If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as (323fa645) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_lib.c

+16 −0

Original line number	Diff line number	Diff line
		@@ -2011,6 +2011,22 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		256,
		256,
		},
		#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
		{
		1,
		"SCSV",
		SSL3_CK_SCSV,
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		0
		},
		#endif

		#ifndef OPENSSL_NO_ECDH
		/* Cipher C001 */

+4 −1

Original line number	Diff line number	Diff line
		@@ -971,7 +971,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
		#ifdef CIPHER_DEBUG
		printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
		#endif

		#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
		if (cipher_id && cipher_id != cp->id)
		continue;
		#endif
		if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
		continue;
		if (alg_auth && !(alg_auth & cp->algorithm_auth))

+11 −1

Original line number	Diff line number	Diff line
		@@ -1423,6 +1423,7 @@ int ssl_cipher_list_to_bytes(SSL s,STACK_OF(SSL_CIPHER) sk,unsigned char *p,
		SSL_CIPHER *c;
		CERT *ct = s->cert;
		unsigned char *q;
		int no_scsv = s->renegotiate;
		/* Set disabled masks for this session */
		ssl_set_client_disabled(s);

		@@ -1437,13 +1438,22 @@ int ssl_cipher_list_to_bytes(SSL s,STACK_OF(SSL_CIPHER) sk,unsigned char *p,
		c->algorithm_mkey & ct->mask_k \|\|
		c->algorithm_auth & ct->mask_a)
		continue;
		#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
		if (c->id == SSL3_CK_SCSV)
		{
		if (no_scsv)
		continue;
		else
		no_scsv = 1;
		}
		#endif
		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
		p+=j;
		}
		/* If p == q, no ciphers and caller indicates an error. Otherwise
		* add SCSV if not renegotiating.
		*/
		if (p != q && !s->renegotiate)
		if (p != q && !no_scsv)
		{
		static SSL_CIPHER scsv =
		{