From 323fa645593a1d2b753f25c9dd03a02ae887516b Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 30 Sep 2012 12:39:27 +0000
Subject: [PATCH] If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of
 "SCSV" as a ciphersuite to position the SCSV value in different places for
 testing purposes.

---
 ssl/s3_lib.c   | 16 ++++++++++++++++
 ssl/ssl_ciph.c |  5 ++++-
 ssl/ssl_lib.c  | 12 +++++++++++-
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c8e6d18ab8..6a4ba395c1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2011,6 +2011,22 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	256,
 	256,
 	},
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+	{
+	1,
+	"SCSV",
+	SSL3_CK_SCSV,
+	0,
+	0,
+	0,
+	0,
+	0,
+	0,
+	0,
+	0,
+	0
+	},
+#endif
 
 #ifndef OPENSSL_NO_ECDH
 	/* Cipher C001 */
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 35ed940c3a..8018b5f35e 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -971,7 +971,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
 			printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
-
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+			if (cipher_id && cipher_id != cp->id)
+				continue;
+#endif
 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
 				continue;
 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1d346cffb3..a64e5d0e85 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1423,6 +1423,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 	SSL_CIPHER *c;
 	CERT *ct = s->cert;
 	unsigned char *q;
+	int no_scsv = s->renegotiate;
 	/* Set disabled masks for this session */
 	ssl_set_client_disabled(s);
 
@@ -1437,13 +1438,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 			c->algorithm_mkey & ct->mask_k ||
 			c->algorithm_auth & ct->mask_a)
 			continue;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+		if (c->id == SSL3_CK_SCSV)
+			{
+			if (no_scsv)
+				continue;
+			else
+				no_scsv = 1;
+			}
+#endif
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error. Otherwise
 	 * add SCSV if not renegotiating.
 	 */
-	if (p != q && !s->renegotiate)
+	if (p != q && !no_scsv)
 		{
 		static SSL_CIPHER scsv =
 			{
-- 
2.34.1