Update Mbed Crypto with latest Mbed TLS changes as of 2019-08-15 #223
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
All modules using restartable ECC operations support passing `NULL` as the restart context as a means to not use the feature. The restart contexts for ECDSA and ECP are nested, and when calling restartable ECP operations from restartable ECDSA operations, the address of the ECP restart context to use is calculated by adding the to the address of the ECDSA restart context the offset the of the ECP restart context. If the ECP restart context happens to not reside at offset `0`, this leads to a non-`NULL` pointer being passed to restartable ECP operations from restartable ECDSA-operations; those ECP operations will hence assume that the pointer points to a valid ECP restart address and likely run into a segmentation fault when trying to dereference the non-NULL but close-to-NULL address. The problem doesn't arise currently because luckily the ECP restart context has offset 0 within the ECDSA restart context, but we should not rely on it. This commit fixes the passage from restartable ECDSA to restartable ECP operations by propagating NULL as the restart context pointer. Apart from being fragile, the previous version could also lead to NULL pointer dereference failures in ASanDbg builds which dereferenced the ECDSA restart context even though it's not needed to calculate the address of the offset'ed ECP restart context. dummy
Commit 16b1bd8 "bn_mul.h: add ARM DSP optimized MULADDC code" added some ARM DSP instructions that was assumed to always be available when __ARM_FEATURE_DSP is defined to 1. Unfortunately it appears that the ARMv5TE architecture (GCC flag -march=armv5te) supports the DSP instructions, but only in Thumb mode and not in ARM mode, despite defining __ARM_FEATURE_DSP in both cases. This patch fixes the build issue by requiring at least ARMv6 in addition to the DSP feature.
Non-regression test for "bn_mul.h: require at least ARMv6 to enable the ARM DSP code"
Without any -O option, the default is -O0, and then the assembly code is not used, so this would not be a non-regression test for the assembly code that doesn't build.
Call the component xxx_arm5vte, because that's what it does. Explain "armel", and more generally why this component exists, in a comment.
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older versions of OpenSSL didn't support it. But these days it is supported. We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we still use legacy versions of OpenSSL to test with legacy ciphers. So check whether the version we're using supports it.
configs/README.txt documents that you can use an alternative configuration file by defining the preprocessor symbol MBEDTLS_CONFIG_FILE. Test this.
Resolve conflicts by performing the following actions: - Reject changes to ChangeLog, as Mbed Crypto doesn't have one - Reject changes to tests/compat.sh, as Mbed Crypto doesn't have it - Reject changes to programs/fuzz/onefile.c, as Mbed Crypto doesn't have it - Resolve minor whitespace differences in library/ecdsa.c by taking the version from Mbed TLS upstream. * origin/development: Honor MBEDTLS_CONFIG_FILE in fuzz tests Test that a shared library build produces a dynamically linked executable Test that the shared library build with CMake works Add a test of MBEDTLS_CONFIG_FILE Exclude DTLS 1.2 only with older OpenSSL Document the rationale for the armel build Switch armel build to -Os Add a build on ARMv5TE in ARM mode Add changelog entry for ARM assembly fix bn_mul.h: require at least ARMv6 to enable the ARM DSP code Adapt ChangeLog ECP restart: Don't calculate address of sub ctx if ctx is NULL
yanesca
approved these changes
Aug 15, 2019
dgreen-arm
approved these changes
Aug 15, 2019
gilles-peskine-arm
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.