Let ssl_get_cipher_by_char yield not-valid ciphers
Now that we have made SCSVs into more of a first-class object, provide
a way for the bytes-to-SSL_CIPHER conversion to actually return them.
Add a flag 'all' to ssl_get_cipher_by_char to indicate that we want
all the known ciphers, not just the ones valid for encryption. This will,
in practice, let the caller retrieve the SCSVs.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 614da1b..bc35a3e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1294,7 +1294,7 @@
&& master_key_length > 0) {
s->session->master_key_length = master_key_length;
s->session->cipher = pref_cipher ?
- pref_cipher : ssl_get_cipher_by_char(s, cipherchars);
+ pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0);
} else {
SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
@@ -1353,7 +1353,7 @@
goto f_err;
}
- c = ssl_get_cipher_by_char(s, cipherchars);
+ c = ssl_get_cipher_by_char(s, cipherchars, 0);
if (c == NULL) {
/* unknown cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ca020c5..2cbc219 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3633,7 +3633,7 @@
}
/* For SSLv2-compat, ignore leading 0-byte. */
- c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher);
+ c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 0);
if (c != NULL) {
if (!sk_SSL_CIPHER_push(sk, c)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
