commit 3207a32b1ec0e632f4c7899250261d93d2890645
author XiaokangQian <xiaokang.qian@arm.com> Wed Feb 23 03:15:27 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Wed Apr 20 07:43:48 2022 +0000
tree 627801bae3b0eedc20b59afc4847a2977cc804eb
parent 7ac3ab34042ac5e5c2dc15b2e159a3a8b0e670f4

Fix unused parameter issue and not defined cookie issue

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 476443c..753a61d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1362,7 +1362,9 @@
     void *MBEDTLS_PRIVATE(p_psk);                    /*!< context for PSK callback           */
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+#if (defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) ||                               \
+    (defined(MBEDTLS_SSL_COOKIE_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3))) && \
+    defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a cookie for ClientHello veirifcation    */
     int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
@@ -1703,7 +1705,9 @@
     /*
      * Information for DTLS hello verify
      */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+#if (defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) ||                               \
+    (defined(MBEDTLS_SSL_COOKIE_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3))) && \
+    defined(MBEDTLS_SSL_SRV_C)
     unsigned char  *MBEDTLS_PRIVATE(cli_id);         /*!<  transport-level ID of the client  */
     size_t          MBEDTLS_PRIVATE(cli_id_len);     /*!<  length of cli_id                  */
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 758dbfd..22d83de 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1523,6 +1523,18 @@
                                            buf, end - buf ) );
 }
 
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+static int everest_import_public_raw( mbedtls_x25519_context *ctx,
+                        const unsigned char *buf, const unsigned char *end )
+{
+    if( end - buf != MBEDTLS_X25519_KEY_SIZE_BYTES )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES );
+    return( 0 );
+}
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
 int mbedtls_ecdh_import_public_raw( mbedtls_ecdh_context *ctx,
                                     const unsigned char *buf,
                                     const unsigned char *end )
@@ -1532,7 +1544,7 @@
     ECDH_VALIDATE_RET( end != NULL );
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_tls13_params_internal( ctx, buf, end ) );
+    return( ecdh_import_public_raw( ctx, buf, end ) );
 #else
     switch( ctx->var )
     {

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index be12778..007b9fa 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -276,11 +276,7 @@
          * - Check if it's supported
          */
 
-        const mbedtls_ecp_curve_info *curve_info;
-        curve_info = mbedtls_ecp_curve_info_from_tls_id( their_group );
-        if( curve_info == NULL )
-            return( MBEDTLS_ECP_DP_NONE );
-        their_curve =  curve_info->grp_id;
+        their_curve = mbedtls_ecp_named_group_to_id( their_group );
         if( mbedtls_ssl_check_curve( ssl, their_curve ) != 0 )
             continue;
 
@@ -462,6 +458,8 @@
 
 static void ssl_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
 {
+    ((void) ssl);
+
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "- KEY_SHARE_EXTENSION ( %s )",
                                 ( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ?