summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-06-29 08:38:02 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-06-29 08:38:02 +0000
commitdcec5e608a15a31c03ff3ab9bdb33b6cc845fc7f (patch)
tree7a3abfca6e7e5a35c3b8a3adc72a3e61d54431bf
parent4449ba7fb2080b8dc433715850b7e1f5b2804f11 (diff)
Check security level when convertin a cipher list to bytes
ok beck jsing
Diffstat
-rw-r--r--lib/libssl/ssl_ciphers.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c
index 3174ae9c268..99f23dff4bd 100644
--- a/lib/libssl/ssl_ciphers.c
+++ b/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */
+/* $OpenBSD: ssl_ciphers.c,v 1.14 2022/06/29 08:38:01 tb Exp $ */
/*
* Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
* Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -70,6 +70,9 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
max_vers))
continue;
+ if (!ssl_security(s, SSL_SECOP_CIPHER_CHECK,
+ cipher->strength_bits, 0, cipher))
+ continue;
if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 18:26:31 +0000