Revert changes to ssl_version_cmp() to avoid calling assert on non-sane inputs

The function can be called with arbitrary inputs.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28000)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index faf76dd23b7a6cc3d3258d5d2432c1047320b638..8a9d8237834a025f2f7f9211417d277d68fa29ef 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1822,7 +1822,12 @@ int ssl_version_cmp(const SSL_CONNECTION *s, int versiona, int versionb)
 {
     int dtls = SSL_CONNECTION_IS_DTLS(s);
 
-    return PROTOCOL_VERSION_CMP(dtls, versiona, versionb);
+    if (versiona == versionb)
+        return 0;
+    if (!dtls)
+        return versiona < versionb ? -1 : 1;
+    return DTLS_VERSION_LT(versiona, versionb) ? -1 : 1;
+
 }
 
 typedef struct {