Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>

commit: 5c853ea2c557c8b68c8ae75ea068ff8073b1185e [log] [tgz]
author: Deomid rojer Ryabkov <rojer@rojer.me> Sun Jan 26 11:10:54 2025 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Feb 17 15:59:04 2025 +0100
tree: b2b5bb7e3c643f5333b476c9a1695f99269c0b4d
parent: 96e2290e3d7e1a8a502163fed190971021570780 [diff] [blame]
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 50dda51..83920f6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -3220,7 +3220,8 @@
 
 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+    /* First handshake fragment must at least include the header. */
+    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
                                   ssl->in_msglen));
         return MBEDTLS_ERR_SSL_INVALID_RECORD;
commit	5c853ea2c557c8b68c8ae75ea068ff8073b1185e	[log] [tgz]
author	Deomid rojer Ryabkov <rojer@rojer.me>	Sun Jan 26 11:10:54 2025 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Feb 17 15:59:04 2025 +0100
tree	b2b5bb7e3c643f5333b476c9a1695f99269c0b4d
parent	96e2290e3d7e1a8a502163fed190971021570780 [diff] [blame]