mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d4fd9f1..cd60986 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1132,10 +1132,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1144,10 +1144,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1165,20 +1165,20 @@
{
if( strcmp( q, "tls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@@ -1372,14 +1372,14 @@
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
- ( ciphersuite_info->min_tls_version & 0xFF ) > opt.max_version )
+ ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
- ( ciphersuite_info->max_tls_version & 0xFF ) < opt.min_version )
+ ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@@ -1389,17 +1389,17 @@
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
- opt.max_version > ( ciphersuite_info->max_tls_version & 0xFF ) )
+ opt.max_version > ciphersuite_info->max_tls_version )
{
- opt.max_version = ( ciphersuite_info->max_tls_version & 0xFF );
+ opt.max_version = ciphersuite_info->max_tls_version;
}
- if( opt.min_version < ( ciphersuite_info->min_tls_version & 0xFF ) )
+ if( opt.min_version < ciphersuite_info->min_tls_version )
{
- opt.min_version = ( ciphersuite_info->min_tls_version & 0xFF );
+ opt.min_version = ciphersuite_info->min_tls_version;
/* DTLS starts with TLS 1.2 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2 )
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1410,7 +1410,7 @@
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
- opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@@ -1967,12 +1967,10 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.min_version );
+ mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- opt.max_version );
+ mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4409d1b..948d2e0 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1845,10 +1845,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1857,10 +1857,10 @@
{
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
goto usage;
@@ -1878,20 +1878,20 @@
{
if( strcmp( q, "tls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
}
else if( strcmp( q, "dtls12" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 )
{
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else
@@ -2164,14 +2164,14 @@
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
- ( ciphersuite_info->min_tls_version & 0xFF ) > opt.max_version )
+ ciphersuite_info->min_tls_version > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
- ( ciphersuite_info->max_tls_version & 0xFF ) < opt.min_version )
+ ciphersuite_info->max_tls_version < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@@ -2181,13 +2181,13 @@
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
- opt.max_version > ( ciphersuite_info->max_tls_version & 0xFF ) )
+ opt.max_version > ciphersuite_info->max_tls_version )
{
- opt.max_version = ( ciphersuite_info->max_tls_version & 0xFF );
+ opt.max_version = ciphersuite_info->max_tls_version;
}
- if( opt.min_version < ( ciphersuite_info->min_tls_version & 0xFF ) )
+ if( opt.min_version < ciphersuite_info->min_tls_version )
{
- opt.min_version = ( ciphersuite_info->min_tls_version & 0xFF );
+ opt.min_version = ciphersuite_info->min_tls_version;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2198,7 +2198,7 @@
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
- opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ opt.min_version != MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
ret = 2;
@@ -3086,10 +3086,10 @@
#endif
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
if( opt.max_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{