hannestschofenig · yuhaoth · Jul 16, 2021 · Jul 16, 2021 · Jul 19, 2021 · Jul 27, 2021
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
@@ -720,6 +720,10 @@
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_SRV_C)
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
     !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
 #error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
@@ -1974,7 +1974,7 @@
  *
  * Comment this macro to disable support for key export
  */
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS
 
 /**
  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -1137,9 +1137,6 @@ struct mbedtls_ssl_session
     mbedtls_time_t start;       /*!< starting time      */
 #endif /* MBEDTLS_HAVE_TIME */
     int ciphersuite;            /*!< chosen ciphersuite */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     int compression;            /*!< chosen compression */
     size_t id_len;              /*!< session id length  */
     unsigned char id[32];       /*!< session identifier */
@@ -2775,7 +2772,9 @@ void mbedtls_ssl_conf_cookies(mbedtls_ssl_config* conf,
     mbedtls_ssl_cookie_check_t* f_cookie_check,
     void* p_cookie,
     unsigned int rr_conf);
-#else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
 /**
  * \brief           Register callbacks for DTLS cookies
  *                  (Server only. DTLS only.)
@@ -2808,7 +2807,7 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
                            mbedtls_ssl_cookie_write_t *f_cookie_write,
                            mbedtls_ssl_cookie_check_t *f_cookie_check,
                            void *p_cookie );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#endif /* defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) */
 
 /**
  * \brief          Set client's transport-level identification info.

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
@@ -1158,6 +1158,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
@@ -1273,25 +1275,22 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context* ssl);
 int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context* ssl);
-#else
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+int mbedtls_ssl_finished_in_process( mbedtls_ssl_context* ssl );
+int mbedtls_ssl_finished_out_process( mbedtls_ssl_context* ssl );
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE)
+#if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE)
 int mbedtls_ssl_write_change_cipher_spec_process( mbedtls_ssl_context* ssl );
-#else
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 #endif  /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-int mbedtls_ssl_finished_in_process( mbedtls_ssl_context* ssl );
-int mbedtls_ssl_finished_out_process( mbedtls_ssl_context* ssl );
-#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
     defined(MBEDTLS_ZERO_RTT) && defined(MBEDTLS_SSL_CLI_C)
@@ -1652,17 +1651,10 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  * Return 0 if everything is OK, -1 if not.
  */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt* cert,
     const mbedtls_key_exchange_type_t key_exchange,
     int cert_endpoint,
     uint32_t* flags);
-#else
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
@@ -5858,6 +5858,12 @@ static int ssl_handle_hs_message_post_handshake_tls12( mbedtls_ssl_context *ssl
      * - For server-side, expect CLIENT_HELLO.
      * - Fail (TLS) or silently drop record (DTLS) in other cases.
      */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) \
+    || defined(MBEDTLS_SSL_PROTO_TLS1) \
+    || defined(MBEDTLS_SSL_PROTO_TLS1_1) \
+    || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    int ret;
+#endif /* defined(MBEDTLS_SSL_RENEGOTIATION) */
 
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
@@ -974,7 +974,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
          * different uses based on keyUsage, eg if they want to avoid signing
          * and decrypting with the same RSA key.
          */
-        if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
+        if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info->key_exchange,
                                   MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -2795,7 +2795,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_ECP_C */
 
     if( mbedtls_ssl_check_cert_usage( chain,
-                                      ciphersuite_info,
+                                      ciphersuite_info->key_exchange,
                                       ! ssl->conf->endpoint,
                                       &ssl->session_negotiate->verify_result ) != 0 )
     {
@@ -4380,7 +4380,18 @@ static void ssl_mps_free( mbedtls_ssl_context *ssl )
     mps_alloc_free( &ssl->mps.alloc );
 }
 #endif /* MEDTLS_SSL_USE_MPS */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+static inline int check_version_config(const mbedtls_ssl_config *conf)
+{
+    if(conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+        && conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
+        return 0;
+    if(conf->max_minor_ver!=MBEDTLS_SSL_MINOR_VERSION_4
+        && conf->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4)
+        return 0;
+    return 1;
+}
+#endif
 /*
  * Setup an SSL context
  */
@@ -4390,6 +4401,11 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if(check_version_config(conf))
+        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+#endif
+
 #if !defined(MBEDTLS_SSL_USE_MPS)
     size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
     size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
@@ -6407,7 +6423,8 @@ static int ssl_session_load( mbedtls_ssl_session *session,
     const unsigned char *p = buf;
     const unsigned char * const end = buf + len;
     int minor_ver = 0;
-#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_HAVE_TIME)  \
+    && defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
     uint64_t start;
 #endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SESSION_TICKETS */
 
@@ -6795,12 +6812,37 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+        if(ssl->conf->max_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->min_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+            && ssl->conf->min_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4)
+            ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
+        else
+            ret = mbedtls_ssl_handshake_client_step( ssl );
+#else
         ret = mbedtls_ssl_handshake_client_step( ssl );
+#endif
+    }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if(ssl->conf->max_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->min_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+            && ssl->conf->min_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4)
+            ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
+        else
+            ret = mbedtls_ssl_handshake_server_step( ssl );
+#else
         ret = mbedtls_ssl_handshake_server_step( ssl );
 #endif
+    }
+#endif
 
     if( ret != 0 )
     {
@@ -8217,14 +8259,23 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
-            /* TLS 1.3 re-interprets the signature algorithms
-             * and therefore we cannot include both.
-             */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if(conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4 
+        && conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
+        /* TLS 1.3 re-interprets the signature algorithms
+         * and therefore we cannot include both.
+         */
+        conf->sig_hashes = ssl_preset_suiteb_signature_algorithms_tls13;
+    else
         conf->sig_hashes = ssl_preset_suiteb_hashes;
-#else /* defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
-         conf->sig_hashes = ssl_preset_suiteb_signature_algorithms_tls13;
+
+#elif  defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    conf->sig_hashes = ssl_preset_suiteb_signature_algorithms_tls13;
+#elif  defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+    conf->sig_hashes = ssl_preset_suiteb_hashes;
 #endif /* !defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
+
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)
@@ -8274,13 +8325,21 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
-        conf->sig_hashes = ssl_preset_default_hashes;
-#else   /* defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if(conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4 
+            && conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
+            conf->sig_hashes = ssl_preset_suiteb_signature_algorithms_tls13;
+        else
+            conf->sig_hashes = ssl_preset_default_hashes;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
         conf->sig_hashes = ssl_preset_suiteb_signature_algorithms_tls13;
-#endif /* !defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+        conf->sig_hashes = ssl_preset_default_hashes;
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
 
 #endif
+
 #if defined(MBEDTLS_ECP_C)
             conf->curve_list = mbedtls_ecp_grp_id_list();
 #endif
@@ -8538,17 +8597,10 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt* cert,
     const mbedtls_key_exchange_type_t key_exchange,
     int cert_endpoint,
     uint32_t* flags )
-#else
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt* cert,
-    const mbedtls_ssl_ciphersuite_t* ciphersuite,
-    int cert_endpoint,
-    uint32_t* flags )
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 {
     int ret = 0;
 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
@@ -8570,11 +8622,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt* cert,
     if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
     {
         /* Server part of the key exchange */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
-        switch( ciphersuite->key_exchange )
-#else   /* defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
         switch( key_exchange )
-#endif /* !defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) */
         {
             case MBEDTLS_KEY_EXCHANGE_RSA:
             case MBEDTLS_KEY_EXCHANGE_RSA_PSK:

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
@@ -4181,7 +4181,7 @@ static int ssl_new_session_ticket_process( mbedtls_ssl_context* ssl )
 /*
  * TLS and DTLS 1.3 State Maschine -- client side
  */
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
@@ -4271,7 +4271,7 @@ static int ssl_certificate_request_postprocess( mbedtls_ssl_context* ssl )
 /*
  * TLS and DTLS 1.3 State Maschine -- server side
  */
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 

diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
@@ -89,8 +89,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
         goto exit;
-
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
     mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
+#endif /* defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) */
 
     if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
         goto exit;

diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
@@ -244,8 +244,10 @@ int main( void )
         goto exit;
     }
 
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
     mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
                                &cookie_ctx );
+#endif
 
     if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
     {

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
@@ -2151,7 +2151,10 @@ int main( int argc, char *argv[] )
         mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
         opt.nbio = 1;
     }
-
+#if defined(MBEDTLS_DISABLE_NONBLOCK_IO)
+    // TODO: if #238 is fixed , This should be removed
+    opt.nbio = 0;
+#endif
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold( opt.debug_level );
 #endif
@@ -3017,10 +3020,12 @@ int main( int argc, char *argv[] )
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
     if( opt.min_version != DFL_MIN_VERSION )
+        // TAG for Jerry Yu, This is important for TLS1.3 now
         mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
                                       opt.min_version );
 
     if( opt.max_version != DFL_MAX_VERSION )
+        // TAG for Jerry Yu, This is important for TLS1.3 now
         mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
                                       opt.max_version );
 

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
@@ -2850,7 +2850,10 @@ int main( int argc, char *argv[] )
         mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
         opt.nbio = 1;
     }
-
+#if defined(MBEDTLS_DISABLE_NONBLOCK_IO)
+    // TODO: if #238 is fixed , This should be removed
+    opt.nbio = 0;
+#endif
 #if defined(MBEDTLS_DEBUG_C)
     mbedtls_debug_set_threshold( opt.debug_level );
 #endif
@@ -3781,9 +3784,10 @@ int main( int argc, char *argv[] )
                 mbedtls_printf( " failed\n  ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
                 goto exit;
             }
-
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
             mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
                                        &cookie_ctx );
+#endif /* defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) */
         }
         else
 #endif /* MBEDTLS_SSL_COOKIE_C */