Refuse min proto version > max proto version#5128
Refuse min proto version > max proto version#5128tiran wants to merge 2 commits intoopenssl:masterfrom
Conversation
SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() as well as their SSL equivalents now validate that the mininum protocol version is lower or requal the maximum protocol version. Closes: openssl#5127 Signed-off-by: Christian Heimes <christian@python.org>
Signed-off-by: Christian Heimes <christian@python.org>
|
I think checking max > min was intentionally not done at the
moment of setting the variables. The problem is that depending on
the old values you might need to change min before max, or the other
way around.
|
richsalz
left a comment
There was a problem hiding this comment.
This is awesome! A few nits on the new test program.
| int testresult = 0; | ||
| version_test t = version_testdata[idx_tst]; | ||
|
|
||
| ctx = SSL_CTX_new(TLS_server_method()); |
There was a problem hiding this comment.
Can you use TEST_PTR for these?
|
|
||
| if (!TEST_int_eq(SSL_CTX_set_min_proto_version(ctx, t.min_version), t.min_ok)) | ||
| goto end; | ||
| if (!TEST_int_eq(SSL_CTX_set_max_proto_version(ctx, t.max_version), t.max_ok)) |
There was a problem hiding this comment.
We tend to cascade all the if tests together for this kind of thing.
There was a problem hiding this comment.
Like this? It's still short circuit evaluation.
if (!TEST_int_eq(SSL_CTX_set_min_proto_version(ctx, t.min_version), t.min_ok) ||
!TEST_int_eq(SSL_CTX_set_max_proto_version(ctx, t.max_version), t.max_ok) ||
!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), t.expected_min) ||
!TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), t.expected_max)
)
goto end;
There was a problem hiding this comment.
yes like that, except put the || at the start of the line and double-indent the tests and move up the close paren. See enctest.c, etc., for examples.
|
ooops, meant to check 'request changes' |
|
+1 to what @kroeckx said. The problem with this sort of thing is that it causes an interdependence between two config options, which is really messy. (See the complexities around configuring private key and certificate and when you check for consistency.) For something like this where the check doesn't really do much useful (the handshake will just fail immediately), it's much simpler to defer to that rather than add logic everywhere. |
|
For instance, consider this: Before, either version would work fine. Versions may be temporarily out of sync and fixed later. With this PR, setting the min version first doesn't work because going from 1 to 2 breaks. Setting the max version first doesn't work because going from 2 to 3 breaks. |
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See #4364 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #5128)
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See #4364 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #5128) (cherry picked from commit 1f82eba)
|
Whoops, I put some links in commits to this pull request that were supposed to go to #5126. |
|
So I think we should just keep the test suite changes? |
|
@kroeckx Sounds reasonable to me. I'm currently at a conference. I'll attend to this PR and my other PRs either next week or the week after. |
|
@tiran it sounds like we are waiting for an update to trim this down to just the tes suite changes, does that match your understanding? |
|
Yes. I'm sorry that I haven't had time to rework my patches. I spent all my free OSS time to get Python 3.7 improvement done before final beta freeze. |
|
Understandable. (But note that we've only got two weeks until the openssl 1.1.1 feature freeze with the current schedule, https://www.openssl.org/policies/releasestrat.html) |
|
Ping @tiran |
|
This needs a rebase, and code needs to be corrected (see the CI results) |
|
Actually, looking more closely at the CI issues, I figure that a rebase will fix them as well. |
|
I think we lost @tiran. I can take this over like I've done with others... good idea? |
|
Please do take it over! I gave it a try and failed. |
|
Continued in #6553, closing this |
from Refuse min proto version > max proto version openssl#5128, otherwise ssl_ctx_test / iteration 4 fails openssl@3bc53c8
from Refuse min proto version > max proto version openssl#5128, otherwise ssl_ctx_test / iteration 4 fails openssl@3bc53c8
from Refuse min proto version > max proto version openssl#5128, otherwise ssl_ctx_test / iteration 4 fails openssl@3bc53c8
from Refuse min proto version > max proto version openssl#5128, otherwise ssl_ctx_test / iteration 4 fails openssl@3bc53c8
This reverts commit 89a2668. The fix is not needed anymore, as the test have been changed to reflect that min is allowed to be larger than max. See link below for more information: openssl#10337
SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() as
well as their SSL equivalents now validate that the mininum protocol
version is lower or requal the maximum protocol version.
Add test cases for min/max protocol API
Closes: #5127
Signed-off-by: Christian Heimes christian@python.org
Also see #5126