summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_clnt.c4
-rw-r--r--lib/libssl/ssl_pkt.c4
-rw-r--r--lib/libssl/ssl_tlsext.c10
-rw-r--r--lib/libssl/tls1.h11
4 files changed, 14 insertions, 15 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index abdcc9791a5..5da53d84454 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
/* TLS v1.2 only ciphersuites require v1.2 or later. */
if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
- (TLS1_get_version(s) < TLS1_2_VERSION)) {
+ (s->version < TLS1_2_VERSION)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
goto f_err;
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 6e3764d360f..336856bccf9 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* bytes and record version number > TLS 1.0
*/
if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
- TLS1_get_version(s) > TLS1_VERSION)
+ s->version > TLS1_VERSION)
*(p++) = 0x1;
else
*(p++) = s->version&0xff;
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 3502e5a7214..15a2dbd42eb 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert)
int
tlsext_sigalgs_client_needs(SSL *s)
{
- return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
+ return (s->client_version >= TLS1_2_VERSION);
}
int
@@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
- if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&
+ if (s->client_version >= TLS1_3_VERSION &&
S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
tls_sigalgs = tls13_sigalgs;
tls_sigalgs_len = tls13_sigalgs_len;
@@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
if (is_server)
version = s->version;
else
- version = TLS1_get_client_version(s);
+ version = s->client_version;
if (!CBB_add_u16_length_prefixed(cbb, &extensions))
return 0;
@@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
if (is_server)
version = s->version;
else
- version = TLS1_get_client_version(s);
+ version = s->client_version;
/* An empty extensions block is valid. */
if (CBS_len(cbs) == 0)
diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index c253f6d2c0b..e4ebbcbb001 100644
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.37 2018/11/09 00:34:55 beck Exp $ */
+/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -177,11 +177,10 @@ extern "C" {
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
-#define TLS1_get_version(s) \
- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+#ifndef LIBRESSL_INTERNAL
+#define TLS1_get_version(s) (s->version)
+#define TLS1_get_client_version(s) (s->client_version)
+#endif
/*
* TLS Alert codes.