -3609,6 +3644,67 @@ int SSL_is_server(SSL *s)
        return s->server;
        }
 
+void SSL_set_security_level(SSL *s, int level)
+       {
+       s->cert->sec_level = level;
+       }
+
+int SSL_get_security_level(const SSL *s)
+       {
+       return s->cert->sec_level;
+       }
+
+void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex))
+       {
+       s->cert->sec_cb = cb;
+       }
+
+int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)
+       {
+       return s->cert->sec_cb;
+       }
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+       {
+       s->cert->sec_ex = ex;
+       }
+
+void *SSL_get0_security_ex_data(const SSL *s)
+       {
+       return s->cert->sec_ex;
+       }
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+       {
+       ctx->cert->sec_level = level;
+       }
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+       {
+       return ctx->cert->sec_level;
+       }
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex))
+       {
+       ctx->cert->sec_cb = cb;
+       }
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)
+       {
+       return ctx->cert->sec_cb;
+       }
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+       {
+       ctx->cert->sec_ex = ex;
+       }
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+       {
+       return ctx->cert->sec_ex;
+       }
+
+
 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif