Update RI to match latest spec.

MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00 · 2009-12-27 22:58:55 +00:00 · d68015764e
commit d68015764e
parent b57599b70c
3 changed files with 18 additions and 14 deletions
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@ -129,8 +129,8 @@ extern "C" {
 #endif
 /* Magic Cipher Suite Value. NB: bogus value used for testing */
-#ifndef SSL3_CK_MCSV
+#ifndef SSL3_CK_SCSV
-#define SSL3_CK_MCSV				0x03000FEC
+#define SSL3_CK_SCSV				0x03000FEC
 #endif
 #define SSL3_CK_RSA_NULL_MD5			0x03000001
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1370,18 +1370,18 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		p+=j;
 		}
 	/* If p == q, no ciphers and caller indicates an error, otherwise
-	 * add MCSV
+	 * add SCSV if not renegotiating
 	 */
-	if (p != q)
+	if (p != q && !s->new_session)
 		{
 		static SSL_CIPHER msvc =
 			{
-			0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
 			};
 		j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p);
 		p+=j;
 #ifdef OPENSSL_RI_DEBUG
-		fprintf(stderr, "MCSV sent by client\n");
+		fprintf(stderr, "SCSV sent by client\n");
 #endif
 		}
@ -1413,15 +1413,15 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 	for (i=0; i<num; i+=n)
 		{
-		/* Check for MCSV */
+		/* Check for SCSV */
 		if (s->s3 && (n != 3 || !p[0]) &&
-			(p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) &&
+			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-			(p[n-1] == (SSL3_CK_MCSV & 0xff)))
+			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
 			{
 			s->s3->send_connection_binding = 1;
 			p += n;
 #ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "MCSV received by server\n");
+			fprintf(stderr, "SCSV received by server\n");
 #endif
 			continue;
 			}
--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
        memcpy(p, s->s3->previous_client_finished,
 	       s->s3->previous_client_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension sent by client\n");
+    fprintf(stderr, "%s RI extension sent by client\n",
 		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
        }
@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        return 0;
        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension received by server\n");
+    fprintf(stderr, "%s RI extension received by server\n",
 				ilen ? "Non-empty" : "Empty");
 #endif
    s->s3->send_connection_binding=1;
@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
        memcpy(p, s->s3->previous_server_finished,
 	       s->s3->previous_server_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension sent by server\n");
+    fprintf(stderr, "%s RI extension sent by server\n",
    		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
        }
@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        return 0;
        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "RI extension received by client\n");
+    fprintf(stderr, "%s RI extension received by client\n",
 				ilen ? "Non-empty" : "Empty");
 #endif
    s->s3->send_connection_binding=1;