All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Zaborowski <andrew.zaborowski@intel.com>
To: ell@lists.01.org
Subject: [PATCH 3/9] tls: Add TLS version number printf macros
Date: Thu, 13 Dec 2018 20:57:40 +0100	[thread overview]
Message-ID: <20181213195746.32144-3-andrew.zaborowski@intel.com> (raw)
In-Reply-To: <20181213195746.32144-1-andrew.zaborowski@intel.com>

[-- Attachment #1: Type: text/plain, Size: 2334 bytes --]

---
 ell/tls-private.h |  3 +++
 ell/tls.c         | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/ell/tls-private.h b/ell/tls-private.h
index b6d1461..8e6c277 100644
--- a/ell/tls-private.h
+++ b/ell/tls-private.h
@@ -258,4 +258,7 @@ int tls_parse_certificate_list(const void *data, size_t len,
 		tls_disconnect(tls, desc, local_desc);	\
 	} while (0)
 
+#define TLS_VER_FMT		"1.%i"
+#define TLS_VER_ARGS(version)	((version & 0xff) - 1)
+
 const char *tls_handshake_state_to_str(enum tls_handshake_state state);
diff --git a/ell/tls.c b/ell/tls.c
index d05ae8d..8099e76 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -535,14 +535,17 @@ static bool tls_cipher_suite_is_compatible(struct l_tls *tls,
 
 	if (suite->encryption &&
 			suite->encryption->cipher_type == TLS_CIPHER_AEAD) {
-		if (tls->negotiated_version &&
-				tls->negotiated_version < TLS_V12) {
+		uint16_t negotiated = tls->negotiated_version;
+
+		if (negotiated && negotiated < L_TLS_V12) {
 			if (error) {
 				*error = error_buf;
 				snprintf(error_buf, sizeof(error_buf),
 						"Cipher suite %s uses an AEAD "
-						"cipher but TLS < 1.2 was "
-						"negotiated", suite->name);
+						"cipher (TLS 1.2+) but "
+						TLS_VER_FMT " was negotiated",
+						suite->name,
+						TLS_VER_ARGS(negotiated));
 			}
 
 			return false;
@@ -1587,7 +1590,8 @@ static void tls_handle_client_hello(struct l_tls *tls,
 			if (i != HANDSHAKE_HASH_SHA1 && i != HANDSHAKE_HASH_MD5)
 				tls_drop_handshake_hash(tls, i);
 
-	TLS_DEBUG("Negotiated TLS 1.%i", (tls->negotiated_version & 0xff) - 1);
+	TLS_DEBUG("Negotiated TLS " TLS_VER_FMT,
+			TLS_VER_ARGS(tls->negotiated_version));
 
 	/* Select a cipher suite according to client's preference list */
 	while (cipher_suites_size) {
@@ -1715,7 +1719,8 @@ static void tls_handle_server_hello(struct l_tls *tls,
 			if (i != HANDSHAKE_HASH_SHA1 && i != HANDSHAKE_HASH_MD5)
 				tls_drop_handshake_hash(tls, i);
 
-	TLS_DEBUG("Negotiated TLS 1.%i", (tls->negotiated_version & 0xff) - 1);
+	TLS_DEBUG("Negotiated TLS " TLS_VER_FMT,
+			TLS_VER_ARGS(tls->negotiated_version));
 
 	/* Set the new cipher suite and compression method structs */
 	tls->pending.cipher_suite = tls_find_cipher_suite(cipher_suite_id);
-- 
2.19.1


  parent reply	other threads:[~2018-12-13 19:57 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-13 19:57 [PATCH 1/9] tls: Don't send Client Hello in l_tls_new Andrew Zaborowski
2018-12-13 19:57 ` [PATCH 2/9] unit: Call l_tls_start in tls tests Andrew Zaborowski
2018-12-13 19:57 ` Andrew Zaborowski [this message]
2018-12-14 15:53   ` [PATCH 3/9] tls: Add TLS version number printf macros Denis Kenzior
2018-12-14 18:48     ` Andrew Zaborowski
2018-12-13 19:57 ` [PATCH 4/9] tls: Implement l_tls_set_version_range Andrew Zaborowski
2018-12-14 15:55   ` Denis Kenzior
2018-12-13 19:57 ` [PATCH 5/9] unit: Test TLS 1.0, 1.1 and 1.2 Andrew Zaborowski
2018-12-13 19:57 ` [PATCH 6/9] unit: Move tls_cert_load_file to relevant unit tests Andrew Zaborowski
2018-12-14 16:01   ` Denis Kenzior
2018-12-13 19:57 ` [PATCH 7/9] tls, pem: Drop tls_cert_load_file, l_pem_load_certificate Andrew Zaborowski
2018-12-13 19:57 ` [PATCH 8/9] tls: Allow user to set custom list of cipher suites Andrew Zaborowski
2018-12-14 16:33   ` Denis Kenzior
2018-12-14 19:12     ` Andrew Zaborowski
2018-12-14 19:28       ` Denis Kenzior
2018-12-14 19:49         ` Andrew Zaborowski
2018-12-14 19:57           ` Denis Kenzior
2018-12-13 19:57 ` [PATCH 9/9] unit: Test many TLS cipher suite and version combinations Andrew Zaborowski
2018-12-19  0:57 [PATCH 1/9] tls: Don't send Client Hello in l_tls_new Andrew Zaborowski
2018-12-19  0:57 ` [PATCH 3/9] tls: Add TLS version number printf macros Andrew Zaborowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181213195746.32144-3-andrew.zaborowski@intel.com \
    --to=andrew.zaborowski@intel.com \
    --cc=ell@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.