TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 21d1cbccda62a40317553d05fc163dce251f084f^1..21d1cbccda62a40317553d05fc163dce251f084f / .
commit21d1cbccda62a40317553d05fc163dce251f084f[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Mar 16 10:37:16 2020 +0100
committerGitHub <noreply@github.com>Mon Mar 16 10:37:16 2020 +0100
tree721e3e5deb158d6e1930526d44434e6fe0fff4f2
parent181bad9eaa52aa2c45af56acfd909e47f0756dc0 [diff]
parent7ae6ed4435cee8a6ec5bb48e9f93ee53c2da2fec [diff]
Merge pull request #2262 from andresag01/iotssl-2544-deprecate-record-accel

Fix compilation failure when MBEDTLS_SSL_HW_RECORD_ACCEL is enabled
diff --git a/ChangeLog b/ChangeLog
index 3f2f593..fb850d8 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,10 @@
    * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
      SSL module for hardware acceleration of individual records.
 
+Bugfix
+   * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
+     MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
+
 = mbed TLS 2.21.0 branch released 2020-02-20
 
 New deprecations

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index df0d0fc..18fa555 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -2051,7 +2051,7 @@
 /*
  * Swap transform_out and out_ctr with the alternative ones
  */
-static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
+static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_transform *tmp_transform;
     unsigned char tmp_out_ctr[8];
@@ -2059,7 +2059,7 @@
     if( ssl->transform_out == ssl->handshake->alt_transform_out )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
-        return;
+        return( 0 );
     }
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
@@ -2080,13 +2080,16 @@
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     if( mbedtls_ssl_hw_record_activate != NULL )
     {
-        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
+        int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND );
+        if( ret != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
         }
     }
 #endif
+
+    return( 0 );
 }
 
 /*
@@ -2123,7 +2126,9 @@
 
         ssl->handshake->cur_msg = ssl->handshake->flight;
         ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
-        ssl_swap_epochs( ssl );
+        ret = ssl_swap_epochs( ssl );
+        if( ret != 0 )
+            return( ret );
 
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
     }
@@ -2146,7 +2151,9 @@
         if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
-            ssl_swap_epochs( ssl );
+            ret = ssl_swap_epochs( ssl );
+            if( ret != 0 )
+                return( ret );
         }
 
         ret = ssl_get_remaining_payload_in_datagram( ssl );
@@ -2183,7 +2190,11 @@
             if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
             {
                 if( is_finished )
-                    ssl_swap_epochs( ssl );
+                {
+                    ret = ssl_swap_epochs( ssl );
+                    if( ret != 0 )
+                        return( ret );
+                }
 
                 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
                     return( ret );

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index db2cdb6..39401c0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -827,7 +827,7 @@
  * - [in] minor_ver: SSL/TLS minor version
  * - [in] endpoint: client or server
  * - [in] ssl: optionally used for:
- *        - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context
+ *        - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context (non-const)
  *        - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
  *        - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
  */
@@ -849,7 +849,10 @@
                                    const unsigned char randbytes[64],
                                    int minor_ver,
                                    unsigned endpoint,
-                                   const mbedtls_ssl_context *ssl )
+#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+                                   const
+#endif
+                                   mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index bc66fcb..25bf425 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh

@@ -1449,6 +1449,12 @@
     armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
 }
 
+component_build_ssl_hw_record_accel() {
+    msg "build: default config with MBEDTLS_SSL_HW_RECORD_ACCEL enabled"
+    scripts/config.pl set MBEDTLS_SSL_HW_RECORD_ACCEL
+    make CFLAGS='-Werror -O1'
+}
+
 component_test_allow_sha1 () {
     msg "build: allow SHA1 in certificates by default"
     scripts/config.py set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES