Add handshake message writing variant that doesn't update checksum
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message and updates the handshake transcript. With TLS 1.3, we need finer control over the checksum: updating at message granularity is not sufficient. To allow for manual maintenance of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()` into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter determining whether the checksum should be updated. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
parent
78f6f05778
commit
f3cce8b0e1
2 changed files with 10 additions and 3 deletions
|
@ -971,7 +971,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||||
unsigned update_hs_digest );
|
unsigned update_hs_digest );
|
||||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||||
|
|
||||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||||
|
int update_checksum );
|
||||||
|
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
|
||||||
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
||||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
|
|
@ -2360,7 +2360,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
||||||
* (including handshake headers but excluding record headers)
|
* (including handshake headers but excluding record headers)
|
||||||
* - ssl->out_msg: the record contents (handshake headers + content)
|
* - ssl->out_msg: the record contents (handshake headers + content)
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||||
|
int update_checksum )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
const size_t hs_len = ssl->out_msglen - 4;
|
const size_t hs_len = ssl->out_msglen - 4;
|
||||||
|
@ -2469,7 +2470,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
/* Update running hashes of handshake messages seen */
|
/* Update running hashes of handshake messages seen */
|
||||||
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
|
||||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue