Wrap early data relative codes

change the state machine if early data is not enabled Change-Id: Iede5ab0dee6158110ac33976536117681d1d4a71 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
hannestschofenig · Aug 16, 2021 · 807f284 · 807f284
1 parent 06bb03d
commit 807f284
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 25 deletions.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -648,8 +648,10 @@ typedef enum
     MBEDTLS_SSL_HELLO_RETRY_REQUEST,
     MBEDTLS_SSL_SECOND_CLIENT_HELLO,
     MBEDTLS_SSL_SECOND_SERVER_HELLO,
-    MBEDTLS_SSL_EARLY_DATA,
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
+    MBEDTLS_SSL_EARLY_APP_DATA,
     MBEDTLS_SSL_END_OF_EARLY_DATA,
+#endif
     MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
     MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
     MBEDTLS_SSL_HANDSHAKE_FINISH_ACK,
@@ -661,7 +663,6 @@ typedef enum
     MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO,
     MBEDTLS_SSL_SERVER_CCS_AFTER_HRR,
 #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */
-    MBEDTLS_SSL_EARLY_APP_DATA
 #endif
 }
 mbedtls_ssl_states;

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
@@ -1406,8 +1406,10 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
 {
 #if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE)
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO );
-#else
+#elif defined(MBEDTLS_TLS13_EARLY_DATA)
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA );
+#else
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
 #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */
 
     return( 0 );
@@ -3945,10 +3947,20 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
             ret = ssl_client_hello_process( ssl );
             break;
 
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
         case MBEDTLS_SSL_EARLY_APP_DATA:
             ret = ssl_write_early_data_process( ssl );
             break;
-
+        /*
+         *  ==>   (EndOfEarlyData)
+         *        (Certificate)
+         *        (CertificateVerify)
+         *        (Finished)
+         */
+        case MBEDTLS_SSL_END_OF_EARLY_DATA:
+            ret = ssl_write_end_of_early_data_process( ssl );
+            break;
+#endif /* MBEDTLS_TLS13_EARLY_DATA */
         /*
          *  <==   ServerHello / HelloRetryRequest
          *        EncryptedExtensions
@@ -3981,16 +3993,6 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
             ret = mbedtls_ssl_finished_in_process( ssl );
             break;
 
-        /*
-         *  ==>   (EndOfEarlyData)
-         *        (Certificate)
-         *        (CertificateVerify)
-         *        (Finished)
-         */
-        case MBEDTLS_SSL_END_OF_EARLY_DATA:
-            ret = ssl_write_end_of_early_data_process( ssl );
-            break;
-
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
             ret = mbedtls_ssl_write_certificate_process( ssl );
             break;

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
@@ -381,7 +381,11 @@ static int ssl_write_change_cipher_spec_postprocess( mbedtls_ssl_context* ssl )
         switch( ssl->state )
         {
             case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
                 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA );
+#else
+                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+#endif
                 break;
             case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
                 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
@@ -2267,8 +2271,11 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl )
         if( ret != 0 )
             return( ret );
 #endif /* MBEDTLS_SSL_USE_MPS */
-
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA );
+#else
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+#endif
     }
     else
 #endif /* MBEDTLS_SSL_SRV_C */
@@ -2455,8 +2462,13 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
     if( ret != 0 )
         return( ret );
 #endif /* MBEDTLS_SSL_USE_MPS */
-
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA );
+#elif defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE)
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
+#else
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+#endif
     return( 0 );
 }
 #endif /* MBEDTLS_SSL_CLI_C */

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
@@ -1801,16 +1801,16 @@ static int ssl_early_data_fetch( mbedtls_ssl_context* ssl,
                                  size_t* buflen );
 #endif /* MBEDTLS_SSL_USE_MPS */
 #endif /* MBEDTLS_ZERO_RTT */
-
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
 static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl );
-
+#endif
 #if defined(MBEDTLS_ZERO_RTT)
 /* Parse early data send by the peer. */
 static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl,
     unsigned char const* buf,
     size_t buflen );
 #endif /* MBEDTLS_ZERO_RTT */
-
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
 /* Update the state after handling the incoming early data message. */
 static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl );
 
@@ -1871,6 +1871,7 @@ int ssl_read_early_data_process( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse early data" ) );
     return( ret );
 }
+#endif
 
 #if defined(MBEDTLS_ZERO_RTT)
 #if defined(MBEDTLS_SSL_USE_MPS)
@@ -1921,11 +1922,13 @@ static int ssl_early_data_fetch( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_ZERO_RTT */
 
 #if !defined(MBEDTLS_ZERO_RTT)
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
 static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl )
 {
     ((void) ssl);
     return( SSL_EARLY_DATA_SKIP );
 }
+#endif
 #else /* MBEDTLS_ZERO_RTT */
 static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl )
 {
@@ -2000,11 +2003,13 @@ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl,
 }
 #endif /* MBEDTLS_ZERO_RTT */
 
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
 static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA );
     return ( 0 );
 }
+#endif /* MBEDTLS_TLS13_EARLY_DATA */
 
 
 /*
@@ -3929,6 +3934,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
 
             break;
 
+#if defined(MBEDTLS_TLS13_EARLY_DATA)
             /* ----- WRITE EARLY APP DATA  ----*/
         case MBEDTLS_SSL_EARLY_APP_DATA:
 
@@ -3938,9 +3944,11 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
                 MBEDTLS_SSL_DEBUG_RET( 1, "ssl_read_early_data_process", ret );
                 return ( ret );
             }
-
             break;
-
+        case MBEDTLS_SSL_END_OF_EARLY_DATA:
+            ret = ssl_read_end_of_early_data_process( ssl );
+            break;
+#endif
             /* ----- WRITE HELLO RETRY REQUEST ----*/
 
         case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
@@ -4062,10 +4070,6 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
             ret = mbedtls_ssl_read_certificate_verify_process( ssl );
             break;
 
-        case MBEDTLS_SSL_END_OF_EARLY_DATA:
-            ret = ssl_read_end_of_early_data_process( ssl );
-            break;
-
             /* ----- READ FINISHED ----*/
 
         case MBEDTLS_SSL_CLIENT_FINISHED: