diff options
| author | jsing <> | 2019-03-19 16:53:03 +0000 |
|---|---|---|
| committer | jsing <> | 2019-03-19 16:53:03 +0000 |
| commit | 962b1b0ed5b16b038f5d40e6fb7016cd60a6eaac (patch) | |
| tree | 262e7498526b6384dd4598673843aec336cc680d | |
| parent | 277c01d4872af51c7ce52c92dc8bb37c50c129c6 (diff) | |
| download | openbsd-962b1b0ed5b16b038f5d40e6fb7016cd60a6eaac.tar.gz openbsd-962b1b0ed5b16b038f5d40e6fb7016cd60a6eaac.tar.bz2 openbsd-962b1b0ed5b16b038f5d40e6fb7016cd60a6eaac.zip | |
Revert TLS1_get{,_client}_version simplification because DTLS.
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/tls1.h | 11 |
4 files changed, 15 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 5da53d8445..f3c439e6c0 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.58 2019/03/19 16:53:03 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 950 | 950 | ||
| 951 | /* TLS v1.2 only ciphersuites require v1.2 or later. */ | 951 | /* TLS v1.2 only ciphersuites require v1.2 or later. */ |
| 952 | if ((cipher->algorithm_ssl & SSL_TLSV1_2) && | 952 | if ((cipher->algorithm_ssl & SSL_TLSV1_2) && |
| 953 | (s->version < TLS1_2_VERSION)) { | 953 | (TLS1_get_version(s) < TLS1_2_VERSION)) { |
| 954 | al = SSL_AD_ILLEGAL_PARAMETER; | 954 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 955 | SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); | 955 | SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); |
| 956 | goto f_err; | 956 | goto f_err; |
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 336856bccf..2a0dd68acb 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.16 2019/03/19 16:53:03 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 729 | * bytes and record version number > TLS 1.0 | 729 | * bytes and record version number > TLS 1.0 |
| 730 | */ | 730 | */ |
| 731 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && | 731 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && |
| 732 | s->version > TLS1_VERSION) | 732 | TLS1_get_version(s) > TLS1_VERSION) |
| 733 | *(p++) = 0x1; | 733 | *(p++) = 0x1; |
| 734 | else | 734 | else |
| 735 | *(p++) = s->version&0xff; | 735 | *(p++) = s->version&0xff; |
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 15a2dbd42e..de9fabd4c7 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.43 2019/03/19 16:53:03 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert) | |||
| 525 | int | 525 | int |
| 526 | tlsext_sigalgs_client_needs(SSL *s) | 526 | tlsext_sigalgs_client_needs(SSL *s) |
| 527 | { | 527 | { |
| 528 | return (s->client_version >= TLS1_2_VERSION); | 528 | return (TLS1_get_client_version(s) >= TLS1_2_VERSION); |
| 529 | } | 529 | } |
| 530 | 530 | ||
| 531 | int | 531 | int |
| @@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) | |||
| 535 | size_t tls_sigalgs_len = tls12_sigalgs_len; | 535 | size_t tls_sigalgs_len = tls12_sigalgs_len; |
| 536 | CBB sigalgs; | 536 | CBB sigalgs; |
| 537 | 537 | ||
| 538 | if (s->client_version >= TLS1_3_VERSION && | 538 | if (TLS1_get_client_version(s) >= TLS1_3_VERSION && |
| 539 | S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) { | 539 | S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) { |
| 540 | tls_sigalgs = tls13_sigalgs; | 540 | tls_sigalgs = tls13_sigalgs; |
| 541 | tls_sigalgs_len = tls13_sigalgs_len; | 541 | tls_sigalgs_len = tls13_sigalgs_len; |
| @@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) | |||
| 1892 | if (is_server) | 1892 | if (is_server) |
| 1893 | version = s->version; | 1893 | version = s->version; |
| 1894 | else | 1894 | else |
| 1895 | version = s->client_version; | 1895 | version = TLS1_get_client_version(s); |
| 1896 | 1896 | ||
| 1897 | if (!CBB_add_u16_length_prefixed(cbb, &extensions)) | 1897 | if (!CBB_add_u16_length_prefixed(cbb, &extensions)) |
| 1898 | return 0; | 1898 | return 0; |
| @@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) | |||
| 1944 | if (is_server) | 1944 | if (is_server) |
| 1945 | version = s->version; | 1945 | version = s->version; |
| 1946 | else | 1946 | else |
| 1947 | version = s->client_version; | 1947 | version = TLS1_get_client_version(s); |
| 1948 | 1948 | ||
| 1949 | /* An empty extensions block is valid. */ | 1949 | /* An empty extensions block is valid. */ |
| 1950 | if (CBS_len(cbs) == 0) | 1950 | if (CBS_len(cbs) == 0) |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index e4ebbcbb00..cb68bbb562 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.39 2019/03/19 16:53:03 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -177,10 +177,11 @@ extern "C" { | |||
| 177 | #define TLS1_VERSION_MAJOR 0x03 | 177 | #define TLS1_VERSION_MAJOR 0x03 |
| 178 | #define TLS1_VERSION_MINOR 0x01 | 178 | #define TLS1_VERSION_MINOR 0x01 |
| 179 | 179 | ||
| 180 | #ifndef LIBRESSL_INTERNAL | 180 | #define TLS1_get_version(s) \ |
| 181 | #define TLS1_get_version(s) (s->version) | 181 | ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) |
| 182 | #define TLS1_get_client_version(s) (s->client_version) | 182 | |
| 183 | #endif | 183 | #define TLS1_get_client_version(s) \ |
| 184 | ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) | ||
| 184 | 185 | ||
| 185 | /* | 186 | /* |
| 186 | * TLS Alert codes. | 187 | * TLS Alert codes. |