Return a min/max version of zero if set to zero.

OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero if the minimum or maximum has been set to zero (which means the minimum or maximum version supported by the method). Previously we returned the minimum or maximum version supported by the method, instead of zero. Match OpenSSL's behaviour by using shadow variables. Discussed with tb@
author: jsing <> 2021-02-20 09:43:29 +0000
committer: jsing <> 2021-02-20 09:43:29 +0000
commit: bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3 (patch)
tree: b003a2f9929caeeede1312592aff61b58a88eb00 /src/lib/libssl/ssl_locl.h
parent: 141f3ab66d9950038d21604bc59e4b0055b7983b (diff)
download: openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.gz
openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.bz2
openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.zip
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index edb8223fe2..fc61ffee4f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.320 2021/02/07 15:26:32 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.321 2021/02/20 09:43:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -520,6 +520,13 @@ typedef struct ssl_ctx_internal_st {
        uint16_t min_version;
        uint16_t max_version;
+        /*
+         * These may be zero to imply minimum or maximum version supported by
+         * the method.
+         */
+        uint16_t min_proto_version;
+        uint16_t max_proto_version;
        unsigned long options;
        unsigned long mode;
@@ -682,6 +689,13 @@ typedef struct ssl_internal_st {
        uint16_t min_version;
        uint16_t max_version;
+        /*
+         * These may be zero to imply minimum or maximum version supported by
+         * the method.
+         */
+        uint16_t min_proto_version;
+        uint16_t max_proto_version;
        unsigned long options; /* protocol behaviour */
        unsigned long mode; /* API behaviour */
@@ -1111,9 +1125,9 @@ int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
 int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
 int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
 int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
-    uint16_t *out_ver);
+    uint16_t *out_ver, uint16_t *out_proto_ver);
 int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
-    uint16_t *out_ver);
+    uint16_t *out_ver, uint16_t *out_proto_ver);
 int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver);
 int ssl_legacy_stack_version(SSL *s, uint16_t version);
 int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher);
author	jsing <>	2021-02-20 09:43:29 +0000
committer	jsing <>	2021-02-20 09:43:29 +0000
commit	bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3 (patch)
tree	b003a2f9929caeeede1312592aff61b58a88eb00 /src/lib/libssl/ssl_locl.h
parent	141f3ab66d9950038d21604bc59e4b0055b7983b (diff)
download	openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.gz openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.bz2 openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.zip