diff options
| author | jsing <> | 2020-09-11 15:28:08 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-11 15:28:08 +0000 |
| commit | aaafcc65a8b1deda1feab495b687eeec194f78bb (patch) | |
| tree | 7142d16dc8b078e547e2f879cb02e4df5a30eb75 /src/lib | |
| parent | 54fa1d3a6727088bd1475d3822d8070cb9e734a9 (diff) | |
| download | openbsd-aaafcc65a8b1deda1feab495b687eeec194f78bb.tar.gz openbsd-aaafcc65a8b1deda1feab495b687eeec194f78bb.tar.bz2 openbsd-aaafcc65a8b1deda1feab495b687eeec194f78bb.zip | |
Rename ssl_cipher_is_permitted()
The name ssl_cipher_is_permitted() is not entirely specific - what it
really means is "can this cipher be used with a given version range".
Use ssl_cipher_allowed_in_version_range() to more clearly indicate this.
Bikeshedded with tb@
ok tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_ciphers.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 6 |
3 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 3a1fb14d5c..d13ce7a9c5 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciphers.c,v 1.4 2020/05/31 18:03:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciphers.c,v 1.5 2020/09/11 15:28:07 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> | 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> |
| 4 | * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org> |
| @@ -23,7 +23,7 @@ | |||
| 23 | #include "ssl_locl.h" | 23 | #include "ssl_locl.h" |
| 24 | 24 | ||
| 25 | int | 25 | int |
| 26 | ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, | 26 | ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, |
| 27 | uint16_t max_ver) | 27 | uint16_t max_ver) |
| 28 | { | 28 | { |
| 29 | /* XXX: We only support DTLSv1 which is effectively TLSv1.1 */ | 29 | /* XXX: We only support DTLSv1 which is effectively TLSv1.1 */ |
| @@ -65,10 +65,9 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) | |||
| 65 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 65 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
| 66 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) | 66 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) |
| 67 | return 0; | 67 | return 0; |
| 68 | 68 | if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, | |
| 69 | if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) | 69 | max_vers)) |
| 70 | continue; | 70 | continue; |
| 71 | |||
| 72 | if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) | 71 | if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) |
| 73 | return 0; | 72 | return 0; |
| 74 | 73 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 6f8a14bca4..2879b198d5 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.222 2020/09/11 13:20:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.223 2020/09/11 15:28:08 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1298,7 +1298,8 @@ SSL_get1_supported_ciphers(SSL *s) | |||
| 1298 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 1298 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
| 1299 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) | 1299 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) |
| 1300 | goto err; | 1300 | goto err; |
| 1301 | if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) | 1301 | if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, |
| 1302 | max_vers)) | ||
| 1302 | continue; | 1303 | continue; |
| 1303 | if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) | 1304 | if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) |
| 1304 | goto err; | 1305 | goto err; |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index bd210cdce5..bfd0ea6733 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.288 2020/09/01 12:40:53 tb Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.289 2020/09/11 15:28:08 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1127,8 +1127,8 @@ int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, | |||
| 1127 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, | 1127 | int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, |
| 1128 | uint16_t *out_ver); | 1128 | uint16_t *out_ver); |
| 1129 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); | 1129 | int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); |
| 1130 | int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, | 1130 | int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, |
| 1131 | uint16_t max_ver); | 1131 | uint16_t min_ver, uint16_t max_ver); |
| 1132 | 1132 | ||
| 1133 | const SSL_METHOD *tls_legacy_method(void); | 1133 | const SSL_METHOD *tls_legacy_method(void); |
| 1134 | const SSL_METHOD *tls_legacy_client_method(void); | 1134 | const SSL_METHOD *tls_legacy_client_method(void); |