From a3097c41b00a194ca77a5b193134652adcdab80a Mon Sep 17 00:00:00 2001
From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Wed, 9 Jul 2025 07:42:43 +0200
Subject: [PATCH] Revert changes to ssl_version_cmp() to avoid calling assert
 on non-sane inputs

The function can be called with arbitrary inputs.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28000)
---
 ssl/statem/statem_lib.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index faf76dd23b7..8a9d8237834 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1822,7 +1822,12 @@ int ssl_version_cmp(const SSL_CONNECTION *s, int versiona, int versionb)
 {
     int dtls = SSL_CONNECTION_IS_DTLS(s);
 
-    return PROTOCOL_VERSION_CMP(dtls, versiona, versionb);
+    if (versiona == versionb)
+        return 0;
+    if (!dtls)
+        return versiona < versionb ? -1 : 1;
+    return DTLS_VERSION_LT(versiona, versionb) ? -1 : 1;
+
 }
 
 typedef struct {
-- 
2.47.2