X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=f3a0edca5b1aebba0428aa593f08b54aeda558bb;hb=ef908777218bd4a362dbe9cebb8e18fa8ab384cf;hp=e1734d30148915328dd03b18b21c66deccff7ec3;hpb=6b3b6beaa11d52522092fad4fc151b42f0c4c7b5;p=oweals%2Fopenssl.git

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e1734d3014..f3a0edca5b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1100,9 +1100,6 @@ int SSL_renegotiate_pending(SSL *s)
 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 	{
 	long l;
-#ifndef OPNESSL_NO_DANE
-	const char *hostname = NULL;
-#endif
 
 	switch (cmd)
 		{
@@ -1167,41 +1164,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 			}
 		else
 			return ssl_put_cipher_by_char(s,NULL,NULL);
-#ifndef OPENSSL_NO_DANE
-	case SSL_CTRL_PULL_TLSA_RECORD:
-		hostname = parg;
-		parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0);
-		/* yes, fall through */
-	case SSL_CTRL_SET_TLSA_RECORD:
-		if (parg!=NULL)
-			{
-			TLSA_EX_DATA *ex = SSL_get_TLSA_ex_data(s);
-			unsigned char *tlsa_rec = parg;
-			int tlsa_len = 0;
-
-			if (hostname==NULL)
-				{
-			    	while (1)
-					{
-					int dlen;
-
-					memcpy(&dlen,tlsa_rec,sizeof(dlen));
-					tlsa_rec += sizeof(dlen)+dlen;
-
-					if (dlen==0) break;
-					}
-				if ((tlsa_rec = OPENSSL_malloc(tlsa_len)))
-					memcpy(tlsa_rec,parg,tlsa_len);
-				else
-					{
-					SSLerr(SSL_F_SSL_CTRL,SSL_R_UNINITIALIZED);
-					return 0;
-					}
-				}
-			ex->tlsa_record = tlsa_rec;
-			}
-		return 1;
-#endif
 	default:
 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
 		}
@@ -1469,6 +1431,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 
 	p=buf;
 	sk=s->session->ciphers;
+
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return NULL;
+
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		int n;
@@ -1888,65 +1854,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 		*len = ssl->s3->alpn_selected_len;
 	}
 
-int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
-			      unsigned short supp_data_type,
-			      cli_supp_data_first_cb_fn fn1,
-			      cli_supp_data_second_cb_fn fn2, void* arg)
-	{
-	size_t i;
-	cli_supp_data_record* record;
-
-	/* Check for duplicates */
-	for (i=0; i < ctx->cli_supp_data_records_count; i++)
-		if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
-			return 0;
-
-	ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
-	  (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
-	if (!ctx->cli_supp_data_records)
-		{
-		ctx->cli_supp_data_records_count = 0;
-		return 0;
-		}
-	ctx->cli_supp_data_records_count++;
-	record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
-	record->supp_data_type = supp_data_type;
-	record->fn1 = fn1;
-	record->fn2 = fn2;
-	record->arg = arg;
-	return 1;
-	}
-
-int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
-			      unsigned short supp_data_type,
-			      srv_supp_data_first_cb_fn fn1,
-			      srv_supp_data_second_cb_fn fn2, void* arg)
-	{
-	size_t i;
-	srv_supp_data_record* record;
-
-	/* Check for duplicates */
-	for (i=0; i < ctx->srv_supp_data_records_count; i++)
-		if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
-			return 0;
-
-	ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
-	  (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
-	if (!ctx->srv_supp_data_records)
-		{
-		ctx->srv_supp_data_records_count = 0;
-		return 0;
-		}
-	ctx->srv_supp_data_records_count++;
-	record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
-	record->supp_data_type = supp_data_type;
-	record->fn1 = fn1;
-	record->fn2 = fn2;
-	record->arg = arg;
-
-	return 1;
-	}
-
 #endif /* !OPENSSL_NO_TLSEXT */
 
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -2150,10 +2057,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	ret->custom_cli_ext_records_count = 0;
 	ret->custom_srv_ext_records = NULL;
 	ret->custom_srv_ext_records_count = 0;
-	ret->cli_supp_data_records = NULL;
-	ret->cli_supp_data_records_count = 0;
-	ret->srv_supp_data_records = NULL;
-	ret->srv_supp_data_records_count = 0;
 #ifndef OPENSSL_NO_BUF_FREELISTS
 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -2295,8 +2198,6 @@ void SSL_CTX_free(SSL_CTX *a)
 #ifndef OPENSSL_NO_TLSEXT
 	OPENSSL_free(a->custom_cli_ext_records);
 	OPENSSL_free(a->custom_srv_ext_records);
-	OPENSSL_free(a->cli_supp_data_records);
-	OPENSSL_free(a->srv_supp_data_records);
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	if (a->client_cert_engine)
@@ -2672,6 +2573,8 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
 	int i;
 
 	c = s->cert;
+	if (!s->s3 || !s->s3->tmp.new_cipher)
+		return NULL;
 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL