mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add cookies write in client hello

Browse Source 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-01-27 10:36:51 +00:00
parent 8372e18080
commit 0b64eedba8
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
library/ssl_tls13_client.c
View File

@ -688,6 +688,48 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
return( 0 );
}
static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
unsigned char* buf,
unsigned char* end,
size_t* olen )
{
unsigned char *p = buf;
*olen = 0;
if( ssl->handshake->verify_cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
return( 0 );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
ssl->handshake->verify_cookie,
ssl->handshake->verify_cookie_len );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
p += 2;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->handshake->verify_cookie_len + 4 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
/* Extension Type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
/* Extension Length */
MBEDTLS_PUT_UINT16_BE( ssl->handshake->verify_cookie_len + 2, p, 0 );
/* Cookie Length */
MBEDTLS_PUT_UINT16_BE( ssl->handshake->verify_cookie_len, p, 0 );
/* Cookie */
memcpy( p, ssl->handshake->verify_cookie, ssl->handshake->verify_cookie_len );
*olen = ssl->handshake->verify_cookie_len + 6;
return( 0 );
}
/* Write cipher_suites
* CipherSuite cipher_suites<2..2^16-2>;
*/
@ -873,6 +915,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
p += output_len;
#endif /* MBEDTLS_SSL_ALPN */
/* For TLS / DTLS 1.3 we need to support the use of cookies
* ( if the server provided them ) */
ret = ssl_tls13_write_cookie_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*