commit 6a2cd9ebf5fc9ef7b5cd68a7a5b5fbeed3435398
author Jerry Yu <jerry.h.yu@arm.com> Thu May 05 11:14:19 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Mon May 09 15:49:08 2022 +0800
tree d12d121132ad1e322e998125fe765855b5a6e538
parent b0ac10b4a8e71bcc0d5b6bf41b557f96a65fac85

fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9b4ad3e..7bf57c2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -586,7 +586,7 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
 
-    /* Number of HelloRetryRequest messages received/sent from the server. */
+    /** Number of HelloRetryRequest messages received/sent from/to the server. */
     int hello_retry_request_count;
 #if defined(MBEDTLS_SSL_SRV_C)
     /** selected_group of key_share extension in HelloRetryRequest message. */

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index da6e167..ec0df65 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1380,7 +1380,7 @@
 static int ssl_tls13_write_hello_retry_request_coordinate(
                                                     mbedtls_ssl_context *ssl )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     if( ssl->handshake->hello_retry_request_count > 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) );
@@ -1404,7 +1404,7 @@
 
 static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
@@ -1454,9 +1454,7 @@
     {
         /* start state */
         case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->handshake->hello_retry_request_count = 0;
             mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-
             ret = 0;
             break;
 
@@ -1472,7 +1470,6 @@
             ret = ssl_tls13_write_server_hello( ssl );
             break;
 
-<<<<<<< HEAD
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
             ret = ssl_tls13_write_encrypted_extensions( ssl );
             if( ret != 0 )
@@ -1480,10 +1477,14 @@
                 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_encrypted_extensions", ret );
                 return( ret );
             }
-=======
+
         case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
             ret = ssl_tls13_write_hello_retry_request( ssl );
->>>>>>> tls13:hrr:add empty frame work
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
+                return( ret );
+            }
             break;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)