From 02f7540b7cb04e4e3a520c240503b8185e76f372 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 17 Mar 2019 15:16:39 +0000
Subject: Partially clean up the TLS1_get_{,client}_version macros.

LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.

ok tb@
---
 src/lib/libssl/ssl_clnt.c   |  4 ++--
 src/lib/libssl/ssl_pkt.c    |  4 ++--
 src/lib/libssl/ssl_tlsext.c | 10 +++++-----
 src/lib/libssl/tls1.h       | 11 +++++------
 4 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index abdcc9791a..5da53d8445 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.57 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
 
 	/* TLS v1.2 only ciphersuites require v1.2 or later. */
 	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
-	    (TLS1_get_version(s) < TLS1_2_VERSION)) {
+	    (s->version < TLS1_2_VERSION)) {
 		al = SSL_AD_ILLEGAL_PARAMETER;
 		SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 6e3764d360..336856bccf 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.15 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -729,7 +729,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	 * bytes and record version number > TLS 1.0
 	 */
 	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
-	    TLS1_get_version(s) > TLS1_VERSION)
+	    s->version > TLS1_VERSION)
 		*(p++) = 0x1;
 	else
 		*(p++) = s->version&0xff;
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 3502e5a721..15a2dbd42e 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.41 2019/02/03 14:09:58 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.42 2019/03/17 15:16:39 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -525,7 +525,7 @@ tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_sigalgs_client_needs(SSL *s)
 {
-	return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
+	return (s->client_version >= TLS1_2_VERSION);
 }
 
 int
@@ -535,7 +535,7 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
 	size_t tls_sigalgs_len = tls12_sigalgs_len;
 	CBB sigalgs;
 
-	if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&
+	if (s->client_version >= TLS1_3_VERSION &&
 	    S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
 		tls_sigalgs = tls13_sigalgs;
 		tls_sigalgs_len = tls13_sigalgs_len;
@@ -1892,7 +1892,7 @@ tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
 	if (is_server)
 		version = s->version;
 	else
-		version = TLS1_get_client_version(s);
+		version = s->client_version;
 
 	if (!CBB_add_u16_length_prefixed(cbb, &extensions))
 		return 0;
@@ -1944,7 +1944,7 @@ tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
 	if (is_server)
 		version = s->version;
 	else
-		version = TLS1_get_client_version(s);
+		version = s->client_version;
 
 	/* An empty extensions block is valid. */
 	if (CBS_len(cbs) == 0)
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c253f6d2c0..e4ebbcbb00 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.37 2018/11/09 00:34:55 beck Exp $ */
+/* $OpenBSD: tls1.h,v 1.38 2019/03/17 15:16:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -177,11 +177,10 @@ extern "C" {
 #define TLS1_VERSION_MAJOR		0x03
 #define TLS1_VERSION_MINOR		0x01
 
-#define TLS1_get_version(s) \
-		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
-		((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+#ifndef LIBRESSL_INTERNAL
+#define TLS1_get_version(s) (s->version)
+#define TLS1_get_client_version(s) (s->client_version)
+#endif
 
 /*
  * TLS Alert codes.
-- 
cgit v1.2.3-55-g6feb