Update RI to match latest spec.

MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages.

Update RI to match latest spec.
MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages.
d6801576 · Dr. Stephen Henson · b57599b7 · d6801576 · d6801576 · d6801576
隐藏空白更改
内联并排

Showing with 18 addition and 14 deletion

ssl/ssl3.h ssl/ssl3.h +2 -2

ssl/ssl_lib.c ssl/ssl_lib.c +8 -8

ssl/t1_reneg.c ssl/t1_reneg.c +8 -4

未找到文件。
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -129,8 +129,8 @@ extern "C" {
 #endif

 /* Magic Cipher Suite Value. NB: bogus value used for testing */
-#ifndef SSL3_CK_MCSV
-#define SSL3_CK_MCSV				0x03000FEC
+#ifndef SSL3_CK_SCSV
+#define SSL3_CK_SCSV				0x03000FEC
 #endif

 #define SSL3_CK_RSA_NULL_MD5			0x03000001

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1370,18 +1370,18 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error, otherwise
-	 * add MCSV
+	 * add SCSV if not renegotiating
 	 */
-	if (p != q)
+	if (p != q && !s->new_session)
 		{
 		static SSL_CIPHER msvc =
 			{
-			0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
 			};
 		j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p);
 		p+=j;
 #ifdef OPENSSL_RI_DEBUG
-		fprintf(stderr, "MCSV sent by client\n");
+		fprintf(stderr, "SCSV sent by client\n");
 #endif
 		}

@@ -1413,15 +1413,15 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,

 	for (i=0; i<num; i+=n)
 		{
-		/* Check for MCSV */
+		/* Check for SCSV */
 		if (s->s3 && (n != 3 || !p[0]) &&
-			(p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) &&
-			(p[n-1] == (SSL3_CK_MCSV & 0xff)))
+			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
 			{
 			s->s3->send_connection_binding = 1;
 			p += n;
 #ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "MCSV received by server\n");
+			fprintf(stderr, "SCSV received by server\n");
 #endif
 			continue;
 			}

--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
        memcpy(p, s->s3->previous_client_finished,
 	       s->s3->previous_client_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension sent by client\n");
+    fprintf(stderr, "%s RI extension sent by client\n",
+		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
        }
    
@@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        return 0;
        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension received by server\n");
+    fprintf(stderr, "%s RI extension received by server\n",
+				ilen ? "Non-empty" : "Empty");
 #endif

    s->s3->send_connection_binding=1;
@@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
        memcpy(p, s->s3->previous_server_finished,
 	       s->s3->previous_server_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension sent by server\n");
+    fprintf(stderr, "%s RI extension sent by server\n",
+    		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
        }
    
@@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        return 0;
        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension received by client\n");
+    fprintf(stderr, "%s RI extension received by client\n",
+				ilen ? "Non-empty" : "Empty");
 #endif
    s->s3->send_connection_binding=1;