mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 12:35:20 +00:00
handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
parent
041a37635b
commit
cd78df6aa4
@ -493,7 +493,7 @@ static int ssl_write_client_hello_cipher_suites(
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
|
||||
|
||||
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
|
||||
0x0300 | ssl->handshake->min_minor_ver,
|
||||
ssl->handshake->min_tls_version,
|
||||
ssl->tls_version ) != 0 )
|
||||
continue;
|
||||
|
||||
@ -585,13 +585,13 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
unsigned char propose_tls12 =
|
||||
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
|
||||
&&
|
||||
( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
unsigned char propose_tls13 =
|
||||
( handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
|
||||
&&
|
||||
( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
|
||||
#endif
|
||||
@ -851,19 +851,19 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||
ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
|
||||
ssl->handshake->min_tls_version = ssl->tls_version;
|
||||
else
|
||||
#endif
|
||||
{
|
||||
if( ssl->handshake->resume )
|
||||
{
|
||||
ssl->tls_version = ssl->session_negotiate->tls_version;
|
||||
ssl->handshake->min_minor_ver = ssl->tls_version & 0xFF;
|
||||
ssl->handshake->min_tls_version = ssl->tls_version;
|
||||
}
|
||||
else
|
||||
{
|
||||
ssl->tls_version = ssl->conf->max_tls_version;
|
||||
ssl->handshake->min_minor_ver = ssl->conf->min_tls_version & 0xFF;
|
||||
ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -506,7 +506,7 @@ struct mbedtls_ssl_handshake_params
|
||||
uint8_t cli_exts; /*!< client extension presence*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
/*!< Minimum minor version to be negotiated.
|
||||
/*!< Minimum TLS version to be negotiated.
|
||||
*
|
||||
* It is set up in the ClientHello writing preparation stage and used
|
||||
* throughout the ClientHello writing. Not relevant anymore as soon as
|
||||
@ -517,14 +517,14 @@ struct mbedtls_ssl_handshake_params
|
||||
* renegotiating or resuming a session, it is equal to the previously
|
||||
* negotiated minor version.
|
||||
*
|
||||
* There is no maximum minor version field in this handshake context.
|
||||
* There is no maximum TLS version field in this handshake context.
|
||||
* From the start of the handshake, we need to define a current protocol
|
||||
* version for the record layer which we define as the maximum minor
|
||||
* version to be negotiated. The `minor_ver` field of the SSL context is
|
||||
* version for the record layer which we define as the maximum TLS
|
||||
* version to be negotiated. The `tls_version` field of the SSL context is
|
||||
* used to store this maximum value until it contains the actual
|
||||
* negotiated value.
|
||||
*/
|
||||
unsigned char min_minor_ver;
|
||||
uint16_t min_tls_version;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
|
@ -49,8 +49,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
|
||||
size_t *out_len )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
unsigned char versions_len = ( ssl->handshake->min_minor_ver <=
|
||||
MBEDTLS_SSL_MINOR_VERSION_3 ) ? 4 : 2;
|
||||
unsigned char versions_len = ( ssl->handshake->min_tls_version <=
|
||||
MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
|
||||
|
||||
*out_len = 0;
|
||||
|
||||
@ -80,7 +80,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
|
||||
|
||||
|
||||
if( ssl->handshake->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
|
||||
{
|
||||
mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2 );
|
||||
@ -859,7 +859,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
|
||||
* expecting it, abort the handshake. Otherwise, switch to TLS 1.2
|
||||
* handshake.
|
||||
*/
|
||||
if( ssl->handshake->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 )
|
||||
{
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
|
Loading…
x
Reference in New Issue
Block a user