From 3b070e1bd007e00e2a51ac340b0ef1819154ff20 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sun, 25 Apr 2021 09:11:28 +0900 Subject: [PATCH 1/2] add MIN/MAX_PROTO into CTX_ctrl add unit test for min/max proto of CTX ctrl --- src/ssl.c | 7 ++++++- tests/api.c | 12 +++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index fcfc45560..03d61ad64 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46249,7 +46249,12 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) case SSL_CTRL_MODE: wolfSSL_CTX_set_mode(ctx,opt); break; - + case SSL_CTRL_SET_MIN_PROTO_VERSION: + WOLFSSL_MSG("set min proto version"); + return wolfSSL_CTX_set_min_proto_version(ctx, (int)opt); + case SSL_CTRL_SET_MAX_PROTO_VERSION: + WOLFSSL_MSG("set max proto version"); + return wolfSSL_CTX_set_max_proto_version(ctx, (int)opt); default: WOLFSSL_MSG("CTX_ctrl cmd not implemented"); ret = WOLFSSL_FAILURE; diff --git a/tests/api.c b/tests/api.c index 29bddbd8b..618e5be89 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35937,7 +35937,17 @@ static void test_wolfSSL_CTX_ctrl(void) AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif - + + /* Test for min/max proto */ + #ifndef WOLFSSL_NO_TLS12 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + TLS1_2_VERSION, NULL), SSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); + #endif + #ifdef WOLFSSL_TLS13 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + TLS1_3_VERSION, NULL), SSL_SUCCESS); + #endif /* Cleanup and Pass */ #if !defined(NO_DH) && !defined(NO_DSA) #ifndef NO_BIO From 6d381a6c7f9789ec4e22228c47ea78a2c09a3d10 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sun, 25 Apr 2021 10:25:56 +0900 Subject: [PATCH 2/2] do nothing when version is zero --- src/ssl.c | 8 ++++++++ tests/api.c | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 03d61ad64..1167a4f57 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46251,9 +46251,17 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) break; case SSL_CTRL_SET_MIN_PROTO_VERSION: WOLFSSL_MSG("set min proto version"); + if (opt == 0) { + /* do nothing */ + return WOLFSSL_SUCCESS; + } return wolfSSL_CTX_set_min_proto_version(ctx, (int)opt); case SSL_CTRL_SET_MAX_PROTO_VERSION: WOLFSSL_MSG("set max proto version"); + if (opt == 0) { + /* do nothing */ + return WOLFSSL_SUCCESS; + } return wolfSSL_CTX_set_max_proto_version(ctx, (int)opt); default: WOLFSSL_MSG("CTX_ctrl cmd not implemented"); diff --git a/tests/api.c b/tests/api.c index 618e5be89..15fe861b7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35940,11 +35940,17 @@ static void test_wolfSSL_CTX_ctrl(void) /* Test for min/max proto */ #ifndef WOLFSSL_NO_TLS12 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, TLS1_2_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); + #endif #ifdef WOLFSSL_TLS13 + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, TLS1_3_VERSION, NULL), SSL_SUCCESS); #endif