Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AES hardware-only check #8281

Merged
merged 3 commits into from
Oct 9, 2023
Merged

Improve AES hardware-only check #8281

merged 3 commits into from
Oct 9, 2023

Conversation

daverodgman
Copy link
Contributor

Description

Looking at #7384 (adds MBEDTLS_AES_USE_HARDWARE_ONLY), we complain with a #error message if this is set on x86 / x86_64 and MBEDTLS_AESNI_C is not set, and similar for Arm.

But if we set AES_USE_HARDWARE_ONLY on some other platform, there's no clean error about "not all prerequisites set", only an unexplained compile fail. This PR fixes that gap.

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

  • changelog not required - minor enhancement, no change to functionality
  • backport not required - not in 2.28
  • tests not required - covered by existing

@daverodgman daverodgman added enhancement needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review single-reviewer This PR qualifies for having only one reviewer size-xs Estimated task size: extra small (a few hours at most) priority-medium Medium priority - this can be reviewed as time permits labels Sep 29, 2023
tom-cosgrove-arm
tom-cosgrove-arm previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I prefer the way this reverses things

@tom-cosgrove-arm tom-cosgrove-arm added approved Design and code approved - may be waiting for CI or backports needs-ci Needs to pass CI tests and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Sep 29, 2023
@tom-cosgrove-arm tom-cosgrove-arm added needs-work and removed approved Design and code approved - may be waiting for CI or backports labels Sep 29, 2023
@daverodgman
Restore missing #if
e81a632 
Signed-off-by: Dave Rodgman <[email protected]>
@daverodgman daverodgman added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Sep 29, 2023
gilles-peskine-arm
gilles-peskine-arm previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tom-cosgrove-arm
tom-cosgrove-arm previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-cosgrove-arm tom-cosgrove-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, labels Sep 29, 2023
@tom-cosgrove-arm
Copy link
Contributor

And in case people hit the compiler warnings and search, the output you get when setting MBEDTLS_AES_USE_HARDWARE_ONLY on a platform that doesn't support it is

aes.c:41:2: error: "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
 ^
  CC    bignum_mod_raw.c
aes.c:619:15: warning: variable 'RK' set but not used [-Wunused-but-set-variable]
    uint32_t *RK;
              ^
aes.c:616:75: warning: unused parameter 'key' [-Wunused-parameter]
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
                                                                          ^
  CC    camellia.c
aes.c:1066:48: warning: unused parameter 'ctx' [-Wunused-parameter]
int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
                                               ^
aes.c:1068:47: warning: unused parameter 'input' [-Wunused-parameter]
                          const unsigned char input[16],
                                              ^
aes.c:1069:41: warning: unused parameter 'output' [-Wunused-parameter]
                          unsigned char output[16])
                                        ^

@daverodgman
Copy link
Contributor Author

And in case people hit the compiler warnings and search, the output you get when setting MBEDTLS_AES_USE_HARDWARE_ONLY on a platform that doesn't support it is

aes.c:41:2: error: "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
 ^
  CC    bignum_mod_raw.c
aes.c:619:15: warning: variable 'RK' set but not used [-Wunused-but-set-variable]
    uint32_t *RK;
              ^
aes.c:616:75: warning: unused parameter 'key' [-Wunused-parameter]
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
                                                                          ^
  CC    camellia.c
aes.c:1066:48: warning: unused parameter 'ctx' [-Wunused-parameter]
int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
                                               ^
aes.c:1068:47: warning: unused parameter 'input' [-Wunused-parameter]
                          const unsigned char input[16],
                                              ^
aes.c:1069:41: warning: unused parameter 'output' [-Wunused-parameter]
                          unsigned char output[16])
                                        ^

It's annoying that the compiler generates all the other stuff instead of stopping at #error, but it's not really worth the code churn to fix it

@daverodgman
Copy link
Contributor Author

Sorry, accidentally updated this by pushing to the wrong branch. I've reset to the point of review approval.

tom-cosgrove-arm
tom-cosgrove-arm previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@daverodgman
Code style
a06d45e 
Signed-off-by: Dave Rodgman <[email protected]>
tom-cosgrove-arm
tom-cosgrove-arm approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@daverodgman daverodgman removed the needs-ci Needs to pass CI tests label Sep 30, 2023
@daverodgman daverodgman added this pull request to the merge queue Oct 9, 2023
Merged via the queue into Mbed-TLS:development with commit e7ebec6 Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

@gilles-peskine-arm gilles-peskine-arm gilles-peskine-arm approved these changes

Assignees
No one assigned
Labels
approved Design and code approved - may be waiting for CI or backports enhancement priority-medium Medium priority - this can be reviewed as time permits single-reviewer This PR qualifies for having only one reviewer size-xs Estimated task size: extra small (a few hours at most)
Projects
Friction
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@daverodgman @tom-cosgrove-arm @gilles-peskine-arm