Introduce version comparing functions
This zero-cost abstraction allows to change the internal encoding
of TLS/DTLS versions in the future.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index b058e7c..11bed2f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -869,7 +869,8 @@
* present them a SHA-higher cert rather than failing if it's the only
* one we got that satisfies the other conditions.
*/
- if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ),
+ MBEDTLS_SSL_MINOR_VERSION_3 ) )
{
mbedtls_md_type_t sig_md;
{
@@ -936,10 +937,12 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s",
mbedtls_ssl_suite_get_name( suite_info ) ) );
- if( mbedtls_ssl_suite_get_min_minor_ver( suite_info )
- > mbedtls_ssl_get_minor_ver( ssl ) ||
- mbedtls_ssl_suite_get_max_minor_ver( suite_info )
- < mbedtls_ssl_get_minor_ver( ssl ) )
+ if( mbedtls_ssl_ver_gt(
+ mbedtls_ssl_suite_get_min_minor_ver( suite_info ),
+ mbedtls_ssl_get_minor_ver( ssl ) ) ||
+ mbedtls_ssl_ver_lt(
+ mbedtls_ssl_suite_get_max_minor_ver( suite_info ),
+ mbedtls_ssl_get_minor_ver( ssl ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
return( 0 );
@@ -1111,7 +1114,8 @@
? buf[4] : mbedtls_ssl_conf_get_max_minor_ver( ssl->conf );
#endif
- if( mbedtls_ssl_get_minor_ver( ssl ) < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )
+ if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ),
+ mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
@@ -1237,8 +1241,9 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
- if( mbedtls_ssl_get_minor_ver( ssl ) <
- mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
+ if( mbedtls_ssl_ver_lt(
+ mbedtls_ssl_get_minor_ver( ssl ),
+ mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
@@ -1652,8 +1657,10 @@
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
- if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
- minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )
+ if( mbedtls_ssl_ver_lt( major_ver,
+ mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) ||
+ mbedtls_ssl_ver_lt( minor_ver,
+ mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
@@ -1665,13 +1672,19 @@
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
- if( major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) )
+ if( mbedtls_ssl_ver_gt(
+ major_ver,
+ mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) )
{
major_ver = mbedtls_ssl_conf_get_max_major_ver( ssl->conf );
minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf );
}
- else if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
+ else if( mbedtls_ssl_ver_gt(
+ minor_ver,
+ mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) )
+ {
minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf );
+ }
#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
ssl->major_ver = major_ver;
@@ -2061,8 +2074,9 @@
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
- if( mbedtls_ssl_get_minor_ver( ssl ) <
- mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
+ if( mbedtls_ssl_ver_lt(
+ mbedtls_ssl_get_minor_ver( ssl ),
+ mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );