Update RI to match latest spec. (d6801576) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/ssl3.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -129,8 +129,8 @@ extern "C" {
		#endif

		/* Magic Cipher Suite Value. NB: bogus value used for testing */
		#ifndef SSL3_CK_MCSV
		#define SSL3_CK_MCSV 0x03000FEC
		#ifndef SSL3_CK_SCSV
		#define SSL3_CK_SCSV 0x03000FEC
		#endif

		#define SSL3_CK_RSA_NULL_MD5 0x03000001

+8 −8

Original line number	Diff line number	Diff line
		@@ -1370,18 +1370,18 @@ int ssl_cipher_list_to_bytes(SSL s,STACK_OF(SSL_CIPHER) sk,unsigned char *p,
		p+=j;
		}
		/* If p == q, no ciphers and caller indicates an error, otherwise
		* add MCSV
		* add SCSV if not renegotiating
		*/
		if (p != q)
		if (p != q && !s->new_session)
		{
		static SSL_CIPHER msvc =
		{
		0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
		0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
		};
		j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p);
		p+=j;
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "MCSV sent by client\n");
		fprintf(stderr, "SCSV sent by client\n");
		#endif
		}

		@@ -1413,15 +1413,15 @@ STACK_OF(SSL_CIPHER) ssl_bytes_to_cipher_list(SSL s,unsigned char *p,int num,

		for (i=0; i<num; i+=n)
		{
		/* Check for MCSV */
		/* Check for SCSV */
		if (s->s3 && (n != 3 \|\| !p[0]) &&
		(p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) &&
		(p[n-1] == (SSL3_CK_MCSV & 0xff)))
		(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
		(p[n-1] == (SSL3_CK_SCSV & 0xff)))
		{
		s->s3->send_connection_binding = 1;
		p += n;
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "MCSV received by server\n");
		fprintf(stderr, "SCSV received by server\n");
		#endif
		continue;
		}

+8 −4

Original line number	Diff line number	Diff line
		@@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p, int *len,
		memcpy(p, s->s3->previous_client_finished,
		s->s3->previous_client_finished_len);
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "RI extension sent by client\n");
		fprintf(stderr, "%s RI extension sent by client\n",
		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
		#endif
		}

		@@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
		return 0;
		}
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "RI extension received by server\n");
		fprintf(stderr, "%s RI extension received by server\n",
		ilen ? "Non-empty" : "Empty");
		#endif

		s->s3->send_connection_binding=1;
		@@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
		memcpy(p, s->s3->previous_server_finished,
		s->s3->previous_server_finished_len);
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "RI extension sent by server\n");
		fprintf(stderr, "%s RI extension sent by server\n",
		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
		#endif
		}

		@@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
		return 0;
		}
		#ifdef OPENSSL_RI_DEBUG
		fprintf(stderr, "RI extension received by client\n");
		fprintf(stderr, "%s RI extension received by client\n",
		ilen ? "Non-empty" : "Empty");
		#endif
		s->s3->send_connection_binding=1;