X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=b1d78dc35ef35faaa30a862b53b048a3fca0a850;hp=1509423020b4a24dff4514bc8c1f702f63da5f4e;hb=d47eb76cd5fef2495c23705733d7034370063556;hpb=4cffafe96786558f66e1900ac462f9ccba921132 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1509423020..b1d78dc35e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2549,99 +2549,6 @@ int SSL_set_cipher_list(SSL *s, const char *str) return 1; } -static int ciphersuite_cb(const char *elem, int len, void *arg) -{ - STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg; - const SSL_CIPHER *cipher; - /* Arbitrary sized temp buffer for the cipher name. Should be big enough */ - char name[80]; - - if (len > (int)(sizeof(name) - 1)) { - SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); - return 0; - } - - memcpy(name, elem, len); - name[len] = '\0'; - - cipher = ssl3_get_cipher_by_std_name(name); - if (cipher == NULL) { - SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); - return 0; - } - - if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) { - SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} - -static int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) -{ - STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); - - if (newciphers == NULL) - return 0; - - /* Parse the list. We explicitly allow an empty list */ - if (*str != '\0' - && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) { - sk_SSL_CIPHER_free(newciphers); - return 0; - } - sk_SSL_CIPHER_free(*currciphers); - *currciphers = newciphers; - - return 1; -} - -static int update_cipher_list(STACK_OF(SSL_CIPHER) *cipher_list, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites) -{ - int i; - - /* - * Delete any existing TLSv1.3 ciphersuites. These are always first in the - * list. - */ - while (sk_SSL_CIPHER_num(cipher_list) > 0 - && sk_SSL_CIPHER_value(cipher_list, 0)->min_tls == TLS1_3_VERSION) - sk_SSL_CIPHER_delete(cipher_list, 0); - - /* Insert the new TLSv1.3 ciphersuites */ - for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) - sk_SSL_CIPHER_insert(cipher_list, - sk_SSL_CIPHER_value(tls13_ciphersuites, i), i); - - return 1; -} - -int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) -{ - int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); - - if (ret && ctx->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ - return update_cipher_list(ctx->cipher_list, ctx->tls13_ciphersuites); - } - - return ret; -} - -int SSL_set_ciphersuites(SSL *s, const char *str) -{ - int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); - - if (ret && s->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ - return update_cipher_list(s->cipher_list, s->tls13_ciphersuites); - } - - return ret; -} - char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { char *p; @@ -5048,9 +4955,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } - present = OPENSSL_malloc(sizeof(*present) * num); - if (present == NULL) + if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { + SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, + ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { ext = s->clienthello->pre_proc_exts + i; if (ext->present) {