Move the downgrade sentinel declarations to a header file

author Matt Caswell <matt@openssl.org>

Fri, 24 Mar 2017 09:57:21 +0000 (09:57 +0000)

committer Matt Caswell <matt@openssl.org>

Fri, 24 Mar 2017 14:07:11 +0000 (14:07 +0000)
author Matt Caswell <matt@openssl.org>
Fri, 24 Mar 2017 09:57:21 +0000 (09:57 +0000)
committer Matt Caswell <matt@openssl.org>
Fri, 24 Mar 2017 14:07:11 +0000 (14:07 +0000)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 3feb628809fc53a2f9d26ade3d221014a6743208..d8cce5e63c8af113bf08e2e3f4d28290d5038a45 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -58,6 +58,14 @@
  #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
  #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
  
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
+
  /*
   * The list of available ciphers, mostly organized into the following
   * groups:
@@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
      }
  #ifndef OPENSSL_NO_TLS13DOWNGRADE
      if (ret) {
-        static const unsigned char tls11downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
-        };
-        static const unsigned char tls12downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
-        };
-
          assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
          if (dgrd == DOWNGRADE_TO_1_2)
              memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 4a9e59981866ec5eb995a28057df6758f33285a0..4378b7177da9e7300d4d5fddb1e665c879c4b23a 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1865,6 +1865,9 @@ typedef enum tlsext_index_en {
  /* A dummy signature value not valid for TLSv1.2 signature algs */
  #define TLSEXT_signature_rsa_pss                                0x0101
  
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
  
  extern SSL3_ENC_METHOD ssl3_undef_enc_method;
  
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index f098213869dbc11748b4914a7611cfe05e58d95c..bf1a5b20e0f4c29a9c56efee3b1cd3baf2808024 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1726,14 +1726,6 @@ int ssl_choose_client_version(SSL *s, int version, int checkdgrd, int *al)
      for (vent = table; vent->version != 0; ++vent) {
          const SSL_METHOD *method;
          int err;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
-        static const unsigned char tls11downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
-        };
-        static const unsigned char tls12downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
-        };
-#endif
  
          if (vent->cmeth == NULL)
              continue;
author	Matt Caswell <matt@openssl.org>
	Fri, 24 Mar 2017 09:57:21 +0000 (09:57 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 24 Mar 2017 14:07:11 +0000 (14:07 +0000)
ssl/s3_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history