Let SSL_CTX_get_ciphers(NULL) return NULL rather than crash

for compatibility with OpenSSL
and for consistency with neighbouring functions;
suggested by jsing@ after i documented the crash;
OK jsing@.

2 files changed, 7 insertions, 6 deletions

diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3
index 598e954456..8030f0bbb1 100644
--- a/src/lib/libssl/man/SSL_get_ciphers.3
+++ b/src/lib/libssl/man/SSL_get_ciphers.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_get_ciphers.3,v 1.10 2020/09/16 07:11:14 schwarze Exp $
+.\" $OpenBSD: SSL_get_ciphers.3,v 1.11 2020/09/16 07:25:15 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
@@ -176,12 +176,11 @@ is called on that context object.
 .Fn SSL_CTX_get_ciphers
 returns an internal pointer to a list of ciphers or
 .Dv NULL
-if no ciphers are available.
-If
+if
 .Fa ctx
 is
-.Dv NULL ,
-calling this function crashes the program.
+.Dv NULL
+or if no ciphers are available.
 The returned pointer becomes invalid when
 .Fa ctx
 is destroyed or when
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 828aa3a08d..73bc05e967 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.228 2020/09/15 11:47:49 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.229 2020/09/16 07:25:15 schwarze Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1336,6 +1336,8 @@ SSL_get_cipher_list(const SSL *s, int n)
 STACK_OF(SSL_CIPHER) *
 SSL_CTX_get_ciphers(const SSL_CTX *ctx)
 {
+        if (ctx == NULL)
+                return NULL;
         return ctx->cipher_list;
 }