Rename clienthello.version to clienthello.legacy_version

For consistency with the TLSv1.3 spec.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-11-07 14:59:12 +00:00
parent 58c9e32a3a
commit df7ce507fc
3 changed files with 8 additions and 8 deletions

View file

@ -1633,7 +1633,7 @@ typedef struct raw_extension_st {
typedef struct { typedef struct {
unsigned int isv2; unsigned int isv2;
unsigned int version; unsigned int legacy_version;
unsigned char random[SSL3_RANDOM_SIZE]; unsigned char random[SSL3_RANDOM_SIZE];
size_t session_id_len; size_t session_id_len;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

View file

@ -992,7 +992,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello)
* handle version. * handle version.
*/ */
int server_version = s->method->version; int server_version = s->method->version;
int client_version = hello->version; int client_version = hello->legacy_version;
const version_info *vent; const version_info *vent;
const version_info *table; const version_info *table;
int disabled = 0; int disabled = 0;

View file

@ -939,7 +939,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
} }
} }
if (!PACKET_get_net_2(pkt, &clienthello.version)) { if (!PACKET_get_net_2(pkt, &clienthello.legacy_version)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto err; goto err;
@ -1082,8 +1082,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
/* Choose the version */ /* Choose the version */
if (clienthello.isv2) { if (clienthello.isv2) {
if (clienthello.version == SSL2_VERSION if (clienthello.legacy_version == SSL2_VERSION
|| (clienthello.version & 0xff00) || (clienthello.legacy_version & 0xff00)
!= (SSL3_VERSION_MAJOR << 8)) { != (SSL3_VERSION_MAJOR << 8)) {
/* /*
* This is real SSLv2 or something complete unknown. We don't * This is real SSLv2 or something complete unknown. We don't
@ -1093,7 +1093,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto err; goto err;
} }
/* SSLv3/TLS */ /* SSLv3/TLS */
s->client_version = clienthello.version; s->client_version = clienthello.legacy_version;
} }
/* /*
* Do SSL/TLS version negotiation if applicable. For DTLS we just check * Do SSL/TLS version negotiation if applicable. For DTLS we just check
@ -1102,7 +1102,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if (!SSL_IS_DTLS(s)) { if (!SSL_IS_DTLS(s)) {
protverr = ssl_choose_server_version(s, &clienthello); protverr = ssl_choose_server_version(s, &clienthello);
} else if (s->method->version != DTLS_ANY_VERSION && } else if (s->method->version != DTLS_ANY_VERSION &&
DTLS_VERSION_LT((int)clienthello.version, s->version)) { DTLS_VERSION_LT((int)clienthello.legacy_version, s->version)) {
protverr = SSL_R_VERSION_TOO_LOW; protverr = SSL_R_VERSION_TOO_LOW;
} else { } else {
protverr = 0; protverr = 0;
@ -1112,7 +1112,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr); SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);
if ((!s->enc_write_ctx && !s->write_hash)) { if ((!s->enc_write_ctx && !s->write_hash)) {
/* like ssl3_get_record, send alert using remote version number */ /* like ssl3_get_record, send alert using remote version number */
s->version = s->client_version = clienthello.version; s->version = s->client_version = clienthello.legacy_version;
} }
al = SSL_AD_PROTOCOL_VERSION; al = SSL_AD_PROTOCOL_VERSION;
goto f_err; goto f_err;