diff options
| -rw-r--r-- | lib/libssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 20 | ||||
| -rw-r--r-- | lib/libssl/ssl_versions.c | 12 |
3 files changed, 41 insertions, 17 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index f8028752744..6a182f2e3b1 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.246 2021/02/20 08:30:52 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -256,6 +256,8 @@ SSL_new(SSL_CTX *ctx) s->internal->min_version = ctx->internal->min_version; s->internal->max_version = ctx->internal->max_version; + s->internal->min_proto_version = ctx->internal->min_proto_version; + s->internal->max_proto_version = ctx->internal->max_proto_version; s->internal->options = ctx->internal->options; s->internal->mode = ctx->internal->mode; @@ -1829,6 +1831,8 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->method = meth; ret->internal->min_version = meth->internal->min_version; ret->internal->max_version = meth->internal->max_version; + ret->internal->min_proto_version = 0; + ret->internal->max_proto_version = 0; ret->internal->mode = SSL_MODE_AUTO_RETRY; ret->cert_store = NULL; @@ -3016,52 +3020,56 @@ SSL_cache_hit(SSL *s) int SSL_CTX_get_min_proto_version(SSL_CTX *ctx) { - return ctx->internal->min_version; + return ctx->internal->min_proto_version; } int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_min(ctx->method, version, - ctx->internal->max_version, &ctx->internal->min_version); + ctx->internal->max_version, &ctx->internal->min_version, + &ctx->internal->min_proto_version); } int SSL_CTX_get_max_proto_version(SSL_CTX *ctx) { - return ctx->internal->max_version; + return ctx->internal->max_proto_version; } int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_max(ctx->method, version, - ctx->internal->min_version, &ctx->internal->max_version); + ctx->internal->min_version, &ctx->internal->max_version, + &ctx->internal->max_proto_version); } int SSL_get_min_proto_version(SSL *ssl) { - return ssl->internal->min_version; + return ssl->internal->min_proto_version; } int SSL_set_min_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_min(ssl->method, version, - ssl->internal->max_version, &ssl->internal->min_version); + ssl->internal->max_version, &ssl->internal->min_version, + &ssl->internal->min_proto_version); } int SSL_get_max_proto_version(SSL *ssl) { - return ssl->internal->max_version; + return ssl->internal->max_proto_version; } int SSL_set_max_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_max(ssl->method, version, - ssl->internal->min_version, &ssl->internal->max_version); + ssl->internal->min_version, &ssl->internal->max_version, + &ssl->internal->max_proto_version); } static int diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index edb8223fe27..fc61ffee4f0 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.320 2021/02/07 15:26:32 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.321 2021/02/20 09:43:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -520,6 +520,13 @@ typedef struct ssl_ctx_internal_st { uint16_t min_version; uint16_t max_version; + /* + * These may be zero to imply minimum or maximum version supported by + * the method. + */ + uint16_t min_proto_version; + uint16_t max_proto_version; + unsigned long options; unsigned long mode; @@ -682,6 +689,13 @@ typedef struct ssl_internal_st { uint16_t min_version; uint16_t max_version; + /* + * These may be zero to imply minimum or maximum version supported by + * the method. + */ + uint16_t min_proto_version; + uint16_t max_proto_version; + unsigned long options; /* protocol behaviour */ unsigned long mode; /* API behaviour */ @@ -1111,9 +1125,9 @@ int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, - uint16_t *out_ver); + uint16_t *out_ver, uint16_t *out_proto_ver); int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, - uint16_t *out_ver); + uint16_t *out_ver, uint16_t *out_proto_ver); int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); int ssl_legacy_stack_version(SSL *s, uint16_t version); int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c index 2245ae15b5b..1ee5ed312cf 100644 --- a/lib/libssl/ssl_versions.c +++ b/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * @@ -36,12 +36,13 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, - uint16_t *out_ver) + uint16_t *out_ver, uint16_t *out_proto_ver) { uint16_t min_version, max_version; if (ver == 0) { *out_ver = meth->internal->min_version; + *out_proto_ver = 0; return 1; } @@ -52,19 +53,20 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, meth->internal->min_version, meth->internal->max_version)) return 0; - *out_ver = min_version; + *out_ver = *out_proto_ver = min_version; return 1; } int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, - uint16_t *out_ver) + uint16_t *out_ver, uint16_t *out_proto_ver) { uint16_t min_version, max_version; if (ver == 0) { *out_ver = meth->internal->max_version; + *out_proto_ver = 0; return 1; } @@ -75,7 +77,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, meth->internal->min_version, meth->internal->max_version)) return 0; - *out_ver = max_version; + *out_ver = *out_proto_ver = max_version; return 1; } |