Cookie fields are used only by DTLS 1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2025-03-28 19:21:08 +00:00 · 2022-01-26 06:57:00 +00:00 · 2022-01-26 06:57:00 +00:00 · aec1f3e913
commit aec1f3e913
parent 7bae3b616c
1 changed files with 10 additions and 0 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -559,6 +559,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );

+#if defined(MBEDTLS_SSL_PROTO_DTLS)
    mbedtls_free( handshake->verify_cookie );
    handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
    if( handshake->verify_cookie == NULL )
@ -571,6 +572,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,

    memcpy( handshake->verify_cookie, p, cookie_len );
    handshake->verify_cookie_len = (unsigned char) cookie_len;
+#endif /* MBEDTLS_SSL_PROTO_DTLS */

    return( 0 );
 }
@ -1226,6 +1228,13 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
        {
 #if defined(MBEDTLS_SSL_COOKIE_C)
            case MBEDTLS_TLS_EXT_COOKIE:
+                /*
+                 * Currently, we only support the cookies in DTLS 1.3.
+                 */
+#if !defined(MBEDTLS_SSL_PROTO_DTLS)
+                fatal_alert = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
+                goto cleanup;
+#else

                if( !is_hrr )
                {
@ -1242,6 +1251,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
                                           ret );
                    goto cleanup;
                }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
                break;
 #endif /* MBEDTLS_SSL_COOKIE_C */