mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 01:45:48 +01:00
Merge pull request #2262 from andresag01/iotssl-2544-deprecate-record-accel
Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
This commit is contained in:
commit
21d1cbccda
@ -6,6 +6,10 @@ New deprecations
|
|||||||
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
||||||
SSL module for hardware acceleration of individual records.
|
SSL module for hardware acceleration of individual records.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
|
||||||
|
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
|
||||||
|
|
||||||
= mbed TLS 2.21.0 branch released 2020-02-20
|
= mbed TLS 2.21.0 branch released 2020-02-20
|
||||||
|
|
||||||
New deprecations
|
New deprecations
|
||||||
|
@ -2051,7 +2051,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
|
|||||||
/*
|
/*
|
||||||
* Swap transform_out and out_ctr with the alternative ones
|
* Swap transform_out and out_ctr with the alternative ones
|
||||||
*/
|
*/
|
||||||
static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_transform *tmp_transform;
|
mbedtls_ssl_transform *tmp_transform;
|
||||||
unsigned char tmp_out_ctr[8];
|
unsigned char tmp_out_ctr[8];
|
||||||
@ -2059,7 +2059,7 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->transform_out == ssl->handshake->alt_transform_out )
|
if( ssl->transform_out == ssl->handshake->alt_transform_out )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
|
||||||
return;
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
|
||||||
@ -2080,13 +2080,16 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
|||||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||||
if( mbedtls_ssl_hw_record_activate != NULL )
|
if( mbedtls_ssl_hw_record_activate != NULL )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
|
int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
|
||||||
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2123,7 +2126,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->handshake->cur_msg = ssl->handshake->flight;
|
ssl->handshake->cur_msg = ssl->handshake->flight;
|
||||||
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
|
ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
|
||||||
ssl_swap_epochs( ssl );
|
ret = ssl_swap_epochs( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
|
||||||
}
|
}
|
||||||
@ -2146,7 +2151,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||||||
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
|
if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
|
||||||
ssl_swap_epochs( ssl );
|
ret = ssl_swap_epochs( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
||||||
@ -2183,7 +2190,11 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
|
|||||||
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
|
if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
|
||||||
{
|
{
|
||||||
if( is_finished )
|
if( is_finished )
|
||||||
ssl_swap_epochs( ssl );
|
{
|
||||||
|
ret = ssl_swap_epochs( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -827,7 +827,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
|
|||||||
* - [in] minor_ver: SSL/TLS minor version
|
* - [in] minor_ver: SSL/TLS minor version
|
||||||
* - [in] endpoint: client or server
|
* - [in] endpoint: client or server
|
||||||
* - [in] ssl: optionally used for:
|
* - [in] ssl: optionally used for:
|
||||||
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context
|
* - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context (non-const)
|
||||||
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
||||||
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
||||||
*/
|
*/
|
||||||
@ -849,7 +849,10 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||||||
const unsigned char randbytes[64],
|
const unsigned char randbytes[64],
|
||||||
int minor_ver,
|
int minor_ver,
|
||||||
unsigned endpoint,
|
unsigned endpoint,
|
||||||
const mbedtls_ssl_context *ssl )
|
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||||
|
const
|
||||||
|
#endif
|
||||||
|
mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
@ -1449,6 +1449,12 @@ component_build_armcc () {
|
|||||||
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
|
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_build_ssl_hw_record_accel() {
|
||||||
|
msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled"
|
||||||
|
scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||||
|
make CFLAGS='-Werror -O1'
|
||||||
|
}
|
||||||
|
|
||||||
component_test_allow_sha1 () {
|
component_test_allow_sha1 () {
|
||||||
msg "build: allow SHA1 in certificates by default"
|
msg "build: allow SHA1 in certificates by default"
|
||||||
scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
Loading…
Reference in New Issue
Block a user