diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-12-09 20:53:05 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-12-15 12:52:02 +0100 |
commit | 5c587fb6b996d47771bcaecd71489e4849103f56 (patch) | |
tree | f71bf7705554609990fbc47aa936f61d942c4c2f /ssl | |
parent | 91c5473035aaf2c0d86e4039c2a29a5b70541905 (diff) | |
download | openssl-5c587fb6b996d47771bcaecd71489e4849103f56.zip openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.gz openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.bz2 |
Use (D)TLS_MAX_VERSION_INTERNAL internally
Use 0 if we don't want to set a minimum or maximum version
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #7260
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_lib.c | 2 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 3 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 10 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 |
5 files changed, 11 insertions, 8 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 2da9ebb..d3f681b 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -192,7 +192,7 @@ int dtls1_clear(SSL *s) return 0; if (s->method->version == DTLS_ANY_VERSION) - s->version = DTLS_MAX_VERSION; + s->version = DTLS_MAX_VERSION_INTERNAL; #ifndef OPENSSL_NO_DTLS1_METHOD else if (s->options & SSL_OP_CISCO_ANYCONNECT) s->client_version = s->version = DTLS1_BAD_VER; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c2e6474..2d68691 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -131,6 +131,9 @@ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) +# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION +# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION + /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c1a572f..3b6cbb7 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -163,7 +163,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) return 1; } if (mt == SSL3_MT_CERTIFICATE_REQUEST) { -#if DTLS_MAX_VERSION != DTLS1_2_VERSION +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION # error TODO(DTLS1.3): Restore digest for PHA before adding message. #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 9e68e05..1a9aa41 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1417,7 +1417,7 @@ typedef struct { const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_3_VERSION +#if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION # error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif @@ -1451,7 +1451,7 @@ static const version_info tls_version_table[] = { {0, NULL, NULL}, }; -#if DTLS_MAX_VERSION != DTLS1_2_VERSION +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif @@ -1684,12 +1684,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound) return 0; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) + if (version < SSL3_VERSION || version > TLS_MAX_VERSION_INTERNAL) return 0; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || + if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION_INTERNAL) || DTLS_VERSION_LT(version, DTLS1_BAD_VER)) return 0; break; @@ -1735,7 +1735,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) * With version-flexible methods we have an initial state with: * * s->method->version == (D)TLS_ANY_VERSION, - * s->version == (D)TLS_MAX_VERSION. + * s->version == (D)TLS_MAX_VERSION_INTERNAL. * * So we detect version-flexible methods via the method version, not the * handle version. diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ee2278c..5dc645a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -121,7 +121,7 @@ int tls1_clear(SSL *s) return 0; if (s->method->version == TLS_ANY_VERSION) - s->version = TLS_MAX_VERSION; + s->version = TLS_MAX_VERSION_INTERNAL; else s->version = s->method->version; |