Align SSL_set_{min,max}_version with upstream.

Upstream added these functions after we did but decided to change the names slightly. I'm not sure why they wanted to add the "proto" in there, but align with them nonetheless so the ecosystem only has one set of these functions. BUG=90 Change-Id: Ia9863c58c9734374092051f02952b112806040cc Reviewed-on: https://boringssl-review.googlesource.com/11123 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
author: David Benjamin <davidben@google.com> 2016-09-20 22:12:23 +0300
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> 2016-09-21 23:06:18 +0300
commit: e4706906336f8724a25b68f82967dcf82d2fb45e (patch)
tree: 7b48de7a86cae5b9522690744fc3427443a721d3
parent: 2dc0204603f777597e2f97662e42887d1af5013f (diff)
6 files changed, 99 insertions, 69 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index aee297c8..8f097fe7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -564,21 +564,21 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
 
 #define TLS1_3_DRAFT_VERSION 14
 
-/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to
+/* SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
  * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version);
+OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
 
-/* SSL_CTX_set_max_version sets the maximum protocol version for |ctx| to
+/* SSL_CTX_set_max_proto_version sets the maximum protocol version for |ctx| to
  * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version);
+OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
 
-/* SSL_set_min_version sets the minimum protocol version for |ssl| to
+/* SSL_set_min_proto_version sets the minimum protocol version for |ssl| to
  * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_set_min_version(SSL *ssl, uint16_t version);
+OPENSSL_EXPORT int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
 
-/* SSL_set_max_version sets the maximum protocol version for |ssl| to
+/* SSL_set_max_proto_version sets the maximum protocol version for |ssl| to
  * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_set_max_version(SSL *ssl, uint16_t version);
+OPENSSL_EXPORT int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
 
 /* SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is
  * one of the |*_VERSION| values. (E.g. |TLS1_2_VERSION|.) Before the version
@@ -608,7 +608,8 @@ OPENSSL_EXPORT int SSL_version(const SSL *ssl);
 #define SSL_OP_DISABLE_NPN 0x00800000L
 
 /* The following flags toggle individual protocol versions. This is deprecated.
- * Use |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version| instead. */
+ * Use |SSL_CTX_set_min_proto_version| and |SSL_CTX_set_max_proto_version|
+ * instead. */
 #define SSL_OP_NO_SSLv3 0x02000000L
 #define SSL_OP_NO_TLSv1 0x04000000L
 #define SSL_OP_NO_TLSv1_2 0x08000000L
@@ -3134,8 +3135,9 @@ OPENSSL_EXPORT const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void);
 
 /* These version-specific methods behave exactly like |TLS_method| and
- * |DTLS_method| except they also call |SSL_CTX_set_min_version| and
- * |SSL_CTX_set_max_version| to lock connections to that protocol version. */
+ * |DTLS_method| except they also call |SSL_CTX_set_min_proto_version| and
+ * |SSL_CTX_set_max_proto_version| to lock connections to that protocol
+ * version. */
 OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void);
 OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void);
 OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void);
@@ -3564,6 +3566,18 @@ OPENSSL_EXPORT int SSL_set_private_key_digest_prefs(SSL *ssl,
  * netty-tcnative. */
 OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
 
+/* SSL_CTX_set_min_version calls |SSL_CTX_set_min_proto_version|. */
+OPENSSL_EXPORT int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version);
+
+/* SSL_CTX_set_max_version calls |SSL_CTX_set_max_proto_version|. */
+OPENSSL_EXPORT int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version);
+
+/* SSL_set_min_version calls |SSL_set_min_proto_version|. */
+OPENSSL_EXPORT int SSL_set_min_version(SSL *ssl, uint16_t version);
+
+/* SSL_set_max_version calls |SSL_set_max_proto_version|. */
+OPENSSL_EXPORT int SSL_set_max_version(SSL *ssl, uint16_t version);
+
 
 /* Private structures.
  *
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0e8b3442..82325322 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -311,11 +311,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
   /* Lock the SSL_CTX to the specified version, for compatibility with legacy
    * uses of SSL_METHOD. */
   if (method->version != 0) {
-    SSL_CTX_set_max_version(ret, method->version);
-    SSL_CTX_set_min_version(ret, method->version);
+    SSL_CTX_set_max_proto_version(ret, method->version);
+    SSL_CTX_set_min_proto_version(ret, method->version);
   } else if (!method->method->is_dtls) {
     /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */
-    SSL_CTX_set_max_version(ret, TLS1_2_VERSION);
+    SSL_CTX_set_max_proto_version(ret, TLS1_2_VERSION);
   }
 
   return ret;
@@ -949,19 +949,19 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
   return SSL_ERROR_SYSCALL;
 }
 
-int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
+int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) {
   return ctx->method->version_from_wire(&ctx->min_version, version);
 }
 
-int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
+int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) {
   return ctx->method->version_from_wire(&ctx->max_version, version);
 }
 
-int SSL_set_min_version(SSL *ssl, uint16_t version) {
+int SSL_set_min_proto_version(SSL *ssl, uint16_t version) {
   return ssl->method->version_from_wire(&ssl->min_version, version);
 }
 
-int SSL_set_max_version(SSL *ssl, uint16_t version) {
+int SSL_set_max_proto_version(SSL *ssl, uint16_t version) {
   return ssl->method->version_from_wire(&ssl->max_version, version);
 }
 
@@ -3003,3 +3003,19 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) {
   gettimeofday(out_clock, NULL);
 #endif
 }
+
+int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
+  return SSL_CTX_set_min_proto_version(ctx, version);
+}
+
+int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
+  return SSL_CTX_set_max_proto_version(ctx, version);
+}
+
+int SSL_set_min_version(SSL *ssl, uint16_t version) {
+  return SSL_set_min_proto_version(ssl, version);
+}
+
+int SSL_set_max_version(SSL *ssl, uint16_t version) {
+  return SSL_set_max_proto_version(ssl, version);
+}
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 4c4c0f47..b42315b4 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1524,8 +1524,8 @@ static bool TestGetPeerCertificate() {
     if (!ctx ||
         !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
         !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
-        !SSL_CTX_set_min_version(ctx.get(), version) ||
-        !SSL_CTX_set_max_version(ctx.get(), version)) {
+        !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
       return false;
     }
     SSL_CTX_set_verify(
@@ -1591,8 +1591,8 @@ static bool TestRetainOnlySHA256OfCerts() {
     if (!ctx ||
         !SSL_CTX_use_certificate(ctx.get(), cert.get()) ||
         !SSL_CTX_use_PrivateKey(ctx.get(), key.get()) ||
-        !SSL_CTX_set_min_version(ctx.get(), version) ||
-        !SSL_CTX_set_max_version(ctx.get(), version)) {
+        !SSL_CTX_set_min_proto_version(ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(ctx.get(), version)) {
       return false;
     }
     SSL_CTX_set_verify(
@@ -1632,7 +1632,7 @@ static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
                                size_t expected_len) {
   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
   if (!ctx ||
-      !SSL_CTX_set_max_version(ctx.get(), version) ||
+      !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
       // Our default cipher list varies by CPU capabilities, so manually place
       // the ChaCha20 ciphers in front.
       !SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) {
@@ -1872,10 +1872,10 @@ static bool TestSessionIDContext() {
         !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
         !SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
                                         sizeof(kContext1)) ||
-        !SSL_CTX_set_min_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_min_version(server_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(server_ctx.get(), version)) {
+        !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
       return false;
     }
 
@@ -1932,10 +1932,10 @@ static bool TestSessionTimeout() {
     if (!server_ctx || !client_ctx ||
         !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
         !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
-        !SSL_CTX_set_min_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_min_version(server_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(server_ctx.get(), version)) {
+        !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(server_ctx.get(), version)) {
       return false;
     }
 
@@ -2011,12 +2011,12 @@ static bool TestSNICallback() {
         // key to only sign SHA-256.
         !SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(),
                                              &kECDSAWithSHA256, 1) ||
-        !SSL_CTX_set_min_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(client_ctx.get(), version) ||
-        !SSL_CTX_set_min_version(server_ctx.get(), version) ||
-        !SSL_CTX_set_max_version(server_ctx.get(), version) ||
-        !SSL_CTX_set_min_version(server_ctx2.get(), version) ||
-        !SSL_CTX_set_max_version(server_ctx2.get(), version)) {
+        !SSL_CTX_set_min_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(client_ctx.get(), version) ||
+        !SSL_CTX_set_min_proto_version(server_ctx.get(), version) ||
+        !SSL_CTX_set_max_proto_version(server_ctx.get(), version) ||
+        !SSL_CTX_set_min_proto_version(server_ctx2.get(), version) ||
+        !SSL_CTX_set_max_proto_version(server_ctx2.get(), version)) {
       return false;
     }
 
@@ -2044,7 +2044,7 @@ static bool TestSNICallback() {
 }
 
 static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
-  if (!SSL_set_max_version(ctx->ssl, TLS1_2_VERSION)) {
+  if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
     return -1;
   }
 
@@ -2061,8 +2061,8 @@ static bool TestEarlyCallbackVersionSwitch() {
   if (!cert || !key || !server_ctx || !client_ctx ||
       !SSL_CTX_use_certificate(server_ctx.get(), cert.get()) ||
       !SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()) ||
-      !SSL_CTX_set_max_version(client_ctx.get(), TLS1_3_VERSION) ||
-      !SSL_CTX_set_max_version(server_ctx.get(), TLS1_3_VERSION)) {
+      !SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION) ||
+      !SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)) {
     return false;
   }
 
@@ -2088,20 +2088,20 @@ static bool TestSetVersion() {
     return false;
   }
 
-  if (!SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) ||
-      !SSL_CTX_set_max_version(ctx.get(), TLS1_1_VERSION) ||
-      !SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) ||
-      !SSL_CTX_set_min_version(ctx.get(), TLS1_1_VERSION)) {
+  if (!SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
+      !SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), TLS1_1_VERSION)) {
     fprintf(stderr, "Could not set valid TLS version.\n");
     return false;
   }
 
-  if (SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) ||
-      SSL_CTX_set_max_version(ctx.get(), 0x0200) ||
-      SSL_CTX_set_max_version(ctx.get(), 0x1234) ||
-      SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) ||
-      SSL_CTX_set_min_version(ctx.get(), 0x0200) ||
-      SSL_CTX_set_min_version(ctx.get(), 0x1234)) {
+  if (SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
+      SSL_CTX_set_max_proto_version(ctx.get(), 0x0200) ||
+      SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), 0x0200) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
     fprintf(stderr, "Unexpectedly set invalid TLS version.\n");
     return false;
   }
@@ -2111,22 +2111,22 @@ static bool TestSetVersion() {
     return false;
   }
 
-  if (!SSL_CTX_set_max_version(ctx.get(), DTLS1_VERSION) ||
-      !SSL_CTX_set_max_version(ctx.get(), DTLS1_2_VERSION) ||
-      !SSL_CTX_set_min_version(ctx.get(), DTLS1_VERSION) ||
-      !SSL_CTX_set_min_version(ctx.get(), DTLS1_2_VERSION)) {
+  if (!SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_VERSION) ||
+      !SSL_CTX_set_max_proto_version(ctx.get(), DTLS1_2_VERSION) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_VERSION) ||
+      !SSL_CTX_set_min_proto_version(ctx.get(), DTLS1_2_VERSION)) {
     fprintf(stderr, "Could not set valid DTLS version.\n");
     return false;
   }
 
-  if (SSL_CTX_set_max_version(ctx.get(), TLS1_VERSION) ||
-      SSL_CTX_set_max_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
-      SSL_CTX_set_max_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
-      SSL_CTX_set_max_version(ctx.get(), 0x1234) ||
-      SSL_CTX_set_min_version(ctx.get(), TLS1_VERSION) ||
-      SSL_CTX_set_min_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
-      SSL_CTX_set_min_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
-      SSL_CTX_set_min_version(ctx.get(), 0x1234)) {
+  if (SSL_CTX_set_max_proto_version(ctx.get(), TLS1_VERSION) ||
+      SSL_CTX_set_max_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
+      SSL_CTX_set_max_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
+      SSL_CTX_set_max_proto_version(ctx.get(), 0x1234) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), TLS1_VERSION) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), 0xfefe /* DTLS 1.1 */) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), 0xfffe /* DTLS 0.1 */) ||
+      SSL_CTX_set_min_proto_version(ctx.get(), 0x1234)) {
     fprintf(stderr, "Unexpectedly set invalid DTLS version.\n");
     return false;
   }
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 55b6599d..dc6e99d2 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -816,7 +816,7 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
 
   // Enable TLS 1.3 for tests.
   if (!config->is_dtls &&
-      !SSL_CTX_set_max_version(ssl_ctx.get(), TLS1_3_VERSION)) {
+      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
     return nullptr;
   }
 
@@ -1366,11 +1366,11 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
     return false;
   }
   if (config->min_version != 0 &&
-      !SSL_set_min_version(ssl.get(), (uint16_t)config->min_version)) {
+      !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
     return false;
   }
   if (config->max_version != 0 &&
-      !SSL_set_max_version(ssl.get(), (uint16_t)config->max_version)) {
+      !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) {
     return false;
   }
   if (config->mtu != 0) {
diff --git a/tool/client.cc b/tool/client.cc
index f8d314ea..04a217a7 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -169,7 +169,7 @@ bool Client(const std::vector<std::string> &args) {
               args_map["-max-version"].c_str());
       return false;
     }
-    if (!SSL_CTX_set_max_version(ctx.get(), version)) {
+    if (!SSL_CTX_set_max_proto_version(ctx.get(), version)) {
       return false;
     }
   }
@@ -181,7 +181,7 @@ bool Client(const std::vector<std::string> &args) {
               args_map["-min-version"].c_str());
       return false;
     }
-    if (!SSL_CTX_set_min_version(ctx.get(), version)) {
+    if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) {
       return false;
     }
   }
diff --git a/tool/server.cc b/tool/server.cc
index b4a4eb13..012f671c 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -133,7 +133,7 @@ bool Server(const std::vector<std::string> &args) {
               args_map["-max-version"].c_str());
       return false;
     }
-    if (!SSL_CTX_set_max_version(ctx, version)) {
+    if (!SSL_CTX_set_max_proto_version(ctx, version)) {
       return false;
     }
   }
@@ -145,7 +145,7 @@ bool Server(const std::vector<std::string> &args) {
               args_map["-min-version"].c_str());
       return false;
     }
-    if (!SSL_CTX_set_min_version(ctx, version)) {
+    if (!SSL_CTX_set_min_proto_version(ctx, version)) {
       return false;
     }
   }
author	David Benjamin <davidben@google.com>	2016-09-20 22:12:23 +0300
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	2016-09-21 23:06:18 +0300
commit	e4706906336f8724a25b68f82967dcf82d2fb45e (patch)
tree	7b48de7a86cae5b9522690744fc3427443a721d3
parent	2dc0204603f777597e2f97662e42887d1af5013f (diff)