diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7bd31186b4..0c43c795ae 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -694,9 +694,11 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie - Srv: unused */ - unsigned char verify_cookie_len; /*!< Cli: cookie length - Srv: flag for sending a cookie */ + * for dtls / tls 1.3 + * Srv: unused */ + unsigned char verify_cookie_len; /*!< Cli: cookie length for + * dtls / tls 1.3 + * Srv: flag for sending a cookie */ #endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6f37201bf1..82da11f064 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5689,11 +5689,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_pk_free( &handshake->peer_pubkey ); #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) +#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_free( handshake->verify_cookie ); mbedtls_ssl_flight_free( handshake->flight ); mbedtls_ssl_buffering_free( ssl ); -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_ECDH_C) && \ defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b8f4bce06e..75978a8ed7 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -559,6 +559,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len ); mbedtls_free( handshake->verify_cookie ); + handshake->verify_cookie_len = 0; handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); if( handshake->verify_cookie == NULL ) {