If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as
authorDr. Stephen Henson <steve@openssl.org>
Sun, 30 Sep 2012 12:39:27 +0000 (12:39 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 30 Sep 2012 12:39:27 +0000 (12:39 +0000)
a ciphersuite to position the SCSV value in different places for testing
purposes.

ssl/s3_lib.c
ssl/ssl_ciph.c
ssl/ssl_lib.c

index c8e6d18..6a4ba39 100644 (file)
@@ -2011,6 +2011,22 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        256,
        256,
        },
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+       {
+       1,
+       "SCSV",
+       SSL3_CK_SCSV,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0
+       },
+#endif
 
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
index 35ed940..8018b5f 100644 (file)
@@ -971,7 +971,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
-
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+                       if (cipher_id && cipher_id != cp->id)
+                               continue;
+#endif
                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                                continue;
                        if (alg_auth && !(alg_auth & cp->algorithm_auth))
index 1d346cf..a64e5d0 100644 (file)
@@ -1423,6 +1423,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        SSL_CIPHER *c;
        CERT *ct = s->cert;
        unsigned char *q;
+       int no_scsv = s->renegotiate;
        /* Set disabled masks for this session */
        ssl_set_client_disabled(s);
 
@@ -1437,13 +1438,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                        c->algorithm_mkey & ct->mask_k ||
                        c->algorithm_auth & ct->mask_a)
                        continue;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+               if (c->id == SSL3_CK_SCSV)
+                       {
+                       if (no_scsv)
+                               continue;
+                       else
+                               no_scsv = 1;
+                       }
+#endif
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }
        /* If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
         */
-       if (p != q && !s->renegotiate)
+       if (p != q && !no_scsv)
                {
                static SSL_CIPHER scsv =
                        {