Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The function will be used by
mbedtls_ssl_read_early_data() as well.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Linux/Aarch64: support SHA acceleration detection with older libc
On Linux on aarch64 (64-bit ARMv8) processors, we use getauxval() to detect
whether the runtime environment supports SHA-256 or SHA-512 acceleration.
Some libc do not define the necessary HWCAP_xxx constants to analyze the
result of getauxval(), either because they don't bother or because they're
too old to recognize the values we need (for example, HWCAP_SHA2 appeared in
Glibc 2.24 and HWCAP_SHA512 appeared in Glibc 2.27). In such cases, assume
that the values are the same as in the kernel ABI and define the constants
manually.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:
In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
/build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
/build/mbedtls/tests/include/test/macros.h:128:46:
error: 'calloc' sizes specified with 'sizeof' in the earlier argument
and not in the later argument [-Werror=calloc-transposed-args]
128 | (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
| ^
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
