mirror of
https://github.com/openbsd/src.git
synced 2025-01-10 06:47:55 -08:00
Provide SSL{,_CTX}_set_{min,max}_proto_version() functions.
Rides minor bump. ok beck@
This commit is contained in:
jsing
parent
02a7d0f3c2
commit
43a30d3dc5
@ -97,6 +97,8 @@ SSL_CTX_set_default_verify_paths
|
||||
SSL_CTX_set_ex_data
|
||||
SSL_CTX_set_generate_session_id
|
||||
SSL_CTX_set_info_callback
|
||||
SSL_CTX_set_min_proto_version
|
||||
SSL_CTX_set_max_proto_version
|
||||
SSL_CTX_set_msg_callback
|
||||
SSL_CTX_set_next_proto_select_cb
|
||||
SSL_CTX_set_next_protos_advertised_cb
|
||||
@ -229,6 +231,8 @@ SSL_set_ex_data
|
||||
SSL_set_fd
|
||||
SSL_set_generate_session_id
|
||||
SSL_set_info_callback
|
||||
SSL_set_min_proto_version
|
||||
SSL_set_max_proto_version
|
||||
SSL_set_msg_callback
|
||||
SSL_set_purpose
|
||||
SSL_set_quiet_shutdown
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: s3_lib.c,v 1.140 2017/04/10 17:27:33 jsing Exp $ */
|
||||
/* $OpenBSD: s3_lib.c,v 1.141 2017/05/06 20:37:24 jsing Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -2141,6 +2141,16 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
||||
ret = ssl_ctrl_get_server_tmp_key(s, parg);
|
||||
break;
|
||||
|
||||
case SSL_CTRL_SET_MIN_PROTO_VERSION:
|
||||
if (larg < 0 || larg > UINT16_MAX)
|
||||
return (0);
|
||||
return SSL_set_min_proto_version(s, larg);
|
||||
|
||||
case SSL_CTRL_SET_MAX_PROTO_VERSION:
|
||||
if (larg < 0 || larg > UINT16_MAX)
|
||||
return (0);
|
||||
return SSL_set_max_proto_version(s, larg);
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -2323,6 +2333,16 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
||||
case SSL_CTRL_SET_GROUPS_LIST:
|
||||
return SSL_CTX_set1_groups_list(ctx, parg);
|
||||
|
||||
case SSL_CTRL_SET_MIN_PROTO_VERSION:
|
||||
if (larg < 0 || larg > UINT16_MAX)
|
||||
return (0);
|
||||
return SSL_CTX_set_min_proto_version(ctx, larg);
|
||||
|
||||
case SSL_CTRL_SET_MAX_PROTO_VERSION:
|
||||
if (larg < 0 || larg > UINT16_MAX)
|
||||
return (0);
|
||||
return SSL_CTX_set_max_proto_version(ctx, larg);
|
||||
|
||||
default:
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl.h,v 1.127 2017/02/05 15:06:05 jsing Exp $ */
|
||||
/* $OpenBSD: ssl.h,v 1.128 2017/05/06 20:37:25 jsing Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -1129,6 +1129,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
|
||||
|
||||
#define SSL_CTRL_SET_DH_AUTO 118
|
||||
|
||||
#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
|
||||
#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
|
||||
|
||||
#define DTLSv1_get_timeout(ssl, arg) \
|
||||
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
|
||||
#define DTLSv1_handle_timeout(ssl) \
|
||||
@ -1177,6 +1180,12 @@ int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
|
||||
int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len);
|
||||
int SSL_set1_groups_list(SSL *ssl, const char *groups);
|
||||
|
||||
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
|
||||
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
|
||||
|
||||
int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
|
||||
int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
|
||||
|
||||
#ifndef LIBRESSL_INTERNAL
|
||||
#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
|
||||
#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl_lib.c,v 1.158 2017/02/28 14:08:49 jsing Exp $ */
|
||||
/* $OpenBSD: ssl_lib.c,v 1.159 2017/05/06 20:37:25 jsing Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -2969,6 +2969,33 @@ SSL_cache_hit(SSL *s)
|
||||
return (s->internal->hit);
|
||||
}
|
||||
|
||||
int
|
||||
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
|
||||
{
|
||||
return ssl_version_set_min(ctx->method, version,
|
||||
ctx->internal->max_version, &ctx->internal->min_version);
|
||||
}
|
||||
|
||||
int
|
||||
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
|
||||
{
|
||||
return ssl_version_set_max(ctx->method, version,
|
||||
ctx->internal->min_version, &ctx->internal->max_version);
|
||||
}
|
||||
|
||||
int
|
||||
SSL_set_min_proto_version(SSL *ssl, uint16_t version)
|
||||
{
|
||||
return ssl_version_set_min(ssl->method, version,
|
||||
ssl->internal->max_version, &ssl->internal->min_version);
|
||||
}
|
||||
|
||||
int
|
||||
SSL_set_max_proto_version(SSL *ssl, uint16_t version)
|
||||
{
|
||||
return ssl_version_set_max(ssl->method, version,
|
||||
ssl->internal->min_version, &ssl->internal->max_version);
|
||||
}
|
||||
|
||||
static int
|
||||
ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl_locl.h,v 1.178 2017/03/10 16:03:27 jsing Exp $ */
|
||||
/* $OpenBSD: ssl_locl.h,v 1.179 2017/05/06 20:37:25 jsing Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -1061,6 +1061,10 @@ const char *ssl_version_string(int ver);
|
||||
int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
|
||||
int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
|
||||
int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
|
||||
int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
|
||||
uint16_t *out_ver);
|
||||
int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
|
||||
uint16_t *out_ver);
|
||||
uint16_t ssl_max_server_version(SSL *s);
|
||||
|
||||
const SSL_METHOD *dtls1_get_client_method(int ver);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl_versions.c,v 1.2 2017/05/06 16:18:36 jsing Exp $ */
|
||||
/* $OpenBSD: ssl_versions.c,v 1.3 2017/05/06 20:37:25 jsing Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
|
||||
*
|
||||
@ -34,6 +34,52 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
|
||||
uint16_t *out_ver)
|
||||
{
|
||||
uint16_t min_version, max_version;
|
||||
|
||||
if (ver == 0) {
|
||||
*out_ver = meth->internal->min_version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
min_version = ver;
|
||||
max_version = max_ver;
|
||||
|
||||
if (!ssl_clamp_version_range(&min_version, &max_version,
|
||||
meth->internal->min_version, meth->internal->max_version))
|
||||
return 0;
|
||||
|
||||
*out_ver = min_version;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
|
||||
uint16_t *out_ver)
|
||||
{
|
||||
uint16_t min_version, max_version;
|
||||
|
||||
if (ver == 0) {
|
||||
*out_ver = meth->internal->max_version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
min_version = min_ver;
|
||||
max_version = ver;
|
||||
|
||||
if (!ssl_clamp_version_range(&min_version, &max_version,
|
||||
meth->internal->min_version, meth->internal->max_version))
|
||||
return 0;
|
||||
|
||||
*out_ver = max_version;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user