tls13: Upstream various fix in prototype
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 5808cab..b20b72d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2059,6 +2059,12 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
+ * Write Signature Algorithm extension
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len );
+/*
* Parse TLS Signature Algorithm extension
*/
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2605,10 +2611,6 @@
mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
- const unsigned char *end, size_t *out_len );
-
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eba5e3b..7723363 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3198,12 +3198,14 @@
size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
size_t read_mfl;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
{
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
}
+#endif
/* Check if a smaller max length was negotiated */
if( ssl->session_out != NULL )
@@ -3215,7 +3217,7 @@
}
}
- // During a handshake, use the value being negotiated
+ /* During a handshake, use the value being negotiated */
if( ssl->session_negotiate != NULL )
{
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
@@ -3486,6 +3488,8 @@
*
* case MBEDTLS_SSL_VERSION_TLS1_2:
* serialized_session_tls12 data;
+ * case MBEDTLS_SSL_MINOR_VERSION_4:
+ * serialized_session_tls13 data;
*
* };
*
@@ -4525,7 +4529,7 @@
/* This has been allocated by ssl_handshake_init(), called by
* by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- ssl->transform = ssl->transform_negotiate;
+ ssl->transform = ssl->transform_negotiate;
ssl->transform_in = ssl->transform;
ssl->transform_out = ssl->transform;
ssl->transform_negotiate = NULL;
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0109f77..3295e67 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2805,11 +2805,10 @@
switch( ssl->state )
{
- /*
- * ssl->state is initialized as HELLO_REQUEST. It is the same
- * as CLIENT_HELLO state.
- */
case MBEDTLS_SSL_HELLO_REQUEST:
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+ break;
+
case MBEDTLS_SSL_CLIENT_HELLO:
ret = mbedtls_ssl_write_client_hello( ssl );
break;