From 687101b2e60536a006a925542239ab692e3855ae Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Sep 2021 16:03:56 +0800 Subject: [PATCH 1/9] tls13: add dummy state machine handler Signed-off-by: Jerry Yu --- include/mbedtls/debug.h | 7 ++ include/mbedtls/ssl.h | 1 + library/ssl_tls13_client.c | 155 ++++++++++++++++++++++++++++++++++++- library/ssl_tls13_server.c | 2 + 4 files changed, 162 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 0aed59619c..1f82ce6640 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,6 +108,13 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif +/* MSVC support __func__ from visual studio 2015( 1900 ) + Use MSVC predefine macro to avoid name check fail. + */ +#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 )) +#define __func__ __FUNCTION__ +#endif + /** * \def MBEDTLS_PRINTF_SIZET * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 725b156d5d..0abcb75fc5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -623,6 +623,7 @@ typedef enum MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, + MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ } mbedtls_ssl_states; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 13e932c453..4ccb5b33b0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -701,6 +701,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) /* * Write ClientHello handshake message. + * Handler for MBEDTLS_SSL_CLIENT_HELLO */ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) { @@ -736,6 +737,116 @@ cleanup: return ret; } +/* + * Handler for MBEDTLS_SSL_SERVER_HELLO + */ +static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS + */ +static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST + */ +static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE + */ +static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY + */ +static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_SERVER_FINISHED + */ +static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE + */ +static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY + */ +static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_FINISHED + */ +static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_FLUSH_BUFFERS + */ +static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP + */ +static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl ) +{ + ((void) ssl); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -754,9 +865,47 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_SERVER_HELLO: - // Stop here : we haven't finished whole flow - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + ret = ssl_tls1_3_read_server_hello( ssl ); + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + ret = ssl_tls1_3_read_encrypted_extensions( ssl ); + break; + + case MBEDTLS_SSL_CERTIFICATE_REQUEST: + ret = ssl_tls1_3_read_certificate_request( ssl ); + break; + + case MBEDTLS_SSL_SERVER_CERTIFICATE: + ret = ssl_tls1_3_read_server_certificate( ssl ); + break; + + case MBEDTLS_SSL_CERTIFICATE_VERIFY: + ret = ssl_tls1_3_read_certificate_verify( ssl ); + break; + + case MBEDTLS_SSL_SERVER_FINISHED: + ret = ssl_tls1_3_read_server_finished( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = ssl_tls1_3_write_client_certificate( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: + ret = ssl_tls1_3_write_client_certificate_verify( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + ret = ssl_tls1_3_write_client_finished( ssl ); + break; + + case MBEDTLS_SSL_FLUSH_BUFFERS: + ret = ssl_tls1_3_flush_buffers( ssl ); + break; + + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: + ret = ssl_tls1_3_handshake_wrapup( ssl ); break; default: diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0dcd7ed602..437e836e84 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -23,6 +23,8 @@ #if defined(MBEDTLS_SSL_SRV_C) +#include "mbedtls/debug.h" + #include "ssl_misc.h" int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) From 3523a3bee77061dcb1a75081b2b42d9978162881 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Sep 2021 16:29:49 +0800 Subject: [PATCH 2/9] Improve dispatch tests Test base on return value is not good enough. Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 39499d441c..41e714ec22 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8660,11 +8660,11 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ - "$P_SRV min_version=tls1_3 max_version=tls1_3" \ - "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ 1 \ - -s "SSL - The requested feature is not available" \ - -c "SSL - The requested feature is not available" + -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \ + -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL From 6c983524a8e367289d554a093dbd8bcfb2fe54cc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Sep 2021 12:45:36 +0800 Subject: [PATCH 3/9] Move msvc compatible fix to `common.h` Signed-off-by: Jerry Yu --- include/mbedtls/debug.h | 7 ------- library/common.h | 8 ++++++++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 1f82ce6640..0aed59619c 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,13 +108,6 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif -/* MSVC support __func__ from visual studio 2015( 1900 ) - Use MSVC predefine macro to avoid name check fail. - */ -#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 )) -#define __func__ __FUNCTION__ -#endif - /** * \def MBEDTLS_PRINTF_SIZET * diff --git a/library/common.h b/library/common.h index 780ce378de..ba8237acf6 100644 --- a/library/common.h +++ b/library/common.h @@ -318,4 +318,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c } #endif +/* Fix MSVC C99 compatible issue + * MSVC support __func__ from visual studio 2015( 1900 ) + * Use MSVC predefine macro to avoid name check fail. + */ +#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 )) +#define __func__ __FUNCTION__ +#endif + #endif /* MBEDTLS_LIBRARY_COMMON_H */ From 435756ffc0eb5a7dd747a16e8bff913a5094c957 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Sep 2021 13:44:29 +0800 Subject: [PATCH 4/9] Keep consistent order in dummy functions Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 4ccb5b33b0..2eb9a73905 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -792,8 +792,8 @@ static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl ) */ static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); return( 0 ); } From 6e81b27003e24cb15d45b010f1b0713c9beb3de9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Sep 2021 11:16:17 +0800 Subject: [PATCH 5/9] Add client state number check It is temporary check. If any change on `mbedtls_ssl_states`, please double check those tests Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_server.c | 3 ++- tests/ssl-opt.sh | 36 ++++++++++++++++++++++++++++++------ 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2eb9a73905..aa6c0854e0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -851,7 +851,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) ); switch( ssl->state ) { diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 437e836e84..5238f044eb 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -29,7 +29,8 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { - ((void) ssl); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 41e714ec22..66c648573b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8663,26 +8663,50 @@ run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \ "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ 1 \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" + -s "tls1_3 server state: 0" \ + -c "tls1_3 client state: 0" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL run_test "TLS1.3: Test client hello msg work - openssl" \ "$O_NEXT_SRV -tls1_3 -msg" \ - "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ 1 \ -c "SSL - The requested feature is not available" \ - -s "ServerHello" + -s "ServerHello" \ + -c "tls1_3 client state: 0" \ + -c "tls1_3 client state: 2" \ + -c "tls1_3 client state: 19" \ + -c "tls1_3 client state: 5" \ + -c "tls1_3 client state: 3" \ + -c "tls1_3 client state: 9" \ + -c "tls1_3 client state: 13" \ + -c "tls1_3 client state: 7" \ + -c "tls1_3 client state: 20" \ + -c "tls1_3 client state: 11" \ + -c "tls1_3 client state: 14" \ + -c "tls1_3 client state: 15" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL run_test "TLS1.3: Test client hello msg work - gnutls" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \ - "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ 1 \ -c "SSL - The requested feature is not available" \ - -s "SERVER HELLO was queued" + -s "SERVER HELLO was queued" \ + -c "tls1_3 client state: 0" \ + -c "tls1_3 client state: 2" \ + -c "tls1_3 client state: 19" \ + -c "tls1_3 client state: 5" \ + -c "tls1_3 client state: 3" \ + -c "tls1_3 client state: 9" \ + -c "tls1_3 client state: 13" \ + -c "tls1_3 client state: 7" \ + -c "tls1_3 client state: 20" \ + -c "tls1_3 client state: 11" \ + -c "tls1_3 client state: 14" \ + -c "tls1_3 client state: 15" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG From 860b4ee42ec080deabe4b1e8f699af2a17183601 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Sep 2021 13:16:13 +0800 Subject: [PATCH 6/9] Rename `*_read_*` to `*_process_*` Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index aa6c0854e0..ab48ec03b3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -740,7 +740,7 @@ cleanup: /* * Handler for MBEDTLS_SSL_SERVER_HELLO */ -static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); @@ -750,7 +750,7 @@ static int ssl_tls1_3_read_server_hello( mbedtls_ssl_context *ssl ) /* * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS */ -static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); @@ -760,7 +760,7 @@ static int ssl_tls1_3_read_encrypted_extensions( mbedtls_ssl_context *ssl ) /* * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST */ -static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); @@ -770,7 +770,7 @@ static int ssl_tls1_3_read_certificate_request( mbedtls_ssl_context *ssl ) /* * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE */ -static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY ); @@ -780,7 +780,7 @@ static int ssl_tls1_3_read_server_certificate( mbedtls_ssl_context *ssl ) /* * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY */ -static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); @@ -790,7 +790,7 @@ static int ssl_tls1_3_read_certificate_verify( mbedtls_ssl_context *ssl ) /* * Handler for MBEDTLS_SSL_SERVER_FINISHED */ -static int ssl_tls1_3_read_server_finished( mbedtls_ssl_context *ssl ) +static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); @@ -865,27 +865,27 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_tls1_3_read_server_hello( ssl ); + ret = ssl_tls1_3_process_server_hello( ssl ); break; case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls1_3_read_encrypted_extensions( ssl ); + ret = ssl_tls1_3_process_encrypted_extensions( ssl ); break; case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_tls1_3_read_certificate_request( ssl ); + ret = ssl_tls1_3_process_certificate_request( ssl ); break; case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = ssl_tls1_3_read_server_certificate( ssl ); + ret = ssl_tls1_3_process_server_certificate( ssl ); break; case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_tls1_3_read_certificate_verify( ssl ); + ret = ssl_tls1_3_process_certificate_verify( ssl ); break; case MBEDTLS_SSL_SERVER_FINISHED: - ret = ssl_tls1_3_read_server_finished( ssl ); + ret = ssl_tls1_3_process_server_finished( ssl ); break; case MBEDTLS_SSL_CLIENT_CERTIFICATE: From e86cd6575472dedd67c45938c41dcc50404e78ef Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Sep 2021 14:38:20 +0800 Subject: [PATCH 7/9] fix unused-variable fail without MBEDTLS_DEBUG_C Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5238f044eb..86f44cb65f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -29,6 +29,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { + ((void) ssl); MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); From d52398d31fa85665ea2e2690363cbfee32220ed7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Sep 2021 16:13:44 +0800 Subject: [PATCH 8/9] fix double underscore fail Signed-off-by: Jerry Yu --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index ba8237acf6..9b10ec8fbb 100644 --- a/library/common.h +++ b/library/common.h @@ -323,7 +323,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c * Use MSVC predefine macro to avoid name check fail. */ #if (defined(_MSC_VER) && ( _MSC_VER <= 1900 )) -#define __func__ __FUNCTION__ +#define /*no-check-names*/ __func__ __FUNCTION__ #endif #endif /* MBEDTLS_LIBRARY_COMMON_H */ From ad8d0bad10e48827c32723ceab0ed5d4c786631a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Sep 2021 17:58:26 +0800 Subject: [PATCH 9/9] Keep consistency order. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ab48ec03b3..633bb8da2e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -802,8 +802,8 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl ) */ static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); return( 0 ); } @@ -812,8 +812,8 @@ static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl ) */ static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); return( 0 ); } @@ -822,8 +822,8 @@ static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl */ static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS ); return( 0 ); } @@ -832,8 +832,8 @@ static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl ) */ static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP ); return( 0 ); }