commit b828c7d3de14dff05b4ce6a050f79b3d810e18e7
author Ronald Cron <ronald.cron@arm.com> Mon Apr 03 16:37:22 2023 +0200
committer Ronald Cron <ronald.cron@arm.com> Thu Apr 06 10:26:18 2023 +0200
tree ef0ce469b23c4d55ba782c927e0884cf928dc732
parent 4d31496294c9d44089508ba98f0e5b52e958274e

Fix, improve and add comments

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 93f31a5..4ed332f 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1381,6 +1381,13 @@
             return ret;
         }
 
+        /*
+         * The supported versions extension was parsed successfully as the
+         * value returned by ssl_tls13_parse_supported_versions_ext() is
+         * positive. The return value is then equal to
+         * MBEDTLS_SSL_VERSION_TLS1_2 or MBEDTLS_SSL_VERSION_TLS1_3, defining
+         * the TLS version to negotiate.
+         */
         if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) {
             return SSL_CLIENT_HELLO_TLS1_2;
         }
@@ -1783,6 +1790,13 @@
                                    * as negative error codes are handled
                                    * by MBEDTLS_SSL_PROC_CHK_NEG. */
 
+    /*
+     * Version 1.2 of the protocol has been chosen, set the
+     * ssl->keep_current_message flag for the ClientHello to be kept and parsed
+     * as a TLS 1.2 ClientHello. We also change ssl->tls_version to
+     * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step()
+     * will dispatch to the TLS 1.2 state machine.
+     */
     if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) {
         ssl->keep_current_message = 1;
         ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;