From df7ce507fcc147d8319bcb55f07197a22f6acf59 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 7 Nov 2016 14:59:12 +0000 Subject: [PATCH] Rename clienthello.version to clienthello.legacy_version For consistency with the TLSv1.3 spec. Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz --- ssl/ssl_locl.h | 2 +- ssl/statem/statem_lib.c | 2 +- ssl/statem/statem_srvr.c | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 79f47fc590..79542386bc 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1633,7 +1633,7 @@ typedef struct raw_extension_st { typedef struct { unsigned int isv2; - unsigned int version; + unsigned int legacy_version; unsigned char random[SSL3_RANDOM_SIZE]; size_t session_id_len; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 02537fac79..a3a31bc740 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -992,7 +992,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) * handle version. */ int server_version = s->method->version; - int client_version = hello->version; + int client_version = hello->legacy_version; const version_info *vent; const version_info *table; int disabled = 0; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 3935c79acd..2ec862caca 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -939,7 +939,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } } - if (!PACKET_get_net_2(pkt, &clienthello.version)) { + if (!PACKET_get_net_2(pkt, &clienthello.legacy_version)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto err; @@ -1082,8 +1082,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* Choose the version */ if (clienthello.isv2) { - if (clienthello.version == SSL2_VERSION - || (clienthello.version & 0xff00) + if (clienthello.legacy_version == SSL2_VERSION + || (clienthello.legacy_version & 0xff00) != (SSL3_VERSION_MAJOR << 8)) { /* * This is real SSLv2 or something complete unknown. We don't @@ -1093,7 +1093,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } /* SSLv3/TLS */ - s->client_version = clienthello.version; + s->client_version = clienthello.legacy_version; } /* * Do SSL/TLS version negotiation if applicable. For DTLS we just check @@ -1102,7 +1102,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!SSL_IS_DTLS(s)) { protverr = ssl_choose_server_version(s, &clienthello); } else if (s->method->version != DTLS_ANY_VERSION && - DTLS_VERSION_LT((int)clienthello.version, s->version)) { + DTLS_VERSION_LT((int)clienthello.legacy_version, s->version)) { protverr = SSL_R_VERSION_TOO_LOW; } else { protverr = 0; @@ -1112,7 +1112,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr); if ((!s->enc_write_ctx && !s->write_hash)) { /* like ssl3_get_record, send alert using remote version number */ - s->version = s->client_version = clienthello.version; + s->version = s->client_version = clienthello.legacy_version; } al = SSL_AD_PROTOCOL_VERSION; goto f_err;