I'm reversing this change, as it seems the error is somewhere else.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fbcfc527cc4ec963bf34046e897dc3fd9233eeae..f8c8e1d8ac565fac6f925cd8dc0c2fd9647b6af6 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -125,7 +125,9 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -866,7 +868,7 @@ int SSL_peek(SSL *s,void *buf,int num)
        {
        if (s->handshake_func == 0)
                {
-               SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+               SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
                return -1;
                }
 
@@ -1153,8 +1155,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
        
        sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
                &ctx->cipher_list_by_id,str);
-/* XXXX */
-       return((sk == NULL)?0:1);
+       /* ssl_create_cipher_list may return an empty stack if it
+        * was unable to find a cipher matching the given rule string
+        * (for example if the rule string specifies a cipher which
+        * has been disabled). This is not an error as far as 
+        * ssl_create_cipher_list is concerned, and hence 
+        * ctx->cipher_list and ctx->cipher_list_by_id has been
+        * updated. */
+       if (sk == NULL)
+               return 0;
+       else if (sk_SSL_CIPHER_num(sk) == 0)
+               {
+               SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+               return 0;
+               }
+       return 1;
        }
 
 /** specify the ciphers to be used by the SSL */
@@ -1164,8 +1179,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
        
        sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
                &s->cipher_list_by_id,str);
-/* XXXX */
-       return((sk == NULL)?0:1);
+       /* see comment in SSL_CTX_set_cipher_list */
+       if (sk == NULL)
+               return 0;
+       else if (sk_SSL_CIPHER_num(sk) == 0)
+               {
+               SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+               return 0;
+               }
+       return 1;
        }
 
 /* works well for SSLv2, not so good for SSLv3 */
@@ -1204,7 +1226,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        return(buf);
        }
 
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
        {
        int i,j=0;
        SSL_CIPHER *c;
@@ -1223,7 +1246,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
                 if ((c->algorithms & SSL_KRB5) && nokrb5)
                     continue;
 #endif /* OPENSSL_NO_KRB5 */                    
-               j=ssl_put_cipher_by_char(s,c,p);
+
+               j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }
        return(p-q);
@@ -1375,8 +1399,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->default_passwd_callback=0;
        ret->default_passwd_callback_userdata=NULL;
        ret->client_cert_cb=0;
-    ret->app_gen_cookie_cb=0;
-    ret->app_verify_cookie_cb=0;
+       ret->app_gen_cookie_cb=0;
+       ret->app_verify_cookie_cb=0;
 
        ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
                        LHASH_COMP_FN(SSL_SESSION_cmp));
@@ -1529,7 +1553,10 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
        int rsa_tmp_export,dh_tmp_export,kl;
        unsigned long mask,emask;
-       int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+       int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+       int have_ecdh_tmp;
+#endif
        X509 *x = NULL;
        EVP_PKEY *ecc_pkey = NULL;
        int signature_nid = 0;
@@ -2374,7 +2401,9 @@ void SSL_set_info_callback(SSL *ssl,
        ssl->info_callback=cb;
        }
 
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val)
+/* One compiler (Diab DCC) doesn't like argument names in returned
+   function pointer.  */
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
        {
        return ssl->info_callback;
        }