summaryrefslogtreecommitdiffstats
path: root/lib/libssl/ssl_versions.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/ssl_versions.c')
-rw-r--r--lib/libssl/ssl_versions.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c
index 1ee5ed312cf..3c4801971e0 100644
--- a/lib/libssl/ssl_versions.c
+++ b/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:43:29 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/22 15:59:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@@ -163,6 +163,17 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
}
int
+ssl_max_supported_version(SSL *s, uint16_t *max_ver)
+{
+ *max_ver = 0;
+
+ if (!ssl_supported_version_range(s, NULL, max_ver))
+ return 0;
+
+ return 1;
+}
+
+int
ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
{
uint16_t min_version, max_version, shared_version;
@@ -235,6 +246,22 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
}
int
+ssl_check_version_from_server(SSL *s, uint16_t server_version)
+{
+ uint16_t min_version, max_version;
+
+ /* Ensure that the version selected by the server is valid. */
+
+ if (SSL_is_dtls(s))
+ return (server_version == DTLS1_VERSION);
+
+ if (!ssl_supported_version_range(s, &min_version, &max_version))
+ return 0;
+
+ return (server_version >= min_version && server_version <= max_version);
+}
+
+int
ssl_legacy_stack_version(SSL *s, uint16_t version)
{
if (SSL_is_dtls(s))
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.