Fix issue with error check during handshake defragmentation

waleed-elmelegy-arm · waleed-elmelegy-arm · commit bfec8afb549c · 2025-01-24T17:52:05.000Z
This check made sense without defragmentation but since now
it's valid to have message less than the minimum size as
part of the bigger fragmented message.

Signed-off-by: Waleed Elmelegy &lt;waleed.elmelegy@arm.com&gt;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
@@ -3219,7 +3219,7 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
 
 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hsfraglen == 0) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
                                   ssl->in_msglen));
         return MBEDTLS_ERR_SSL_INVALID_RECORD;

Original file line number	Diff line number	Diff line change
`@@ -3219,7 +3219,7 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)`
`3219`	`3219`
`3220`	`3220`	`int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)`
`3221`	`3221`	`{`
`3222`		`- if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {`
	`3222`	`+ if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hsfraglen == 0) {`
`3223`	`3223`	`MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,`
`3224`	`3224`	`ssl->in_msglen));`
`3225`	`3225`	`return MBEDTLS_ERR_SSL_INVALID_RECORD;`