More ssl_set_XXX() functions can return BAD_INPUT

include/polarssl/ssl.h

@@ -959,11 +959,12 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
  * \param transport transport type:
  *                  SSL_TRANSPORT_STREAM for TLS,
  *                  SSL_TRANSPORT_DATAGRAM for DTLS.
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note            If DTLS is selected and max and/or min version are less
  *                  than TLS 1.1 (DTLS 1.0) they are upped to that value.
  */
-void ssl_set_transport( ssl_context *ssl, int transport );
+int ssl_set_transport( ssl_context *ssl, int transport );
 
 /**
  * \brief          Set the certificate verification mode
@@ -1377,38 +1378,35 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl );
  *                 (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
  *
  *                 Note: This ignores ciphersuites from 'higher' versions.
- *                 Note: Input outside of the SSL_MAX_XXXXX_VERSION and
- *                       SSL_MIN_XXXXX_VERSION range is ignored.
  *
  * \param ssl      SSL context
  * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (SSL_MINOR_VERSION_0,
  *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
  *                 SSL_MINOR_VERSION_3 supported)
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
  *                 SSL_MINOR_VERSION_3 for DTLS 1.2
  */
-void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+int ssl_set_max_version( ssl_context *ssl, int major, int minor );
 
 
 /**
  * \brief          Set the minimum accepted SSL/TLS protocol version
  *                 (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
  *
- *                 Note: Input outside of the SSL_MAX_XXXXX_VERSION and
- *                       SSL_MIN_XXXXX_VERSION range is ignored.
- *
  * \param ssl      SSL context
  * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (SSL_MINOR_VERSION_0,
  *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
  *                 SSL_MINOR_VERSION_3 supported)
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
  *                 SSL_MINOR_VERSION_3 for DTLS 1.2
  */
-void ssl_set_min_version( ssl_context *ssl, int major, int minor );
+int ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 /**

library/ssl_tls.c

@@ -3597,8 +3597,11 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
 #endif
 }
 
-void ssl_set_transport( ssl_context *ssl, int transport )
+int ssl_set_transport( ssl_context *ssl, int transport )
 {
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( transport == SSL_TRANSPORT_DATAGRAM )
+    {
         ssl->transport = transport;
 
         /* DTLS starts with TLS1.1 */
@@ -3607,6 +3610,18 @@ void ssl_set_transport( ssl_context *ssl, int transport )
 
         if( ssl->max_minor_ver < SSL_MINOR_VERSION_2 )
             ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+
+        return( 0 );
+    }
+#endif
+
+    if( transport == SSL_TRANSPORT_STREAM )
+    {
+        ssl->transport = transport;
+        return( 0 );
+    }
+
+    return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 }
 
 void ssl_set_authmode( ssl_context *ssl, int authmode )
@@ -3969,32 +3984,39 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl )
 }
 #endif /* POLARSSL_SSL_ALPN */
 
-void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+static int ssl_check_version( const ssl_context *ssl, int major, int minor )
 {
     if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
         minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
         ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
           minor < SSL_MINOR_VERSION_2 ) )
     {
-        return;
+        return( -1 );
     }
 
+    return( 0 );
+}
+
+int ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+    if( ssl_check_version( ssl, major, minor ) != 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->max_major_ver = major;
     ssl->max_minor_ver = minor;
+
+    return( 0 );
 }
 
-void ssl_set_min_version( ssl_context *ssl, int major, int minor )
+int ssl_set_min_version( ssl_context *ssl, int major, int minor )
 {
-    if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
-        minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
-        ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
-          minor < SSL_MINOR_VERSION_2 ) )
-    {
-        return;
-    }
+    if( ssl_check_version( ssl, major, minor ) != 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
     ssl->min_major_ver = major;
     ssl->min_minor_ver = minor;
+
+    return( 0 );
 }
 
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)

programs/ssl/ssl_client2.c

@@ -876,9 +876,14 @@ int main( int argc, char *argv[] )
 #endif
 
     ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
-    ssl_set_transport( &ssl, opt.transport );
     ssl_set_authmode( &ssl, opt.auth_mode );
 
+    if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
+    {
+        printf( "selected transport is not available\n" );
+        goto exit;
+    }
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
     if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
     {
@@ -963,9 +968,24 @@ int main( int argc, char *argv[] )
 #endif
 
     if( opt.min_version != -1 )
-        ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+    {
+        ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+        if( ret != 0 )
+        {
+            printf( " selected min_version is not available\n" );
+            goto exit;
+        }
+    }
+
     if( opt.max_version != -1 )
-        ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+    {
+        ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+        if( ret != 0 )
+        {
+            printf( " selected max_version is not available\n" );
+            goto exit;
+        }
+    }
 
     /*
      * 4. Handshake

programs/ssl/ssl_server2.c

@@ -1261,9 +1261,14 @@ int main( int argc, char *argv[] )
     }
 
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
-    ssl_set_transport( &ssl, opt.transport );
     ssl_set_authmode( &ssl, opt.auth_mode );
 
+    if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
+    {
+        printf( "selected transport is not available\n" );
+        goto exit;
+    }
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
     if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
     {
@@ -1392,10 +1397,24 @@ int main( int argc, char *argv[] )
 #endif
 
     if( opt.min_version != -1 )
-        ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+    {
+        ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+        if( ret != 0 )
+        {
+            printf( " selected min_version is not available\n" );
+            goto exit;
+        }
+    }
 
     if( opt.max_version != -1 )
-        ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+    {
+        ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+        if( ret != 0 )
+        {
+            printf( " selected max_version is not available\n" );
+            goto exit;
+        }
+    }
 
     printf( " ok\n" );