diff options
| author | David Benjamin <davidben@google.com> | 2016-09-20 15:12:23 -0400 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-09-21 20:06:18 +0000 |
| commit | e4706906336f8724a25b68f82967dcf82d2fb45e (patch) | |
| tree | 7b48de7a86cae5b9522690744fc3427443a721d3 /ssl | |
| parent | 2dc0204603f777597e2f97662e42887d1af5013f (diff) | |
| download | boringssl-e4706906336f8724a25b68f82967dcf82d2fb45e.zip boringssl-e4706906336f8724a25b68f82967dcf82d2fb45e.tar.gz boringssl-e4706906336f8724a25b68f82967dcf82d2fb45e.tar.bz2 | |
Align SSL_set_{min,max}_version with upstream.
Upstream added these functions after we did but decided to change the
names slightly. I'm not sure why they wanted to add the "proto" in
there, but align with them nonetheless so the ecosystem only has one set
of these functions.
BUG=90
Change-Id: Ia9863c58c9734374092051f02952b112806040cc
Reviewed-on: https://boringssl-review.googlesource.com/11123
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_lib.c | 30 | ||||
| -rw-r--r-- | ssl/ssl_test.cc | 88 | ||||
| -rw-r--r-- | ssl/test/bssl_shim.cc | 6 |
3 files changed, 70 insertions, 54 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0e8b344..8232532 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -311,11 +311,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { /* Lock the SSL_CTX to the specified version, for compatibility with legacy * uses of SSL_METHOD. */ if (method->version != 0) { - SSL_CTX_set_max_version(ret, method->version); - SSL_CTX_set_min_version(ret, method->version); + SSL_CTX_set_max_proto_version(ret, method->version); + SSL_CTX_set_min_proto_version(ret, method->version); } else if (!method->method->is_dtls) { /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */ - SSL_CTX_set_max_version(ret, TLS1_2_VERSION); + SSL_CTX_set_max_proto_version(ret, TLS1_2_VERSION); } return ret; @@ -949,19 +949,19 @@ int SSL_get_error(const SSL *ssl, int ret_code) { return SSL_ERROR_SYSCALL; } -int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) { +int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) { return ctx->method->version_from_wire(&ctx->min_version, version); } -int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) { +int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) { return ctx->method->version_from_wire(&ctx->max_version, version); } -int SSL_set_min_version(SSL *ssl, uint16_t version) { +int SSL_set_min_proto_version(SSL *ssl, uint16_t version) { return ssl->method->version_from_wire(&ssl->min_version, version); } -int SSL_set_max_version(SSL *ssl, uint16_t version) { +int SSL_set_max_proto_version(SSL *ssl, uint16_t version) { return ssl->method->version_from_wire(&ssl->max_version, version); } @@ -3003,3 +3003,19 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) { gettimeofday(out_clock, NULL); #endif } + +int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) { + return SSL_CTX_set_min_proto_version(ctx, version); +} + +int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) { + return SSL_CTX_set_max_proto_version(ctx, version); +} + +int SSL_set_min_version(SSL *ssl, uint16_t version) { + return SSL_set_min_proto_version(ssl, version); +} + +int SSL_set_max_version(SSL *ssl, uint16_t version) { + return SSL_set_max_proto_version(ssl, version); +} diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 4c4c0f4..b42315b 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -1524,8 +1524,8 @@ static bool TestGetPeerCertificate() { if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) || !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) || - !SSL_CTX_set_min_version(ctx.get(), version) || - !SSL_CTX_set_max_version(ctx.get(), version)) { + !SSL_CTX_set_min_proto_version(ctx.get(), version) || + !SSL_CTX_set_max_proto_version(ctx.get(), version)) { return false; } SSL_CTX_set_verify( @@ -1591,8 +1591,8 @@ static bool TestRetainOnlySHA256OfCerts() { if (!ctx || !SSL_CTX_use_certificate(ctx.get(), cert.get()) || !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) || - !SSL_CTX_set_min_version(ctx.get(), version) || - !SSL_CTX_set_max_version(ctx.get(), version)) { + !SSL_CTX_set_min_proto_version(ctx.get(), version) || + !SSL_CTX_set_max_proto_version(ctx.get(), version)) { return false; } SSL_CTX_set_verify( @@ -1632,7 +1632,7 @@ static bool ClientHelloMatches(uint16_t version, const uint8_t *expected, size_t expected_len) { bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); if (!ctx || - !SSL_CTX_set_max_version(ctx.get(), version) || + !SSL_CTX_set_max_proto_version(ctx.get(), version) || // Our default cipher list varies by CPU capabilities, so manually place // the ChaCha20 ciphers in front. !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) { @@ -1872,10 +1872,10 @@ static bool TestSessionIDContext() { !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) || !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1, sizeof(kContext1)) || - !SSL_CTX_set_min_version(client_ctx.get(), version) || - !SSL_CTX_set_max_version(client_ctx.get(), version) || - !SSL_CTX_set_min_version(server_ctx.get(), version) || - !SSL_CTX_set_max_version(server_ctx.get(), version)) { + !SSL_CTX_set_min_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_min_proto_version(server_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) { return false; } @@ -1932,10 +1932,10 @@ static bool TestSessionTimeout() { if (!server_ctx || !client_ctx || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) || !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) || - !SSL_CTX_set_min_version(client_ctx.get(), version) || - !SSL_CTX_set_max_version(client_ctx.get(), version) || - !SSL_CTX_set_min_version(server_ctx.get(), version) || - !SSL_CTX_set_max_version(server_ctx.get(), version)) { + !SSL_CTX_set_min_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_min_proto_version(server_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) { return false; } @@ -2011,12 +2011,12 @@ static bool TestSNICallback() { // key to only sign SHA-256. !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256, 1) || - !SSL_CTX_set_min_version(client_ctx.get(), version) || - !SSL_CTX_set_max_version(client_ctx.get(), version) || - !SSL_CTX_set_min_version(server_ctx.get(), version) || - !SSL_CTX_set_max_version(server_ctx.get(), version) || - !SSL_CTX_set_min_version(server_ctx2.get(), version) || - !SSL_CTX_set_max_version(server_ctx2.get(), version)) { + !SSL_CTX_set_min_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(client_ctx.get(), version) || + !SSL_CTX_set_min_proto_version(server_ctx.get(), version) || + !SSL_CTX_set_max_proto_version(server_ctx.get(), version) || + !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) || + !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) { return false; } @@ -2044,7 +2044,7 @@ static bool TestSNICallback() { } static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) { - if (!SSL_set_max_version(ctx->ssl, TLS1_2_VERSION)) { + if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) { return -1; } @@ -2061,8 +2061,8 @@ static bool TestEarlyCallbackVersionSwitch() { if (!cert || !key || !server_ctx || !client_ctx || !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) || !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) || - !SSL_CTX_set_max_version(client_ctx.get(), TLS1_3_VERSION) || - !SSL_CTX_set_max_version(server_ctx.get(), TLS1_3_VERSION)) { + !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) || + !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) { return false; } @@ -2088,20 +2088,20 @@ static bool TestSetVersion() { return false; } - if (!SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) || - !SSL_CTX_set_max_version(ctx.get(), TLS1_1_VERSION) || - !SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) || - !SSL_CTX_set_min_version(ctx.get(), TLS1_1_VERSION)) { + if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) || + !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) || + !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) || + !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) { fprintf(stderr, "Could not set valid TLS version.\n"); return false; } - if (SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) || - SSL_CTX_set_max_version(ctx.get(), 0x0200) || - SSL_CTX_set_max_version(ctx.get(), 0x1234) || - SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) || - SSL_CTX_set_min_version(ctx.get(), 0x0200) || - SSL_CTX_set_min_version(ctx.get(), 0x1234)) { + if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) || + SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) || + SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) || + SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) || + SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) || + SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) { fprintf(stderr, "Unexpectedly set invalid TLS version.\n"); return false; } @@ -2111,22 +2111,22 @@ static bool TestSetVersion() { return false; } - if (!SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) || - !SSL_CTX_set_max_version(ctx.get(), DTLS1_2_VERSION) || - !SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) || - !SSL_CTX_set_min_version(ctx.get(), DTLS1_2_VERSION)) { + if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) || + !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) || + !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) || + !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) { fprintf(stderr, "Could not set valid DTLS version.\n"); return false; } - if (SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) || - SSL_CTX_set_max_version(ctx.get(), 0xfefe /* DTLS 1.1 */) || - SSL_CTX_set_max_version(ctx.get(), 0xfffe /* DTLS 0.1 */) || - SSL_CTX_set_max_version(ctx.get(), 0x1234) || - SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) || - SSL_CTX_set_min_version(ctx.get(), 0xfefe /* DTLS 1.1 */) || - SSL_CTX_set_min_version(ctx.get(), 0xfffe /* DTLS 0.1 */) || - SSL_CTX_set_min_version(ctx.get(), 0x1234)) { + if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) || + SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) || + SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) || + SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) || + SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) || + SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) || + SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) || + SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) { fprintf(stderr, "Unexpectedly set invalid DTLS version.\n"); return false; } diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 55b6599..dc6e99d 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -816,7 +816,7 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { // Enable TLS 1.3 for tests. if (!config->is_dtls && - !SSL_CTX_set_max_version(ssl_ctx.get(), TLS1_3_VERSION)) { + !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) { return nullptr; } @@ -1366,11 +1366,11 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, return false; } if (config->min_version != 0 && - !SSL_set_min_version(ssl.get(), (uint16_t)config->min_version)) { + !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { return false; } if (config->max_version != 0 && - !SSL_set_max_version(ssl.get(), (uint16_t)config->max_version)) { + !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) { return false; } if (config->mtu != 0) { |