ssl_tls12_server.c: Simplify TLS version check in ClientHello
The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
086ee0be0e
commit
90f012037d
2 changed files with 5 additions and 21 deletions
|
|
@ -539,8 +539,6 @@ struct mbedtls_ssl_handshake_params
|
||||||
{
|
{
|
||||||
/* Frequently-used boolean or byte fields (placed early to take
|
/* Frequently-used boolean or byte fields (placed early to take
|
||||||
* advantage of smaller code size for indirect access on Arm Thumb) */
|
* advantage of smaller code size for indirect access on Arm Thumb) */
|
||||||
uint8_t max_major_ver; /*!< max. major version client*/
|
|
||||||
uint8_t max_minor_ver; /*!< max. minor version client*/
|
|
||||||
uint8_t resume; /*!< session resume indicator*/
|
uint8_t resume; /*!< session resume indicator*/
|
||||||
uint8_t cli_exts; /*!< client extension presence*/
|
uint8_t cli_exts; /*!< client extension presence*/
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1415,29 +1415,15 @@ read_record_header:
|
||||||
ssl->conf->transport, buf );
|
ssl->conf->transport, buf );
|
||||||
ssl->session_negotiate->minor_ver = ssl->minor_ver;
|
ssl->session_negotiate->minor_ver = ssl->minor_ver;
|
||||||
|
|
||||||
ssl->handshake->max_major_ver = ssl->major_ver;
|
if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) ||
|
||||||
ssl->handshake->max_minor_ver = ssl->minor_ver;
|
( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) )
|
||||||
|
|
||||||
if( ssl->major_ver < ssl->conf->min_major_ver ||
|
|
||||||
ssl->minor_ver < ssl->conf->min_minor_ver )
|
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
|
||||||
" [%d:%d] < [%d:%d]",
|
|
||||||
ssl->major_ver, ssl->minor_ver,
|
|
||||||
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
|
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->major_ver > ssl->conf->max_major_ver )
|
|
||||||
{
|
|
||||||
ssl->major_ver = ssl->conf->max_major_ver;
|
|
||||||
ssl->minor_ver = ssl->conf->max_minor_ver;
|
|
||||||
}
|
|
||||||
else if( ssl->minor_ver > ssl->conf->max_minor_ver )
|
|
||||||
ssl->minor_ver = ssl->conf->max_minor_ver;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Save client random (inc. Unix time)
|
* Save client random (inc. Unix time)
|
||||||
*/
|
*/
|
||||||
|
|
@ -3660,8 +3646,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
return( ret );
|
return( ret );
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
|
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||||
ssl->handshake->max_minor_ver,
|
MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
ssl->conf->transport, ver );
|
ssl->conf->transport, ver );
|
||||||
|
|
||||||
/* Avoid data-dependent branches while checking for invalid
|
/* Avoid data-dependent branches while checking for invalid
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue