mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add more first-class support for SCSVS

Browse Source 
Just as we have a table of ssl3_ciphers, add a table of ssl3_scsvs, to contain
SSL_CIPHER objects for these non-valid ciphers.  This will allow for unified
handling of such indicators, especially as we are preparing to pass them around
between functions.

Since the 'valid' field is not set for the SCSVs, they should not be used
for anything requiring a cryptographic cipher (as opposed to something
being stuck in a cipher-shaped hole in the TLS wire protocol).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
This commit is contained in:
Benjamin Kaduk 2017-02-03 17:17:21 -06:00 committed by Richard Levitte
parent cb7a1f5fca
commit 650c6e41d6
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ssl/s3_lib.c
View File

@ -55,6 +55,7 @@
#include <openssl/rand.h>
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
/*
* The list of available ciphers, mostly organized into the following
@ -2797,6 +2798,26 @@ static SSL_CIPHER ssl3_ciphers[] = {
};
/*
* The list of known Signalling Cipher-Suite Value "ciphers", non-valid
* values stuffed into the ciphers field of the wire protocol for signalling
* purposes.
*/
static SSL_CIPHER ssl3_scsvs[] = {
{
0,
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
SSL3_CK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
{
0,
"TLS_FALLBACK_SCSV",
SSL3_CK_FALLBACK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
};
static int cipher_compare(const void *a, const void *b)
{
const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
@ -2807,8 +2828,9 @@ static int cipher_compare(const void *a, const void *b)
void ssl_sort_cipher_list(void)
{
qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
cipher_compare);
qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
}
const SSL3_ENC_METHOD SSLv3_enc_data = {
@ -3598,9 +3620,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
SSL_CIPHER c;
const SSL_CIPHER *cp;
c.id = id;
return OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
if (cp != NULL)
return cp;
return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
}
/*