Merge pull request #2262 from andresag01/iotssl-2544-deprecate-record-accel

Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
This commit is contained in:
Manuel Pégourié-Gonnard 2020-03-16 10:37:16 +01:00 committed by GitHub
commit 21d1cbccda
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 8 deletions

View file

@ -6,6 +6,10 @@ New deprecations
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
SSL module for hardware acceleration of individual records.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
= mbed TLS 2.21.0 branch released 2020-02-20
New deprecations

View file

@ -2051,7 +2051,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
/*
* Swap transform_out and out_ctr with the alternative ones
*/
static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_transform *tmp_transform;
unsigned char tmp_out_ctr[8];
@ -2059,7 +2059,7 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
if( ssl->transform_out == ssl->handshake->alt_transform_out )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
return;
return( 0 );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
@ -2080,13 +2080,16 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
{
if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
}
#endif
return( 0 );
}
/*
@ -2123,7 +2126,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
ssl->handshake->cur_msg = ssl->handshake->flight;
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
ssl_swap_epochs( ssl );
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
}
@ -2146,7 +2151,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
ssl_swap_epochs( ssl );
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
}
ret = ssl_get_remaining_payload_in_datagram( ssl );
@ -2183,7 +2190,11 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
{
if( is_finished )
ssl_swap_epochs( ssl );
{
ret = ssl_swap_epochs( ssl );
if( ret != 0 )
return( ret );
}
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );

View file

@ -827,7 +827,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
* - [in] minor_ver: SSL/TLS minor version
* - [in] endpoint: client or server
* - [in] ssl: optionally used for:
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context (non-const)
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
*/
@ -849,7 +849,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
const unsigned char randbytes[64],
int minor_ver,
unsigned endpoint,
const mbedtls_ssl_context *ssl )
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
const
#endif
mbedtls_ssl_context *ssl )
{
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)

View file

@ -1449,6 +1449,12 @@ component_build_armcc () {
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
component_build_ssl_hw_record_accel() {
msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled"
scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL
make CFLAGS='-Werror -O1'
}
component_test_allow_sha1 () {
msg "build: allow SHA1 in certificates by default"
scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES