1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00

TLS 1.3: Do not send handshake data in handshake step handlers

Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2022-02-02 15:33:46 +01:00
parent 9df7c80c78
commit 66dbf9118e
4 changed files with 23 additions and 9 deletions

View File

@@ -2693,6 +2693,21 @@ static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
* We may have not been able to send to the peer all the handshake data
* that were written into the output buffer by the previous handshake step:
* the write to the network callback returned with the
* #MBEDTLS_ERR_SSL_WANT_WRITE error code.
* We proceed to the next handshake step only when all data from the
* previous one have been sent to the peer, thus we make sure that this is
* the case here by calling `mbedtls_ssl_flush_output()`. The function may
* return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case
* we have to wait before to go ahead.
* In the case of TLS 1.3, handshake step handlers do not send data to the
* peer. Data are only sent here and through
* `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
* alert occured.
*/
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );