Don't send ciphersuites twice in QUIC

QUIC TLS was sending some ciphersuites twice in the ClientHello. This was due to us declaring some TLSv1.3 ciphersuites in the list intended to describe the TLSv1.2 ciphersuites supported by the SSL_METHOD. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20148)
author: Matt Caswell <matt@openssl.org> 2023-01-26 18:53:30 +0100
committer: Pauli <pauli@openssl.org> 2023-02-23 08:31:44 +0100
commit: d518854cef2acc8bdc510746898f153ad628d4dc (patch)
tree: d0bfe83baf99534c50349a4ba6bc72c78b70891d /ssl/ssl_ciph.c
parent: CI: add Clang 16 (diff)
download: openssl-d518854cef2acc8bdc510746898f153ad628d4dc.tar.xz
openssl-d518854cef2acc8bdc510746898f153ad628d4dc.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 8c805fbfcf..0ea998d383 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1495,9 +1495,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      */
     num_of_ciphers = ssl_method->num_ciphers();
 
-    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
-    if (co_list == NULL)
-        return NULL;          /* Failure */
+    if (num_of_ciphers > 0) {
+        co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+        if (co_list == NULL)
+            return NULL;          /* Failure */
+    }
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
                                disabled_mkey, disabled_auth, disabled_enc,
author	Matt Caswell <matt@openssl.org>	2023-01-26 18:53:30 +0100
committer	Pauli <pauli@openssl.org>	2023-02-23 08:31:44 +0100
commit	d518854cef2acc8bdc510746898f153ad628d4dc (patch)
tree	d0bfe83baf99534c50349a4ba6bc72c78b70891d /ssl/ssl_ciph.c
parent	CI: add Clang 16 (diff)
download	openssl-d518854cef2acc8bdc510746898f153ad628d4dc.tar.xz openssl-d518854cef2acc8bdc510746898f153ad628d4dc.zip