commit 66dbf9118e8db8218e1ecd23cf41930dfbea5ee8
author Ronald Cron <ronald.cron@arm.com> Wed Feb 02 15:33:46 2022 +0100
committer Ronald Cron <ronald.cron@arm.com> Wed Mar 09 07:51:52 2022 +0100
tree 5db5af8fdfa367b5e3ce3dacf2e4f81cbf27b885
parent 9df7c80c786c3d70550b96ad57efd33d864bf8e0

TLS 1.3: Do not send handshake data in handshake step handlers

Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5f80ed5..5105625 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2368,7 +2368,8 @@
  *   - ssl->out_msg: the record contents (handshake headers + content)
  */
 int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
-                                         int update_checksum )
+                                         int update_checksum,
+                                         uint8_t force_flush )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t hs_len = ssl->out_msglen - 4;
@@ -2495,7 +2496,7 @@
     else
 #endif
     {
-        if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
+        if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
             return( ret );