Revert TLS1_get{,_client}_version simplification because DTLS.

4 files changed, 15 insertions, 14 deletions

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 5da53d84454..f3c439e6c0c 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.58 2019/03/19 16:53:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
 
 	/* TLS v1.2 only ciphersuites require v1.2 or later. */
 	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
-	    (s->version < TLS1_2_VERSION)) {
+	    (TLS1_get_version(s) < TLS1_2_VERSION)) {
 		al = SSL_AD_ILLEGAL_PARAMETER;
 		SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 336856bccf9..2a0dd68acbd 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.16 2019/03/19 16:53:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	 * bytes and record version number > TLS 1.0
 	 */
 	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
-	    s->version > TLS1_VERSION)
+	    TLS1_get_version(s) > TLS1_VERSION)
 		*(p++) = 0x1;
 	else
 		*(p++) = s->version&0xff;
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 15a2dbd42eb..de9fabd4c7b 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.43 2019/03/19 16:53:03 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_sigalgs_client_needs(SSL *s)
 {
-	return (s->client_version >= TLS1_2_VERSION);
+	return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
 }
 
 int
@@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
 	size_t tls_sigalgs_len = tls12_sigalgs_len;
 	CBB sigalgs;
 
-	if (s->client_version >= TLS1_3_VERSION &&
+	if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&
 	    S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
 		tls_sigalgs = tls13_sigalgs;
 		tls_sigalgs_len = tls13_sigalgs_len;
@@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
 	if (is_server)
 		version = s->version;
 	else
-		version = s->client_version;
+		version = TLS1_get_client_version(s);
 
 	if (!CBB_add_u16_length_prefixed(cbb, &extensions))
 		return 0;
@@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
 	if (is_server)
 		version = s->version;
 	else
-		version = s->client_version;
+		version = TLS1_get_client_version(s);
 
 	/* An empty extensions block is valid. */
 	if (CBS_len(cbs) == 0)
diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index e4ebbcbb001..cb68bbb562e 100644
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.39 2019/03/19 16:53:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -177,10 +177,11 @@ extern "C" {
 #define TLS1_VERSION_MAJOR		0x03
 #define TLS1_VERSION_MINOR		0x01
 
-#ifndef LIBRESSL_INTERNAL
-#define TLS1_get_version(s) (s->version)
-#define TLS1_get_client_version(s) (s->client_version)
-#endif
+#define TLS1_get_version(s) \
+		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+
+#define TLS1_get_client_version(s) \
+		((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 
 /*
  * TLS Alert codes.