From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 12 Sep 2024 16:31:59 +0000 (-0400)
Subject: vtls/rustls: simplify ciphersuite skipping
X-Git-Tag: curl-8_10_1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d9b40d6a4e17a84d92579c5d415dbc006b5ea19;p=thirdparty%2Fcurl.git

vtls/rustls: simplify ciphersuite skipping

Now that the rustls vtls backend is using rustls 0.14 we can take
advantage of `rustls_supported_ciphersuite_protocol_version()` to skip
TLS 1.3 and TLS 1.2 ciphersuites as required without needing to
interrogate the ciphersuite names as `rustls_str`s.

Closes #14889
---

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 848bd973cd..241d2cc540 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -447,10 +447,9 @@ cr_get_selected_ciphers(struct Curl_easy *data,
   if(!ciphers13) {
     /* Add default TLSv1.3 ciphers to selection */
     for(j = 0; j < default_len; j++) {
-      struct rustls_str s;
       entry = rustls_default_crypto_provider_ciphersuites_get(j);
-      s = rustls_supported_ciphersuite_get_name(entry);
-      if(s.len < 5 || strncmp(s.data, "TLS13", 5) != 0)
+      if(rustls_supported_ciphersuite_protocol_version(entry) !=
+        RUSTLS_TLS_VERSION_TLSV1_3)
         continue;
 
       selected[count++] = entry;
@@ -505,10 +504,9 @@ add_ciphers:
   if(!ciphers12) {
     /* Add default TLSv1.2 ciphers to selection */
     for(j = 0; j < default_len; j++) {
-      struct rustls_str s;
       entry = rustls_default_crypto_provider_ciphersuites_get(j);
-      s = rustls_supported_ciphersuite_get_name(entry);
-      if(s.len >= 5 && strncmp(s.data, "TLS13", 5) == 0)
+      if(rustls_supported_ciphersuite_protocol_version(entry) ==
+          RUSTLS_TLS_VERSION_TLSV1_3)
         continue;
 
       /* No duplicates allowed (so selected cannot overflow) */