2 files changed, 70 insertions, 4 deletions
diff --git a/vendor/openssl/src/ssl/mod.rs b/vendor/openssl/src/ssl/mod.rs
index 6ef356d36..27e817f30 100644
--- a/vendor/openssl/src/ssl/mod.rs
+++ b/vendor/openssl/src/ssl/mod.rs
@@ -72,7 +72,7 @@ use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};
 use crate::ssl::bio::BioMethod;
 use crate::ssl::callbacks::*;
 use crate::ssl::error::InnerError;
-use crate::stack::{Stack, StackRef};
+use crate::stack::{Stack, StackRef, Stackable};
 use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
 use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
 #[cfg(any(ossl102, libressl261))]
@@ -599,7 +599,7 @@ impl AlpnError {
     /// Terminate the handshake with a fatal alert.
     ///
     /// Requires OpenSSL 1.1.0 or newer.
-    #[cfg(any(ossl110))]
+    #[cfg(ossl110)]
     pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
 
     /// Do not select a protocol, but continue the handshake.
@@ -644,6 +644,17 @@ impl SslVersion {
     /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
     #[cfg(any(ossl111, libressl340))]
     pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
+
+    /// DTLSv1.0
+    ///
+    /// DTLS 1.0 corresponds to TLS 1.1.
+    pub const DTLS1: SslVersion = SslVersion(ffi::DTLS1_VERSION);
+
+    /// DTLSv1.2
+    ///
+    /// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1.
+    #[cfg(any(ossl102, libressl332))]
+    pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION);
 }
 
 cfg_if! {
@@ -1929,6 +1940,10 @@ impl ForeignType for SslCipher {
     }
 }
 
+impl Stackable for SslCipher {
+    type StackType = ffi::stack_st_SSL_CIPHER;
+}
+
 impl Deref for SslCipher {
     type Target = SslCipherRef;
 
@@ -2045,6 +2060,19 @@ impl SslCipherRef {
     }
 }
 
+impl fmt::Debug for SslCipherRef {
+    fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(fmt, "{}", self.name())
+    }
+}
+
+/// A stack of selected ciphers, and a stack of selected signalling cipher suites
+#[derive(Debug)]
+pub struct CipherLists {
+    pub suites: Stack<SslCipher>,
+    pub signalling_suites: Stack<SslCipher>,
+}
+
 foreign_type_and_impl_send_sync! {
     type CType = ffi::SSL_SESSION;
     fn drop = ffi::SSL_SESSION_free;
@@ -2385,7 +2413,7 @@ impl SslRef {
     ///
     /// Requires OpenSSL 1.0.1 or 1.0.2.
     #[corresponds(SSL_set_tmp_ecdh_callback)]
-    #[cfg(any(all(ossl101, not(ossl110))))]
+    #[cfg(all(ossl101, not(ossl110)))]
     #[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")]
     pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
     where
@@ -3072,6 +3100,41 @@ impl SslRef {
         }
     }
 
+    /// Decodes a slice of wire-format cipher suite specification bytes. Unsupported cipher suites
+    /// are ignored.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    #[corresponds(SSL_bytes_to_cipher_list)]
+    #[cfg(ossl111)]
+    pub fn bytes_to_cipher_list(
+        &self,
+        bytes: &[u8],
+        isv2format: bool,
+    ) -> Result<CipherLists, ErrorStack> {
+        unsafe {
+            let ptr = bytes.as_ptr();
+            let len = bytes.len();
+            let mut sk = ptr::null_mut();
+            let mut scsvs = ptr::null_mut();
+            let res = ffi::SSL_bytes_to_cipher_list(
+                self.as_ptr(),
+                ptr,
+                len,
+                isv2format as c_int,
+                &mut sk,
+                &mut scsvs,
+            );
+            if res == 1 {
+                Ok(CipherLists {
+                    suites: Stack::from_ptr(sk),
+                    signalling_suites: Stack::from_ptr(scsvs),
+                })
+            } else {
+                Err(ErrorStack::get())
+            }
+        }
+    }
+
     /// Returns the compression methods field of the client's hello message.
     ///
     /// This can only be used inside of the client hello callback. Otherwise, `None` is returned.
diff --git a/vendor/openssl/src/ssl/test/mod.rs b/vendor/openssl/src/ssl/test/mod.rs
index a34309a7d..7707af238 100644
--- a/vendor/openssl/src/ssl/test/mod.rs
+++ b/vendor/openssl/src/ssl/test/mod.rs
@@ -467,7 +467,7 @@ fn test_alpn_server_advertise_multiple() {
 }
 
 #[test]
-#[cfg(any(ossl110))]
+#[cfg(ossl110)]
 fn test_alpn_server_select_none_fatal() {
     let mut server = Server::builder();
     server.ctx().set_alpn_select_callback(|_, client| {
@@ -1458,6 +1458,9 @@ fn client_hello() {
         assert!(ssl.client_hello_session_id().is_some());
         assert!(ssl.client_hello_ciphers().is_some());
         assert!(ssl.client_hello_compression_methods().is_some());
+        assert!(ssl
+            .bytes_to_cipher_list(ssl.client_hello_ciphers().unwrap(), ssl.client_hello_isv2())
+            .is_ok());
 
         CALLED_BACK.store(true, Ordering::SeqCst);
         Ok(ClientHelloResponse::SUCCESS)