Only use TLS versions internally (rather than both TLS and DTLS versions).

DTLS protocol version numbers are the 1's compliment of human readable TLS version numbers, which means that newer versions decrease in value and there is no direct mapping between TLS protocol version numbers and DTLS protocol version numbers. Rather than having to deal with this internally, only use TLS versions internally and map between DTLS and TLS protocol versions when necessary. Rename functions and variables to use 'tls_version' when they contain a TLS version (and never a DTLS version). ok tb@
author: jsing <> 2021-02-25 17:06:05 +0000
committer: jsing <> 2021-02-25 17:06:05 +0000
commit: 72c7f20e4fbcb3386178960b8f88ab2fbc042567 (patch)
tree: 5a334628a895bbe67688cd0dbadfdc68524f02de /src/lib/libssl/ssl_lib.c
parent: aed0a5deca305a997de3f6234733204b383f094f (diff)
download: openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.tar.gz
openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.tar.bz2
openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.zip
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 33aca33c92..57d0f4b779 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.248 2021/02/20 14:14:16 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.249 2021/02/25 17:06:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -254,8 +254,8 @@ SSL_new(SSL_CTX *ctx)
        if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
                goto err;
-        s->internal->min_version = ctx->internal->min_version;
+        s->internal->min_tls_version = ctx->internal->min_tls_version;
-        s->internal->max_version = ctx->internal->max_version;
+        s->internal->max_tls_version = ctx->internal->max_tls_version;
        s->internal->min_proto_version = ctx->internal->min_proto_version;
        s->internal->max_proto_version = ctx->internal->max_proto_version;
@@ -1336,7 +1336,7 @@ SSL_get1_supported_ciphers(SSL *s)
        if (s == NULL)
                return NULL;
-        if (!ssl_supported_version_range(s, &min_vers, &max_vers))
+        if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
                return NULL;
        if ((ciphers = SSL_get_ciphers(s)) == NULL)
                return NULL;
@@ -1346,7 +1346,7 @@ SSL_get1_supported_ciphers(SSL *s)
        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
                if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
                        goto err;
-                if (!ssl_cipher_allowed_in_version_range(cipher, min_vers,
+                if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
                    max_vers))
                        continue;
                if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
@@ -1829,8 +1829,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
        }
        ret->method = meth;
-        ret->internal->min_version = meth->internal->min_version;
+        ret->internal->min_tls_version = meth->internal->min_tls_version;
-        ret->internal->max_version = meth->internal->max_version;
+        ret->internal->max_tls_version = meth->internal->max_tls_version;
        ret->internal->min_proto_version = 0;
        ret->internal->max_proto_version = 0;
        ret->internal->mode = SSL_MODE_AUTO_RETRY;
@@ -3027,7 +3027,7 @@ int
 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
 {
        return ssl_version_set_min(ctx->method, version,
-            ctx->internal->max_version, &ctx->internal->min_version,
+            ctx->internal->max_tls_version, &ctx->internal->min_tls_version,
            &ctx->internal->min_proto_version);
 }
@@ -3041,7 +3041,7 @@ int
 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
 {
        return ssl_version_set_max(ctx->method, version,
-            ctx->internal->min_version, &ctx->internal->max_version,
+            ctx->internal->min_tls_version, &ctx->internal->max_tls_version,
            &ctx->internal->max_proto_version);
 }
@@ -3055,7 +3055,7 @@ int
 SSL_set_min_proto_version(SSL *ssl, uint16_t version)
 {
        return ssl_version_set_min(ssl->method, version,
-            ssl->internal->max_version, &ssl->internal->min_version,
+            ssl->internal->max_tls_version, &ssl->internal->min_tls_version,
            &ssl->internal->min_proto_version);
 }
 int
@@ -3068,7 +3068,7 @@ int
 SSL_set_max_proto_version(SSL *ssl, uint16_t version)
 {
        return ssl_version_set_max(ssl->method, version,
-            ssl->internal->min_version, &ssl->internal->max_version,
+            ssl->internal->min_tls_version, &ssl->internal->max_tls_version,
            &ssl->internal->max_proto_version);
 }
author	jsing <>	2021-02-25 17:06:05 +0000
committer	jsing <>	2021-02-25 17:06:05 +0000
commit	72c7f20e4fbcb3386178960b8f88ab2fbc042567 (patch)
tree	5a334628a895bbe67688cd0dbadfdc68524f02de /src/lib/libssl/ssl_lib.c
parent	aed0a5deca305a997de3f6234733204b383f094f (diff)
download	openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.tar.gz openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.tar.bz2 openbsd-72c7f20e4fbcb3386178960b8f88ab2fbc042567.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 33aca33c92..57d0f4b779 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.248 2021/02/20 14:14:16 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.249 2021/02/25 17:06:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -254,8 +254,8 @@ SSL_new(SSL_CTX *ctx)
254	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)	254	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
255	goto err;	255	goto err;
256		256
257	s->internal->min_version = ctx->internal->min_version;	257	s->internal->min_tls_version = ctx->internal->min_tls_version;
258	s->internal->max_version = ctx->internal->max_version;	258	s->internal->max_tls_version = ctx->internal->max_tls_version;
259	s->internal->min_proto_version = ctx->internal->min_proto_version;	259	s->internal->min_proto_version = ctx->internal->min_proto_version;
260	s->internal->max_proto_version = ctx->internal->max_proto_version;	260	s->internal->max_proto_version = ctx->internal->max_proto_version;
261		261
@@ -1336,7 +1336,7 @@ SSL_get1_supported_ciphers(SSL *s)
1336		1336
1337	if (s == NULL)	1337	if (s == NULL)
1338	return NULL;	1338	return NULL;
1339	if (!ssl_supported_version_range(s, &min_vers, &max_vers))	1339	if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
1340	return NULL;	1340	return NULL;
1341	if ((ciphers = SSL_get_ciphers(s)) == NULL)	1341	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1342	return NULL;	1342	return NULL;
@@ -1346,7 +1346,7 @@ SSL_get1_supported_ciphers(SSL *s)
1346	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {	1346	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1347	if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)	1347	if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1348	goto err;	1348	goto err;
1349	if (!ssl_cipher_allowed_in_version_range(cipher, min_vers,	1349	if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
1350	max_vers))	1350	max_vers))
1351	continue;	1351	continue;
1352	if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))	1352	if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
@@ -1829,8 +1829,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1829	}	1829	}
1830		1830
1831	ret->method = meth;	1831	ret->method = meth;
1832	ret->internal->min_version = meth->internal->min_version;	1832	ret->internal->min_tls_version = meth->internal->min_tls_version;
1833	ret->internal->max_version = meth->internal->max_version;	1833	ret->internal->max_tls_version = meth->internal->max_tls_version;
1834	ret->internal->min_proto_version = 0;	1834	ret->internal->min_proto_version = 0;
1835	ret->internal->max_proto_version = 0;	1835	ret->internal->max_proto_version = 0;
1836	ret->internal->mode = SSL_MODE_AUTO_RETRY;	1836	ret->internal->mode = SSL_MODE_AUTO_RETRY;
@@ -3027,7 +3027,7 @@ int
3027	SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)	3027	SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3028	{	3028	{
3029	return ssl_version_set_min(ctx->method, version,	3029	return ssl_version_set_min(ctx->method, version,
3030	ctx->internal->max_version, &ctx->internal->min_version,	3030	ctx->internal->max_tls_version, &ctx->internal->min_tls_version,
3031	&ctx->internal->min_proto_version);	3031	&ctx->internal->min_proto_version);
3032	}	3032	}
3033		3033
@@ -3041,7 +3041,7 @@ int
3041	SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)	3041	SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3042	{	3042	{
3043	return ssl_version_set_max(ctx->method, version,	3043	return ssl_version_set_max(ctx->method, version,
3044	ctx->internal->min_version, &ctx->internal->max_version,	3044	ctx->internal->min_tls_version, &ctx->internal->max_tls_version,
3045	&ctx->internal->max_proto_version);	3045	&ctx->internal->max_proto_version);
3046	}	3046	}
3047		3047
@@ -3055,7 +3055,7 @@ int
3055	SSL_set_min_proto_version(SSL *ssl, uint16_t version)	3055	SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3056	{	3056	{
3057	return ssl_version_set_min(ssl->method, version,	3057	return ssl_version_set_min(ssl->method, version,
3058	ssl->internal->max_version, &ssl->internal->min_version,	3058	ssl->internal->max_tls_version, &ssl->internal->min_tls_version,
3059	&ssl->internal->min_proto_version);	3059	&ssl->internal->min_proto_version);
3060	}	3060	}
3061	int	3061	int
@@ -3068,7 +3068,7 @@ int
3068	SSL_set_max_proto_version(SSL *ssl, uint16_t version)	3068	SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3069	{	3069	{
3070	return ssl_version_set_max(ssl->method, version,	3070	return ssl_version_set_max(ssl->method, version,
3071	ssl->internal->min_version, &ssl->internal->max_version,	3071	ssl->internal->min_tls_version, &ssl->internal->max_tls_version,
3072	&ssl->internal->max_proto_version);	3072	&ssl->internal->max_proto_version);
3073	}	3073	}
3074		3074