diff options
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/ssl_ciphers.c | 9 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 6 |
3 files changed, 10 insertions, 10 deletions
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c index 3a1fb14d5c9..d13ce7a9c5c 100644 --- a/lib/libssl/ssl_ciphers.c +++ b/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.4 2020/05/31 18:03:32 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.5 2020/09/11 15:28:07 jsing Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org> @@ -23,7 +23,7 @@ #include "ssl_locl.h" int -ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, +ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver) { /* XXX: We only support DTLSv1 which is effectively TLSv1.1 */ @@ -65,10 +65,9 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) return 0; - - if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) + if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, + max_vers)) continue; - if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) return 0; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 6f8a14bca4a..2879b198d5c 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.222 2020/09/11 13:20:32 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.223 2020/09/11 15:28:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1298,7 +1298,8 @@ SSL_get1_supported_ciphers(SSL *s) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) goto err; - if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers)) + if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, + max_vers)) continue; if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) goto err; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index bd210cdce52..bfd0ea67337 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.288 2020/09/01 12:40:53 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.289 2020/09/11 15:28:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1127,8 +1127,8 @@ int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, uint16_t *out_ver); int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); -int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, - uint16_t max_ver); +int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, + uint16_t min_ver, uint16_t max_ver); const SSL_METHOD *tls_legacy_method(void); const SSL_METHOD *tls_legacy_client_method(void); |