From 43500401072ec3aff246c482cbe93465aff3e80e Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Wed, 16 Sep 2020 07:25:16 +0000 Subject: Let SSL_CTX_get_ciphers(NULL) return NULL rather than crash for compatibility with OpenSSL and for consistency with neighbouring functions; suggested by jsing@ after i documented the crash; OK jsing@. --- lib/libssl/man/SSL_get_ciphers.3 | 9 ++++----- lib/libssl/ssl_lib.c | 4 +++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/libssl/man/SSL_get_ciphers.3 b/lib/libssl/man/SSL_get_ciphers.3 index 598e9544566..8030f0bbb1a 100644 --- a/lib/libssl/man/SSL_get_ciphers.3 +++ b/lib/libssl/man/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_get_ciphers.3,v 1.10 2020/09/16 07:11:14 schwarze Exp $ +.\" $OpenBSD: SSL_get_ciphers.3,v 1.11 2020/09/16 07:25:15 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" @@ -176,12 +176,11 @@ is called on that context object. .Fn SSL_CTX_get_ciphers returns an internal pointer to a list of ciphers or .Dv NULL -if no ciphers are available. -If +if .Fa ctx is -.Dv NULL , -calling this function crashes the program. +.Dv NULL +or if no ciphers are available. The returned pointer becomes invalid when .Fa ctx is destroyed or when diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 828aa3a08d0..73bc05e9679 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.228 2020/09/15 11:47:49 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.229 2020/09/16 07:25:15 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1336,6 +1336,8 @@ SSL_get_cipher_list(const SSL *s, int n) STACK_OF(SSL_CIPHER) * SSL_CTX_get_ciphers(const SSL_CTX *ctx) { + if (ctx == NULL) + return NULL; return ctx->cipher_list; } -- cgit v1.2.3