From 8bb870df9ef3b3a010f577434b88388eea817bba Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 8 Nov 2012 14:24:51 +0000 Subject: [PATCH] new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms) --- ssl/ssl_lib.c | 14 ++++++++++++++ ssl/t1_lib.c | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a64e5d0e85..d529b8541f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1169,6 +1169,20 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) { long l; + /* For some cases with ctx == NULL perform syntax checks */ + if (ctx == NULL) + { + switch (cmd) + { + case SSL_CTRL_SET_CURVES_LIST: + return tls1_set_curves_list(NULL, NULL, parg); + case SSL_CTRL_SET_SIGALGS_LIST: + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: + return tls1_set_sigalgs_list(NULL, parg, 0); + default: + return 0; + } + } switch (cmd) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 31b3bd75c7..952e9ebe30 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -525,6 +525,8 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, ncb.nidcnt = 0; if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb)) return 0; + if (pext == NULL) + return 1; return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } /* For an EC key set TLS id and required compression based on parameters */ @@ -3754,6 +3756,8 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) sig.sigalgcnt = 0; if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) return 0; + if (c == NULL) + return 1; return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); }