Use (D)TLS_MAX_VERSION_INTERNAL internally

Use 0 if we don't want to set a minimum or maximum version Reviewed-by: Matt Caswell <matt@openssl.org> GH: #7260
author: Kurt Roeckx <kurt@roeckx.be> 2018-12-09 20:53:05 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2018-12-15 12:52:02 +0100
commit: 5c587fb6b996d47771bcaecd71489e4849103f56 (patch)
tree: f71bf7705554609990fbc47aa936f61d942c4c2f /ssl
parent: 91c5473035aaf2c0d86e4039c2a29a5b70541905 (diff)
download: openssl-5c587fb6b996d47771bcaecd71489e4849103f56.zip
openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.gz
openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.bz2
5 files changed, 11 insertions, 8 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2da9ebb..d3f681b 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -192,7 +192,7 @@ int dtls1_clear(SSL *s)
         return 0;
 
     if (s->method->version == DTLS_ANY_VERSION)
-        s->version = DTLS_MAX_VERSION;
+        s->version = DTLS_MAX_VERSION_INTERNAL;
 #ifndef OPENSSL_NO_DTLS1_METHOD
     else if (s->options & SSL_OP_CISCO_ANYCONNECT)
         s->client_version = s->version = DTLS1_BAD_VER;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c2e6474..2d68691 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -131,6 +131,9 @@
                            (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
                            (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
 
+# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION
+# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION
+
 /*
  * DTLS version numbers are strange because they're inverted. Except for
  * DTLS1_BAD_VER, which should be considered "lower" than the rest.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c1a572f..3b6cbb7 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -163,7 +163,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
             return 1;
         }
         if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
 # error TODO(DTLS1.3): Restore digest for PHA before adding message.
 #endif
             if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e68e05..1a9aa41 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1417,7 +1417,7 @@ typedef struct {
     const SSL_METHOD *(*smeth) (void);
 } version_info;
 
-#if TLS_MAX_VERSION != TLS1_3_VERSION
+#if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION
 # error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
 #endif
 
@@ -1451,7 +1451,7 @@ static const version_info tls_version_table[] = {
     {0, NULL, NULL},
 };
 
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
 # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
 #endif
 
@@ -1684,12 +1684,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
         return 0;
 
     case TLS_ANY_VERSION:
-        if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
+        if (version < SSL3_VERSION || version > TLS_MAX_VERSION_INTERNAL)
             return 0;
         break;
 
     case DTLS_ANY_VERSION:
-        if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
+        if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION_INTERNAL) ||
             DTLS_VERSION_LT(version, DTLS1_BAD_VER))
             return 0;
         break;
@@ -1735,7 +1735,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
      * With version-flexible methods we have an initial state with:
      *
      *   s->method->version == (D)TLS_ANY_VERSION,
-     *   s->version == (D)TLS_MAX_VERSION.
+     *   s->version == (D)TLS_MAX_VERSION_INTERNAL.
      *
      * So we detect version-flexible methods via the method version, not the
      * handle version.
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ee2278c..5dc645a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -121,7 +121,7 @@ int tls1_clear(SSL *s)
         return 0;
 
     if (s->method->version == TLS_ANY_VERSION)
-        s->version = TLS_MAX_VERSION;
+        s->version = TLS_MAX_VERSION_INTERNAL;
     else
         s->version = s->method->version;
author	Kurt Roeckx <kurt@roeckx.be>	2018-12-09 20:53:05 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2018-12-15 12:52:02 +0100
commit	5c587fb6b996d47771bcaecd71489e4849103f56 (patch)
tree	f71bf7705554609990fbc47aa936f61d942c4c2f /ssl
parent	91c5473035aaf2c0d86e4039c2a29a5b70541905 (diff)
download	openssl-5c587fb6b996d47771bcaecd71489e4849103f56.zip openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.gz openssl-5c587fb6b996d47771bcaecd71489e4849103f56.tar.bz2