tls13: Move out of place handshake field reset
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index bafd159..7c9882d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -791,6 +791,7 @@
const unsigned char *end )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_is_supported_versions_ext_present(
ssl, buf, end ) );
@@ -805,7 +806,7 @@
* version of the protocol and thus we are under downgrade attack
* abort the handshake with an "illegal parameter" alert.
*/
- if( ssl->handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret )
+ if( handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@@ -827,6 +828,8 @@
return( SSL_SERVER_HELLO_TLS1_2 );
}
+ handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+
ret = ssl_server_hello_is_hrr( ssl, buf, end );
switch( ret )
{
@@ -840,7 +843,7 @@
* was itself in response to a HelloRetryRequest), it MUST abort the
* handshake with an "unexpected_message" alert.
*/
- if( ssl->handshake->hello_retry_request_count > 0 )
+ if( handshake->hello_retry_request_count > 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Multiple HRRs received" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
@@ -863,7 +866,7 @@
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- ssl->handshake->hello_retry_request_count++;
+ handshake->hello_retry_request_count++;
break;
}
@@ -1305,8 +1308,6 @@
MBEDTLS_SSL_HS_SERVER_HELLO,
&buf, &buf_len ) );
- ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
-
ret = ssl_tls13_preprocess_server_hello( ssl, buf, buf + buf_len );
if( ret < 0 )
goto cleanup;