diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 55 |
1 files changed, 6 insertions, 49 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 34ea6154a4..5bc759d483 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.224 2020/09/11 17:23:44 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.225 2020/09/11 17:36:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -230,7 +230,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) | |||
| 230 | ctx->method = meth; | 230 | ctx->method = meth; |
| 231 | 231 | ||
| 232 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, | 232 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 233 | &ctx->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); | 233 | SSL_DEFAULT_CIPHER_LIST); |
| 234 | if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { | 234 | if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { |
| 235 | SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 235 | SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 236 | return (0); | 236 | return (0); |
| @@ -529,9 +529,7 @@ SSL_free(SSL *s) | |||
| 529 | 529 | ||
| 530 | BUF_MEM_free(s->internal->init_buf); | 530 | BUF_MEM_free(s->internal->init_buf); |
| 531 | 531 | ||
| 532 | /* add extra stuff */ | ||
| 533 | sk_SSL_CIPHER_free(s->cipher_list); | 532 | sk_SSL_CIPHER_free(s->cipher_list); |
| 534 | sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); | ||
| 535 | 533 | ||
| 536 | /* Make the next call work :-) */ | 534 | /* Make the next call work :-) */ |
| 537 | if (s->session != NULL) { | 535 | if (s->session != NULL) { |
| @@ -1240,19 +1238,6 @@ ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | |||
| 1240 | return ((l > 0) ? 1:-1); | 1238 | return ((l > 0) ? 1:-1); |
| 1241 | } | 1239 | } |
| 1242 | 1240 | ||
| 1243 | int | ||
| 1244 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | ||
| 1245 | const SSL_CIPHER * const *bp) | ||
| 1246 | { | ||
| 1247 | long l; | ||
| 1248 | |||
| 1249 | l = (*ap)->id - (*bp)->id; | ||
| 1250 | if (l == 0L) | ||
| 1251 | return (0); | ||
| 1252 | else | ||
| 1253 | return ((l > 0) ? 1:-1); | ||
| 1254 | } | ||
| 1255 | |||
| 1256 | STACK_OF(SSL_CIPHER) * | 1241 | STACK_OF(SSL_CIPHER) * |
| 1257 | SSL_get_ciphers(const SSL *s) | 1242 | SSL_get_ciphers(const SSL *s) |
| 1258 | { | 1243 | { |
| @@ -1307,24 +1292,6 @@ SSL_get1_supported_ciphers(SSL *s) | |||
| 1307 | return NULL; | 1292 | return NULL; |
| 1308 | } | 1293 | } |
| 1309 | 1294 | ||
| 1310 | /* | ||
| 1311 | * Return a STACK of the ciphers available for the SSL and in order of | ||
| 1312 | * algorithm id. | ||
| 1313 | */ | ||
| 1314 | STACK_OF(SSL_CIPHER) * | ||
| 1315 | ssl_get_ciphers_by_id(SSL *s) | ||
| 1316 | { | ||
| 1317 | if (s != NULL) { | ||
| 1318 | if (s->internal->cipher_list_by_id != NULL) { | ||
| 1319 | return (s->internal->cipher_list_by_id); | ||
| 1320 | } else if ((s->ctx != NULL) && | ||
| 1321 | (s->ctx->internal->cipher_list_by_id != NULL)) { | ||
| 1322 | return (s->ctx->internal->cipher_list_by_id); | ||
| 1323 | } | ||
| 1324 | } | ||
| 1325 | return (NULL); | ||
| 1326 | } | ||
| 1327 | |||
| 1328 | /* See if we have any ECC cipher suites. */ | 1295 | /* See if we have any ECC cipher suites. */ |
| 1329 | int | 1296 | int |
| 1330 | ssl_has_ecc_ciphers(SSL *s) | 1297 | ssl_has_ecc_ciphers(SSL *s) |
| @@ -1384,11 +1351,9 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1384 | * find a cipher matching the given rule string (for example if the | 1351 | * find a cipher matching the given rule string (for example if the |
| 1385 | * rule string specifies a cipher which has been disabled). This is not | 1352 | * rule string specifies a cipher which has been disabled). This is not |
| 1386 | * an error as far as ssl_create_cipher_list is concerned, and hence | 1353 | * an error as far as ssl_create_cipher_list is concerned, and hence |
| 1387 | * ctx->cipher_list and ctx->internal->cipher_list_by_id has been | 1354 | * ctx->cipher_list has been updated. |
| 1388 | * updated. | ||
| 1389 | */ | 1355 | */ |
| 1390 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, | 1356 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str); |
| 1391 | &ctx->internal->cipher_list_by_id, str); | ||
| 1392 | if (ciphers == NULL) { | 1357 | if (ciphers == NULL) { |
| 1393 | return (0); | 1358 | return (0); |
| 1394 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { | 1359 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { |
| @@ -1405,8 +1370,7 @@ SSL_set_cipher_list(SSL *s, const char *str) | |||
| 1405 | STACK_OF(SSL_CIPHER) *ciphers; | 1370 | STACK_OF(SSL_CIPHER) *ciphers; |
| 1406 | 1371 | ||
| 1407 | /* See comment in SSL_CTX_set_cipher_list. */ | 1372 | /* See comment in SSL_CTX_set_cipher_list. */ |
| 1408 | ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, | 1373 | ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, str); |
| 1409 | &s->internal->cipher_list_by_id, str); | ||
| 1410 | if (ciphers == NULL) { | 1374 | if (ciphers == NULL) { |
| 1411 | return (0); | 1375 | return (0); |
| 1412 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { | 1376 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { |
| @@ -1794,7 +1758,7 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1794 | goto err; | 1758 | goto err; |
| 1795 | 1759 | ||
| 1796 | ssl_create_cipher_list(ret->method, &ret->cipher_list, | 1760 | ssl_create_cipher_list(ret->method, &ret->cipher_list, |
| 1797 | &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); | 1761 | SSL_DEFAULT_CIPHER_LIST); |
| 1798 | if (ret->cipher_list == NULL || | 1762 | if (ret->cipher_list == NULL || |
| 1799 | sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { | 1763 | sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1800 | SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); | 1764 | SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| @@ -1891,7 +1855,6 @@ SSL_CTX_free(SSL_CTX *ctx) | |||
| 1891 | 1855 | ||
| 1892 | X509_STORE_free(ctx->cert_store); | 1856 | X509_STORE_free(ctx->cert_store); |
| 1893 | sk_SSL_CIPHER_free(ctx->cipher_list); | 1857 | sk_SSL_CIPHER_free(ctx->cipher_list); |
| 1894 | sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id); | ||
| 1895 | ssl_cert_free(ctx->internal->cert); | 1858 | ssl_cert_free(ctx->internal->cert); |
| 1896 | sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free); | 1859 | sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free); |
| 1897 | sk_X509_pop_free(ctx->extra_certs, X509_free); | 1860 | sk_X509_pop_free(ctx->extra_certs, X509_free); |
| @@ -2483,17 +2446,11 @@ SSL_dup(SSL *s) | |||
| 2483 | 2446 | ||
| 2484 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2447 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2485 | 2448 | ||
| 2486 | /* dup the cipher_list and cipher_list_by_id stacks */ | ||
| 2487 | if (s->cipher_list != NULL) { | 2449 | if (s->cipher_list != NULL) { |
| 2488 | if ((ret->cipher_list = | 2450 | if ((ret->cipher_list = |
| 2489 | sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | 2451 | sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2490 | goto err; | 2452 | goto err; |
| 2491 | } | 2453 | } |
| 2492 | if (s->internal->cipher_list_by_id != NULL) { | ||
| 2493 | if ((ret->internal->cipher_list_by_id = | ||
| 2494 | sk_SSL_CIPHER_dup(s->internal->cipher_list_by_id)) == NULL) | ||
| 2495 | goto err; | ||
| 2496 | } | ||
| 2497 | 2454 | ||
| 2498 | /* Dup the client_CA list */ | 2455 | /* Dup the client_CA list */ |
| 2499 | if (s->internal->client_CA != NULL) { | 2456 | if (s->internal->client_CA != NULL) { |