Add handshake message writing variant that doesn't update checksum
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message and updates the handshake transcript. With TLS 1.3, we need finer control over the checksum: updating at message granularity is not sufficient. To allow for manual maintenance of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()` into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter determining whether the checksum should be updated. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
parent
78f6f05778
commit
f3cce8b0e1
2 changed files with 10 additions and 3 deletions
|
@ -971,7 +971,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
|||
unsigned update_hs_digest );
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||
int update_checksum );
|
||||
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
|
|
@ -2360,7 +2360,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
|||
* (including handshake headers but excluding record headers)
|
||||
* - ssl->out_msg: the record contents (handshake headers + content)
|
||||
*/
|
||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||
int update_checksum )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const size_t hs_len = ssl->out_msglen - 4;
|
||||
|
@ -2469,7 +2470,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/* Update running hashes of handshake messages seen */
|
||||
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
|
||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue