yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix, improve and add comments

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-04-03 16:37:22 +02:00
parent 4d31496294
commit b828c7d3de
3 changed files with 25 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
include/mbedtls/ssl.h
View file

@ -1615,11 +1615,11 @@ struct mbedtls_ssl_context {
* ClientHello writing preparation stage with the previously negotiated * ClientHello writing preparation stage with the previously negotiated
* TLS version. * TLS version.
* *
* On client side, updated to the TLS version selected by the server for * On client side, it is updated to the TLS version selected by the server
* the handshake when the ServerHello is received. * for the handshake when the ServerHello is received.
* *
* On server side, updated to the TLS version the server selects for the * On server side, it is updated to the TLS version the server selects for
* handshake when the ClientHello is received. * the handshake when the ClientHello is received.
*/ */
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);

7
library/ssl_tls13_client.c
View file

@ -1455,6 +1455,13 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
} }
/*
* Version 1.2 of the protocol has been negotiated, set the
* ssl->keep_current_message flag for the ServerHello to be kept and
* parsed as a TLS 1.2 ServerHello. We also change ssl->tls_version to
* MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step()
* will dispatch to the TLS 1.2 state machine.
*/
ssl->keep_current_message = 1; ssl->keep_current_message = 1;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,

14
library/ssl_tls13_server.c
View file

@ -1381,6 +1381,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
return ret; return ret;
} }
/*
* The supported versions extension was parsed successfully as the
* value returned by ssl_tls13_parse_supported_versions_ext() is
* positive. The return value is then equal to
* MBEDTLS_SSL_VERSION_TLS1_2 or MBEDTLS_SSL_VERSION_TLS1_3, defining
* the TLS version to negotiate.
*/
if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) { if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) {
return SSL_CLIENT_HELLO_TLS1_2; return SSL_CLIENT_HELLO_TLS1_2;
} }
@ -1783,6 +1790,13 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
* as negative error codes are handled * as negative error codes are handled
* by MBEDTLS_SSL_PROC_CHK_NEG. */ * by MBEDTLS_SSL_PROC_CHK_NEG. */
/*
* Version 1.2 of the protocol has been chosen, set the
* ssl->keep_current_message flag for the ClientHello to be kept and parsed
* as a TLS 1.2 ClientHello. We also change ssl->tls_version to
* MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step()
* will dispatch to the TLS 1.2 state machine.
*/
if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) {
ssl->keep_current_message = 1; ssl->keep_current_message = 1;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;