diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0b1425cff4f9..514e5c472982 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -648,8 +648,10 @@ typedef enum MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_SECOND_CLIENT_HELLO, MBEDTLS_SSL_SECOND_SERVER_HELLO, - MBEDTLS_SSL_EARLY_DATA, +#if defined(MBEDTLS_ZERO_RTT) + MBEDTLS_SSL_EARLY_APP_DATA, MBEDTLS_SSL_END_OF_EARLY_DATA, +#endif MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_HANDSHAKE_FINISH_ACK, @@ -661,7 +663,6 @@ typedef enum MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HRR, #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ - MBEDTLS_SSL_EARLY_APP_DATA #endif } mbedtls_ssl_states; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 26dae3011872..417ffaea033c 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -176,10 +176,13 @@ int ssl_write_early_data_process( mbedtls_ssl_context* ssl ) #endif /* MBEDTLS_SSL_USE_MPS */ #else /* MBEDTLS_ZERO_RTT */ + +#if defined(MBEDTLS_SSL_USE_MPS) ((void) buf); ((void) buf_len); ((void) msg); ((void) msg_len); +#endif /* Should never happen */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1404,8 +1407,10 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) { #if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO ); -#else +#elif defined(MBEDTLS_ZERO_RTT) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else /* MBEDTLS_ZERO_RTT */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ return( 0 ); @@ -3943,9 +3948,11 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = ssl_client_hello_process( ssl ); break; +#if defined(MBEDTLS_ZERO_RTT) case MBEDTLS_SSL_EARLY_APP_DATA: ret = ssl_write_early_data_process( ssl ); break; +#endif /* * <== ServerHello / HelloRetryRequest @@ -3985,10 +3992,11 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) * (CertificateVerify) * (Finished) */ +#if defined(MBEDTLS_ZERO_RTT) case MBEDTLS_SSL_END_OF_EARLY_DATA: ret = ssl_write_end_of_early_data_process( ssl ); break; - +#endif case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = mbedtls_ssl_write_certificate_process( ssl ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 9446fb24c358..b98fe62e0afa 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -2267,8 +2267,11 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl ) if( ret != 0 ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ - +#if defined(MBEDTLS_ZERO_RTT) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif } else #endif /* MBEDTLS_SSL_SRV_C */ @@ -2456,7 +2459,11 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ +#if defined(MBEDTLS_ZERO_RTT) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d9c13e055c80..b310ac51a593 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1802,7 +1802,6 @@ static int ssl_early_data_fetch( mbedtls_ssl_context* ssl, #endif /* MBEDTLS_SSL_USE_MPS */ #endif /* MBEDTLS_ZERO_RTT */ -static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ); #if defined(MBEDTLS_ZERO_RTT) /* Parse early data send by the peer. */ @@ -1811,6 +1810,9 @@ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, size_t buflen ); #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_ZERO_RTT) +static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ); + /* Update the state after handling the incoming early data message. */ static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ); @@ -1871,7 +1873,7 @@ int ssl_read_early_data_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse early data" ) ); return( ret ); } - +#endif #if defined(MBEDTLS_ZERO_RTT) #if defined(MBEDTLS_SSL_USE_MPS) static int ssl_early_data_fetch( mbedtls_ssl_context *ssl, @@ -1920,13 +1922,7 @@ static int ssl_early_data_fetch( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_USE_MPS */ #endif /* MBEDTLS_ZERO_RTT */ -#if !defined(MBEDTLS_ZERO_RTT) -static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) -{ - ((void) ssl); - return( SSL_EARLY_DATA_SKIP ); -} -#else /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_ZERO_RTT) static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) { int ret; @@ -2000,12 +1996,13 @@ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, } #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_ZERO_RTT) static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); return ( 0 ); } - +#endif /* * @@ -3929,7 +3926,9 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) break; - /* ----- WRITE EARLY APP DATA ----*/ + +#if defined(MBEDTLS_ZERO_RTT) + /* ----- WRITE EARLY APP DATA ----*/ case MBEDTLS_SSL_EARLY_APP_DATA: ret = ssl_read_early_data_process( ssl ); @@ -3940,7 +3939,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) } break; - +#endif /* ----- WRITE HELLO RETRY REQUEST ----*/ case MBEDTLS_SSL_HELLO_RETRY_REQUEST: @@ -4062,9 +4061,11 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_read_certificate_verify_process( ssl ); break; +#if defined(MBEDTLS_ZERO_RTT) case MBEDTLS_SSL_END_OF_EARLY_DATA: ret = ssl_read_end_of_early_data_process( ssl ); break; +#endif /* ----- READ FINISHED ----*/