ssl_client.c: Add DTLS 1.2 cookie support

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-04-11 00:44:31 +00:00 · 2022-02-19 18:11:26 +01:00 · 2022-02-19 18:11:26 +01:00 · a874aa818a
commit a874aa818a
parent 021b1785ef
1 changed files with 28 additions and 0 deletions
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@ -286,6 +286,34 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
    MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
                              ssl->session_negotiate->id_len );

+    /* DTLS 1.2 ONLY
+     * ...
+     * opaque cookie<0..2^8-1>;
+     * ...
+     */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        unsigned char cookie_len = 0;
+
+        if( ssl->handshake->cookie != NULL )
+        {
+            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+                                   ssl->handshake->cookie,
+                                   ssl->handshake->verify_cookie_len );
+            cookie_len = ssl->handshake->verify_cookie_len;
+        }
+
+        MBEDTLS_SSL_CHK_BUF_PTR( p, end, cookie_len + 1 );
+        *p++ = cookie_len;
+        if( cookie_len > 0 )
+        {
+            memcpy( p, ssl->handshake->cookie, cookie_len );
+            p += cookie_len;
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
+
    /* Write cipher_suites */
    ret = ssl_write_client_hello_cipher_suites( ssl, p, end, &output_len );
    if( ret != 0 )