diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-17 15:16:40 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-17 15:16:40 +0000 |
| commit | bb22eef1a04dd56b150b527bd08f1aa2580f97ec (patch) | |
| tree | 66783a629ec7281a39f300489bbd2d25a7e38d79 | |
| parent | c46b386708a48cefaf0507c43c51a954070646c9 (diff) | |
Partially clean up the TLS1_get_{,client}_version macros.
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.
ok tb@
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 10 | ||||
| -rw-r--r-- | lib/libssl/tls1.h | 11 |
4 files changed, 14 insertions, 15 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index abdcc9791a5..5da53d84454 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s) /* TLS v1.2 only ciphersuites require v1.2 or later. */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) { + (s->version < TLS1_2_VERSION)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); goto f_err; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 6e3764d360f..336856bccf9 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, * bytes and record version number > TLS 1.0 */ if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && - TLS1_get_version(s) > TLS1_VERSION) + s->version > TLS1_VERSION) *(p++) = 0x1; else *(p++) = s->version&0xff; diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 3502e5a7214..15a2dbd42eb 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert) int tlsext_sigalgs_client_needs(SSL *s) { - return (TLS1_get_client_version(s) >= TLS1_2_VERSION); + return (s->client_version >= TLS1_2_VERSION); } int @@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) size_t tls_sigalgs_len = tls12_sigalgs_len; CBB sigalgs; - if (TLS1_get_client_version(s) >= TLS1_3_VERSION && + if (s->client_version >= TLS1_3_VERSION && S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) { tls_sigalgs = tls13_sigalgs; tls_sigalgs_len = tls13_sigalgs_len; @@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) if (is_server) version = s->version; else - version = TLS1_get_client_version(s); + version = s->client_version; if (!CBB_add_u16_length_prefixed(cbb, &extensions)) return 0; @@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) if (is_server) version = s->version; else - version = TLS1_get_client_version(s); + version = s->client_version; /* An empty extensions block is valid. */ if (CBS_len(cbs) == 0) diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index c253f6d2c0b..e4ebbcbb001 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.37 2018/11/09 00:34:55 beck Exp $ */ +/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -177,11 +177,10 @@ extern "C" { #define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MINOR 0x01 -#define TLS1_get_version(s) \ - ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - -#define TLS1_get_client_version(s) \ - ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) +#ifndef LIBRESSL_INTERNAL +#define TLS1_get_version(s) (s->version) +#define TLS1_get_client_version(s) (s->client_version) +#endif /* * TLS Alert codes. |