1 /* $OpenBSD: ssl_versions.c,v 1.24 2022/09/11 18:13:30 jsing Exp $ */
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ssl_dtls_to_tls_version(uint16_t dtls_ver
)
23 if (dtls_ver
== DTLS1_VERSION
)
24 return TLS1_1_VERSION
;
25 if (dtls_ver
== DTLS1_2_VERSION
)
26 return TLS1_2_VERSION
;
31 ssl_tls_to_dtls_version(uint16_t tls_ver
)
33 if (tls_ver
== TLS1_1_VERSION
)
35 if (tls_ver
== TLS1_2_VERSION
)
36 return DTLS1_2_VERSION
;
41 ssl_clamp_tls_version_range(uint16_t *min_ver
, uint16_t *max_ver
,
42 uint16_t clamp_min
, uint16_t clamp_max
)
44 if (clamp_min
> clamp_max
|| *min_ver
> *max_ver
)
46 if (clamp_max
< *min_ver
|| clamp_min
> *max_ver
)
49 if (*min_ver
< clamp_min
)
51 if (*max_ver
> clamp_max
)
58 ssl_version_set_min(const SSL_METHOD
*meth
, uint16_t proto_ver
,
59 uint16_t max_tls_ver
, uint16_t *out_tls_ver
, uint16_t *out_proto_ver
)
61 uint16_t min_proto
, min_version
, max_version
;
64 *out_tls_ver
= meth
->min_tls_version
;
69 min_version
= proto_ver
;
70 max_version
= max_tls_ver
;
73 if ((min_version
= ssl_dtls_to_tls_version(proto_ver
)) == 0)
77 if (!ssl_clamp_tls_version_range(&min_version
, &max_version
,
78 meth
->min_tls_version
, meth
->max_tls_version
))
81 min_proto
= min_version
;
83 if ((min_proto
= ssl_tls_to_dtls_version(min_version
)) == 0)
86 *out_tls_ver
= min_version
;
87 *out_proto_ver
= min_proto
;
93 ssl_version_set_max(const SSL_METHOD
*meth
, uint16_t proto_ver
,
94 uint16_t min_tls_ver
, uint16_t *out_tls_ver
, uint16_t *out_proto_ver
)
96 uint16_t max_proto
, min_version
, max_version
;
99 *out_tls_ver
= meth
->max_tls_version
;
104 min_version
= min_tls_ver
;
105 max_version
= proto_ver
;
108 if ((max_version
= ssl_dtls_to_tls_version(proto_ver
)) == 0)
112 if (!ssl_clamp_tls_version_range(&min_version
, &max_version
,
113 meth
->min_tls_version
, meth
->max_tls_version
))
116 max_proto
= max_version
;
118 if ((max_proto
= ssl_tls_to_dtls_version(max_version
)) == 0)
121 *out_tls_ver
= max_version
;
122 *out_proto_ver
= max_proto
;
128 ssl_enabled_tls_version_range(SSL
*s
, uint16_t *min_ver
, uint16_t *max_ver
)
130 uint16_t min_version
, max_version
;
131 unsigned long options
;
134 * The enabled versions have to be a contiguous range, which means we
135 * cannot enable and disable single versions at our whim, even though
136 * this is what the OpenSSL flags allow. The historical way this has
137 * been handled is by making a flag mean that all higher versions
138 * are disabled, if any version lower than the flag is enabled.
142 max_version
= TLS1_3_VERSION
;
143 options
= s
->internal
->options
;
145 if (SSL_is_dtls(s
)) {
147 if (s
->internal
->options
& SSL_OP_NO_DTLSv1
)
148 options
|= SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1
;
149 if (s
->internal
->options
& SSL_OP_NO_DTLSv1_2
)
150 options
|= SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_2
;
153 if ((options
& SSL_OP_NO_TLSv1
) == 0)
154 min_version
= TLS1_VERSION
;
155 else if ((options
& SSL_OP_NO_TLSv1_1
) == 0)
156 min_version
= TLS1_1_VERSION
;
157 else if ((options
& SSL_OP_NO_TLSv1_2
) == 0)
158 min_version
= TLS1_2_VERSION
;
159 else if ((options
& SSL_OP_NO_TLSv1_3
) == 0)
160 min_version
= TLS1_3_VERSION
;
162 if ((options
& SSL_OP_NO_TLSv1_3
) && min_version
< TLS1_3_VERSION
)
163 max_version
= TLS1_2_VERSION
;
164 if ((options
& SSL_OP_NO_TLSv1_2
) && min_version
< TLS1_2_VERSION
)
165 max_version
= TLS1_1_VERSION
;
166 if ((options
& SSL_OP_NO_TLSv1_1
) && min_version
< TLS1_1_VERSION
)
167 max_version
= TLS1_VERSION
;
168 if ((options
& SSL_OP_NO_TLSv1
) && min_version
< TLS1_VERSION
)
171 /* Everything has been disabled... */
172 if (min_version
== 0 || max_version
== 0)
175 /* Limit to configured version range. */
176 if (!ssl_clamp_tls_version_range(&min_version
, &max_version
,
177 s
->internal
->min_tls_version
, s
->internal
->max_tls_version
))
180 /* QUIC requires a minimum of TLSv1.3. */
181 if (SSL_is_quic(s
)) {
182 if (max_version
< TLS1_3_VERSION
)
184 if (min_version
< TLS1_3_VERSION
)
185 min_version
= TLS1_3_VERSION
;
189 *min_ver
= min_version
;
191 *max_ver
= max_version
;
197 ssl_supported_tls_version_range(SSL
*s
, uint16_t *min_ver
, uint16_t *max_ver
)
199 uint16_t min_version
, max_version
;
201 if (!ssl_enabled_tls_version_range(s
, &min_version
, &max_version
))
204 /* Limit to the versions supported by this method. */
205 if (!ssl_clamp_tls_version_range(&min_version
, &max_version
,
206 s
->method
->min_tls_version
, s
->method
->max_tls_version
))
210 *min_ver
= min_version
;
212 *max_ver
= max_version
;
218 ssl_tls_version(uint16_t version
)
220 if (version
== TLS1_VERSION
|| version
== TLS1_1_VERSION
||
221 version
== TLS1_2_VERSION
|| version
== TLS1_3_VERSION
)
224 if (version
== DTLS1_VERSION
)
225 return TLS1_1_VERSION
;
226 if (version
== DTLS1_2_VERSION
)
227 return TLS1_2_VERSION
;
233 ssl_effective_tls_version(SSL
*s
)
235 if (s
->s3
->hs
.negotiated_tls_version
> 0)
236 return s
->s3
->hs
.negotiated_tls_version
;
238 return s
->s3
->hs
.our_max_tls_version
;
242 ssl_max_supported_version(SSL
*s
, uint16_t *max_ver
)
244 uint16_t max_version
;
248 if (!ssl_supported_tls_version_range(s
, NULL
, &max_version
))
251 if (SSL_is_dtls(s
)) {
252 if ((max_version
= ssl_tls_to_dtls_version(max_version
)) == 0)
256 *max_ver
= max_version
;
262 ssl_max_legacy_version(SSL
*s
, uint16_t *max_ver
)
264 uint16_t max_version
;
266 if ((max_version
= s
->s3
->hs
.our_max_tls_version
) > TLS1_2_VERSION
)
267 max_version
= TLS1_2_VERSION
;
269 if (SSL_is_dtls(s
)) {
270 if ((max_version
= ssl_tls_to_dtls_version(max_version
)) == 0)
274 *max_ver
= max_version
;
280 ssl_max_shared_version(SSL
*s
, uint16_t peer_ver
, uint16_t *max_ver
)
282 uint16_t min_version
, max_version
, peer_tls_version
, shared_version
;
285 peer_tls_version
= peer_ver
;
287 if (SSL_is_dtls(s
)) {
288 if ((peer_ver
>> 8) != DTLS1_VERSION_MAJOR
)
292 * Convert the peer version to a TLS version - DTLS versions are
293 * the 1's complement of TLS version numbers (but not the actual
294 * protocol version numbers, that would be too sensible). Not to
295 * mention that DTLSv1.0 is really equivalent to DTLSv1.1.
297 peer_tls_version
= ssl_dtls_to_tls_version(peer_ver
);
300 * This may be a version that we do not know about, if it is
301 * newer than DTLS1_2_VERSION (yes, less than is correct due
302 * to the "clever" versioning scheme), use TLS1_2_VERSION.
304 if (peer_tls_version
== 0) {
305 if (peer_ver
< DTLS1_2_VERSION
)
306 peer_tls_version
= TLS1_2_VERSION
;
310 if (peer_tls_version
>= TLS1_3_VERSION
)
311 shared_version
= TLS1_3_VERSION
;
312 else if (peer_tls_version
>= TLS1_2_VERSION
)
313 shared_version
= TLS1_2_VERSION
;
314 else if (peer_tls_version
>= TLS1_1_VERSION
)
315 shared_version
= TLS1_1_VERSION
;
316 else if (peer_tls_version
>= TLS1_VERSION
)
317 shared_version
= TLS1_VERSION
;
321 if (!ssl_supported_tls_version_range(s
, &min_version
, &max_version
))
324 if (shared_version
< min_version
)
327 if (shared_version
> max_version
)
328 shared_version
= max_version
;
330 if (SSL_is_dtls(s
)) {
332 * The resulting shared version will by definition be something
333 * that we know about. Switch back from TLS to DTLS.
335 shared_version
= ssl_tls_to_dtls_version(shared_version
);
336 if (shared_version
== 0)
340 if (!ssl_security_version(s
, shared_version
))
343 *max_ver
= shared_version
;
349 ssl_check_version_from_server(SSL
*s
, uint16_t server_version
)
351 uint16_t min_tls_version
, max_tls_version
, server_tls_version
;
353 /* Ensure that the version selected by the server is valid. */
355 server_tls_version
= server_version
;
356 if (SSL_is_dtls(s
)) {
357 server_tls_version
= ssl_dtls_to_tls_version(server_version
);
358 if (server_tls_version
== 0)
362 if (!ssl_supported_tls_version_range(s
, &min_tls_version
,
366 if (server_tls_version
< min_tls_version
||
367 server_tls_version
> max_tls_version
)
370 return ssl_security_version(s
, server_tls_version
);
374 ssl_legacy_stack_version(SSL
*s
, uint16_t version
)
377 return version
== DTLS1_VERSION
|| version
== DTLS1_2_VERSION
;
379 return version
== TLS1_VERSION
|| version
== TLS1_1_VERSION
||
380 version
== TLS1_2_VERSION
;