Partially clean up the TLS1_get_{,client}_version macros.

LibreSSL only supports TLSv1.0 and above, hence the checks the macros are performing are useless. Simplify them to their effective code. Also place both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our code, which improves readability. ok tb@
author: jsing <> 2019-03-17 15:16:39 +0000
committer: jsing <> 2019-03-17 15:16:39 +0000
commit: 02f7540b7cb04e4e3a520c240503b8185e76f372 (patch)
tree: b2a6421379d8e567df8d954c56e0eb13500776ab
parent: 053bde557c5f57a91664558a9e44f1368c444de5 (diff)
download: openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.tar.gz
openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.tar.bz2
openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.zip
4 files changed, 14 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index abdcc9791a..5da53d8445 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
        /* TLS v1.2 only ciphersuites require v1.2 or later. */
        if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
-            (TLS1_get_version(s) < TLS1_2_VERSION)) {
+            (s->version < TLS1_2_VERSION)) {
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
                goto f_err;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 6e3764d360..336856bccf 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         * bytes and record version number > TLS 1.0
         */
        if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
-            TLS1_get_version(s) > TLS1_VERSION)
+            s->version > TLS1_VERSION)
                *(p++) = 0x1;
        else
                *(p++) = s->version&0xff;
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 3502e5a721..15a2dbd42e 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_sigalgs_client_needs(SSL *s)
 {
-        return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
+        return (s->client_version >= TLS1_2_VERSION);
 }
 int
@@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
-        if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&
+        if (s->client_version >= TLS1_3_VERSION &&
            S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
                tls_sigalgs = tls13_sigalgs;
                tls_sigalgs_len = tls13_sigalgs_len;
@@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
        if (is_server)
                version = s->version;
        else
-                version = TLS1_get_client_version(s);
+                version = s->client_version;
        if (!CBB_add_u16_length_prefixed(cbb, &extensions))
                return 0;
@@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
        if (is_server)
                version = s->version;
        else
-                version = TLS1_get_client_version(s);
+                version = s->client_version;
        /* An empty extensions block is valid. */
        if (CBS_len(cbs) == 0)
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c253f6d2c0..e4ebbcbb00 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.37 2018/11/09 00:34:55 beck Exp $ */
+/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -177,11 +177,10 @@ extern "C" {
 #define TLS1_VERSION_MAJOR              0x03
 #define TLS1_VERSION_MINOR              0x01
-#define TLS1_get_version(s) \
+#ifndef LIBRESSL_INTERNAL
-                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+#define TLS1_get_version(s) (s->version)
+#define TLS1_get_client_version(s) (s->client_version)
-#define TLS1_get_client_version(s) \
+#endif
-                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 /*
 * TLS Alert codes.
author	jsing <>	2019-03-17 15:16:39 +0000
committer	jsing <>	2019-03-17 15:16:39 +0000
commit	02f7540b7cb04e4e3a520c240503b8185e76f372 (patch)
tree	b2a6421379d8e567df8d954c56e0eb13500776ab
parent	053bde557c5f57a91664558a9e44f1368c444de5 (diff)
download	openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.tar.gz openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.tar.bz2 openbsd-02f7540b7cb04e4e3a520c240503b8185e76f372.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index abdcc9791a..5da53d8445 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
950		950
951	/* TLS v1.2 only ciphersuites require v1.2 or later. */	951	/* TLS v1.2 only ciphersuites require v1.2 or later. */
952	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&	952	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
953	(TLS1_get_version(s) < TLS1_2_VERSION)) {	953	(s->version < TLS1_2_VERSION)) {
954	al = SSL_AD_ILLEGAL_PARAMETER;	954	al = SSL_AD_ILLEGAL_PARAMETER;
955	SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);	955	SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
956	goto f_err;	956	goto f_err;


diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 6e3764d360..336856bccf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -729,7 +729,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
729	* bytes and record version number > TLS 1.0	729	* bytes and record version number > TLS 1.0
730	*/	730	*/
731	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&	731	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
732	TLS1_get_version(s) > TLS1_VERSION)	732	s->version > TLS1_VERSION)
733	*(p++) = 0x1;	733	*(p++) = 0x1;
734	else	734	else
735	*(p++) = s->version&0xff;	735	*(p++) = s->version&0xff;


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 3502e5a721..15a2dbd42e 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL s, CBS cbs, int *alert)
525	int	525	int
526	tlsext_sigalgs_client_needs(SSL *s)	526	tlsext_sigalgs_client_needs(SSL *s)
527	{	527	{
528	return (TLS1_get_client_version(s) >= TLS1_2_VERSION);	528	return (s->client_version >= TLS1_2_VERSION);
529	}	529	}
530		530
531	int	531	int
@@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL s, CBB cbb)
535	size_t tls_sigalgs_len = tls12_sigalgs_len;	535	size_t tls_sigalgs_len = tls12_sigalgs_len;
536	CBB sigalgs;	536	CBB sigalgs;
537		537
538	if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&	538	if (s->client_version >= TLS1_3_VERSION &&
539	S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {	539	S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
540	tls_sigalgs = tls13_sigalgs;	540	tls_sigalgs = tls13_sigalgs;
541	tls_sigalgs_len = tls13_sigalgs_len;	541	tls_sigalgs_len = tls13_sigalgs_len;
@@ -1892,7 +1892,7 @@ tlsext_build(SSL s, CBB cbb, int is_server, uint16_t msg_type)
1892	if (is_server)	1892	if (is_server)
1893	version = s->version;	1893	version = s->version;
1894	else	1894	else
1895	version = TLS1_get_client_version(s);	1895	version = s->client_version;
1896		1896
1897	if (!CBB_add_u16_length_prefixed(cbb, &extensions))	1897	if (!CBB_add_u16_length_prefixed(cbb, &extensions))
1898	return 0;	1898	return 0;
@@ -1944,7 +1944,7 @@ tlsext_parse(SSL s, CBS cbs, int *alert, int is_server, uint16_t msg_type)
1944	if (is_server)	1944	if (is_server)
1945	version = s->version;	1945	version = s->version;
1946	else	1946	else
1947	version = TLS1_get_client_version(s);	1947	version = s->client_version;
1948		1948
1949	/* An empty extensions block is valid. */	1949	/* An empty extensions block is valid. */
1950	if (CBS_len(cbs) == 0)	1950	if (CBS_len(cbs) == 0)


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index c253f6d2c0..e4ebbcbb00 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.37 2018/11/09 00:34:55 beck Exp $ */	1	/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -177,11 +177,10 @@ extern "C" {
177	#define TLS1_VERSION_MAJOR 0x03	177	#define TLS1_VERSION_MAJOR 0x03
178	#define TLS1_VERSION_MINOR 0x01	178	#define TLS1_VERSION_MINOR 0x01
179		179
180	#define TLS1_get_version(s) \	180	#ifndef LIBRESSL_INTERNAL
181	((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)	181	#define TLS1_get_version(s) (s->version)
182		182	#define TLS1_get_client_version(s) (s->client_version)
183	#define TLS1_get_client_version(s) \	183	#endif
184	((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
185		184
186	/*	185	/*
187	* TLS Alert codes.	186	* TLS Alert codes.