Move the downgrade sentinel declarations to a header file

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
author: Matt Caswell <matt@openssl.org> 2017-03-24 09:57:21 +0000
committer: Matt Caswell <matt@openssl.org> 2017-03-24 14:07:11 +0000
commit: 643a3580423c8774c08aed7e377495800b7e7266 (patch)
tree: 67b9b3df9d6080ad824f69aff5b6aff3e1ddf1d9 /ssl/s3_lib.c
parent: b9647e34ff67f0f7af19a7775fc3f8846a30ac2e (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3feb628809..d8cce5e63c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -58,6 +58,14 @@
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
 
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
+
 /*
  * The list of available ciphers, mostly organized into the following
  * groups:
@@ -4030,13 +4038,6 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     }
 #ifndef OPENSSL_NO_TLS13DOWNGRADE
     if (ret) {
-        static const unsigned char tls11downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
-        };
-        static const unsigned char tls12downgrade[] = {
-            0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
-        };
-
         assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
         if (dgrd == DOWNGRADE_TO_1_2)
             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
author	Matt Caswell <matt@openssl.org>	2017-03-24 09:57:21 +0000
committer	Matt Caswell <matt@openssl.org>	2017-03-24 14:07:11 +0000
commit	643a3580423c8774c08aed7e377495800b7e7266 (patch)
tree	67b9b3df9d6080ad824f69aff5b6aff3e1ddf1d9 /ssl/s3_lib.c
parent	b9647e34ff67f0f7af19a7775fc3f8846a30ac2e (diff)