diff options
| author | jsing <> | 2021-02-20 09:43:29 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-20 09:43:29 +0000 |
| commit | bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3 (patch) | |
| tree | b003a2f9929caeeede1312592aff61b58a88eb00 /src/lib/libssl/ssl_versions.c | |
| parent | 141f3ab66d9950038d21604bc59e4b0055b7983b (diff) | |
| download | openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.gz openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.tar.bz2 openbsd-bd364ca9f4fae8a2b7897e24cf7658d9c8d965d3.zip | |
Return a min/max version of zero if set to zero.
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_versions.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 2245ae15b5..1ee5ed312c 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -36,12 +36,13 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, | |||
| 36 | 36 | ||
| 37 | int | 37 | int |
| 38 | ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | 38 | ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, |
| 39 | uint16_t *out_ver) | 39 | uint16_t *out_ver, uint16_t *out_proto_ver) |
| 40 | { | 40 | { |
| 41 | uint16_t min_version, max_version; | 41 | uint16_t min_version, max_version; |
| 42 | 42 | ||
| 43 | if (ver == 0) { | 43 | if (ver == 0) { |
| 44 | *out_ver = meth->internal->min_version; | 44 | *out_ver = meth->internal->min_version; |
| 45 | *out_proto_ver = 0; | ||
| 45 | return 1; | 46 | return 1; |
| 46 | } | 47 | } |
| 47 | 48 | ||
| @@ -52,19 +53,20 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | |||
| 52 | meth->internal->min_version, meth->internal->max_version)) | 53 | meth->internal->min_version, meth->internal->max_version)) |
| 53 | return 0; | 54 | return 0; |
| 54 | 55 | ||
| 55 | *out_ver = min_version; | 56 | *out_ver = *out_proto_ver = min_version; |
| 56 | 57 | ||
| 57 | return 1; | 58 | return 1; |
| 58 | } | 59 | } |
| 59 | 60 | ||
| 60 | int | 61 | int |
| 61 | ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | 62 | ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, |
| 62 | uint16_t *out_ver) | 63 | uint16_t *out_ver, uint16_t *out_proto_ver) |
| 63 | { | 64 | { |
| 64 | uint16_t min_version, max_version; | 65 | uint16_t min_version, max_version; |
| 65 | 66 | ||
| 66 | if (ver == 0) { | 67 | if (ver == 0) { |
| 67 | *out_ver = meth->internal->max_version; | 68 | *out_ver = meth->internal->max_version; |
| 69 | *out_proto_ver = 0; | ||
| 68 | return 1; | 70 | return 1; |
| 69 | } | 71 | } |
| 70 | 72 | ||
| @@ -75,7 +77,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | |||
| 75 | meth->internal->min_version, meth->internal->max_version)) | 77 | meth->internal->min_version, meth->internal->max_version)) |
| 76 | return 0; | 78 | return 0; |
| 77 | 79 | ||
| 78 | *out_ver = max_version; | 80 | *out_ver = *out_proto_ver = max_version; |
| 79 | 81 | ||
| 80 | return 1; | 82 | return 1; |
| 81 | } | 83 | } |