lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Improve comments/documentation

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2024-02-21 13:45:52 +01:00
parent 49221900b0
commit d4069247b8
3 changed files with 48 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
library/ssl_msg.c
View File

@ -6087,14 +6087,17 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
}
/*
* If we are at the beginning of the handshake, advance the handshake just
* If we are at the beginning of the handshake, the early data status being
* equal to MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN or
* MBEDTLS_SSL_EARLY_DATA_STATUS_SENT advance the handshake just
* enough to be able to send early data if possible. That way, we can
* guarantee that when starting the handshake with this function we will
* send at least one record of early data.
* Otherwise, resume the handshake and if the handshake sequence stops
* waiting for some message from the server, send early data if we can.
* send at least one record of early data. Note that when the status is
* MBEDTLS_SSL_EARLY_DATA_STATUS_SENT and not yet
* MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE, we cannot send early data yet
* as the early data outbound transform has not been set as we may have to
* first send a dummy CCS in clear.
*/
if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) ||
(ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT)) {
while ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) ||
@ -6112,6 +6115,12 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
}
}
} else {
/*
* If we are past the point where we can send early data, return
* immediatly. Otherwise, progress the handshake as much as possible to
* not delay it too much. If we reach a point where we can still send
* early data, then we will send some.
*/
if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
(ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) {
return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;