diff options
author | Matt Caswell <matt@openssl.org> | 2023-09-07 17:45:49 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-09-12 15:29:00 +0200 |
commit | 547ea58821644bdc9089b2dcb163286d789f732a (patch) | |
tree | 18b3261b2cd57cb07b5d547484bfc88acde7a5d2 /ssl | |
parent | 1e4fc0b2e57d08a90a6d8e30981fce2007d21109 (diff) |
Fix the SSL_CIPHER_find() function when used with a QCSO
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22011)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/quic/quic_impl.c | 10 | ||||
-rw-r--r-- | ssl/quic/quic_local.h | 2 | ||||
-rw-r--r-- | ssl/s3_lib.c | 6 | ||||
-rw-r--r-- | ssl/ssl_local.h | 3 |
4 files changed, 17 insertions, 4 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index ca4ef0ebbb..b632ad22db 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -3535,6 +3535,16 @@ int ossl_quic_renegotiate_check(SSL *ssl, int initok) return 0; } +const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) +{ + const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); + + if ((ciph->algorithm2 & SSL_QUIC) == 0) + return NULL; + + return ciph; +} + /* * These functions define the TLSv1.2 (and below) ciphers that are supported by * the SSL_METHOD. Since QUIC only supports TLSv1.3 we don't support any. diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index 517904d90f..063df7796a 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -321,7 +321,7 @@ const SSL_METHOD *func_name(void) \ NULL /* dispatch_alert */, \ ossl_quic_ctrl, \ ossl_quic_ctx_ctrl, \ - NULL /* get_cipher_by_char */, \ + ossl_quic_get_cipher_by_char, \ NULL /* put_cipher_by_char */, \ ossl_quic_pending, \ ossl_quic_num_ciphers, \ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 29af55bc61..1f778c3423 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -47,7 +47,7 @@ static SSL_CIPHER tls13_ciphers[] = { TLS1_3_VERSION, TLS1_3_VERSION, 0, 0, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256, + SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC, 128, 128, }, { @@ -62,7 +62,7 @@ static SSL_CIPHER tls13_ciphers[] = { TLS1_3_VERSION, TLS1_3_VERSION, 0, 0, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384, + SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC, 256, 256, }, @@ -78,7 +78,7 @@ static SSL_CIPHER tls13_ciphers[] = { TLS1_3_VERSION, TLS1_3_VERSION, 0, 0, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256, + SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC, 256, 256, }, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 29715781ee..d1ef358932 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -236,6 +236,9 @@ */ # define TLS1_TLSTREE 0x20000 +/* Ciphersuite supported in QUIC */ +# define SSL_QUIC 0x00040000U + # define SSL_STRONG_MASK 0x0000001FU # define SSL_DEFAULT_MASK 0X00000020U |