Prepare function to parse hrr cookie extension
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 609db03..6168ddd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -518,6 +518,40 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_COOKIE_C)
+static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ size_t cookie_len;
+ const unsigned char *p = buf;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /* Retrieve length field of cookie */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
+
+ mbedtls_free( handshake->verify_cookie );
+ handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
+ if( handshake->verify_cookie == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )",
+ cookie_len ) );
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+
+ memcpy( handshake->verify_cookie, p, cookie_len );
+ handshake->verify_cookie_len = (unsigned char) cookie_len;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_COOKIE_C */
+
/* Write cipher_suites
* CipherSuite cipher_suites<2..2^16-2>;
*/
@@ -1007,10 +1041,6 @@
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int supported_versions_ext_found = 0;
-#if defined(MBEDTLS_SSL_COOKIE_C)
- size_t cookie_len;
- unsigned char *cookie;
-#endif /* MBEDTLS_SSL_COOKIE_C */
/*
* Check there is space for minimal fields
@@ -1161,6 +1191,7 @@
{
unsigned int extension_type;
size_t extension_data_len;
+ const unsigned char *extension_data_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -1168,6 +1199,7 @@
p += 4;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ extension_data_end = p + extension_data_len;
switch( extension_type )
{
@@ -1182,26 +1214,15 @@
return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
}
- /* Retrieve length field of cookie */
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 2 );
- cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- cookie = (unsigned char *) ( p + 2 );
-
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, cookie_len + 2 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", cookie, cookie_len );
-
- mbedtls_free( handshake->verify_cookie );
- handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( handshake->verify_cookie == NULL )
+ ret = ssl_tls13_parse_cookie_ext( ssl,
+ p, extension_data_end );
+ if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )",
- cookie_len ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "ssl_tls13_parse_cookie_ext",
+ ret );
+ return( ret );
}
-
- memcpy( handshake->verify_cookie, cookie, cookie_len );
- handshake->verify_cookie_len = (unsigned char) cookie_len;
break;
#endif /* MBEDTLS_SSL_COOKIE_C */
@@ -1212,7 +1233,7 @@
ret = ssl_tls13_parse_supported_versions_ext( ssl,
p,
- p + extension_data_len );
+ extension_data_end );
if( ret != 0 )
return( ret );
break;
@@ -1231,10 +1252,10 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
if( is_hrr )
ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
- p, p + extension_data_len );
+ p, extension_data_end );
else
ret = ssl_tls13_parse_key_share_ext( ssl,
- p, p + extension_data_len );
+ p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@@ -1412,6 +1433,8 @@
ret = ssl_tls13_reset_key_share( ssl );
if( ret != 0 )
return( ret );
+#else
+ ((void) ssl);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
return( 0 );