return(NULL);
}
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+ {
+ STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+ int i;
+ ciphers = SSL_get_ciphers(s);
+ if (!ciphers)
+ return NULL;
+ ssl_set_client_disabled(s);
+ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
+ {
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+ if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
+ {
+ if (!sk)
+ sk = sk_SSL_CIPHER_new_null();
+ if (!sk)
+ return NULL;
+ if (!sk_SSL_CIPHER_push(sk, c))
+ {
+ sk_SSL_CIPHER_free(sk);
+ return NULL;
+ }
+ }
+ }
+ return sk;
+ }
+
/** return a STACK of the ciphers available for the SSL and in order of
* algorithm id */
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
p=buf;
sk=s->session->ciphers;
+
+ if (sk_SSL_CIPHER_num(sk) == 0)
+ return NULL;
+
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
int n;
{
int i,j=0;
SSL_CIPHER *c;
- CERT *ct = s->cert;
unsigned char *q;
int no_scsv = s->renegotiate;
/* Set disabled masks for this session */
{
c=sk_SSL_CIPHER_value(sk,i);
/* Skip disabled ciphers */
- if (c->algorithm_ssl & ct->mask_ssl ||
- c->algorithm_mkey & ct->mask_k ||
- c->algorithm_auth & ct->mask_a)
+ if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED))
continue;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (c->id == SSL3_CK_SCSV)
}
# endif
-int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
+static int cert_set_custom_cli_ext(CERT *cert, unsigned short ext_type,
custom_cli_ext_first_cb_fn fn1,
custom_cli_ext_second_cb_fn fn2, void* arg)
{
custom_cli_ext_record* record;
/* Check for duplicates */
- for (i=0; i < ctx->custom_cli_ext_records_count; i++)
- if (ext_type == ctx->custom_cli_ext_records[i].ext_type)
+ for (i=0; i < cert->custom_cli_ext_records_count; i++)
+ if (ext_type == cert->custom_cli_ext_records[i].ext_type)
return 0;
- ctx->custom_cli_ext_records = OPENSSL_realloc(ctx->custom_cli_ext_records,
- (ctx->custom_cli_ext_records_count + 1) *
+ cert->custom_cli_ext_records = OPENSSL_realloc(cert->custom_cli_ext_records,
+ (cert->custom_cli_ext_records_count + 1) *
sizeof(custom_cli_ext_record));
- if (!ctx->custom_cli_ext_records) {
- ctx->custom_cli_ext_records_count = 0;
+ if (!cert->custom_cli_ext_records) {
+ cert->custom_cli_ext_records_count = 0;
return 0;
}
- ctx->custom_cli_ext_records_count++;
- record = &ctx->custom_cli_ext_records[ctx->custom_cli_ext_records_count - 1];
+ cert->custom_cli_ext_records_count++;
+ record = &cert->custom_cli_ext_records[cert->custom_cli_ext_records_count - 1];
record->ext_type = ext_type;
record->fn1 = fn1;
record->fn2 = fn2;
return 1;
}
-int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
+static int cert_set_custom_srv_ext(CERT *cert, unsigned short ext_type,
custom_srv_ext_first_cb_fn fn1,
custom_srv_ext_second_cb_fn fn2, void* arg)
{
custom_srv_ext_record* record;
/* Check for duplicates */
- for (i=0; i < ctx->custom_srv_ext_records_count; i++)
- if (ext_type == ctx->custom_srv_ext_records[i].ext_type)
+ for (i=0; i < cert->custom_srv_ext_records_count; i++)
+ if (ext_type == cert->custom_srv_ext_records[i].ext_type)
return 0;
- ctx->custom_srv_ext_records = OPENSSL_realloc(ctx->custom_srv_ext_records,
- (ctx->custom_srv_ext_records_count + 1) *
+ cert->custom_srv_ext_records = OPENSSL_realloc(cert->custom_srv_ext_records,
+ (cert->custom_srv_ext_records_count + 1) *
sizeof(custom_srv_ext_record));
- if (!ctx->custom_srv_ext_records) {
- ctx->custom_srv_ext_records_count = 0;
+ if (!cert->custom_srv_ext_records) {
+ cert->custom_srv_ext_records_count = 0;
return 0;
}
- ctx->custom_srv_ext_records_count++;
- record = &ctx->custom_srv_ext_records[ctx->custom_srv_ext_records_count - 1];
+ cert->custom_srv_ext_records_count++;
+ record = &cert->custom_srv_ext_records[cert->custom_srv_ext_records_count - 1];
record->ext_type = ext_type;
record->fn1 = fn1;
record->fn2 = fn2;
record->arg = arg;
return 1;
}
+
+int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
+ custom_cli_ext_first_cb_fn fn1,
+ custom_cli_ext_second_cb_fn fn2, void *arg)
+ {
+ return cert_set_custom_cli_ext(ctx->cert, ext_type, fn1, fn2,arg);
+ }
+
+int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
+ custom_srv_ext_first_cb_fn fn1,
+ custom_srv_ext_second_cb_fn fn2, void *arg)
+ {
+ return cert_set_custom_srv_ext(ctx->cert, ext_type, fn1, fn2,arg);
+ }
/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
*len = ssl->s3->alpn_selected_len;
}
-int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
- unsigned short supp_data_type,
- cli_supp_data_first_cb_fn fn1,
- cli_supp_data_second_cb_fn fn2, void* arg)
- {
- size_t i;
- cli_supp_data_record* record;
-
- /* Check for duplicates */
- for (i=0; i < ctx->cli_supp_data_records_count; i++)
- if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
- return 0;
-
- ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
- (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
- if (!ctx->cli_supp_data_records)
- {
- ctx->cli_supp_data_records_count = 0;
- return 0;
- }
- ctx->cli_supp_data_records_count++;
- record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
- record->supp_data_type = supp_data_type;
- record->fn1 = fn1;
- record->fn2 = fn2;
- record->arg = arg;
- return 1;
- }
-
-int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
- unsigned short supp_data_type,
- srv_supp_data_first_cb_fn fn1,
- srv_supp_data_second_cb_fn fn2, void* arg)
- {
- size_t i;
- srv_supp_data_record* record;
-
- /* Check for duplicates */
- for (i=0; i < ctx->srv_supp_data_records_count; i++)
- if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
- return 0;
-
- ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
- (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
- if (!ctx->srv_supp_data_records)
- {
- ctx->srv_supp_data_records_count = 0;
- return 0;
- }
- ctx->srv_supp_data_records_count++;
- record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
- record->supp_data_type = supp_data_type;
- record->fn1 = fn1;
- record->fn2 = fn2;
- record->arg = arg;
-
- return 1;
- }
-
#endif /* !OPENSSL_NO_TLSEXT */
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_init(ret);
#endif
- ret->custom_cli_ext_records = NULL;
- ret->custom_cli_ext_records_count = 0;
- ret->custom_srv_ext_records = NULL;
- ret->custom_srv_ext_records_count = 0;
- ret->cli_supp_data_records = NULL;
- ret->cli_supp_data_records_count = 0;
- ret->srv_supp_data_records = NULL;
- ret->srv_supp_data_records_count = 0;
#ifndef OPENSSL_NO_BUF_FREELISTS
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_free(a);
#endif
-#ifndef OPENSSL_NO_TLSEXT
- OPENSSL_free(a->custom_cli_ext_records);
- OPENSSL_free(a->custom_srv_ext_records);
- OPENSSL_free(a->cli_supp_data_records);
- OPENSSL_free(a->srv_supp_data_records);
-#endif
#ifndef OPENSSL_NO_ENGINE
if (a->client_cert_engine)
ENGINE_finish(a->client_cert_engine);
rsa_tmp=rsa_tmp_export=0;
#endif
#ifndef OPENSSL_NO_DH
- dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
- dh_tmp_export=(c->dh_tmp_cb != NULL ||
+ dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+ dh_tmp_export= !c->dh_tmp_auto && (c->dh_tmp_cb != NULL ||
(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
#else
dh_tmp=dh_tmp_export=0;
return s->server;
}
+void SSL_set_security_level(SSL *s, int level)
+ {
+ s->cert->sec_level = level;
+ }
+
+int SSL_get_security_level(const SSL *s)
+ {
+ return s->cert->sec_level;
+ }
+
+void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex))
+ {
+ s->cert->sec_cb = cb;
+ }
+
+int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)
+ {
+ return s->cert->sec_cb;
+ }
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+ {
+ s->cert->sec_ex = ex;
+ }
+
+void *SSL_get0_security_ex_data(const SSL *s)
+ {
+ return s->cert->sec_ex;
+ }
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+ {
+ ctx->cert->sec_level = level;
+ }
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+ {
+ return ctx->cert->sec_level;
+ }
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex))
+ {
+ ctx->cert->sec_cb = cb;
+ }
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)
+ {
+ return ctx->cert->sec_cb;
+ }
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+ {
+ ctx->cert->sec_ex = ex;
+ }
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+ {
+ return ctx->cert->sec_ex;
+ }
+
+
#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
#include "../crypto/bio/bss_file.c"
#endif