Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use of volatile is more an internal implementation detail (ensuring
const-time) than part of the contract (the caller doesn't care about
volatile as such).
Signed-off-by: Janos Follath <janos.follath@arm.com>
We need the pointer, A, to be volatile, to ensure the reads happen. bits
does not need to be volatile.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Threads lose the mutex between locking the slot and changing the slot's state.
Make it so that threads check if another thread has completed a destruction during this period.
Also fix the issue with the incorrect status variable being used.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The conversion back to signed short is an issue: the uint cast results
in (-1 + UINT_MAX), which is OK. But then that can't be cast back to a
signed value: "if the new type is signed and the value cannot be
represented in it; either the result is implementation-defined or an
implementation-defined signal is raised."
Signed-off-by: Janos Follath <janos.follath@arm.com>
Move PSK ciphersuite selection up to the main
ClientHello parsing function. That way the
ciphersuite selection only happens in this
function.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Regarding the possibility of selecting a
key exchange mode, the check of the ticket
flags is now separated from the check of
the ClientHello content and server
configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
For PSK based key exchange modes do not check twice
anymore if they can be selected or not. Check it
only when looping over the offered PSKs to select
one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>