Move the SSL3_CK_CIPHERSUITE_FLAG out of public header

The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header
file

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 79f9b7eac2a361896e797fb1297edf2b1caf2476..8d146be19bcf886d8310f1178dd56211e918a38a 100644 (file)
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -25,9 +25,6 @@
 extern "C" {
 #endif
 
-/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
-# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
-
 /*
  * Signalling cipher suite value from RFC 5746
  * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bdb4cb41444d3277adf0581f3ca85837834dc895..c4d43526bd743064401c65db5cf6562aca7ad57c 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3566,7 +3566,7 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
 {
-    if ((c->id & 0xff000000) != 0x03000000) {
+    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
         *len = 0;
         return 1;
     }

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bceee4c7026f0006fe5762fc4dff5d77689c1d49..077d9d315d0fa1f48fa87b5b996795ef3bc1ad1f 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -348,6 +348,9 @@
 
 /* we have used 0000003f - 26 bits left to go */
 
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
+
 /* Check if an SSL structure is using DTLS */
 # define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)