From cd78df6aa4f8777754882da38be7e15b2961d1d4 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Thu, 7 Apr 2022 19:07:11 -0400
Subject: [PATCH] handshake->min_minor_ver to ->min_tls_version

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 library/ssl_client.c       | 12 ++++++------
 library/ssl_misc.h         | 10 +++++-----
 library/ssl_tls13_client.c |  8 ++++----
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/library/ssl_client.c b/library/ssl_client.c
index 731b44f6e9..f5b8be485c 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -493,7 +493,7 @@ static int ssl_write_client_hello_cipher_suites(
         ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
 
         if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
-                                              0x0300 | ssl->handshake->min_minor_ver,
+                                              ssl->handshake->min_tls_version,
                                               ssl->tls_version ) != 0 )
             continue;
 
@@ -585,13 +585,13 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     unsigned char propose_tls12 =
-        ( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
+        ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
         &&
         ( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     unsigned char propose_tls13 =
-        ( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 )
+        ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
         &&
         ( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
 #endif
@@ -851,19 +851,19 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
      */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
+        ssl->handshake->min_tls_version = ssl->tls_version;
     else
 #endif
     {
         if( ssl->handshake->resume )
         {
              ssl->tls_version = ssl->session_negotiate->tls_version;
-             ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
+             ssl->handshake->min_tls_version = ssl->tls_version;
         }
         else
         {
              ssl->tls_version = ssl->conf->max_tls_version;
-             ssl->handshake->min_minor_ver = ssl->conf->min_tls_version & 0xFF;
+             ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
         }
     }
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 672659d4a1..9d34ca4638 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -506,7 +506,7 @@ struct mbedtls_ssl_handshake_params
     uint8_t cli_exts;                   /*!< client extension presence*/
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    /*!< Minimum minor version to be negotiated.
+    /*!< Minimum TLS version to be negotiated.
      *
      *   It is set up in the ClientHello writing preparation stage and used
      *   throughout the ClientHello writing. Not relevant anymore as soon as
@@ -517,14 +517,14 @@ struct mbedtls_ssl_handshake_params
      *   renegotiating or resuming a session, it is equal to the previously
      *   negotiated minor version.
      *
-     *   There is no maximum minor version field in this handshake context.
+     *   There is no maximum TLS version field in this handshake context.
      *   From the start of the handshake, we need to define a current protocol
-     *   version for the record layer which we define as the maximum minor
-     *   version to be negotiated. The `minor_ver` field of the SSL context is
+     *   version for the record layer which we define as the maximum TLS
+     *   version to be negotiated. The `tls_version` field of the SSL context is
      *   used to store this maximum value until it contains the actual
      *   negotiated value.
      */
-    unsigned char min_minor_ver;
+    uint16_t min_tls_version;
 #endif
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index acb4865d6c..b05d2f239a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -49,8 +49,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                                    size_t *out_len )
 {
     unsigned char *p = buf;
-    unsigned char versions_len = ( ssl->handshake->min_minor_ver <=
-                                   MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2;
+    unsigned char versions_len = ( ssl->handshake->min_tls_version <=
+                                   MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
 
     *out_len = 0;
 
@@ -80,7 +80,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
 
 
-    if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
+    if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
     {
         mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
                                    MBEDTLS_SSL_VERSION_TLS1_2 );
@@ -859,7 +859,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
          * expecting it, abort the handshake. Otherwise, switch to TLS 1.2
          * handshake.
          */
-        if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 )
+        if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
         {
             MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                           MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );