diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-02-06 11:30:16 -0600 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-02-23 19:24:37 +0100 |
commit | 60d685d196e8d594d754751e4852f01d80d8c0cc (patch) | |
tree | f8e7d0739c62f6a312fcc85004ebe811dba68aad /ssl/statem | |
parent | 650c6e41d60905fa1396dff2c7fe4d6fbb7239ba (diff) | |
download | openssl-60d685d196e8d594d754751e4852f01d80d8c0cc.tar.gz |
Let ssl_get_cipher_by_char yield not-valid ciphers
Now that we have made SCSVs into more of a first-class object, provide
a way for the bytes-to-SSL_CIPHER conversion to actually return them.
Add a flag 'all' to ssl_get_cipher_by_char to indicate that we want
all the known ciphers, not just the ones valid for encryption. This will,
in practice, let the caller retrieve the SCSVs.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 614da1b6a7..bc35a3ea25 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1294,7 +1294,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) && master_key_length > 0) { s->session->master_key_length = master_key_length; s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, cipherchars); + pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); } else { SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; @@ -1353,7 +1353,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) goto f_err; } - c = ssl_get_cipher_by_char(s, cipherchars); + c = ssl_get_cipher_by_char(s, cipherchars, 0); if (c == NULL) { /* unknown cipher */ al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ca020c5511..2cbc219a3a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3633,7 +3633,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, } /* For SSLv2-compat, ignore leading 0-byte. */ - c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher); + c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 0); if (c != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |