Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers
add tls13 client dummy state handlers and improve dispatch test
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 822205e..2349245 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -623,6 +623,7 @@
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
+ MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
}
mbedtls_ssl_states;
diff --git a/library/common.h b/library/common.h
index 780ce37..9b10ec8 100644
--- a/library/common.h
+++ b/library/common.h
@@ -318,4 +318,12 @@
}
#endif
+/* Fix MSVC C99 compatible issue
+ * MSVC support __func__ from visual studio 2015( 1900 )
+ * Use MSVC predefine macro to avoid name check fail.
+ */
+#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
+#define /*no-check-names*/ __func__ __FUNCTION__
+#endif
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 13e932c..633bb8d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -701,6 +701,7 @@
/*
* Write ClientHello handshake message.
+ * Handler for MBEDTLS_SSL_CLIENT_HELLO
*/
static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
{
@@ -736,11 +737,121 @@
return ret;
}
+/*
+ * Handler for MBEDTLS_SSL_SERVER_HELLO
+ */
+static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
+ */
+static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
+ */
+static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
+ */
+static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
+ */
+static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_SERVER_FINISHED
+ */
+static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
+ */
+static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
+ */
+static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_CLIENT_FINISHED
+ */
+static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_FLUSH_BUFFERS
+ */
+static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
+ */
+static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
+{
+ ((void) ssl);
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = 0;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );
switch( ssl->state )
{
@@ -754,9 +865,47 @@
break;
case MBEDTLS_SSL_SERVER_HELLO:
- // Stop here : we haven't finished whole flow
- ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+ ret = ssl_tls1_3_process_server_hello( ssl );
+ break;
+
+ case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
+ ret = ssl_tls1_3_process_encrypted_extensions( ssl );
+ break;
+
+ case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+ ret = ssl_tls1_3_process_certificate_request( ssl );
+ break;
+
+ case MBEDTLS_SSL_SERVER_CERTIFICATE:
+ ret = ssl_tls1_3_process_server_certificate( ssl );
+ break;
+
+ case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+ ret = ssl_tls1_3_process_certificate_verify( ssl );
+ break;
+
+ case MBEDTLS_SSL_SERVER_FINISHED:
+ ret = ssl_tls1_3_process_server_finished( ssl );
+ break;
+
+ case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+ ret = ssl_tls1_3_write_client_certificate( ssl );
+ break;
+
+ case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
+ ret = ssl_tls1_3_write_client_certificate_verify( ssl );
+ break;
+
+ case MBEDTLS_SSL_CLIENT_FINISHED:
+ ret = ssl_tls1_3_write_client_finished( ssl );
+ break;
+
+ case MBEDTLS_SSL_FLUSH_BUFFERS:
+ ret = ssl_tls1_3_flush_buffers( ssl );
+ break;
+
+ case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+ ret = ssl_tls1_3_handshake_wrapup( ssl );
break;
default:
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 0dcd7ed..86f44cb 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -23,11 +23,15 @@
#if defined(MBEDTLS_SSL_SRV_C)
+#include "mbedtls/debug.h"
+
#include "ssl_misc.h"
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
{
((void) ssl);
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
+
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 39499d4..66c6485 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8660,29 +8660,53 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
- "$P_SRV min_version=tls1_3 max_version=tls1_3" \
- "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+ "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+ "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
- -s "SSL - The requested feature is not available" \
- -c "SSL - The requested feature is not available"
+ -s "tls1_3 server state: 0" \
+ -c "tls1_3 client state: 0"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - openssl" \
"$O_NEXT_SRV -tls1_3 -msg" \
- "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+ "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
- -s "ServerHello"
+ -s "ServerHello" \
+ -c "tls1_3 client state: 0" \
+ -c "tls1_3 client state: 2" \
+ -c "tls1_3 client state: 19" \
+ -c "tls1_3 client state: 5" \
+ -c "tls1_3 client state: 3" \
+ -c "tls1_3 client state: 9" \
+ -c "tls1_3 client state: 13" \
+ -c "tls1_3 client state: 7" \
+ -c "tls1_3 client state: 20" \
+ -c "tls1_3 client state: 11" \
+ -c "tls1_3 client state: 14" \
+ -c "tls1_3 client state: 15"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - gnutls" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
- "$P_CLI min_version=tls1_3 max_version=tls1_3" \
+ "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
- -s "SERVER HELLO was queued"
+ -s "SERVER HELLO was queued" \
+ -c "tls1_3 client state: 0" \
+ -c "tls1_3 client state: 2" \
+ -c "tls1_3 client state: 19" \
+ -c "tls1_3 client state: 5" \
+ -c "tls1_3 client state: 3" \
+ -c "tls1_3 client state: 9" \
+ -c "tls1_3 client state: 13" \
+ -c "tls1_3 client state: 7" \
+ -c "tls1_3 client state: 20" \
+ -c "tls1_3 client state: 11" \
+ -c "tls1_3 client state: 14" \
+ -c "tls1_3 client state: 15"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG