Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 6cb8b33b5beb747a3b8f373b4c952d2a0c602f21..f9fbc5954fe4a73c97541348b9d5b635f125f130 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -18,7 +18,7 @@
 #include <openssl/conf.h>
 #include <openssl/trace.h>
 #include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/thread_once.h"
 #include "internal/cryptlib.h"
 
@@ -93,7 +93,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
 
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
- * in the ssl_locl.h
+ * in the ssl_local.h
  */
 
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
@@ -461,7 +461,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
     SSL_COMP *comp = NULL;
     COMP_METHOD *method = COMP_zlib();
 
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
 
     if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
@@ -474,7 +473,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
             sk_SSL_COMP_sort(ssl_comp_methods);
         }
     }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return 1;
 }
 
@@ -1380,24 +1378,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
 {
     int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
 
-    if (ret && ctx->cipher_list != NULL) {
-        /* We already have a cipher_list, so we need to update it */
+    if (ret && ctx->cipher_list != NULL)
         return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
                                   ctx->tls13_ciphersuites);
-    }
 
     return ret;
 }
 
 int SSL_set_ciphersuites(SSL *s, const char *str)
 {
+    STACK_OF(SSL_CIPHER) *cipher_list;
     int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
 
-    if (ret && s->cipher_list != NULL) {
-        /* We already have a cipher_list, so we need to update it */
+    if (s->cipher_list == NULL) {
+        if ((cipher_list = SSL_get_ciphers(s)) != NULL)
+            s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
+    }
+    if (ret && s->cipher_list != NULL)
         return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
                                   s->tls13_ciphersuites);
-    }
 
     return ret;
 }
@@ -1580,7 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
             rule_p++;
     }
 
-    if (ok && (strlen(rule_p) > 0))
+    if (ok && (rule_p[0] != '\0'))
         ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
 
     OPENSSL_free(ca_list);      /* Not needed anymore */
@@ -1985,10 +1984,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         return 1;
     }
 
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     comp = OPENSSL_malloc(sizeof(*comp));
     if (comp == NULL) {
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
         return 1;
     }
@@ -1998,18 +1995,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
     load_builtin_compressions();
     if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
         OPENSSL_free(comp);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
                SSL_R_DUPLICATE_COMPRESSION_ID);
         return 1;
     }
     if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
         OPENSSL_free(comp);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
         return 1;
     }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return 0;
 }
 #endif