From f88e0acb0e71b9295f0be35655ce3197809885ae Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 27 Dec 2009 22:59:09 +0000 Subject: [PATCH] Update RI to match latest spec. MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages. --- ssl/ssl3.h | 4 ++-- ssl/ssl_lib.c | 16 ++++++++-------- ssl/t1_reneg.c | 12 ++++++++---- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 414ad2d58a..342cd44590 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -129,8 +129,8 @@ extern "C" { #endif /* Magic Cipher Suite Value. NB: bogus value used for testing */ -#ifndef SSL3_CK_MCSV -#define SSL3_CK_MCSV 0x03000FEC +#ifndef SSL3_CK_SCSV +#define SSL3_CK_SCSV 0x03000FEC #endif #define SSL3_CK_RSA_NULL_MD5 0x03000001 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9552333920..f5ea6b6293 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1370,18 +1370,18 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error, otherwise - * add MCSV + * add SCSV if not renegotiating */ - if (p != q) + if (p != q && !s->new_session) { static SSL_CIPHER msvc = { - 0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p); p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV sent by client\n"); + fprintf(stderr, "SCSV sent by client\n"); #endif } @@ -1413,15 +1413,15 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; is3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_MCSV & 0xff))) + (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_SCSV & 0xff))) { s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV received by server\n"); + fprintf(stderr, "SCSV received by server\n"); #endif continue; } diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index 07fd5cb570..9c2cc3c712 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_client_finished, s->s3->previous_client_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by client\n"); + fprintf(stderr, "%s RI extension sent by client\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by server\n"); + fprintf(stderr, "%s RI extension received by server\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1; @@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_server_finished, s->s3->previous_server_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by server\n"); + fprintf(stderr, "%s RI extension sent by server\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by client\n"); + fprintf(stderr, "%s RI extension received by client\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1; -- 2.25.1