Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The function will be used by
mbedtls_ssl_read_early_data() as well.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Linux/Aarch64: support SHA acceleration detection with older libc
On Linux on aarch64 (64-bit ARMv8) processors, we use getauxval() to detect
whether the runtime environment supports SHA-256 or SHA-512 acceleration.
Some libc do not define the necessary HWCAP_xxx constants to analyze the
result of getauxval(), either because they don't bother or because they're
too old to recognize the values we need (for example, HWCAP_SHA2 appeared in
Glibc 2.24 and HWCAP_SHA512 appeared in Glibc 2.27). In such cases, assume
that the values are the same as in the kernel ABI and define the constants
manually.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:
In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
/build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
/build/mbedtls/tests/include/test/macros.h:128:46:
error: 'calloc' sizes specified with 'sizeof' in the earlier argument
and not in the later argument [-Werror=calloc-transposed-args]
128 | (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
| ^
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.
Signed-off-by: Janos Follath <janos.follath@arm.com>
