summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2019-01-21 10:32:58 +0000
committertb <>2019-01-21 10:32:58 +0000
commit5c096912abad8acc83f7efc99a43db13d80f58aa (patch)
treec3c2fe76cdb1dff54297fb7af991aea72bb27727
parent43ac5e631473f5c3ed10d94a4ae916cadbe015dd (diff)
downloadopenbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.tar.gz
openbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.tar.bz2
openbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.zip
Use ssl_cipher_is_permitted() in ssl_cipher_list_to_bytes().
ok jsing
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_lib.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4ea47e9094..97e0a4479d 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.197 2019/01/21 00:31:29 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.198 2019/01/21 10:32:58 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1407,23 +1407,20 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
1407{ 1407{
1408 SSL_CIPHER *cipher; 1408 SSL_CIPHER *cipher;
1409 int num_ciphers = 0; 1409 int num_ciphers = 0;
1410 uint16_t min_vers, max_vers;
1410 int i; 1411 int i;
1411 1412
1412 if (ciphers == NULL) 1413 if (ciphers == NULL)
1413 return 0; 1414 return 0;
1414 1415
1416 if (!ssl_supported_version_range(s, &min_vers, &max_vers))
1417 return 0;
1418
1415 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1419 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1416 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) 1420 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1417 return 0; 1421 return 0;
1418 1422
1419 /* Skip TLS v1.3 only ciphersuites if lower than v1.3 */ 1423 if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers))
1420 if ((cipher->algorithm_ssl & SSL_TLSV1_3) &&
1421 (TLS1_get_client_version(s) < TLS1_3_VERSION))
1422 continue;
1423
1424 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1425 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
1426 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1427 continue; 1424 continue;
1428 1425
1429 if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) 1426 if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))