wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Introduce global protoVerTbl for SSL_CTX_set_min/max_proto_version

Browse Source
This commit is contained in:
TakayukiMatsuo
2021-09-24 16:05:55 +09:00
parent f1ff3da47c
commit 5b3dfabc32
1 changed files with 37 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
src/ssl.c
View File

@ -16839,6 +16839,24 @@ static int CheckSslMethodVersion(byte major, unsigned long options)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/**
* protoVerTbl holds (D)TLS version numbers in ascending order.
* Except DTLS versions, the newer version is located in the latter part of
* the table. This table is referred by wolfSSL_CTX_set_min_proto_version and
* wolfSSL_CTX_set_max_proto_version.
*/
static const int protoVerTbl[] = {
SSL3_VERSION,
TLS1_VERSION,
TLS1_1_VERSION,
TLS1_2_VERSION,
TLS1_3_VERSION,
DTLS1_VERSION,
DTLS1_2_VERSION
};
/* number of protocol versions listed in protoVerTbl */
#define NUMBER_OF_PROTOCOLS sizeof(protoVerTbl)/sizeof(int)
/** /**
* wolfSSL_CTX_set_min_proto_version attempts to set the minimum protocol * wolfSSL_CTX_set_min_proto_version attempts to set the minimum protocol
* version to use by SSL objects created from this WOLFSSL_CTX. * version to use by SSL objects created from this WOLFSSL_CTX.
@ -16944,17 +16962,10 @@ static int Set_CTX_min_proto_version(WOLFSSL_CTX* ctx, int version)
return CheckSslMethodVersion(ctx->method->version.major, ctx->mask); return CheckSslMethodVersion(ctx->method->version.major, ctx->mask);
} }
/* number of protocol versions listed in table */
#define NUMBER_OF_PROTOCOLS 7
/* Sets the min protocol version allowed with WOLFSSL_CTX /* Sets the min protocol version allowed with WOLFSSL_CTX
* returns WOLFSSL_SUCCESS on success */ * returns WOLFSSL_SUCCESS on success */
int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
{ {
const int verTbl[] = {SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION,
TLS1_2_VERSION, TLS1_3_VERSION, DTLS1_VERSION,
DTLS1_2_VERSION};
int tblSz = NUMBER_OF_PROTOCOLS;
int ret; int ret;
int proto = 0; int proto = 0;
int maxProto = 0; int maxProto = 0;
@ -16969,18 +16980,18 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
if (version != 0) { if (version != 0) {
proto = version; proto = version;
ctx->minProto = 0; /* turn min proto flag off */ ctx->minProto = 0; /* turn min proto flag off */
for (i = 0; i < tblSz; i++) { for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) {
if (verTbl[i] == version) { if (protoVerTbl[i] == version) {
break; break;
} }
} }
} }
else { else {
/* when 0 is specified as version, try to find out the min version */ /* when 0 is specified as version, try to find out the min version */
for (i = 0; i < tblSz; i++) { for (i = 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) {
ret = Set_CTX_min_proto_version(ctx, verTbl[i]); ret = Set_CTX_min_proto_version(ctx, protoVerTbl[i]);
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
proto = verTbl[i]; proto = protoVerTbl[i];
ctx->minProto = 1; /* turn min proto flag on */ ctx->minProto = 1; /* turn min proto flag on */
break; break;
} }
@ -16991,8 +17002,8 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
* i is the index into the table for proto version used, see if the max * i is the index into the table for proto version used, see if the max
* proto version index found is smaller */ * proto version index found is smaller */
maxProto = wolfSSL_CTX_get_max_proto_version(ctx); maxProto = wolfSSL_CTX_get_max_proto_version(ctx);
for (idx = 0; idx < tblSz; idx++) { for (idx = 0; (unsigned)idx < NUMBER_OF_PROTOCOLS; idx++) {
if (verTbl[idx] == maxProto) { if (protoVerTbl[idx] == maxProto) {
break; break;
} }
} }
@ -17076,10 +17087,6 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver)
* returns WOLFSSL_SUCCESS on success */ * returns WOLFSSL_SUCCESS on success */
int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
{ {
const int verTbl[] = {DTLS1_2_VERSION, DTLS1_VERSION, TLS1_3_VERSION,
TLS1_2_VERSION, TLS1_1_VERSION, TLS1_VERSION,
SSL3_VERSION};
int tblSz = NUMBER_OF_PROTOCOLS;
int i; int i;
int ret; int ret;
int minProto; int minProto;
@ -17101,9 +17108,11 @@ int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
return Set_CTX_max_proto_version(ctx, version); return Set_CTX_max_proto_version(ctx, version);
} }
/* when 0 is specified as version, try to find out the min version */ /* when 0 is specified as version, try to find out the min version from
for (i= 0; i < tblSz; i++) { * the bottom to top of the protoverTbl.
ret = Set_CTX_max_proto_version(ctx, verTbl[i]); */
for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) {
ret = Set_CTX_max_proto_version(ctx, protoVerTbl[i]);
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
ctx->maxProto = 1; /* turn max proto flag on */ ctx->maxProto = 1; /* turn max proto flag on */
break; break;
@ -17199,10 +17208,6 @@ static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver)
int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version) int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version)
{ {
const int verTbl[] = {SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION,
TLS1_2_VERSION, TLS1_3_VERSION,DTLS1_VERSION,
DTLS1_2_VERSION};
int tblSz = sizeof(verTbl);
int i; int i;
int ret; int ret;
@ -17216,8 +17221,8 @@ int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version)
} }
/* when 0 is specified as version, try to find out the min version */ /* when 0 is specified as version, try to find out the min version */
for (i= 0; i < tblSz; i++) { for (i= 0; (unsigned)i < NUMBER_OF_PROTOCOLS; i++) {
ret = Set_SSL_min_proto_version(ssl, verTbl[i]); ret = Set_SSL_min_proto_version(ssl, protoVerTbl[i]);
if (ret == WOLFSSL_SUCCESS) if (ret == WOLFSSL_SUCCESS)
break; break;
} }
@ -17271,10 +17276,6 @@ static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver)
int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version) int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version)
{ {
const int verTbl[] = {DTLS1_2_VERSION, DTLS1_VERSION, TLS1_3_VERSION,
TLS1_2_VERSION, TLS1_1_VERSION, TLS1_VERSION,
SSL3_VERSION};
int tblSz = sizeof(verTbl);
int i; int i;
int ret; int ret;
@ -17287,9 +17288,11 @@ int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version)
return Set_SSL_max_proto_version(ssl, version); return Set_SSL_max_proto_version(ssl, version);
} }
/* when 0 is specified as version, try to find out the max version */ /* when 0 is specified as version, try to find out the min version from
for (i= 0; i < tblSz; i++) { * the bottom to top of the protoverTbl.
ret = Set_SSL_max_proto_version(ssl, verTbl[i]); */
for (i = NUMBER_OF_PROTOCOLS -1; i >= 0; i--) {
ret = Set_SSL_max_proto_version(ssl, protoVerTbl[i]);
if (ret == WOLFSSL_SUCCESS) if (ret == WOLFSSL_SUCCESS)
break; break;
} }