Don't send ciphersuites twice in QUIC

QUIC TLS was sending some ciphersuites twice in the ClientHello. This
was due to us declaring some TLSv1.3 ciphersuites in the list intended to
describe the TLSv1.2 ciphersuites supported by the SSL_METHOD.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20148)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 5448e32e73faa4cca8259b52eb849b8ab885d8d6..72ea5118aff0dca8ce4e37585c6d00873a16c517 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1262,70 +1262,16 @@ int ossl_quic_renegotiate_check(SSL *ssl, int initok)
 }
 
 /*
- * This is the subset of TLS1.3 ciphers which can be used with QUIC and which we
- * actually support.
- *
- * TODO(QUIC): CCM support
+ * These functions define the TLSv1.2 (and below) ciphers that are supported by
+ * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
  */
-static SSL_CIPHER tls13_quic_ciphers[] = {
-    {
-        1,
-        TLS1_3_RFC_AES_128_GCM_SHA256,
-        TLS1_3_RFC_AES_128_GCM_SHA256,
-        TLS1_3_CK_AES_128_GCM_SHA256,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_AES128GCM,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
-        128,
-        128,
-    }, {
-        1,
-        TLS1_3_RFC_AES_256_GCM_SHA384,
-        TLS1_3_RFC_AES_256_GCM_SHA384,
-        TLS1_3_CK_AES_256_GCM_SHA384,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_AES256GCM,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA384,
-        256,
-        256,
-    },
-    {
-        1,
-        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_CHACHA20POLY1305,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
-        256,
-        256,
-    }
-};
 
 int ossl_quic_num_ciphers(void)
 {
-    return OSSL_NELEM(tls13_quic_ciphers);
+    return 0;
 }
 
 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
 {
-    if (u >= OSSL_NELEM(tls13_quic_ciphers))
-        return NULL;
-
-    return &tls13_quic_ciphers[u];
+    return NULL;
 }

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 8c805fbfcfe365537ddf095f5703308b2010c528..0ea998d38329d9f6a2705cb5bc9e558bf4628368 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1495,9 +1495,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      */
     num_of_ciphers = ssl_method->num_ciphers();
 
-    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
-    if (co_list == NULL)
-        return NULL;          /* Failure */
+    if (num_of_ciphers > 0) {
+        co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+        if (co_list == NULL)
+            return NULL;          /* Failure */
+    }
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
                                disabled_mkey, disabled_auth, disabled_enc,