TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f41553b662a0bfee18f23e77c12000190e3f94e4^! / . / library
commitf41553b662a0bfee18f23e77c12000190e3f94e4[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Mon May 09 22:20:30 2022 +0800
committerJerry Yu <jerry.h.yu@arm.com>Mon May 09 22:20:30 2022 +0800
treef8029580d32b45a4e6389e93ce3a7a94e9b4f13e
parentead5cce22cc4b0d4d61c97846e8b6d23c60a9ae9 [diff]
fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index bf863d5..46a6a49 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -740,9 +740,11 @@
 
     MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
                                                             buf + buflen ) );
-    parse_client_hello_ret = ret; /* store return reason of parse_client_hello
-                                     without error. on error, this statment will
-                                     not be called.*/
+    parse_client_hello_ret = ret; /* Store return value of parse_client_hello,
+                                   * only SSL_CLIENT_HELLO_OK or
+                                   * SSL_CLIENT_HELLO_HRR_REQUIRED at this
+                                   * stage as negative error codes are handled
+                                   * by MBEDTLS_SSL_PROC_CHK_NEG. */
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
 
@@ -1464,11 +1466,18 @@
             break;
 
         case MBEDTLS_SSL_CLIENT_HELLO:
-
             ret = ssl_tls13_process_client_hello( ssl );
             if( ret != 0 )
                 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+            break;
 
+        case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
+            ret = ssl_tls13_write_hello_retry_request( ssl );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
+                return( ret );
+            }
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
@@ -1484,15 +1493,6 @@
             }
             break;
 
-        case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
-            ret = ssl_tls13_write_hello_retry_request( ssl );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
-                return( ret );
-            }
-            break;
-
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
             ret = ssl_tls13_write_certificate_request( ssl );