tls: Add logic in handshake step to enable server version negotiation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
8a12aeec93
commit
6291b23080
2 changed files with 33 additions and 25 deletions
|
|
@ -3883,22 +3883,23 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
|
|||
#endif
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if (mbedtls_ssl_conf_is_tls13_only(ssl->conf)) {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
|
||||
ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if (mbedtls_ssl_conf_is_tls12_only(ssl->conf)) {
|
||||
} else {
|
||||
ret = mbedtls_ssl_handshake_server_step(ssl);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
ret = mbedtls_ssl_handshake_server_step(ssl);
|
||||
#else
|
||||
ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
if (ret != 0) {
|
||||
/* handshake_step return error. And it is same
|
||||
|
|
|
|||
|
|
@ -920,12 +920,15 @@ read_record_header:
|
|||
* If renegotiating, then the input was read with mbedtls_ssl_read_record(),
|
||||
* otherwise read it ourselves manually in order to support SSLv2
|
||||
* ClientHello, which doesn't use the same record layer format.
|
||||
* Otherwise in a scenario of TLS 1.3/TLS 1.2 version negotiation, the
|
||||
* ClientHello has been already fully fetched by the TLS 1.3 code and the
|
||||
* flag ssl->keep_current_message is raised.
|
||||
*/
|
||||
renegotiating = 0;
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE);
|
||||
#endif
|
||||
if (!renegotiating) {
|
||||
if (!renegotiating && !ssl->keep_current_message) {
|
||||
if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) {
|
||||
/* No alert on a read error. */
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
|
||||
|
|
@ -1000,24 +1003,28 @@ read_record_header:
|
|||
} else
|
||||
#endif
|
||||
{
|
||||
if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
if (ssl->keep_current_message) {
|
||||
ssl->keep_current_message = 0;
|
||||
} else {
|
||||
if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_ssl_fetch_input(ssl,
|
||||
mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
|
||||
return ret;
|
||||
}
|
||||
if ((ret = mbedtls_ssl_fetch_input(ssl,
|
||||
mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Done reading this record, get ready for the next one */
|
||||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl);
|
||||
} else
|
||||
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl);
|
||||
} else
|
||||
#endif
|
||||
ssl->in_left = 0;
|
||||
ssl->in_left = 0;
|
||||
}
|
||||
}
|
||||
|
||||
buf = ssl->in_msg;
|
||||
|
|
|
|||
Loading…
Reference in a new issue