diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7cf677a43..9b4ad3e73 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1628,7 +1628,8 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[32]; +extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ + MBEDTLS_SERVER_HELLO_RANDOM_LEN ]; int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ); void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4332a1d0c..06ee46bd8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -34,11 +34,12 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" -const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[32] = - { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, - 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, - 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, - 0xE2, 0xC8, 0xA8, 0x33 ,0x9C }; +const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ + MBEDTLS_SERVER_HELLO_RANDOM_LEN ] = + { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f65a33ace..4c9f466e3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1013,7 +1013,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; unsigned char *p_extensions_len; - size_t output_len; /* Length of buffer used by function */ + size_t output_len; *out_len = 0; @@ -1037,12 +1037,12 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, if( is_hrr ) { memcpy( p, mbedtls_ssl_tls13_hello_retry_request_magic, - MBEDTLS_SERVER_HELLO_RANDOM_LEN ); + MBEDTLS_SERVER_HELLO_RANDOM_LEN ); } else { memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], - MBEDTLS_SERVER_HELLO_RANDOM_LEN ); + MBEDTLS_SERVER_HELLO_RANDOM_LEN ); } MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", p, MBEDTLS_SERVER_HELLO_RANDOM_LEN ); @@ -1385,7 +1385,7 @@ static int ssl_tls13_write_hello_retry_request_coordinate( mbedtls_ssl_context *ssl ) { int ret; - if( ssl->handshake->hello_retry_request_count > 1 ) + if( ssl->handshake->hello_retry_request_count > 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); @@ -1416,8 +1416,9 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_hello_retry_request_coordinate( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, - MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( + ssl, MBEDTLS_SSL_HS_SERVER_HELLO, + &buf, &buf_len ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf, buf + buf_len,