GH634: fix potential memory leak

[openssl.git] / apps / ciphers.c

diff --git a/apps/ciphers.c b/apps/ciphers.c
index bf3c20499e1f35db9b3340ac72a0e440c888045c..3e1ed951a2877c7ddac0849d3fb1e9f23d417b23 100644 (file)
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -67,6 +67,9 @@ typedef enum OPTION_choice {
     OPT_STDNAME,
     OPT_SSL3,
     OPT_TLS1,
+    OPT_TLS1_1,
+    OPT_TLS1_2,
+    OPT_PSK,
     OPT_V, OPT_UPPER_V, OPT_S
 } OPTION_CHOICE;
 
@@ -75,16 +78,37 @@ OPTIONS ciphers_options[] = {
     {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
     {"V", OPT_UPPER_V, '-', "Even more verbose"},
     {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
     {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
 #ifndef OPENSSL_NO_SSL_TRACE
     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
 #endif
-#ifndef OPENSSL_NO_SSL3
-    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#ifndef OPENSSL_NO_PSK
+    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
 #endif
     {NULL}
 };
 
+#ifndef OPENSSL_NO_PSK
+static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+                              unsigned int max_identity_len,
+                              unsigned char *psk,
+                              unsigned int max_psk_len)
+{
+    return 0;
+}
+#endif
+
 int ciphers_main(int argc, char **argv)
 {
     SSL_CTX *ctx = NULL;
@@ -94,6 +118,9 @@ int ciphers_main(int argc, char **argv)
     int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
 #ifndef OPENSSL_NO_SSL_TRACE
     int stdname = 0;
+#endif
+#ifndef OPENSSL_NO_PSK
+    int psk = 0;
 #endif
     const char *p;
     char *ciphers = NULL, *prog;
@@ -132,7 +159,24 @@ int ciphers_main(int argc, char **argv)
 #endif
             break;
         case OPT_TLS1:
+#ifndef OPENSSL_NO_TLS1
             meth = TLSv1_client_method();
+#endif
+            break;
+        case OPT_TLS1_1:
+#ifndef OPENSSL_NO_TLS1_1
+            meth = TLSv1_1_client_method();
+#endif
+            break;
+        case OPT_TLS1_2:
+#ifndef OPENSSL_NO_TLS1_2
+            meth = TLSv1_2_client_method();
+#endif
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            psk = 1;
+#endif
             break;
         }
     }
@@ -147,6 +191,10 @@ int ciphers_main(int argc, char **argv)
     ctx = SSL_CTX_new(meth);
     if (ctx == NULL)
         goto err;
+#ifndef OPENSSL_NO_PSK
+    if (psk)
+        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
+#endif
     if (ciphers != NULL) {
         if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
             BIO_printf(bio_err, "Error in cipher list\n");
@@ -164,7 +212,7 @@ int ciphers_main(int argc, char **argv)
 
     if (!verbose) {
         for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-            SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
             p = SSL_CIPHER_get_name(c);
             if (p == NULL)
                 break;
@@ -176,7 +224,7 @@ int ciphers_main(int argc, char **argv)
     } else {
 
         for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-            SSL_CIPHER *c;
+            const SSL_CIPHER *c;
 
             c = sk_SSL_CIPHER_value(sk, i);