diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 384068a1ab..1e5b68ef96 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1126,11 +1126,10 @@ struct mbedtls_ssl_session unsigned char MBEDTLS_PRIVATE(exported); - /*!< Minor version negotiated in the session. Used if and when - * renegotiating or resuming a session instead of the configured minor - * version. + /*!< TLS version negotiated in the session. Used if and when renegotiating + * or resuming a session instead of the configured minor TLS version. */ - unsigned char MBEDTLS_PRIVATE(minor_ver); + unsigned char MBEDTLS_PRIVATE(tls_version); #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ diff --git a/library/ssl_client.c b/library/ssl_client.c index d3f34df57c..39b65e8413 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -859,7 +859,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) if( ssl->handshake->resume ) { - ssl->minor_ver = ssl->session_negotiate->minor_ver; + ssl->minor_ver = ssl->session_negotiate->tls_version & 0xFF; ssl->handshake->min_minor_ver = ssl->minor_ver; } else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1fdc1f3813..fa6220dbe9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2650,12 +2650,12 @@ static unsigned char ssl_serialized_session_header[] = { * // configuration options which influence * // the structure of mbedtls_ssl_session. * - * uint8_t minor_ver; // Protocol-version. Possible values: - * // - TLS 1.2 (MBEDTLS_SSL_MINOR_VERSION_3) + * uint8_t minor_ver; // Protocol minor version. Possible values: + * // - TLS 1.2 (3) * - * select (serialized_session.minor_ver) { + * select (serialized_session.tls_version) { * - * case MBEDTLS_SSL_MINOR_VERSION_3: // TLS 1.2 + * case MBEDTLS_SSL_VERSION_TLS1_2: * serialized_session_tls12 data; * * }; @@ -2695,14 +2695,14 @@ static int ssl_session_save( const mbedtls_ssl_session *session, used += 1; if( used <= buf_len ) { - *p++ = session->minor_ver; + *p++ = MBEDTLS_BYTE_0( session->tls_version ); } /* Forward to version-specific serialization routine. */ - switch( session->minor_ver ) + switch( session->tls_version ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_MINOR_VERSION_3: + case MBEDTLS_SSL_VERSION_TLS1_2: { size_t remaining_len = used <= buf_len ? buf_len - used : 0; used += ssl_session_save_tls12( session, p, remaining_len ); @@ -2768,13 +2768,13 @@ static int ssl_session_load( mbedtls_ssl_session *session, */ if( 1 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->minor_ver = *p++; + session->tls_version = 0x0300 | *p++; /* Dispatch according to TLS version. */ - switch( session->minor_ver ) + switch( session->tls_version ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_MINOR_VERSION_3: /* TLS 1.2 */ + case MBEDTLS_SSL_VERSION_TLS1_2: { size_t remaining_len = ( end - p ); return( ssl_session_load_tls12( session, p, remaining_len ) ); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7771d38c1d..f0a58db742 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1300,7 +1300,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 ); mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, ssl->conf->transport, buf + 0 ); - ssl->session_negotiate->minor_ver = ssl->minor_ver; + ssl->session_negotiate->tls_version = 0x0300 | ssl->minor_ver; if( ssl->major_ver < ssl->conf->min_major_ver || ssl->minor_ver < ssl->conf->min_minor_ver || diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9ecfdd20a1..7e09a2bf56 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1407,7 +1407,7 @@ read_record_header: mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, ssl->conf->transport, buf ); - ssl->session_negotiate->minor_ver = ssl->minor_ver; + ssl->session_negotiate->tls_version = 0x0300 | ssl->minor_ver; if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) || ( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) ) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0ba501d896..da42cd977c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1634,7 +1634,7 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time( NULL ) - 42; #endif - session->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; session->ciphersuite = 0xabcd; session->compression = 1; session->id_len = sizeof( session->id ); @@ -4585,7 +4585,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) #if defined(MBEDTLS_HAVE_TIME) TEST_ASSERT( original.start == restored.start ); #endif - TEST_ASSERT( original.minor_ver == restored.minor_ver ); + TEST_ASSERT( original.tls_version == restored.tls_version ); TEST_ASSERT( original.ciphersuite == restored.ciphersuite ); TEST_ASSERT( original.compression == restored.compression ); TEST_ASSERT( original.id_len == restored.id_len );