X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=f3a0edca5b1aebba0428aa593f08b54aeda558bb;hb=ef908777218bd4a362dbe9cebb8e18fa8ab384cf;hp=6cbc0839455a51850c341a680c4f37c38166b3a2;hpb=038bec784e528ce273169f178c35991fbc3bea92;p=oweals%2Fopenssl.git diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6cbc083945..f3a0edca5b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -650,11 +650,6 @@ void SSL_free(SSL *s) if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); -#ifndef OPENSSL_NO_DANE - if (s->tlsa_record && s->tlsa_record!=(void *)-1) - OPENSSL_free(s->tlsa_record); -#endif - OPENSSL_free(s); } @@ -1169,14 +1164,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) } else return ssl_put_cipher_by_char(s,NULL,NULL); -#ifndef OPENSSL_NO_DANE - case SSL_CTRL_PULL_TLSA_RECORD: - parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0); - /* yes, fall through */ - case SSL_CTRL_SET_TLSA_RECORD: - s->tlsa_record = parg; - return 1; -#endif default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } @@ -1444,6 +1431,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) p=buf; sk=s->session->ciphers; + + if (sk_SSL_CIPHER_num(sk) == 0) + return NULL; + for (i=0; is3->alpn_selected_len; } -int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - cli_supp_data_first_cb_fn fn1, - cli_supp_data_second_cb_fn fn2, void* arg) - { - size_t i; - cli_supp_data_record* record; - - /* Check for duplicates */ - for (i=0; i < ctx->cli_supp_data_records_count; i++) - if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type) - return 0; - - ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records, - (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record)); - if (!ctx->cli_supp_data_records) - { - ctx->cli_supp_data_records_count = 0; - return 0; - } - ctx->cli_supp_data_records_count++; - record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1]; - record->supp_data_type = supp_data_type; - record->fn1 = fn1; - record->fn2 = fn2; - record->arg = arg; - return 1; - } - -int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - srv_supp_data_first_cb_fn fn1, - srv_supp_data_second_cb_fn fn2, void* arg) - { - size_t i; - srv_supp_data_record* record; - - /* Check for duplicates */ - for (i=0; i < ctx->srv_supp_data_records_count; i++) - if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type) - return 0; - - ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records, - (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record)); - if (!ctx->srv_supp_data_records) - { - ctx->srv_supp_data_records_count = 0; - return 0; - } - ctx->srv_supp_data_records_count++; - record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1]; - record->supp_data_type = supp_data_type; - record->fn1 = fn1; - record->fn2 = fn2; - record->arg = arg; - - return 1; - } - #endif /* !OPENSSL_NO_TLSEXT */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -2125,10 +2057,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->custom_cli_ext_records_count = 0; ret->custom_srv_ext_records = NULL; ret->custom_srv_ext_records_count = 0; - ret->cli_supp_data_records = NULL; - ret->cli_supp_data_records_count = 0; - ret->srv_supp_data_records = NULL; - ret->srv_supp_data_records_count = 0; #ifndef OPENSSL_NO_BUF_FREELISTS ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); @@ -2270,8 +2198,6 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_TLSEXT OPENSSL_free(a->custom_cli_ext_records); OPENSSL_free(a->custom_srv_ext_records); - OPENSSL_free(a->cli_supp_data_records); - OPENSSL_free(a->srv_supp_data_records); #endif #ifndef OPENSSL_NO_ENGINE if (a->client_cert_engine) @@ -2647,6 +2573,8 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) int i; c = s->cert; + if (!s->s3 || !s->s3->tmp.new_cipher) + return NULL; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL