Change cookie parameters for dtls and tls 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 30f5035..88427ef 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -608,7 +608,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie != NULL )
+ ssl->handshake->cookie != NULL )
{
return( 0 );
}
@@ -846,7 +846,7 @@
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
- if( ssl->handshake->verify_cookie == NULL )
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
*p++ = 0;
@@ -854,15 +854,15 @@
else
{
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len;
MBEDTLS_SSL_CHK_BUF_PTR( p, end,
ssl->handshake->verify_cookie_len );
- memcpy( p, ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ memcpy( p, ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len;
}
}
@@ -1645,16 +1645,16 @@
}
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free( ssl->handshake->cookie );
- ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( ssl->handshake->verify_cookie == NULL )
+ ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+ memcpy( ssl->handshake->cookie, p, cookie_len );
ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */
@@ -1736,8 +1736,8 @@
else
{
/* We made it through the verification process */
- mbedtls_free( ssl->handshake->verify_cookie );
- ssl->handshake->verify_cookie = NULL;
+ mbedtls_free( ssl->handshake->cookie );
+ ssl->handshake->cookie = NULL;
ssl->handshake->verify_cookie_len = 0;
}
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7ee9883..4618d46 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -704,17 +704,20 @@
} buffering;
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
- * for dtls / tls 1.3
- * Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length for
- * dtls / tls 1.3
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
+ * HelloRetryRequest cookie for TLS 1.3 */
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
+ * length
* Srv: flag for sending a cookie */
- uint16_t hrr_cookie_len; /*!< Cli: hrr cookie length for
- * dtls / tls 1.3
- * Srv: unused */
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
+#endif /* MBEDTLS_SSL_CLI_C || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0177add..7c7c160 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3100,9 +3100,11 @@
mbedtls_pk_free( &handshake->peer_pubkey );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_free( handshake->verify_cookie );
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ mbedtls_free( handshake->cookie );
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_ssl_flight_free( handshake->flight );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 91791b8..c52c6c2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -671,10 +671,10 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
- mbedtls_free( handshake->verify_cookie );
+ mbedtls_free( handshake->cookie );
handshake->hrr_cookie_len = 0;
- handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( handshake->verify_cookie == NULL )
+ handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "alloc failed ( %ud bytes )",
@@ -682,7 +682,7 @@
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( handshake->verify_cookie, p, cookie_len );
+ memcpy( handshake->cookie, p, cookie_len );
handshake->hrr_cookie_len = cookie_len;
return( 0 );
@@ -697,14 +697,14 @@
*out_len = 0;
- if( ssl->handshake->verify_cookie == NULL )
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
return( 0 );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
+ ssl->handshake->cookie,
ssl->handshake->hrr_cookie_len );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->handshake->hrr_cookie_len + 6 );
@@ -717,7 +717,7 @@
p += 6;
/* Cookie */
- memcpy( p, ssl->handshake->verify_cookie, ssl->handshake->hrr_cookie_len );
+ memcpy( p, ssl->handshake->cookie, ssl->handshake->hrr_cookie_len );
*out_len = ssl->handshake->hrr_cookie_len + 6;