Add ssl_cipher_is_permitted(), an internal helper function that

will be used in a few places shortly, e.g. in ssl_cipher_list_to_bytes(). ok jsing
author: tb <> 2019-01-21 10:28:52 +0000
committer: tb <> 2019-01-21 10:28:52 +0000
commit: ad9a15eedae120d64169a9bdeea62c66b99f0344 (patch)
tree: 23ba27fdd74b7e2b1a43f24cdf6a5eb8a32ec393 /src/lib/libssl/ssl_ciphers.c
parent: b43d2fde51a9d32e752d57173e0ef4b806d6bfbe (diff)
download: openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.tar.gz
openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.tar.bz2
openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
new file mode 100644
index 0000000000..081a35ddb2
--- /dev/null
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -0,0 +1,44 @@
+/*      $OpenBSD: ssl_ciphers.c,v 1.1 2019/01/21 10:28:52 tb Exp $ */
+/*
+ * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "ssl_locl.h"
+int
+ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
+    uint16_t max_ver)
+{
+        /* XXX: We only support DTLSv1 which is effectively TLSv1.1 */
+        if (min_ver == DTLS1_VERSION || max_ver == DTLS1_VERSION)
+                min_ver = max_ver = TLS1_1_VERSION;
+        switch(cipher->algorithm_ssl) {
+        case SSL_SSLV3:
+                if (min_ver <= TLS1_2_VERSION)
+                        return 1;
+                break;
+        case SSL_TLSV1_2:
+                if (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver)
+                        return 1;
+                break;
+        case SSL_TLSV1_3:
+                if (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver)
+                        return 1;
+                break;
+        }
+        return 0;
+}
author	tb <>	2019-01-21 10:28:52 +0000
committer	tb <>	2019-01-21 10:28:52 +0000
commit	ad9a15eedae120d64169a9bdeea62c66b99f0344 (patch)
tree	23ba27fdd74b7e2b1a43f24cdf6a5eb8a32ec393 /src/lib/libssl/ssl_ciphers.c
parent	b43d2fde51a9d32e752d57173e0ef4b806d6bfbe (diff)
download	openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.tar.gz openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.tar.bz2 openbsd-ad9a15eedae120d64169a9bdeea62c66b99f0344.zip

diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c new file mode 100644 index 0000000000..081a35ddb2 --- /dev/null +++ b/src/lib/libssl/ssl_ciphers.c
@@ -0,0 +1,44 @@
	1	/* $OpenBSD: ssl_ciphers.c,v 1.1 2019/01/21 10:28:52 tb Exp $ */
	2	/*
	3	* Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include "ssl_locl.h"
	19
	20	int
	21	ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
	22	uint16_t max_ver)
	23	{
	24	/* XXX: We only support DTLSv1 which is effectively TLSv1.1 */
	25	if (min_ver == DTLS1_VERSION \|\| max_ver == DTLS1_VERSION)
	26	min_ver = max_ver = TLS1_1_VERSION;
	27
	28	switch(cipher->algorithm_ssl) {
	29	case SSL_SSLV3:
	30	if (min_ver <= TLS1_2_VERSION)
	31	return 1;
	32	break;
	33	case SSL_TLSV1_2:
	34	if (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver)
	35	return 1;
	36	break;
	37	case SSL_TLSV1_3:
	38	if (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver)
	39	return 1;
	40	break;
	41	}
	42
	43	return 0;
	44	}