commit 7bcf2b5875d3d6b052ba94aa1f46a66e9eb33032
author Hanno Becker <hanno.becker@arm.com> Fri Jul 26 09:02:40 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu Sep 05 17:37:55 2019 +0100
tree e7230dd70e1a720c1e010a0b14f87dfee7ac675b
parent baac25d2bf2c17d024a9896aaba0d6af37c8b7a9

Introduce version comparing functions

This zero-cost abstraction allows to change the internal encoding
of TLS/DTLS versions in the future.

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4e99a80..ae1c400 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -772,8 +772,10 @@
     if( suite_info == MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE )
         return( 1 );
 
-    if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) > max_minor_ver ||
-        mbedtls_ssl_suite_get_max_minor_ver( suite_info ) < min_minor_ver )
+    if( mbedtls_ssl_ver_gt( mbedtls_ssl_suite_get_min_minor_ver( suite_info ),
+                            max_minor_ver ) ||
+        mbedtls_ssl_ver_lt( mbedtls_ssl_suite_get_max_minor_ver( suite_info ),
+                            min_minor_ver ) )
     {
         return( 1 );
     }
@@ -1553,10 +1555,12 @@
      * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
      * even is lower than our min version.
      */
-    if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
-        minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
-        major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf )  ||
-        minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf )  )
+    if( mbedtls_ssl_ver_lt( major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 ) ||
+        mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_2 ) ||
+        mbedtls_ssl_ver_gt( major_ver,
+                            mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) ||
+        mbedtls_ssl_ver_gt( minor_ver,
+                            mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
 
@@ -1711,10 +1715,14 @@
                                   ssl->conf->transport,
                                   buf + 0 );
 
-        if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
-            minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ||
-            major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ||
-            minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
+        if( mbedtls_ssl_ver_lt( major_ver,
+                                mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) ||
+            mbedtls_ssl_ver_lt( minor_ver,
+                                mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ||
+            mbedtls_ssl_ver_gt( major_ver,
+                                mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) ||
+            mbedtls_ssl_ver_gt( minor_ver,
+                                mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
                          " min: [%d:%d], server: [%d:%d], max: [%d:%d]",
@@ -2926,7 +2934,8 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 )
+        if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ),
+                                MBEDTLS_SSL_MINOR_VERSION_3 ) )
         {
             pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );