From 5be7b39a3d59ca113945b77a97aaa4d8875ccc82 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 22 Feb 2021 15:59:10 +0000
Subject: Factor out/change some of the legacy client version handling code.

This consolidates the version handling code and will make upcoming changes
easier.

ok tb@
---
 src/lib/libssl/ssl_versions.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_versions.c')

diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index 1ee5ed312c..3c4801971e 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/22 15:59:10 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -162,6 +162,17 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
 	return 1;
 }
 
+int
+ssl_max_supported_version(SSL *s, uint16_t *max_ver)
+{
+	*max_ver = 0;
+
+	if (!ssl_supported_version_range(s, NULL, max_ver))
+		return 0;
+
+	return 1;
+}
+
 int
 ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
 {
@@ -234,6 +245,22 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
 	return 1;
 }
 
+int
+ssl_check_version_from_server(SSL *s, uint16_t server_version)
+{
+	uint16_t min_version, max_version;
+
+	/* Ensure that the version selected by the server is valid. */
+
+	if (SSL_is_dtls(s))
+		return (server_version == DTLS1_VERSION);
+
+	if (!ssl_supported_version_range(s, &min_version, &max_version))
+		return 0;
+
+	return (server_version >= min_version && server_version <= max_version);
+}
+
 int
 ssl_legacy_stack_version(SSL *s, uint16_t version)
 {
-- 
cgit v1.2.3-55-g6feb