diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-20 09:43:29 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-20 09:43:29 +0000 |
| commit | c7716c225dcbd54f5b35d3dca84dbe38706cf794 (patch) | |
| tree | c8f3f3b472f3d06d18cca09e8097038bf21e3d1c /lib/libssl/ssl_versions.c | |
| parent | Add DTLSv1.2 methods. (diff) | |
| download | wireguard-openbsd-c7716c225dcbd54f5b35d3dca84dbe38706cf794.tar.xz wireguard-openbsd-c7716c225dcbd54f5b35d3dca84dbe38706cf794.zip | |
Return a min/max version of zero if set to zero.
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
Diffstat (limited to 'lib/libssl/ssl_versions.c')
| -rw-r--r-- | lib/libssl/ssl_versions.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c index 2245ae15b5b..1ee5ed312cf 100644 --- a/lib/libssl/ssl_versions.c +++ b/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * @@ -36,12 +36,13 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, - uint16_t *out_ver) + uint16_t *out_ver, uint16_t *out_proto_ver) { uint16_t min_version, max_version; if (ver == 0) { *out_ver = meth->internal->min_version; + *out_proto_ver = 0; return 1; } @@ -52,19 +53,20 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, meth->internal->min_version, meth->internal->max_version)) return 0; - *out_ver = min_version; + *out_ver = *out_proto_ver = min_version; return 1; } int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, - uint16_t *out_ver) + uint16_t *out_ver, uint16_t *out_proto_ver) { uint16_t min_version, max_version; if (ver == 0) { *out_ver = meth->internal->max_version; + *out_proto_ver = 0; return 1; } @@ -75,7 +77,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, meth->internal->min_version, meth->internal->max_version)) return 0; - *out_ver = max_version; + *out_ver = *out_proto_ver = max_version; return 1; } |