TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f3cce8b0e1bb5df423e4c4bf46ac1cd5d5387300^! / . / library / ssl_msg.c
commitf3cce8b0e1bb5df423e4c4bf46ac1cd5d5387300[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Sat Aug 07 14:29:49 2021 +0100
committerHanno Becker <hanno.becker@arm.com>Sat Aug 07 14:29:49 2021 +0100
treec8d529ee92be688d186627a1b66e82d9faea2875
parent78f6f05778692d25654fbdfafc4cb42fc058843e [diff] [blame]
Add handshake message writing variant that doesn't update checksum

The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.

With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 76cc2b1..fe26eaa 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -2360,7 +2360,8 @@
  *      (including handshake headers but excluding record headers)
  *   - ssl->out_msg: the record contents (handshake headers + content)
  */
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
+                                         int update_checksum )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t hs_len = ssl->out_msglen - 4;
@@ -2469,7 +2470,7 @@
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
         /* Update running hashes of handshake messages seen */
-        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
             ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
     }