Commit 643a3580 authored by Matt Caswell's avatar Matt Caswell
Browse files

Move the downgrade sentinel declarations to a header file 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
parent b9647e34

ssl/s3_lib.c

+8 −7
Original line number Diff line number Diff line
@@ -58,6 +58,14 @@ 
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)

#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)



/* TLSv1.3 downgrade protection sentinel values */

const unsigned char tls11downgrade[] = {

    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00

};

const unsigned char tls12downgrade[] = {

    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01

};



/*

 * The list of available ciphers, mostly organized into the following

 * groups:
@@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, 
    }

#ifndef OPENSSL_NO_TLS13DOWNGRADE

    if (ret) {

        static const unsigned char tls11downgrade[] = {

            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00

        };

        static const unsigned char tls12downgrade[] = {

            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01

        };



        assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);

        if (dgrd == DOWNGRADE_TO_1_2)

            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,

ssl/ssl_locl.h

+3 −0
Original line number Diff line number Diff line
@@ -1865,6 +1865,9 @@ typedef enum tlsext_index_en { 
/* A dummy signature value not valid for TLSv1.2 signature algs */

#define TLSEXT_signature_rsa_pss                                0x0101



/* TLSv1.3 downgrade protection sentinel values */

extern const unsigned char tls11downgrade[8];

extern const unsigned char tls12downgrade[8];



extern SSL3_ENC_METHOD ssl3_undef_enc_method;

ssl/statem/statem_lib.c

+0 −8
Original line number Diff line number Diff line
@@ -1726,14 +1726,6 @@ int ssl_choose_client_version(SSL *s, int version, int checkdgrd, int *al) 
    for (vent = table; vent->version != 0; ++vent) {

        const SSL_METHOD *method;

        int err;

#ifndef OPENSSL_NO_TLS13DOWNGRADE

        static const unsigned char tls11downgrade[] = {

            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00

        };

        static const unsigned char tls12downgrade[] = {

            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01

        };

#endif



        if (vent->cmeth == NULL)

            continue;