Factor out/change some of the legacy client version handling code.

This consolidates the version handling code and will make upcoming changes easier. ok tb@
author: jsing <> 2021-02-22 15:59:10 +0000
committer: jsing <> 2021-02-22 15:59:10 +0000
commit: 5be7b39a3d59ca113945b77a97aaa4d8875ccc82 (patch)
tree: a7f7865a8d1bcc0bfa905831a41b2d44f8183e83 /src/lib/libssl/ssl_versions.c
parent: 1da7041bc31ef34b77468a85d810549c4e4f0729 (diff)
download: openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.tar.gz
openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.tar.bz2
openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.zip
1 files changed, 28 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index 1ee5ed312c..3c4801971e 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/22 15:59:10 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -163,6 +163,17 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
 }
 int
+ssl_max_supported_version(SSL *s, uint16_t *max_ver)
+{
+        *max_ver = 0;
+        if (!ssl_supported_version_range(s, NULL, max_ver))
+                return 0;
+        return 1;
+}
+int
 ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
 {
        uint16_t min_version, max_version, shared_version;
@@ -235,6 +246,22 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
 }
 int
+ssl_check_version_from_server(SSL *s, uint16_t server_version)
+{
+        uint16_t min_version, max_version;
+        /* Ensure that the version selected by the server is valid. */
+        if (SSL_is_dtls(s))
+                return (server_version == DTLS1_VERSION);
+        if (!ssl_supported_version_range(s, &min_version, &max_version))
+                return 0;
+        return (server_version >= min_version && server_version <= max_version);
+}
+int
 ssl_legacy_stack_version(SSL *s, uint16_t version)
 {
        if (SSL_is_dtls(s))
author	jsing <>	2021-02-22 15:59:10 +0000
committer	jsing <>	2021-02-22 15:59:10 +0000
commit	5be7b39a3d59ca113945b77a97aaa4d8875ccc82 (patch)
tree	a7f7865a8d1bcc0bfa905831a41b2d44f8183e83 /src/lib/libssl/ssl_versions.c
parent	1da7041bc31ef34b77468a85d810549c4e4f0729 (diff)
download	openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.tar.gz openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.tar.bz2 openbsd-5be7b39a3d59ca113945b77a97aaa4d8875ccc82.zip

diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 1ee5ed312c..3c4801971e 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */	1	/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/22 15:59:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -163,6 +163,17 @@ ssl_supported_version_range(SSL s, uint16_t min_ver, uint16_t *max_ver)
163	}	163	}
164		164
165	int	165	int
		166	ssl_max_supported_version(SSL s, uint16_t max_ver)
		167	{
		168	*max_ver = 0;
		169
		170	if (!ssl_supported_version_range(s, NULL, max_ver))
		171	return 0;
		172
		173	return 1;
		174	}
		175
		176	int
166	ssl_max_shared_version(SSL s, uint16_t peer_ver, uint16_t max_ver)	177	ssl_max_shared_version(SSL s, uint16_t peer_ver, uint16_t max_ver)
167	{	178	{
168	uint16_t min_version, max_version, shared_version;	179	uint16_t min_version, max_version, shared_version;
@@ -235,6 +246,22 @@ ssl_downgrade_max_version(SSL s, uint16_t max_ver)
235	}	246	}
236		247
237	int	248	int
		249	ssl_check_version_from_server(SSL *s, uint16_t server_version)
		250	{
		251	uint16_t min_version, max_version;
		252
		253	/* Ensure that the version selected by the server is valid. */
		254
		255	if (SSL_is_dtls(s))
		256	return (server_version == DTLS1_VERSION);
		257
		258	if (!ssl_supported_version_range(s, &min_version, &max_version))
		259	return 0;
		260
		261	return (server_version >= min_version && server_version <= max_version);
		262	}
		263
		264	int
238	ssl_legacy_stack_version(SSL *s, uint16_t version)	265	ssl_legacy_stack_version(SSL *s, uint16_t version)
239	{	266	{
240	if (SSL_is_dtls(s))	267	if (SSL_is_dtls(s))