diff options
| author | jsing <> | 2021-02-25 17:06:05 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-25 17:06:05 +0000 |
| commit | f31e5e0704240c7403ecbaf41602c921f4ba8eda (patch) | |
| tree | 5a334628a895bbe67688cd0dbadfdc68524f02de /src/lib/libssl/ssl_locl.h | |
| parent | c2d35e24639b346e80e68018a2ea0e88ba10f2d9 (diff) | |
| download | openbsd-f31e5e0704240c7403ecbaf41602c921f4ba8eda.tar.gz openbsd-f31e5e0704240c7403ecbaf41602c921f4ba8eda.tar.bz2 openbsd-f31e5e0704240c7403ecbaf41602c921f4ba8eda.zip | |
Only use TLS versions internally (rather than both TLS and DTLS versions).
DTLS protocol version numbers are the 1's compliment of human readable TLS
version numbers, which means that newer versions decrease in value and
there is no direct mapping between TLS protocol version numbers and DTLS
protocol version numbers.
Rather than having to deal with this internally, only use TLS versions
internally and map between DTLS and TLS protocol versions when necessary.
Rename functions and variables to use 'tls_version' when they contain a
TLS version (and never a DTLS version).
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 3a4d318987..7ed3094c3e 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.322 2021/02/22 15:59:10 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.323 2021/02/25 17:06:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -362,8 +362,8 @@ typedef struct ssl_method_internal_st { | |||
| 362 | int server; | 362 | int server; |
| 363 | int version; | 363 | int version; |
| 364 | 364 | ||
| 365 | uint16_t min_version; | 365 | uint16_t min_tls_version; |
| 366 | uint16_t max_version; | 366 | uint16_t max_tls_version; |
| 367 | 367 | ||
| 368 | int (*ssl_new)(SSL *s); | 368 | int (*ssl_new)(SSL *s); |
| 369 | void (*ssl_clear)(SSL *s); | 369 | void (*ssl_clear)(SSL *s); |
| @@ -517,8 +517,8 @@ int tls12_record_layer_seal_record(struct tls12_record_layer *rl, | |||
| 517 | CBB *out); | 517 | CBB *out); |
| 518 | 518 | ||
| 519 | typedef struct ssl_ctx_internal_st { | 519 | typedef struct ssl_ctx_internal_st { |
| 520 | uint16_t min_version; | 520 | uint16_t min_tls_version; |
| 521 | uint16_t max_version; | 521 | uint16_t max_tls_version; |
| 522 | 522 | ||
| 523 | /* | 523 | /* |
| 524 | * These may be zero to imply minimum or maximum version supported by | 524 | * These may be zero to imply minimum or maximum version supported by |
| @@ -686,8 +686,8 @@ typedef struct ssl_ctx_internal_st { | |||
| 686 | typedef struct ssl_internal_st { | 686 | typedef struct ssl_internal_st { |
| 687 | struct tls13_ctx *tls13; | 687 | struct tls13_ctx *tls13; |
| 688 | 688 | ||
| 689 | uint16_t min_version; | 689 | uint16_t min_tls_version; |
| 690 | uint16_t max_version; | 690 | uint16_t max_tls_version; |
| 691 | 691 | ||
| 692 | /* | 692 | /* |
| 693 | * These may be zero to imply minimum or maximum version supported by | 693 | * These may be zero to imply minimum or maximum version supported by |
| @@ -1121,19 +1121,19 @@ struct ssl_aead_ctx_st { | |||
| 1121 | extern const SSL_CIPHER ssl3_ciphers[]; | 1121 | extern const SSL_CIPHER ssl3_ciphers[]; |
| 1122 | 1122 | ||
| 1123 | const char *ssl_version_string(int ver); | 1123 | const char *ssl_version_string(int ver); |
| 1124 | int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | 1124 | int ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, |
| 1125 | int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | 1125 | uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); |
| 1126 | int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | 1126 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, |
| 1127 | uint16_t *out_ver, uint16_t *out_proto_ver); | 1127 | uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); |
| 1128 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | 1128 | int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); |
| 1129 | uint16_t *out_ver, uint16_t *out_proto_ver); | 1129 | int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); |
| 1130 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); | 1130 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); |
| 1131 | int ssl_max_supported_version(SSL *s, uint16_t *max_ver); | 1131 | int ssl_max_supported_version(SSL *s, uint16_t *max_ver); |
| 1132 | int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); | 1132 | int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); |
| 1133 | int ssl_check_version_from_server(SSL *s, uint16_t server_version); | 1133 | int ssl_check_version_from_server(SSL *s, uint16_t server_version); |
| 1134 | int ssl_legacy_stack_version(SSL *s, uint16_t version); | 1134 | int ssl_legacy_stack_version(SSL *s, uint16_t version); |
| 1135 | int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); | 1135 | int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); |
| 1136 | int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, | 1136 | int ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, |
| 1137 | uint16_t min_ver, uint16_t max_ver); | 1137 | uint16_t min_ver, uint16_t max_ver); |
| 1138 | 1138 | ||
| 1139 | const SSL_METHOD *tls_legacy_method(void); | 1139 | const SSL_METHOD *tls_legacy_method(void); |