Fix issues in Cryptocell 310 shax_alt discovered by On Target Testing #8728
Conversation
|
@RonEld is @ARMmbed/mbed-os-tls the team that should review this fix? If yes, please review |
|
@0xc0170 I would say the @ARMmbed/mbed-os-crypto team should review this |
|
Restarting CI |
|
Aborting CI, will start once it is approved |
Test run: SUCCESSSummary: 4 of 4 test jobs passed |
|
It was completed, waiting for reviewers |
| int ret = 0; | ||
| if( ctx->is_cc_initiated == 0 ) | ||
| { | ||
| ret = init_cc( ctx ); |
There was a problem hiding this comment.
I don't think that calling mbedtls_internal_sha1_process() should be supported for several reasons:
- This is an internal function, users shouldn't call it anyway.
- If anybody, Mbed TLS, the tests or our users call it without calling
mbedtls_sha1_starts()first, then they are violating the API
There was a problem hiding this comment.
As you can see::
sha1_process_wrap calls mbedtls_internal_sha1_process(). I guess it's ok, since it's internal. The test for mbedtlos_md_process() only calls setup and process, so perhaps it's a bug in the test...
There was a problem hiding this comment.
I think it is a bug in the test, it should call mbedtls_md_starts( ) too.
There was a problem hiding this comment.
created Mbed-TLS/mbedtls#2227 to track this
| @@ -33,6 +33,7 @@ extern "C" { | |||
| typedef struct | |||
| { | |||
| CRYS_HASHUserContext_t crys_hash_ctx; | |||
| int is_cc_initiated; | |||
There was a problem hiding this comment.
style: I think the word we are looking for here is "initialised" and not "initiated".
|
@yanesca Thanks for the review! |
|
I think we agree, but I think that the style changes in this PR are still valuable. Maybe we could still merge those or just cherry-pick them to the top of one of the other PRs. Also, before doing anything we should raise an issue for the bug in the tests. Which repository are they in? |
|
The tests are from the Mbed TLS repository |
|
Can you point me to the failing test and/or raise an issue about this in the Mbed TLS repository? |
|
@yanesca |
|
@yanesca As discussed offline, I have changed the implementation of the internal process functions, to return the unsupported error. |
|
I have taken Andres' stress test from #5079 and modified to test cloning: This test passes with the original implementation. So, I will remove the original commit, keeping the style fix, and latest commit for not supporting the internal process function |
1. Change camelcase variables to Mbed OS style. 2. Remove functions declarations from the `_alt` header, since they are now added from the module header regardless whether an alternative implementation exists. 3. Remove the `extern "c"` declaration from the `_alt` headers. 4. Remove redundant extra lines.
Return the `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for the internal process function, as it is not public.
RonEld
force-pushed
the
cryptocell_sha_alt_fixes
branch
from
b04800b to
bcbda3e
Compare
|
@yanesca As mentioned in previous comment, I have rebased to resolved conflicts, and removed the first commit that is not needed. |
|
@yanesca Please re-review. |
|
Looks good to me! I will approve formally as soon as @ARMmbed/mbed-os-tls has approved it too. |
|
@yanesca I don't think this should be reviewed by @ARMmbed/mbed-os-tls but by @ARMmbed/mbed-os-crypto as this is a crypto bug fix |
|
Will start CI when able. We're wrapping up RC3 PRs right now. |
|
CI started |
Test run: SUCCESSSummary: 11 of 11 test jobs passed |
Description
Initialize the Cryptocell context in the
mbedtls_shax_process()function, in case it wasn't initialized. The Process function can be
called without calling to the starts function. Discovered by
On Target Testing on the NRF52840_DK platform.
Note: This might have conflicts with #8643 , but not dependent on it.
Pull request type