X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=e11746a6950890bab0a604ba0d19ee3a99ff5747;hp=18ec248f08a4bbdfbe06bde6606b87faef9cd704;hb=978c8aa8b79692d193437d28e2485ec5ffa9d6cc;hpb=cda8845ded7c0739c9142283ed4c449130b1b546

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 18ec248f08..e11746a695 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1440,9 +1440,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
                SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
         return (NULL);
     }
-    if ((skp == NULL) || (*skp == NULL))
+    if ((skp == NULL) || (*skp == NULL)) {
         sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-    else {
+        if(sk == NULL) {
+            SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
         sk = *skp;
         sk_SSL_CIPHER_zero(sk);
     }
@@ -2044,14 +2048,17 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
     int rsa_enc_export, dh_rsa_export, dh_dsa_export;
     int rsa_tmp_export, dh_tmp_export, kl;
     unsigned long mask_k, mask_a, emask_k, emask_a;
-    int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDSA
+    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+#endif
 #ifndef OPENSSL_NO_ECDH
-    int have_ecdh_tmp;
+    int have_ecdh_tmp, ecdh_ok;
 #endif
+#ifndef OPENSSL_NO_EC
     X509 *x = NULL;
     EVP_PKEY *ecc_pkey = NULL;
     int signature_nid = 0, pk_nid = 0, md_nid = 0;
-
+#endif
     if (c == NULL)
         return;
 
@@ -2090,7 +2097,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
     dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
     dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
     cpk = &(c->pkeys[SSL_PKEY_ECC]);
+#ifndef OPENSSL_NO_EC
     have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
+#endif
     mask_k = 0;
     mask_a = 0;
     emask_k = 0;
@@ -2168,6 +2177,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
      * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
      * depending on the key usage extension.
      */
+#ifndef OPENSSL_NO_EC
     if (have_ecc_cert) {
         /* This call populates extension flags (ex_flags) */
         x = (c->pkeys[SSL_PKEY_ECC]).x509;
@@ -2212,6 +2222,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         }
 #endif
     }
+#endif
 #ifndef OPENSSL_NO_ECDH
     if (have_ecdh_tmp) {
         mask_k |= SSL_kEECDH;