Enable MBEDTLS_SSL_PROTO_*

First step to enable other protocol. Compile status: Fail Change-Id: I9fbb2e7994abe556db3954e69807f45b0f99d63e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
hannestschofenig · Jul 28, 2021 · 2306e50 · 2306e50
1 parent 8917997
commit 2306e50
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 3 deletions.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
@@ -1158,6 +1158,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -4380,7 +4380,18 @@ static void ssl_mps_free( mbedtls_ssl_context *ssl )
     mps_alloc_free( &ssl->mps.alloc );
 }
 #endif /* MEDTLS_SSL_USE_MPS */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+static inline int check_version_config(const mbedtls_ssl_config *conf)
+{
+    if(conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+        && conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
+        return 0;
+    if(conf->max_minor_ver!=MBEDTLS_SSL_MINOR_VERSION_4
+        && conf->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4)
+        return 0;
+    return 1;
+}
+#endif
 /*
  * Setup an SSL context
  */
@@ -4390,6 +4401,11 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if(check_version_config(conf))
+        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+#endif
+
 #if !defined(MBEDTLS_SSL_USE_MPS)
     size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
     size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
@@ -6796,12 +6812,37 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+        if(ssl->conf->max_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->min_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+            && ssl->conf->min_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4)
+            ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
+        else
+            ret = mbedtls_ssl_handshake_client_step( ssl );
+#else
         ret = mbedtls_ssl_handshake_client_step( ssl );
+#endif
+    }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if(ssl->conf->max_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->min_major_ver==MBEDTLS_SSL_MAJOR_VERSION_3
+            && ssl->conf->max_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4
+            && ssl->conf->min_minor_ver==MBEDTLS_SSL_MINOR_VERSION_4)
+            ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
+        else
+            ret = mbedtls_ssl_handshake_server_step( ssl );
+#else
         ret = mbedtls_ssl_handshake_server_step( ssl );
 #endif
+    }
+#endif
 
     if( ret != 0 )
     {

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
@@ -4181,7 +4181,7 @@ static int ssl_new_session_ticket_process( mbedtls_ssl_context* ssl )
 /*
  * TLS and DTLS 1.3 State Maschine -- client side
  */
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
@@ -4271,7 +4271,7 @@ static int ssl_certificate_request_postprocess( mbedtls_ssl_context* ssl )
 /*
  * TLS and DTLS 1.3 State Maschine -- server side
  */
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
@@ -3020,10 +3020,12 @@ int main( int argc, char *argv[] )
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
     if( opt.min_version != DFL_MIN_VERSION )
+        // TAG for Jerry Yu, This is important for TLS1.3 now
         mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
                                       opt.min_version );
 
     if( opt.max_version != DFL_MAX_VERSION )
+        // TAG for Jerry Yu, This is important for TLS1.3 now
         mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
                                       opt.max_version );