diff options
| author | Parménides GV <parmegv@sdf.org> | 2014-09-23 18:10:57 +0200 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2014-09-23 18:10:57 +0200 |
| commit | d0e7ba3029b2fd42582413aa95773fe7dbdede90 (patch) | |
| tree | 733b8601d6e3a070fc54bde280526e16d0c69507 /app/openssl/ssl/ssl_lib.c | |
| parent | 248ce016ac2f33df9673e90277733abfd854f27d (diff) | |
Updated native subprojects from ics-openvpn.
Diffstat (limited to 'app/openssl/ssl/ssl_lib.c')
| -rw-r--r-- | app/openssl/ssl/ssl_lib.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/app/openssl/ssl/ssl_lib.c b/app/openssl/ssl/ssl_lib.c index 8d2c3a76..3de68a78 100644 --- a/app/openssl/ssl/ssl_lib.c +++ b/app/openssl/ssl/ssl_lib.c @@ -1403,6 +1403,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) p=buf; sk=s->session->ciphers; + + if (sk_SSL_CIPHER_num(sk) == 0) + return NULL; + for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { int n; @@ -2671,6 +2675,10 @@ int SSL_get_error(const SSL *s,int i) { return(SSL_ERROR_WANT_X509_LOOKUP); } + if ((i < 0) && SSL_want_channel_id_lookup(s)) + { + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); + } if (i == 0) { @@ -3419,12 +3427,41 @@ int SSL_cutthrough_complete(const SSL *s) s->version >= SSL3_VERSION && s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ - SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */ + ssl3_can_cutthrough(s) && /* cutthrough allowed */ s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */ (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ s->state == SSL3_ST_CR_FINISHED_A)); } +int ssl3_can_cutthrough(const SSL *s) + { + const SSL_CIPHER *c; + + /* require a strong enough cipher */ + if (SSL_get_cipher_bits(s, NULL) < 128) + return 0; + + /* require ALPN or NPN extension */ + if (!s->s3->alpn_selected +#ifndef OPENSSL_NO_NEXTPROTONEG + && !s->s3->next_proto_neg_seen +#endif + ) + { + return 0; + } + + /* require a forward-secret cipher */ + c = SSL_get_current_cipher(s); + if (!c || (c->algorithm_mkey != SSL_kEDH && + c->algorithm_mkey != SSL_kEECDH)) + { + return 0; + } + + return 1; + } + /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer * vairable, freeing EVP_MD_CTX previously stored in that variable, if * any. If EVP_MD pointer is passed, initializes ctx with this md |