diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 20 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_versions.c | 12 |
3 files changed, 41 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index f802875274..6a182f2e3b 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.246 2021/02/20 08:30:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -256,6 +256,8 @@ SSL_new(SSL_CTX *ctx) | |||
| 256 | 256 | ||
| 257 | s->internal->min_version = ctx->internal->min_version; | 257 | s->internal->min_version = ctx->internal->min_version; |
| 258 | s->internal->max_version = ctx->internal->max_version; | 258 | s->internal->max_version = ctx->internal->max_version; |
| 259 | s->internal->min_proto_version = ctx->internal->min_proto_version; | ||
| 260 | s->internal->max_proto_version = ctx->internal->max_proto_version; | ||
| 259 | 261 | ||
| 260 | s->internal->options = ctx->internal->options; | 262 | s->internal->options = ctx->internal->options; |
| 261 | s->internal->mode = ctx->internal->mode; | 263 | s->internal->mode = ctx->internal->mode; |
| @@ -1829,6 +1831,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1829 | ret->method = meth; | 1831 | ret->method = meth; |
| 1830 | ret->internal->min_version = meth->internal->min_version; | 1832 | ret->internal->min_version = meth->internal->min_version; |
| 1831 | ret->internal->max_version = meth->internal->max_version; | 1833 | ret->internal->max_version = meth->internal->max_version; |
| 1834 | ret->internal->min_proto_version = 0; | ||
| 1835 | ret->internal->max_proto_version = 0; | ||
| 1832 | ret->internal->mode = SSL_MODE_AUTO_RETRY; | 1836 | ret->internal->mode = SSL_MODE_AUTO_RETRY; |
| 1833 | 1837 | ||
| 1834 | ret->cert_store = NULL; | 1838 | ret->cert_store = NULL; |
| @@ -3016,52 +3020,56 @@ SSL_cache_hit(SSL *s) | |||
| 3016 | int | 3020 | int |
| 3017 | SSL_CTX_get_min_proto_version(SSL_CTX *ctx) | 3021 | SSL_CTX_get_min_proto_version(SSL_CTX *ctx) |
| 3018 | { | 3022 | { |
| 3019 | return ctx->internal->min_version; | 3023 | return ctx->internal->min_proto_version; |
| 3020 | } | 3024 | } |
| 3021 | 3025 | ||
| 3022 | int | 3026 | int |
| 3023 | SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) | 3027 | SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) |
| 3024 | { | 3028 | { |
| 3025 | return ssl_version_set_min(ctx->method, version, | 3029 | return ssl_version_set_min(ctx->method, version, |
| 3026 | ctx->internal->max_version, &ctx->internal->min_version); | 3030 | ctx->internal->max_version, &ctx->internal->min_version, |
| 3031 | &ctx->internal->min_proto_version); | ||
| 3027 | } | 3032 | } |
| 3028 | 3033 | ||
| 3029 | int | 3034 | int |
| 3030 | SSL_CTX_get_max_proto_version(SSL_CTX *ctx) | 3035 | SSL_CTX_get_max_proto_version(SSL_CTX *ctx) |
| 3031 | { | 3036 | { |
| 3032 | return ctx->internal->max_version; | 3037 | return ctx->internal->max_proto_version; |
| 3033 | } | 3038 | } |
| 3034 | 3039 | ||
| 3035 | int | 3040 | int |
| 3036 | SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) | 3041 | SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) |
| 3037 | { | 3042 | { |
| 3038 | return ssl_version_set_max(ctx->method, version, | 3043 | return ssl_version_set_max(ctx->method, version, |
| 3039 | ctx->internal->min_version, &ctx->internal->max_version); | 3044 | ctx->internal->min_version, &ctx->internal->max_version, |
| 3045 | &ctx->internal->max_proto_version); | ||
| 3040 | } | 3046 | } |
| 3041 | 3047 | ||
| 3042 | int | 3048 | int |
| 3043 | SSL_get_min_proto_version(SSL *ssl) | 3049 | SSL_get_min_proto_version(SSL *ssl) |
| 3044 | { | 3050 | { |
| 3045 | return ssl->internal->min_version; | 3051 | return ssl->internal->min_proto_version; |
| 3046 | } | 3052 | } |
| 3047 | 3053 | ||
| 3048 | int | 3054 | int |
| 3049 | SSL_set_min_proto_version(SSL *ssl, uint16_t version) | 3055 | SSL_set_min_proto_version(SSL *ssl, uint16_t version) |
| 3050 | { | 3056 | { |
| 3051 | return ssl_version_set_min(ssl->method, version, | 3057 | return ssl_version_set_min(ssl->method, version, |
| 3052 | ssl->internal->max_version, &ssl->internal->min_version); | 3058 | ssl->internal->max_version, &ssl->internal->min_version, |
| 3059 | &ssl->internal->min_proto_version); | ||
| 3053 | } | 3060 | } |
| 3054 | int | 3061 | int |
| 3055 | SSL_get_max_proto_version(SSL *ssl) | 3062 | SSL_get_max_proto_version(SSL *ssl) |
| 3056 | { | 3063 | { |
| 3057 | return ssl->internal->max_version; | 3064 | return ssl->internal->max_proto_version; |
| 3058 | } | 3065 | } |
| 3059 | 3066 | ||
| 3060 | int | 3067 | int |
| 3061 | SSL_set_max_proto_version(SSL *ssl, uint16_t version) | 3068 | SSL_set_max_proto_version(SSL *ssl, uint16_t version) |
| 3062 | { | 3069 | { |
| 3063 | return ssl_version_set_max(ssl->method, version, | 3070 | return ssl_version_set_max(ssl->method, version, |
| 3064 | ssl->internal->min_version, &ssl->internal->max_version); | 3071 | ssl->internal->min_version, &ssl->internal->max_version, |
| 3072 | &ssl->internal->max_proto_version); | ||
| 3065 | } | 3073 | } |
| 3066 | 3074 | ||
| 3067 | static int | 3075 | static int |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index edb8223fe2..fc61ffee4f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.320 2021/02/07 15:26:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.321 2021/02/20 09:43:29 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -520,6 +520,13 @@ typedef struct ssl_ctx_internal_st { | |||
| 520 | uint16_t min_version; | 520 | uint16_t min_version; |
| 521 | uint16_t max_version; | 521 | uint16_t max_version; |
| 522 | 522 | ||
| 523 | /* | ||
| 524 | * These may be zero to imply minimum or maximum version supported by | ||
| 525 | * the method. | ||
| 526 | */ | ||
| 527 | uint16_t min_proto_version; | ||
| 528 | uint16_t max_proto_version; | ||
| 529 | |||
| 523 | unsigned long options; | 530 | unsigned long options; |
| 524 | unsigned long mode; | 531 | unsigned long mode; |
| 525 | 532 | ||
| @@ -682,6 +689,13 @@ typedef struct ssl_internal_st { | |||
| 682 | uint16_t min_version; | 689 | uint16_t min_version; |
| 683 | uint16_t max_version; | 690 | uint16_t max_version; |
| 684 | 691 | ||
| 692 | /* | ||
| 693 | * These may be zero to imply minimum or maximum version supported by | ||
| 694 | * the method. | ||
| 695 | */ | ||
| 696 | uint16_t min_proto_version; | ||
| 697 | uint16_t max_proto_version; | ||
| 698 | |||
| 685 | unsigned long options; /* protocol behaviour */ | 699 | unsigned long options; /* protocol behaviour */ |
| 686 | unsigned long mode; /* API behaviour */ | 700 | unsigned long mode; /* API behaviour */ |
| 687 | 701 | ||
| @@ -1111,9 +1125,9 @@ int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | |||
| 1111 | int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | 1125 | int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); |
| 1112 | int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); | 1126 | int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); |
| 1113 | int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | 1127 | int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, |
| 1114 | uint16_t *out_ver); | 1128 | uint16_t *out_ver, uint16_t *out_proto_ver); |
| 1115 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | 1129 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, |
| 1116 | uint16_t *out_ver); | 1130 | uint16_t *out_ver, uint16_t *out_proto_ver); |
| 1117 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); | 1131 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); |
| 1118 | int ssl_legacy_stack_version(SSL *s, uint16_t version); | 1132 | int ssl_legacy_stack_version(SSL *s, uint16_t version); |
| 1119 | int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); | 1133 | int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); |
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 2245ae15b5..1ee5ed312c 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -36,12 +36,13 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, | |||
| 36 | 36 | ||
| 37 | int | 37 | int |
| 38 | ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | 38 | ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, |
| 39 | uint16_t *out_ver) | 39 | uint16_t *out_ver, uint16_t *out_proto_ver) |
| 40 | { | 40 | { |
| 41 | uint16_t min_version, max_version; | 41 | uint16_t min_version, max_version; |
| 42 | 42 | ||
| 43 | if (ver == 0) { | 43 | if (ver == 0) { |
| 44 | *out_ver = meth->internal->min_version; | 44 | *out_ver = meth->internal->min_version; |
| 45 | *out_proto_ver = 0; | ||
| 45 | return 1; | 46 | return 1; |
| 46 | } | 47 | } |
| 47 | 48 | ||
| @@ -52,19 +53,20 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | |||
| 52 | meth->internal->min_version, meth->internal->max_version)) | 53 | meth->internal->min_version, meth->internal->max_version)) |
| 53 | return 0; | 54 | return 0; |
| 54 | 55 | ||
| 55 | *out_ver = min_version; | 56 | *out_ver = *out_proto_ver = min_version; |
| 56 | 57 | ||
| 57 | return 1; | 58 | return 1; |
| 58 | } | 59 | } |
| 59 | 60 | ||
| 60 | int | 61 | int |
| 61 | ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | 62 | ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, |
| 62 | uint16_t *out_ver) | 63 | uint16_t *out_ver, uint16_t *out_proto_ver) |
| 63 | { | 64 | { |
| 64 | uint16_t min_version, max_version; | 65 | uint16_t min_version, max_version; |
| 65 | 66 | ||
| 66 | if (ver == 0) { | 67 | if (ver == 0) { |
| 67 | *out_ver = meth->internal->max_version; | 68 | *out_ver = meth->internal->max_version; |
| 69 | *out_proto_ver = 0; | ||
| 68 | return 1; | 70 | return 1; |
| 69 | } | 71 | } |
| 70 | 72 | ||
| @@ -75,7 +77,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | |||
| 75 | meth->internal->min_version, meth->internal->max_version)) | 77 | meth->internal->min_version, meth->internal->max_version)) |
| 76 | return 0; | 78 | return 0; |
| 77 | 79 | ||
| 78 | *out_ver = max_version; | 80 | *out_ver = *out_proto_ver = max_version; |
| 79 | 81 | ||
| 80 | return 1; | 82 | return 1; |
| 81 | } | 83 | } |