From d518854cef2acc8bdc510746898f153ad628d4dc Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 26 Jan 2023 17:53:30 +0000
Subject: Don't send ciphersuites twice in QUIC

QUIC TLS was sending some ciphersuites twice in the ClientHello. This
was due to us declaring some TLSv1.3 ciphersuites in the list intended to
describe the TLSv1.2 ciphersuites supported by the SSL_METHOD.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20148)
---
 ssl/quic/quic_impl.c | 62 ++++------------------------------------------------
 ssl/ssl_ciph.c       |  8 ++++---
 2 files changed, 9 insertions(+), 61 deletions(-)

(limited to 'ssl')

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 5448e32e73..72ea5118af 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1262,70 +1262,16 @@ int ossl_quic_renegotiate_check(SSL *ssl, int initok)
 }
 
 /*
- * This is the subset of TLS1.3 ciphers which can be used with QUIC and which we
- * actually support.
- *
- * TODO(QUIC): CCM support
+ * These functions define the TLSv1.2 (and below) ciphers that are supported by
+ * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
  */
-static SSL_CIPHER tls13_quic_ciphers[] = {
-    {
-        1,
-        TLS1_3_RFC_AES_128_GCM_SHA256,
-        TLS1_3_RFC_AES_128_GCM_SHA256,
-        TLS1_3_CK_AES_128_GCM_SHA256,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_AES128GCM,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
-        128,
-        128,
-    }, {
-        1,
-        TLS1_3_RFC_AES_256_GCM_SHA384,
-        TLS1_3_RFC_AES_256_GCM_SHA384,
-        TLS1_3_CK_AES_256_GCM_SHA384,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_AES256GCM,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA384,
-        256,
-        256,
-    },
-    {
-        1,
-        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
-        SSL_kANY,
-        SSL_aANY,
-        SSL_CHACHA20POLY1305,
-        SSL_AEAD,
-        TLS1_3_VERSION, TLS1_3_VERSION,
-        0, 0,
-        SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
-        256,
-        256,
-    }
-};
 
 int ossl_quic_num_ciphers(void)
 {
-    return OSSL_NELEM(tls13_quic_ciphers);
+    return 0;
 }
 
 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
 {
-    if (u >= OSSL_NELEM(tls13_quic_ciphers))
-        return NULL;
-
-    return &tls13_quic_ciphers[u];
+    return NULL;
 }
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 8c805fbfcf..0ea998d383 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1495,9 +1495,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
      */
     num_of_ciphers = ssl_method->num_ciphers();
 
-    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
-    if (co_list == NULL)
-        return NULL;          /* Failure */
+    if (num_of_ciphers > 0) {
+        co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+        if (co_list == NULL)
+            return NULL;          /* Failure */
+    }
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
                                disabled_mkey, disabled_auth, disabled_enc,
-- 
cgit v1.2.3