handshake->min_minor_ver to ->min_tls_version

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss 2022-04-07 19:07:11 -04:00
parent 041a37635b
commit cd78df6aa4
3 changed files with 15 additions and 15 deletions

View file

@ -493,7 +493,7 @@ static int ssl_write_client_hello_cipher_suites(
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
0x0300 | ssl->handshake->min_minor_ver,
ssl->handshake->min_tls_version,
ssl->tls_version ) != 0 )
continue;
@ -585,13 +585,13 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char propose_tls12 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
&&
( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
unsigned char propose_tls13 =
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 )
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
&&
( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
#endif
@ -851,19 +851,19 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
ssl->handshake->min_tls_version = ssl->tls_version;
else
#endif
{
if( ssl->handshake->resume )
{
ssl->tls_version = ssl->session_negotiate->tls_version;
ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
ssl->handshake->min_tls_version = ssl->tls_version;
}
else
{
ssl->tls_version = ssl->conf->max_tls_version;
ssl->handshake->min_minor_ver = ssl->conf->min_tls_version & 0xFF;
ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
}
}

View file

@ -506,7 +506,7 @@ struct mbedtls_ssl_handshake_params
uint8_t cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_CLI_C)
/*!< Minimum minor version to be negotiated.
/*!< Minimum TLS version to be negotiated.
*
* It is set up in the ClientHello writing preparation stage and used
* throughout the ClientHello writing. Not relevant anymore as soon as
@ -517,14 +517,14 @@ struct mbedtls_ssl_handshake_params
* renegotiating or resuming a session, it is equal to the previously
* negotiated minor version.
*
* There is no maximum minor version field in this handshake context.
* There is no maximum TLS version field in this handshake context.
* From the start of the handshake, we need to define a current protocol
* version for the record layer which we define as the maximum minor
* version to be negotiated. The `minor_ver` field of the SSL context is
* version for the record layer which we define as the maximum TLS
* version to be negotiated. The `tls_version` field of the SSL context is
* used to store this maximum value until it contains the actual
* negotiated value.
*/
unsigned char min_minor_ver;
uint16_t min_tls_version;
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)

View file

@ -49,8 +49,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
size_t *out_len )
{
unsigned char *p = buf;
unsigned char versions_len = ( ssl->handshake->min_minor_ver <=
MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2;
unsigned char versions_len = ( ssl->handshake->min_tls_version <=
MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
*out_len = 0;
@ -80,7 +80,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
{
mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_VERSION_TLS1_2 );
@ -859,7 +859,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2
* handshake.
*/
if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );