From c7716c225dcbd54f5b35d3dca84dbe38706cf794 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sat, 20 Feb 2021 09:43:29 +0000
Subject: Return a min/max version of zero if set to zero.

OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.

Discussed with tb@
---
 lib/libssl/ssl_versions.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'lib/libssl/ssl_versions.c')

diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c
index 2245ae15b5b..1ee5ed312cf 100644
--- a/lib/libssl/ssl_versions.c
+++ b/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.10 2021/02/20 08:30:52 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -36,12 +36,13 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver,
 
 int
 ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
-    uint16_t *out_ver)
+    uint16_t *out_ver, uint16_t *out_proto_ver)
 {
 	uint16_t min_version, max_version;
 
 	if (ver == 0) {
 		*out_ver = meth->internal->min_version;
+		*out_proto_ver = 0;
 		return 1;
 	}
 
@@ -52,19 +53,20 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
 	    meth->internal->min_version, meth->internal->max_version))
 		return 0;
 
-	*out_ver = min_version;
+	*out_ver = *out_proto_ver = min_version;
 
 	return 1;
 }
 
 int
 ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
-    uint16_t *out_ver)
+    uint16_t *out_ver, uint16_t *out_proto_ver)
 {
 	uint16_t min_version, max_version;
 
 	if (ver == 0) {
 		*out_ver = meth->internal->max_version;
+		*out_proto_ver = 0;
 		return 1;
 	}
 
@@ -75,7 +77,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
 	    meth->internal->min_version, meth->internal->max_version))
 		return 0;
 
-	*out_ver = max_version;
+	*out_ver = *out_proto_ver = max_version;
 
 	return 1;
 }
-- 
cgit v1.2.3-59-g8ed1b