提交 643a3580 编写于 作者: M Matt Caswell

Move the downgrade sentinel declarations to a header file

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
上级 b9647e34
......@@ -58,6 +58,14 @@
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
/* TLSv1.3 downgrade protection sentinel values */
const unsigned char tls11downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
const unsigned char tls12downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};
/*
* The list of available ciphers, mostly organized into the following
* groups:
......@@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
}
#ifndef OPENSSL_NO_TLS13DOWNGRADE
if (ret) {
static const unsigned char tls11downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
static const unsigned char tls12downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};
assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
if (dgrd == DOWNGRADE_TO_1_2)
memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
......
......@@ -1865,6 +1865,9 @@ typedef enum tlsext_index_en {
/* A dummy signature value not valid for TLSv1.2 signature algs */
#define TLSEXT_signature_rsa_pss 0x0101
/* TLSv1.3 downgrade protection sentinel values */
extern const unsigned char tls11downgrade[8];
extern const unsigned char tls12downgrade[8];
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
......
......@@ -1726,14 +1726,6 @@ int ssl_choose_client_version(SSL *s, int version, int checkdgrd, int *al)
for (vent = table; vent->version != 0; ++vent) {
const SSL_METHOD *method;
int err;
#ifndef OPENSSL_NO_TLS13DOWNGRADE
static const unsigned char tls11downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
static const unsigned char tls12downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};
#endif
if (vent->cmeth == NULL)
continue;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册