From 5c853ea2c557c8b68c8ae75ea068ff8073b1185e Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Sun, 26 Jan 2025 11:10:54 +0200
Subject: [PATCH] Allow fragments less HS msg header size (4 bytes)

Except the first

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_msg.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 50dda51cad..83920f6327 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3220,7 +3220,8 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
 
 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+    /* First handshake fragment must at least include the header. */
+    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
                                   ssl->in_msglen));
         return MBEDTLS_ERR_SSL_INVALID_RECORD;