Make sure to send SCSV when application sets ciphersuites

src/internal.c

@@ -26104,8 +26104,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
     #endif
     #ifdef OPENSSL_EXTRA
         if (callInitSuites) {
-            byte tmp[WOLFSSL_MAX_SUITE_SZ];
-            XMEMCPY(tmp, suites->suites, idx); /* Store copy */
             suites->setSuites = 0; /* Force InitSuites */
             suites->hashSigAlgoSz = 0; /* Force InitSuitesHashSigAlgo call
                                         * inside InitSuites */
@@ -26130,6 +26128,16 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
             InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz,
                  &suites->hashSigAlgoSz);
         }
+
+#ifdef HAVE_RENEGOTIATION_INDICATION
+        if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
+            WOLFSSL_MSG("Too many ciphersuites");
+            return 0;
+        }
+        suites->suites[suites->suiteSz] = CIPHER_BYTE;
+        suites->suites[suites->suiteSz+1] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
+        suites->suiteSz += 2;
+#endif
         suites->setSuites = 1;
     }
 
@@ -26265,6 +26273,15 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
         haveSig |= haveAnon ? SIG_ANON : 0;
         InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz,
             &suites->hashSigAlgoSz);
+#ifdef HAVE_RENEGOTIATION_INDICATION
+        if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
+            WOLFSSL_MSG("Too many ciphersuites");
+            return 0;
+        }
+        suites->suites[suites->suiteSz] = CIPHER_BYTE;
+        suites->suites[suites->suiteSz+1] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
+        suites->suiteSz += 2;
+#endif
         suites->setSuites = 1;
     }