diff options
| author | tb <> | 2019-01-21 10:32:58 +0000 | 
|---|---|---|
| committer | tb <> | 2019-01-21 10:32:58 +0000 | 
| commit | 5c096912abad8acc83f7efc99a43db13d80f58aa (patch) | |
| tree | c3c2fe76cdb1dff54297fb7af991aea72bb27727 /src | |
| parent | 43ac5e631473f5c3ed10d94a4ae916cadbe015dd (diff) | |
| download | openbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.tar.gz openbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.tar.bz2 openbsd-5c096912abad8acc83f7efc99a43db13d80f58aa.zip | |
Use ssl_cipher_is_permitted() in ssl_cipher_list_to_bytes().
ok jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 15 | 
1 files changed, 6 insertions, 9 deletions
| diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4ea47e9094..97e0a4479d 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.197 2019/01/21 00:31:29 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.198 2019/01/21 10:32:58 tb Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1407,23 +1407,20 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) | |||
| 1407 | { | 1407 | { | 
| 1408 | SSL_CIPHER *cipher; | 1408 | SSL_CIPHER *cipher; | 
| 1409 | int num_ciphers = 0; | 1409 | int num_ciphers = 0; | 
| 1410 | uint16_t min_vers, max_vers; | ||
| 1410 | int i; | 1411 | int i; | 
| 1411 | 1412 | ||
| 1412 | if (ciphers == NULL) | 1413 | if (ciphers == NULL) | 
| 1413 | return 0; | 1414 | return 0; | 
| 1414 | 1415 | ||
| 1416 | if (!ssl_supported_version_range(s, &min_vers, &max_vers)) | ||
| 1417 | return 0; | ||
| 1418 | |||
| 1415 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 1419 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 
| 1416 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) | 1420 | if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) | 
| 1417 | return 0; | 1421 | return 0; | 
| 1418 | 1422 | ||
| 1419 | /* Skip TLS v1.3 only ciphersuites if lower than v1.3 */ | 1423 | if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) | 
| 1420 | if ((cipher->algorithm_ssl & SSL_TLSV1_3) && | ||
| 1421 | (TLS1_get_client_version(s) < TLS1_3_VERSION)) | ||
| 1422 | continue; | ||
| 1423 | |||
| 1424 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | ||
| 1425 | if ((cipher->algorithm_ssl & SSL_TLSV1_2) && | ||
| 1426 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | ||
| 1427 | continue; | 1424 | continue; | 
| 1428 | 1425 | ||
| 1429 | if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) | 1426 | if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) | 
