Add and use a constant-time memcmp.

[oweals/openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9f5331ef326ad1f4858e25888cbd1e9cdf7e1950..d71c819b00e2adf548216d237d83ca571199f336 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2011,6 +2011,22 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        256,
        256,
        },
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+       {
+       1,
+       "SCSV",
+       SSL3_CK_SCSV,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0,
+       0
+       },
+#endif
 
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
@@ -3515,17 +3531,14 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        }
 
        case SSL_CTRL_GET_EC_POINT_FORMATS:
-               if (!s->server)
+               {
+               SSL_SESSION *sess = s->session;
+               const unsigned char **pformat = parg;
+               if (!sess || !sess->tlsext_ecpointformatlist)
                        return 0;
-               else
-                       {
-                       SSL_SESSION *sess = s->session;
-                       const unsigned char **pformat = parg;
-                       if (!sess || !sess->tlsext_ecpointformatlist)
-                               return 0;
-                       *pformat = sess->tlsext_ecpointformatlist;
-                       return (int)sess->tlsext_ecpointformatlist_length;
-                       }
+               *pformat = sess->tlsext_ecpointformatlist;
+               return (int)sess->tlsext_ecpointformatlist_length;
+               }
 
        default:
                break;