Brad Bishop | bec4ebc | 2022-08-03 09:55:16 -0400 | [diff] [blame] | 1 | Upstream-Status: Backport |
| 2 | Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> |
| 3 | |
| 4 | From a93084be95634b66b917f1c8baf403067dc75c5d Mon Sep 17 00:00:00 2001 |
| 5 | From: Sandrine Bailleux <sandrine.bailleux@arm.com> |
| 6 | Date: Thu, 21 Apr 2022 10:21:29 +0200 |
| 7 | Subject: [PATCH] build(deps): upgrade to mbed TLS 2.28.0 |
| 8 | |
| 9 | Upgrade to the latest and greatest 2.x release of Mbed TLS library |
| 10 | (i.e. v2.28.0) to take advantage of their bug fixes. |
| 11 | |
| 12 | Note that the Mbed TLS project published version 3.x some time |
| 13 | ago. However, as this is a major release with API breakages, upgrading |
| 14 | to 3.x might require some more involved changes in TF-A, which we are |
| 15 | not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7 |
| 16 | release of TF-A. |
| 17 | |
| 18 | Actually, the upgrade this time simply boils down to including the new |
| 19 | source code module 'constant_time.c' into the firmware. |
| 20 | |
| 21 | To quote mbed TLS v2.28.0 release notes [1]: |
| 22 | |
| 23 | The mbedcrypto library includes a new source code module |
| 24 | constant_time.c, containing various functions meant to resist timing |
| 25 | side channel attacks. This module does not have a separate |
| 26 | configuration option, and functions from this module will be |
| 27 | included in the build as required. |
| 28 | |
| 29 | As a matter of fact, if one is attempting to link TF-A against mbed |
| 30 | TLS v2.28.0 without the present patch, one gets some linker errors |
| 31 | due to missing symbols from this new module. |
| 32 | |
| 33 | Apart from this, none of the items listed in mbed TLS release |
| 34 | notes [1] directly affect TF-A. Special note on the following one: |
| 35 | |
| 36 | Fix a bug in mbedtls_gcm_starts() when the bit length of the iv |
| 37 | exceeds 2^32. |
| 38 | |
| 39 | In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption |
| 40 | feature is enabled with AES-GCM as the authenticated decryption |
| 41 | algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable |
| 42 | which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a |
| 43 | 32-bit value which by definition is always less than 2**32. Therefore, |
| 44 | we are immune to this bug. |
| 45 | |
| 46 | With this upgrade, the size of BL1 and BL2 binaries does not appear to |
| 47 | change on a standard sample test build (with trusted boot and measured |
| 48 | boot enabled). |
| 49 | |
| 50 | [1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0 |
| 51 | |
| 52 | Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6 |
| 53 | Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> |
| 54 | --- |
| 55 | drivers/auth/mbedtls/mbedtls_common.mk | 1 + |
| 56 | 1 file changed, 1 insertion(+) |
| 57 | |
| 58 | diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk |
| 59 | index 0a4775d00..3eb41617f 100644 |
| 60 | --- a/drivers/auth/mbedtls/mbedtls_common.mk |
| 61 | +++ b/drivers/auth/mbedtls/mbedtls_common.mk |
| 62 | @@ -48,6 +48,7 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ |
| 63 | rsa_internal.c \ |
| 64 | x509.c \ |
| 65 | x509_crt.c \ |
| 66 | + constant_time.c \ |
| 67 | ) |
| 68 | |
| 69 | # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key |
| 70 | -- |
| 71 | 2.25.1 |
| 72 | |