diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-24 09:57:21 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-24 14:07:11 +0000 |
commit | 643a3580423c8774c08aed7e377495800b7e7266 (patch) | |
tree | 67b9b3df9d6080ad824f69aff5b6aff3e1ddf1d9 /ssl/s3_lib.c | |
parent | b9647e34ff67f0f7af19a7775fc3f8846a30ac2e (diff) |
Move the downgrade sentinel declarations to a header file
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3feb628809..d8cce5e63c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -58,6 +58,14 @@ #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) +/* TLSv1.3 downgrade protection sentinel values */ +const unsigned char tls11downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 +}; +const unsigned char tls12downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 +}; + /* * The list of available ciphers, mostly organized into the following * groups: @@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, } #ifndef OPENSSL_NO_TLS13DOWNGRADE if (ret) { - static const unsigned char tls11downgrade[] = { - 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 - }; - static const unsigned char tls12downgrade[] = { - 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 - }; - assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len); if (dgrd == DOWNGRADE_TO_1_2) memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, |