summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c53
1 files changed, 18 insertions, 35 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6dbc3c1f7d..c91f0018e4 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -597,10 +597,8 @@ void SSL_free(SSL *s)
597 OPENSSL_free(s->next_proto_negotiated); 597 OPENSSL_free(s->next_proto_negotiated);
598#endif 598#endif
599 599
600#ifndef OPENSSL_NO_SRTP
601 if (s->srtp_profiles) 600 if (s->srtp_profiles)
602 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 601 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
603#endif
604 602
605 OPENSSL_free(s); 603 OPENSSL_free(s);
606 } 604 }
@@ -1338,36 +1336,33 @@ int SSL_set_cipher_list(SSL *s,const char *str)
1338/* works well for SSLv2, not so good for SSLv3 */ 1336/* works well for SSLv2, not so good for SSLv3 */
1339char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) 1337char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1340 { 1338 {
1341 char *p; 1339 char *end;
1342 STACK_OF(SSL_CIPHER) *sk; 1340 STACK_OF(SSL_CIPHER) *sk;
1343 SSL_CIPHER *c; 1341 SSL_CIPHER *c;
1342 size_t curlen = 0;
1344 int i; 1343 int i;
1345 1344
1346 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1345 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1347 (len < 2)) 1346 (len < 2))
1348 return(NULL); 1347 return(NULL);
1349 1348
1350 p=buf;
1351 sk=s->session->ciphers; 1349 sk=s->session->ciphers;
1350 buf[0] = '\0';
1352 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1351 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1353 { 1352 {
1354 int n;
1355
1356 c=sk_SSL_CIPHER_value(sk,i); 1353 c=sk_SSL_CIPHER_value(sk,i);
1357 n=strlen(c->name); 1354 end = buf + curlen;
1358 if (n+1 > len) 1355 if (strlcat(buf, c->name, len) >= len ||
1356 (curlen = strlcat(buf, ":", len)) >= len)
1359 { 1357 {
1360 if (p != buf) 1358 /* remove truncated cipher from list */
1361 --p; 1359 *end = '\0';
1362 *p='\0'; 1360 break;
1363 return buf;
1364 } 1361 }
1365 strcpy(p,c->name);
1366 p+=n;
1367 *(p++)=':';
1368 len-=n+1;
1369 } 1362 }
1370 p[-1]='\0'; 1363 /* remove trailing colon */
1364 if ((end = strrchr(buf, ':')) != NULL)
1365 *end = '\0';
1371 return(buf); 1366 return(buf);
1372 } 1367 }
1373 1368
@@ -1797,9 +1792,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1797 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1792 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1798 1793
1799 ret->extra_certs=NULL; 1794 ret->extra_certs=NULL;
1800 /* No compression for DTLS */ 1795 ret->comp_methods=SSL_COMP_get_compression_methods();
1801 if (meth->version != DTLS1_VERSION)
1802 ret->comp_methods=SSL_COMP_get_compression_methods();
1803 1796
1804 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1797 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1805 1798
@@ -1956,10 +1949,8 @@ void SSL_CTX_free(SSL_CTX *a)
1956 a->comp_methods = NULL; 1949 a->comp_methods = NULL;
1957#endif 1950#endif
1958 1951
1959#ifndef OPENSSL_NO_SRTP
1960 if (a->srtp_profiles) 1952 if (a->srtp_profiles)
1961 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 1953 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1962#endif
1963 1954
1964#ifndef OPENSSL_NO_PSK 1955#ifndef OPENSSL_NO_PSK
1965 if (a->psk_identity_hint) 1956 if (a->psk_identity_hint)
@@ -2293,7 +2284,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2293#endif 2284#endif
2294 2285
2295/* THIS NEEDS CLEANING UP */ 2286/* THIS NEEDS CLEANING UP */
2296CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2287X509 *ssl_get_server_send_cert(SSL *s)
2297 { 2288 {
2298 unsigned long alg_k,alg_a; 2289 unsigned long alg_k,alg_a;
2299 CERT *c; 2290 CERT *c;
@@ -2348,20 +2339,12 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
2348 i=SSL_PKEY_GOST01; 2339 i=SSL_PKEY_GOST01;
2349 else /* if (alg_a & SSL_aNULL) */ 2340 else /* if (alg_a & SSL_aNULL) */
2350 { 2341 {
2351 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); 2342 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
2352 return(NULL); 2343 return(NULL);
2353 } 2344 }
2345 if (c->pkeys[i].x509 == NULL) return(NULL);
2354 2346
2355 return c->pkeys + i; 2347 return(c->pkeys[i].x509);
2356 }
2357
2358X509 *ssl_get_server_send_cert(const SSL *s)
2359 {
2360 CERT_PKEY *cpk;
2361 cpk = ssl_get_server_send_pkey(s);
2362 if (!cpk)
2363 return NULL;
2364 return cpk->x509;
2365 } 2348 }
2366 2349
2367EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) 2350EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
@@ -2622,7 +2605,7 @@ const char *SSL_get_version(const SSL *s)
2622 return("TLSv1.2"); 2605 return("TLSv1.2");
2623 else if (s->version == TLS1_1_VERSION) 2606 else if (s->version == TLS1_1_VERSION)
2624 return("TLSv1.1"); 2607 return("TLSv1.1");
2625 else if (s->version == TLS1_VERSION) 2608 if (s->version == TLS1_VERSION)
2626 return("TLSv1"); 2609 return("TLSv1");
2627 else if (s->version == SSL3_VERSION) 2610 else if (s->version == SSL3_VERSION)
2628 return("SSLv3"); 2611 return("SSLv3");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-04 20:04:37 +0000