new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for...

new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms)

new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for...
new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms)
8bb870df · Dr. Stephen Henson · 95bba34b · 8bb870df · 8bb870df
隐藏空白更改
内联并排

Showing with 18 addition and 0 deletion

ssl/ssl_lib.c ssl/ssl_lib.c +14 -0

ssl/t1_lib.c ssl/t1_lib.c +4 -0

未找到文件。
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1169,6 +1169,20 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
 	{
 	long l;
+	/* For some cases with ctx == NULL perform syntax checks */
+	if (ctx == NULL)
+		{
+		switch (cmd)
+			{
+		case SSL_CTRL_SET_CURVES_LIST:
+			return tls1_set_curves_list(NULL, NULL, parg);
+		case SSL_CTRL_SET_SIGALGS_LIST:
+		case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+			return tls1_set_sigalgs_list(NULL, parg, 0);
+		default:
+			return 0;
+			}
+		}

 	switch (cmd)
 		{

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -525,6 +525,8 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
 	ncb.nidcnt = 0;
 	if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
 		return 0;
+	if (pext == NULL)
+		return 1;
 	return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
 	}
 /* For an EC key set TLS id and required compression based on parameters */
@@ -3754,6 +3756,8 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
 	sig.sigalgcnt = 0;
 	if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
 		return 0;
+	if (c == NULL)
+		return 1;
 	return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
 	}