From 8b329cf90019dcaa45de44d9c3b2eed853ec9429 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 17 Sep 2020 15:23:29 +0000
Subject: Simplify SSL method lookups.

There are three places where we call tls1_get_{client,server}_method() and
if that returns NULL, call dtls1_get_{client,server}_method(). Simplify
this by combining the lookup into a single function. While here also use
uint16_t for version types.

ok inoguchi@ millert@
---
 src/lib/libssl/ssl_clnt.c    |  6 ++--
 src/lib/libssl/ssl_locl.h    |  8 ++---
 src/lib/libssl/ssl_methods.c | 84 ++++++++++++++++++--------------------------
 src/lib/libssl/ssl_sess.c    |  6 ++--
 src/lib/libssl/ssl_srvr.c    |  6 ++--
 5 files changed, 44 insertions(+), 66 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 68c7a83595..d62928a093 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.71 2020/09/11 17:36:27 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.72 2020/09/17 15:23:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -857,9 +857,7 @@ ssl3_get_server_hello(SSL *s)
 	}
 	s->version = server_version;
 
-	if ((method = tls1_get_client_method(server_version)) == NULL)
-		method = dtls1_get_client_method(server_version);
-	if (method == NULL) {
+	if ((method = ssl_get_client_method(server_version)) == NULL) {
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 4ac6b76cd3..a3b8a80572 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.292 2020/09/15 09:41:24 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.293 2020/09/17 15:23:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1131,10 +1131,8 @@ const SSL_METHOD *tls_legacy_method(void);
 const SSL_METHOD *tls_legacy_client_method(void);
 const SSL_METHOD *tls_legacy_server_method(void);
 
-const SSL_METHOD *dtls1_get_client_method(int ver);
-const SSL_METHOD *dtls1_get_server_method(int ver);
-const SSL_METHOD *tls1_get_client_method(int ver);
-const SSL_METHOD *tls1_get_server_method(int ver);
+const SSL_METHOD *ssl_get_client_method(uint16_t version);
+const SSL_METHOD *ssl_get_server_method(uint16_t version);
 
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 extern SSL3_ENC_METHOD TLSv1_enc_data;
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index c500d7ac06..ff8d17af06 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.15 2020/09/15 09:41:24 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.16 2020/09/17 15:23:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -98,14 +98,6 @@ DTLS_client_method(void)
 	return DTLSv1_client_method();
 }
 
-const SSL_METHOD *
-dtls1_get_client_method(int ver)
-{
-	if (ver == DTLS1_VERSION)
-		return (DTLSv1_client_method());
-	return (NULL);
-}
-
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
@@ -184,14 +176,6 @@ DTLS_server_method(void)
 	return DTLSv1_server_method();
 }
 
-const SSL_METHOD *
-dtls1_get_server_method(int ver)
-{
-	if (ver == DTLS1_VERSION)
-		return (DTLSv1_server_method());
-	return (NULL);
-}
-
 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT
 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
 	.version = TLS1_3_VERSION,
@@ -329,22 +313,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
 	.internal = &TLSv1_2_client_method_internal_data,
 };
 
-const SSL_METHOD *
-tls1_get_client_method(int ver)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-	if (ver == TLS1_3_VERSION)
-		return (TLS_client_method());
-#endif
-	if (ver == TLS1_2_VERSION)
-		return (TLSv1_2_client_method());
-	if (ver == TLS1_1_VERSION)
-		return (TLSv1_1_client_method());
-	if (ver == TLS1_VERSION)
-		return (TLSv1_client_method());
-	return (NULL);
-}
-
 const SSL_METHOD *
 SSLv23_client_method(void)
 {
@@ -699,22 +667,6 @@ static const SSL_METHOD TLSv1_2_server_method_data = {
 	.internal = &TLSv1_2_server_method_internal_data,
 };
 
-const SSL_METHOD *
-tls1_get_server_method(int ver)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-	if (ver == TLS1_3_VERSION)
-		return (TLS_server_method());
-#endif
-	if (ver == TLS1_2_VERSION)
-		return (TLSv1_2_server_method());
-	if (ver == TLS1_1_VERSION)
-		return (TLSv1_1_server_method());
-	if (ver == TLS1_VERSION)
-		return (TLSv1_server_method());
-	return (NULL);
-}
-
 const SSL_METHOD *
 SSLv23_server_method(void)
 {
@@ -754,3 +706,37 @@ TLSv1_2_server_method(void)
 {
 	return (&TLSv1_2_server_method_data);
 }
+
+const SSL_METHOD *
+ssl_get_client_method(uint16_t version)
+{
+	if (version == TLS1_3_VERSION)
+		return (TLS_client_method());
+	if (version == TLS1_2_VERSION)
+		return (TLSv1_2_client_method());
+	if (version == TLS1_1_VERSION)
+		return (TLSv1_1_client_method());
+	if (version == TLS1_VERSION)
+		return (TLSv1_client_method());
+	if (version == DTLS1_VERSION)
+		return (DTLSv1_client_method());
+
+	return (NULL);
+}
+
+const SSL_METHOD *
+ssl_get_server_method(uint16_t version)
+{
+	if (version == TLS1_3_VERSION)
+		return (TLS_server_method());
+	if (version == TLS1_2_VERSION)
+		return (TLSv1_2_server_method());
+	if (version == TLS1_1_VERSION)
+		return (TLSv1_1_server_method());
+	if (version == TLS1_VERSION)
+		return (TLSv1_server_method());
+	if (version == DTLS1_VERSION)
+		return (DTLSv1_server_method());
+
+	return (NULL);
+}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 4f9252679a..191e43b74b 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.98 2020/09/14 18:25:23 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.99 2020/09/17 15:23:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -785,9 +785,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
 		return SSL_set_ssl_method(s, s->ctx->method);
 	}
 
-	if ((method = tls1_get_client_method(session->ssl_version)) == NULL)
-		method = dtls1_get_client_method(session->ssl_version);
-	if (method == NULL) {
+	if ((method = ssl_get_client_method(session->ssl_version)) == NULL) {
 		SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
 		return (0);
 	}
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index eaaa57efb3..f69be70f04 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.83 2020/09/12 17:27:11 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.84 2020/09/17 15:23:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -870,9 +870,7 @@ ssl3_get_client_hello(SSL *s)
 	s->client_version = client_version;
 	s->version = shared_version;
 
-	if ((method = tls1_get_server_method(shared_version)) == NULL)
-		method = dtls1_get_server_method(shared_version);
-	if (method == NULL) {
+	if ((method = ssl_get_server_method(shared_version)) == NULL) {
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb