Fix the SSL_CIPHER_find() function when used with a QCSO

Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22011)
author: Matt Caswell <matt@openssl.org> 2023-09-07 17:45:49 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-09-12 15:29:00 +0200
commit: 547ea58821644bdc9089b2dcb163286d789f732a (patch)
tree: 18b3261b2cd57cb07b5d547484bfc88acde7a5d2 /ssl
parent: 1e4fc0b2e57d08a90a6d8e30981fce2007d21109 (diff)
4 files changed, 17 insertions, 4 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index ca4ef0ebbb..b632ad22db 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -3535,6 +3535,16 @@ int ossl_quic_renegotiate_check(SSL *ssl, int initok)
     return 0;
 }
 
+const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
+{
+    const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+
+    if ((ciph->algorithm2 & SSL_QUIC) == 0)
+        return NULL;
+
+    return ciph;
+}
+
 /*
  * These functions define the TLSv1.2 (and below) ciphers that are supported by
  * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any.
diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index 517904d90f..063df7796a 100644
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -321,7 +321,7 @@ const SSL_METHOD *func_name(void)  \
                 NULL /* dispatch_alert */, \
                 ossl_quic_ctrl, \
                 ossl_quic_ctx_ctrl, \
-                NULL /* get_cipher_by_char */, \
+                ossl_quic_get_cipher_by_char, \
                 NULL /* put_cipher_by_char */, \
                 ossl_quic_pending, \
                 ossl_quic_num_ciphers, \
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 29af55bc61..1f778c3423 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -47,7 +47,7 @@ static SSL_CIPHER tls13_ciphers[] = {
         TLS1_3_VERSION, TLS1_3_VERSION,
         0, 0,
         SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
+        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
         128,
         128,
     }, {
@@ -62,7 +62,7 @@ static SSL_CIPHER tls13_ciphers[] = {
         TLS1_3_VERSION, TLS1_3_VERSION,
         0, 0,
         SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA384,
+        SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
         256,
         256,
     },
@@ -78,7 +78,7 @@ static SSL_CIPHER tls13_ciphers[] = {
         TLS1_3_VERSION, TLS1_3_VERSION,
         0, 0,
         SSL_HIGH,
-        SSL_HANDSHAKE_MAC_SHA256,
+        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
         256,
         256,
     },
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 29715781ee..d1ef358932 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -236,6 +236,9 @@
  */
 # define TLS1_TLSTREE 0x20000
 
+/* Ciphersuite supported in QUIC */
+# define SSL_QUIC                0x00040000U
+
 # define SSL_STRONG_MASK         0x0000001FU
 # define SSL_DEFAULT_MASK        0X00000020U
author	Matt Caswell <matt@openssl.org>	2023-09-07 17:45:49 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-09-12 15:29:00 +0200
commit	547ea58821644bdc9089b2dcb163286d789f732a (patch)
tree	18b3261b2cd57cb07b5d547484bfc88acde7a5d2 /ssl
parent	1e4fc0b2e57d08a90a6d8e30981fce2007d21109 (diff)