Have some more fun with spans. Change-Id: I309902cb3ef4c772781af71b0cbc1abfefc513f6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37224 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index e25fce6..df5ffd2 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -63,24 +63,16 @@
     DTLS1_VERSION,
 };
 
-static void get_method_versions(const SSL_PROTOCOL_METHOD *method,
-                                const uint16_t **out, size_t *out_num) {
-  if (method->is_dtls) {
-    *out = kDTLSVersions;
-    *out_num = OPENSSL_ARRAY_SIZE(kDTLSVersions);
-  } else {
-    *out = kTLSVersions;
-    *out_num = OPENSSL_ARRAY_SIZE(kTLSVersions);
-  }
+static Span<const uint16_t> get_method_versions(
+    const SSL_PROTOCOL_METHOD *method) {
+  return method->is_dtls ? Span<const uint16_t>(kDTLSVersions)
+                         : Span<const uint16_t>(kTLSVersions);
 }
 
 bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method,
                                  uint16_t version) {
-  const uint16_t *versions;
-  size_t num_versions;
-  get_method_versions(method, &versions, &num_versions);
-  for (size_t i = 0; i < num_versions; i++) {
-    if (versions[i] == version) {
+  for (uint16_t supported : get_method_versions(method)) {
+    if (supported == version) {
       return true;
     }
   }
@@ -282,12 +274,9 @@
 }
 
 bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) {
-  const uint16_t *versions;
-  size_t num_versions;
-  get_method_versions(hs->ssl->method, &versions, &num_versions);
-  for (size_t i = 0; i < num_versions; i++) {
-    if (ssl_supports_version(hs, versions[i]) &&
-        !CBB_add_u16(cbb, versions[i])) {
+  for (uint16_t version : get_method_versions(hs->ssl->method)) {
+    if (ssl_supports_version(hs, version) &&
+        !CBB_add_u16(cbb, version)) {
       return false;
     }
   }
@@ -296,11 +285,8 @@
 
 bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
                            uint16_t *out_version, const CBS *peer_versions) {
-  const uint16_t *versions;
-  size_t num_versions;
-  get_method_versions(hs->ssl->method, &versions, &num_versions);
-  for (size_t i = 0; i < num_versions; i++) {
-    if (!ssl_supports_version(hs, versions[i])) {
+  for (uint16_t version : get_method_versions(hs->ssl->method)) {
+    if (!ssl_supports_version(hs, version)) {
       continue;
     }
 
@@ -312,20 +298,20 @@
     // own.)
     //
     // See https://bugs.openjdk.java.net/browse/JDK-8211806.
-    if (versions[i] == TLS1_3_VERSION && hs->apply_jdk11_workaround) {
+    if (version == TLS1_3_VERSION && hs->apply_jdk11_workaround) {
       continue;
     }
 
     CBS copy = *peer_versions;
     while (CBS_len(&copy) != 0) {
-      uint16_t version;
-      if (!CBS_get_u16(&copy, &version)) {
+      uint16_t peer_version;
+      if (!CBS_get_u16(&copy, &peer_version)) {
         OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
         *out_alert = SSL_AD_DECODE_ERROR;
         return false;
       }
 
-      if (version == versions[i]) {
+      if (peer_version == version) {
         *out_version = version;
         return true;
       }