From b5ee517794cf546dc7e3d5a82b400955a7381053 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 7 Aug 2018 15:28:59 -0400 Subject: Increase CT_NUMBER values Also add build-time errors to keep them in sync. Thanks to GitHub user YuDudysheva for reporting this. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6874) --- include/openssl/ssl3.h | 10 ++++++++-- include/openssl/tls1.h | 8 +++++++- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 6d0ed11bd8..8d01fcc487 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -263,9 +263,15 @@ extern "C" { # define SSL3_CT_FORTEZZA_DMS 20 /* * SSL3_CT_NUMBER is used to size arrays and it must be large enough to - * contain all of the cert types defined either for SSLv3 and TLSv1. + * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 9 +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif /* No longer used as of OpenSSL 1.1.1 */ # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 761a86a752..2f19ccf229 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1149,7 +1149,13 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 9 +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define TLS1_FINISH_MAC_LENGTH 12 -- cgit v1.2.3