TLS1.3: Add server finish processing in client side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5d04a11..3e10181 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -39,7 +39,6 @@
#if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h"
#endif
-
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
* in functionality that access to ecdh_ctx structure is needed for
@@ -637,6 +636,7 @@
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+ MBEDTLS_SSL_END_OF_EARLY_DATA,
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -1050,6 +1050,14 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+typedef struct
+{
+ unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
@@ -1114,6 +1122,8 @@
* to be studied whether one of them can be removed. */
unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
+ mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */