Commit 94a209d8 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add ctrl and utility functions to retrieve raw cipher list sent by client in 

client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
parent 24edfa9d

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -4,6 +4,10 @@ 


 Changes between 1.0.x and 1.1.0  [xx XXX xxxx]



  *) Add functions to retrieve and manipulate the raw cipherlist sent by a

     client to OpenSSL.

     [Steve Henson]



  *) New Suite B modes for TLS code. These use and enforce the requirements

     of RFC6460: restrict ciphersuites, only permit Suite B algorithms and

     only use Suite B curves. The Suite B modes can be set by using the

ssl/s2_lib.c

+1 −4
Original line number Diff line number Diff line
@@ -424,9 +424,6 @@ const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) 
		((unsigned long)p[1]<<8L)|(unsigned long)p[2];

	c.id=id;

	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);

	if ((cp == NULL) || (cp->valid == 0))

		return NULL;

	else

	return cp;

	}

ssl/s3_lib.c

+1 −4
Original line number Diff line number Diff line
@@ -3965,9 +3965,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES

if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);

#endif

	if (cp == NULL || cp->valid == 0)

		return NULL;

	else

	return cp;

	}

ssl/ssl.h

+6 −0
Original line number Diff line number Diff line
@@ -1709,6 +1709,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 
#define SSL_CTRL_SET_CHAIN_CERT_STORE		107

#define SSL_CTRL_GET_PEER_SIGNATURE_NID		108

#define SSL_CTRL_GET_SERVER_TMP_KEY		109

#define SSL_CTRL_GET_RAW_CIPHERLIST		110



#define DTLSv1_get_timeout(ssl, arg) \

	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1839,6 +1840,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 
#define SSL_get_server_tmp_key(s, pk) \

	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)



#define SSL_get0_raw_cipherlist(s, plst) \

	SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)



#ifndef OPENSSL_NO_BIO

BIO_METHOD *BIO_f_ssl(void);

BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
@@ -2241,6 +2245,8 @@ void *SSL_COMP_get_compression_methods(void); 
int SSL_COMP_add_compression_method(int id,void *cm);

#endif



const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);



/* TLS extensions functions */

int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);

ssl/ssl_cert.c

+4 −0
Original line number Diff line number Diff line
@@ -409,6 +409,8 @@ CERT *ssl_cert_dup(CERT *cert) 
		ret->chain_store = cert->chain_store;

		}



	ret->ciphers_raw = NULL;



	return(ret);

	

#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@@ -511,6 +513,8 @@ void ssl_cert_free(CERT *c) 
		X509_STORE_free(c->verify_store);

	if (c->chain_store)

		X509_STORE_free(c->chain_store);

	if (c->ciphers_raw)

		OPENSSL_free(c->ciphers_raw);

	OPENSSL_free(c);

	}