commit fbe3e64b762e76ab2bd77f84077db9788c03db41
author Jerry Yu <jerry.h.yu@arm.com> Mon Apr 25 19:31:51 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Mon May 09 15:49:03 2022 +0800
tree 183806078e3f0691877229201c33f32a2da312e4
parent c1be19f22661d5080aae869e96464088def48f66

fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7cf677a..9b4ad3e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1628,7 +1628,8 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[32];
+extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+                        MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
 int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4332a1d..06ee46b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -34,11 +34,12 @@
 #include "ssl_tls13_keys.h"
 #include "ssl_debug_helpers.h"
 
-const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[32] =
-               { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE,
-                 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2,
-                 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09,
-                 0xE2, 0xC8, 0xA8, 0x33 ,0x9C };
+const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+                MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
+                    { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+                      0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+                      0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+                      0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
 
 int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index f65a33a..4c9f466 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1013,7 +1013,7 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
     unsigned char *p_extensions_len;
-    size_t output_len;               /* Length of buffer used by function */
+    size_t output_len;
 
     *out_len = 0;
 
@@ -1037,12 +1037,12 @@
     if( is_hrr )
     {
         memcpy( p, mbedtls_ssl_tls13_hello_retry_request_magic,
-                   MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+                MBEDTLS_SERVER_HELLO_RANDOM_LEN );
     }
     else
     {
         memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
-                   MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+                MBEDTLS_SERVER_HELLO_RANDOM_LEN );
     }
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
                            p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
@@ -1385,7 +1385,7 @@
                                                     mbedtls_ssl_context *ssl )
 {
     int ret;
-    if( ssl->handshake->hello_retry_request_count > 1 )
+    if( ssl->handshake->hello_retry_request_count > 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) );
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
@@ -1416,8 +1416,9 @@
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_hello_retry_request_coordinate( ssl ) );
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                       MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
+                              ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+                              &buf, &buf_len ) );
 
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
                                                              buf + buf_len,