Fix compile errors without 0-RTT, MPS and compatible mode

[yuhaoth]

When unset 0-RTT,MPS and TLS13_COMPATIBLE, it reports
compile fail.

That's prepare for Mbed-TLS#4417 . Try to figure out the minimal sets for handshake.

[hanno-becker]

Just had a quick look: The introduction of MBEDTLS_SSL_EARLY_DATA was deliberately not made dependent on MBEDTLS_ZERO_RTT to keep the state machine logic as static as possible. Instead, it's the 0-RTT handler that skips the state it if it's not enabled.

Either way works - I personally prefer less #ifdefs in the code, and dummy functions instead, so would rather keep the code as is. Other opinions? @lhuang04 @zhihan?

[lhuang04]

Just had a quick look: The introduction of MBEDTLS_SSL_EARLY_DATA was deliberately not made dependent on MBEDTLS_ZERO_RTT to keep the state machine logic as static as possible. Instead, it's the 0-RTT handler that skips the state it if it's not enabled.

Either way works - I personally prefer less #ifdefs in the code, and dummy functions instead, so would rather keep the code as is. Other opinions? @lhuang04 @zhihan?

I'm fine either way. As we will always have MBEDTLS_ZERO_RTT defined. This change should be a no-op for us.

[yuhaoth]

Just had a quick look: The introduction of MBEDTLS_SSL_EARLY_DATA was deliberately not made dependent on MBEDTLS_ZERO_RTT .

I try to wrapper early data codes with MBEDTLS_SSL_EARLY_DATA_SUPPORT , but not success.
I'd like introduce MBEDTLS_SSL_EARLY_DATA_SUPPORT in future.

to keep the state machine logic as static as possible. Instead, it's the 0-RTT handler that skips the state it if it's not enabled.

That's due to maintenance reason, right?
But it will increase the code size if MBEDTLS_ZERO_RTT is not defined.

[hanno-becker]

@yuhaoth A lot of overhead will be removed by the compiler because it's happening in a single compilation unit - but some might remain, so you have a point regarding code-size. I don't feel strongly here, and it's not unlikely the same thing will be flagged upstream - so let's do what you suggest.

[yuhaoth]

updated

[yuhaoth]

• ssl-opt.sh test pass
• And test with below script pass

./scripts/config.py unset MBEDTLS_SSL_USE_MPS
./scripts/config.py unset MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE
./scripts/config.py unset MBEDTLS_ZERO_RTT
./scripts/config.py unset MBEDTLS_TLS13_EARLY_DATA
./scripts/config.py unset MBEDTLS_SSL_NEW_SESSION_TICKET
./scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
./scripts/config.py unset MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
./scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
./scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
./scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
./scripts/config.py unset MBEDTLS_SSL_COOKIE_C
./scripts/config.py unset MBEDTLS_HAVE_TIME
./scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
make clean 
make -j20 CFLAGS="-g -Werror" 
./programs/ssl/ssl_server2 debug_level=2  nbio=0 | tee $1.server.log &
openssl s_server -www -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache -msg -accept 16624 &
gnutls-serv --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4 &
sleep 3 
./programs/ssl/ssl_client2  force_version=tls1_3  debug_level=3 nbio=0 | tee $1.client.log
killall ssl_server2

./programs/ssl/ssl_client2  force_version=tls1_3  debug_level=2 nbio=0 server_port=16624 | tee $1.openssl.client.log
./programs/ssl/ssl_client2  force_version=tls1_3  debug_level=2 nbio=0 server_port=5556 | tee $1.gnutls.client.log
killall openssl
killall gnutls-serv