Merge pull request #2262 from andresag01/iotssl-2544-deprecate-record-accel
Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
This commit is contained in:
commit
21d1cbccda
4 changed files with 32 additions and 8 deletions
|
@ -6,6 +6,10 @@ New deprecations
|
|||
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
||||
SSL module for hardware acceleration of individual records.
|
||||
|
||||
Bugfix
|
||||
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
|
||||
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
|
||||
|
||||
= mbed TLS 2.21.0 branch released 2020-02-20
|
||||
|
||||
New deprecations
|
||||
|
|
|
@ -2051,7 +2051,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
|
|||
/*
|
||||
* Swap transform_out and out_ctr with the alternative ones
|
||||
*/
|
||||
static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_transform *tmp_transform;
|
||||
unsigned char tmp_out_ctr[8];
|
||||
|
@ -2059,7 +2059,7 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
|||
if( ssl->transform_out == ssl->handshake->alt_transform_out )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
|
||||
return;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
|
||||
|
@ -2080,13 +2080,16 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
if( mbedtls_ssl_hw_record_activate != NULL )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
|
||||
int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2123,7 +2126,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
|
||||
ssl->handshake->cur_msg = ssl->handshake->flight;
|
||||
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
|
||||
ssl_swap_epochs( ssl );
|
||||
ret = ssl_swap_epochs( ssl );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
||||
}
|
||||
|
@ -2146,7 +2151,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
|
||||
ssl_swap_epochs( ssl );
|
||||
ret = ssl_swap_epochs( ssl );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
||||
|
@ -2183,7 +2190,11 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
|
||||
{
|
||||
if( is_finished )
|
||||
ssl_swap_epochs( ssl );
|
||||
{
|
||||
ret = ssl_swap_epochs( ssl );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
|
|
@ -827,7 +827,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
|
|||
* - [in] minor_ver: SSL/TLS minor version
|
||||
* - [in] endpoint: client or server
|
||||
* - [in] ssl: optionally used for:
|
||||
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context
|
||||
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context (non-const)
|
||||
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
||||
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
||||
*/
|
||||
|
@ -849,7 +849,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
const unsigned char randbytes[64],
|
||||
int minor_ver,
|
||||
unsigned endpoint,
|
||||
const mbedtls_ssl_context *ssl )
|
||||
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
const
|
||||
#endif
|
||||
mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = 0;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -1449,6 +1449,12 @@ component_build_armcc () {
|
|||
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
|
||||
}
|
||||
|
||||
component_build_ssl_hw_record_accel() {
|
||||
msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled"
|
||||
scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
make CFLAGS='-Werror -O1'
|
||||
}
|
||||
|
||||
component_test_allow_sha1 () {
|
||||
msg "build: allow SHA1 in certificates by default"
|
||||
scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||
|
|
Loading…
Reference in a new issue