-/* $OpenBSD: ssl_lib.c,v 1.246 2021/02/20 08:30:52 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->internal->min_version = ctx->internal->min_version;
s->internal->max_version = ctx->internal->max_version;
+ s->internal->min_proto_version = ctx->internal->min_proto_version;
+ s->internal->max_proto_version = ctx->internal->max_proto_version;
s->internal->options = ctx->internal->options;
s->internal->mode = ctx->internal->mode;
ret->method = meth;
ret->internal->min_version = meth->internal->min_version;
ret->internal->max_version = meth->internal->max_version;
+ ret->internal->min_proto_version = 0;
+ ret->internal->max_proto_version = 0;
ret->internal->mode = SSL_MODE_AUTO_RETRY;
ret->cert_store = NULL;
int
SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
{
- return ctx->internal->min_version;
+ return ctx->internal->min_proto_version;
}
int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
{
return ssl_version_set_min(ctx->method, version,
- ctx->internal->max_version, &ctx->internal->min_version);
+ ctx->internal->max_version, &ctx->internal->min_version,
+ &ctx->internal->min_proto_version);
}
int
SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
{
- return ctx->internal->max_version;
+ return ctx->internal->max_proto_version;
}
int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
{
return ssl_version_set_max(ctx->method, version,
- ctx->internal->min_version, &ctx->internal->max_version);
+ ctx->internal->min_version, &ctx->internal->max_version,
+ &ctx->internal->max_proto_version);
}
int
SSL_get_min_proto_version(SSL *ssl)
{
- return ssl->internal->min_version;
+ return ssl->internal->min_proto_version;
}
int
SSL_set_min_proto_version(SSL *ssl, uint16_t version)
{
return ssl_version_set_min(ssl->method, version,
- ssl->internal->max_version, &ssl->internal->min_version);
+ ssl->internal->max_version, &ssl->internal->min_version,
+ &ssl->internal->min_proto_version);
}
int
SSL_get_max_proto_version(SSL *ssl)
{
- return ssl->internal->max_version;
+ return ssl->internal->max_proto_version;
}
int
SSL_set_max_proto_version(SSL *ssl, uint16_t version)
{
return ssl_version_set_max(ssl->method, version,
- ssl->internal->min_version, &ssl->internal->max_version);
+ ssl->internal->min_version, &ssl->internal->max_version,
+ &ssl->internal->max_proto_version);
}
static int
-/* $OpenBSD: ssl_locl.h,v 1.320 2021/02/07 15:26:32 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.321 2021/02/20 09:43:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
uint16_t min_version;
uint16_t max_version;
+ /*
+ * These may be zero to imply minimum or maximum version supported by
+ * the method.
+ */
+ uint16_t min_proto_version;
+ uint16_t max_proto_version;
+
unsigned long options;
unsigned long mode;
uint16_t min_version;
uint16_t max_version;
+ /*
+ * These may be zero to imply minimum or maximum version supported by
+ * the method.
+ */
+ uint16_t min_proto_version;
+ uint16_t max_proto_version;
+
unsigned long options; /* protocol behaviour */
unsigned long mode; /* API behaviour */
int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
- uint16_t *out_ver);
+ uint16_t *out_ver, uint16_t *out_proto_ver);
int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
- uint16_t *out_ver);
+ uint16_t *out_ver, uint16_t *out_proto_ver);
int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver);
int ssl_legacy_stack_version(SSL *s, uint16_t version);
int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher);
-/* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
int
ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
- uint16_t *out_ver)
+ uint16_t *out_ver, uint16_t *out_proto_ver)
{
uint16_t min_version, max_version;
if (ver == 0) {
*out_ver = meth->internal->min_version;
+ *out_proto_ver = 0;
return 1;
}
meth->internal->min_version, meth->internal->max_version))
return 0;
- *out_ver = min_version;
+ *out_ver = *out_proto_ver = min_version;
return 1;
}
int
ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
- uint16_t *out_ver)
+ uint16_t *out_ver, uint16_t *out_proto_ver)
{
uint16_t min_version, max_version;
if (ver == 0) {
*out_ver = meth->internal->max_version;
+ *out_proto_ver = 0;
return 1;
}
meth->internal->min_version, meth->internal->max_version))
return 0;
- *out_ver = max_version;
+ *out_ver = *out_proto_ver = max_version;
return 1;
}