From 807f284e40d371070fce7f0643b39a1226d13762 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 16 Aug 2021 13:53:03 +0800 Subject: [PATCH] Wrap early data relative codes change the state machine if early data is not enabled Change-Id: Iede5ab0dee6158110ac33976536117681d1d4a71 CustomizedGitHooks: yes Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 5 +++-- library/ssl_tls13_client.c | 26 ++++++++++++++------------ library/ssl_tls13_generic.c | 16 ++++++++++++++-- library/ssl_tls13_server.c | 22 +++++++++++++--------- 4 files changed, 44 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0b1425cff4f9..9d5d415f0547 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -648,8 +648,10 @@ typedef enum MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_SECOND_CLIENT_HELLO, MBEDTLS_SSL_SECOND_SERVER_HELLO, - MBEDTLS_SSL_EARLY_DATA, +#if defined(MBEDTLS_TLS13_EARLY_DATA) + MBEDTLS_SSL_EARLY_APP_DATA, MBEDTLS_SSL_END_OF_EARLY_DATA, +#endif MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_HANDSHAKE_FINISH_ACK, @@ -661,7 +663,6 @@ typedef enum MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HRR, #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ - MBEDTLS_SSL_EARLY_APP_DATA #endif } mbedtls_ssl_states; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index dc025b195c2a..f98862407c08 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1406,8 +1406,10 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) { #if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO ); -#else +#elif defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ return( 0 ); @@ -3945,10 +3947,20 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = ssl_client_hello_process( ssl ); break; +#if defined(MBEDTLS_TLS13_EARLY_DATA) case MBEDTLS_SSL_EARLY_APP_DATA: ret = ssl_write_early_data_process( ssl ); break; - + /* + * ==> (EndOfEarlyData) + * (Certificate) + * (CertificateVerify) + * (Finished) + */ + case MBEDTLS_SSL_END_OF_EARLY_DATA: + ret = ssl_write_end_of_early_data_process( ssl ); + break; +#endif /* MBEDTLS_TLS13_EARLY_DATA */ /* * <== ServerHello / HelloRetryRequest * EncryptedExtensions @@ -3981,16 +3993,6 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_finished_in_process( ssl ); break; - /* - * ==> (EndOfEarlyData) - * (Certificate) - * (CertificateVerify) - * (Finished) - */ - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_write_end_of_early_data_process( ssl ); - break; - case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = mbedtls_ssl_write_certificate_process( ssl ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 9446fb24c358..6e5c5c3f3405 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -381,7 +381,11 @@ static int ssl_write_change_cipher_spec_postprocess( mbedtls_ssl_context* ssl ) switch( ssl->state ) { case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); +#endif break; case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); @@ -2267,8 +2271,11 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl ) if( ret != 0 ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif } else #endif /* MBEDTLS_SSL_SRV_C */ @@ -2455,8 +2462,13 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) if( ret != 0 ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); +#elif defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d9c13e055c80..d059a51c9199 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1801,16 +1801,16 @@ static int ssl_early_data_fetch( mbedtls_ssl_context* ssl, size_t* buflen ); #endif /* MBEDTLS_SSL_USE_MPS */ #endif /* MBEDTLS_ZERO_RTT */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ); - +#endif #if defined(MBEDTLS_ZERO_RTT) /* Parse early data send by the peer. */ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, unsigned char const* buf, size_t buflen ); #endif /* MBEDTLS_ZERO_RTT */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) /* Update the state after handling the incoming early data message. */ static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ); @@ -1871,6 +1871,7 @@ int ssl_read_early_data_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse early data" ) ); return( ret ); } +#endif #if defined(MBEDTLS_ZERO_RTT) #if defined(MBEDTLS_SSL_USE_MPS) @@ -1921,11 +1922,13 @@ static int ssl_early_data_fetch( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_ZERO_RTT */ #if !defined(MBEDTLS_ZERO_RTT) +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) { ((void) ssl); return( SSL_EARLY_DATA_SKIP ); } +#endif #else /* MBEDTLS_ZERO_RTT */ static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) { @@ -2000,11 +2003,13 @@ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, } #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); return ( 0 ); } +#endif /* MBEDTLS_TLS13_EARLY_DATA */ /* @@ -3929,6 +3934,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) break; +#if defined(MBEDTLS_TLS13_EARLY_DATA) /* ----- WRITE EARLY APP DATA ----*/ case MBEDTLS_SSL_EARLY_APP_DATA: @@ -3938,9 +3944,11 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "ssl_read_early_data_process", ret ); return ( ret ); } - break; - + case MBEDTLS_SSL_END_OF_EARLY_DATA: + ret = ssl_read_end_of_early_data_process( ssl ); + break; +#endif /* ----- WRITE HELLO RETRY REQUEST ----*/ case MBEDTLS_SSL_HELLO_RETRY_REQUEST: @@ -4062,10 +4070,6 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_read_certificate_verify_process( ssl ); break; - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_read_end_of_early_data_process( ssl ); - break; - /* ----- READ FINISHED ----*/ case MBEDTLS_SSL_CLIENT_FINISHED: