[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Tue Aug 7 19:55:10 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  a0f443a05dd68b9949b39b3310a595babcae4624 (commit)
      from  f48e0ef1144c647a3159a71db114598d8fb6adc9 (commit)


- Log -----------------------------------------------------------------
commit a0f443a05dd68b9949b39b3310a595babcae4624
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Aug 7 15:28:59 2018 -0400

    Increase CT_NUMBER values
    
    Also add build-time errors to keep them in sync.
    Thanks to GitHub user YuDudysheva for reporting this.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6874)
    (cherry picked from commit b5ee517794cf546dc7e3d5a82b400955a7381053)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl3.h | 10 ++++++++--
 include/openssl/tls1.h |  8 +++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 4ca434e..e51629f 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -252,9 +252,15 @@ extern "C" {
 # define SSL3_CT_FORTEZZA_DMS                    20
 /*
  * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * contain all of the cert types defined either for SSLv3 and TLSv1.
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
  */
-# define SSL3_CT_NUMBER                  9
+# define SSL3_CT_NUMBER                  10
+
+# if defined(TLS_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
 
 # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 3fe01fe..b536d84 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -883,7 +883,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there)
  */
-# define TLS_CT_NUMBER                   9
+# define TLS_CT_NUMBER                   10
+
+# if defined(SSL3_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
 
 # define TLS1_FINISH_MAC_LENGTH          12

More information about the openssl-commits mailing list