diff options
author | Michael Baentsch <57787676+baentsch@users.noreply.github.com> | 2022-09-26 17:32:05 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-02-24 11:02:48 +1100 |
commit | ee58915cfd9d0ad67f52d43cc1a2ce549049d248 (patch) | |
tree | e892900c53900bd693498bdc9ff2152ae14bcbe6 /ssl/s3_lib.c | |
parent | 1817dcaf556df559a32eed14d0947ff961be7b4f (diff) | |
download | openssl-new-ee58915cfd9d0ad67f52d43cc1a2ce549049d248.tar.gz |
first cut at sigalg loading
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19312)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e7078efa6c..17e318b857 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3366,6 +3366,7 @@ void ssl3_free(SSL *s) OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen); OPENSSL_free(sc->s3.tmp.peer_sigalgs); OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs); + OPENSSL_free(sc->s3.tmp.valid_flags); ssl3_free_digest_list(sc); OPENSSL_free(sc->s3.alpn_selected); OPENSSL_free(sc->s3.alpn_proposed); @@ -3390,6 +3391,7 @@ int ssl3_clear(SSL *s) OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen); OPENSSL_free(sc->s3.tmp.peer_sigalgs); OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs); + OPENSSL_free(sc->s3.tmp.valid_flags); EVP_PKEY_free(sc->s3.tmp.pkey); EVP_PKEY_free(sc->s3.peer_tmp); @@ -4244,7 +4246,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl if (SSL_CONNECTION_IS_TLS13(s)) { #ifndef OPENSSL_NO_PSK - int j; + size_t j; /* * If we allow "old" style PSK callbacks, and we have no certificate (so @@ -4254,8 +4256,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl * that. */ if (s->psk_server_callback != NULL) { - for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); - if (j == SSL_PKEY_NUM) { + for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++); + if (j == s->ssl_pkey_num) { /* There are no certificates */ prefer_sha256 = 1; } |