Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roll MbedTLS to 2.28 #17790

Merged
merged 1 commit into from
May 24, 2022
Merged

Roll MbedTLS to 2.28 #17790

merged 1 commit into from
May 24, 2022

Conversation

mspang
Copy link
Contributor

@mspang mspang commented Apr 26, 2022

Problem

MbedTLS 2.25 is out of support.

Change overview

Roll MbedTLS to 2.28 LTS

Testing

Build & commission EFR32 lighting-app with linux_x64_gcc_mbedtls/chip-tool

@github-actions
Copy link

PR #17790: Size comparison from 6c54ab8 to 979a837

Full report (2 builds for mbed, nrfconnect)
platform target config section 6c54ab8 979a837 change % change
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2411508 2411508 0 0.0
.bss 205660 205660 0 0.0
.data 5848 5848 0 0.0
.text 1374108 1374108 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1179243 1179243 0 0.0
bss 141784 141784 0 0.0
rodata 150204 150204 0 0.0
text 808616 808616 0 0.0

@mspang
Copy link
Contributor Author

mspang commented Apr 26, 2022

@pankore Looks like AmebaD is building our MbedTLS with an out of tree build file. Can you please assist?

@stale
Copy link

stale bot commented May 4, 2022

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale Stale issue or PR label May 4, 2022
@mspang
Copy link
Contributor Author

mspang commented May 9, 2022

@pankore

@stale stale bot removed the stale Stale issue or PR label May 9, 2022
@pankore
Copy link
Contributor

pankore commented May 17, 2022
edited
Loading

Hi @mspang , as discussed on slack, the docker file has been updated. Please help to rebase and then add constant_time.c in third_party/ameba/mbedtls.cmake to make CI pass.
I have done local test for the change and it is working good with the new docker image. Many thanks!

@mspang
Roll MbedTLS to 2.28
1e440bb 
MbedTLS 2.25 is out of support.
@mspang mspang force-pushed the for-chip/mbedtls-2.28 branch from 979a837 to 1e440bb Compare May 20, 2022 20:01
@mspang
Copy link
Contributor Author

mspang commented May 20, 2022

Hi @mspang , as discussed on slack, the docker file has been updated. Please help to rebase and then add constant_time.c in third_party/ameba/mbedtls.cmake to make CI pass. I have done local test for the change and it is working good with the new docker image. Many thanks!

Thanks.

@github-actions
Copy link

github-actions bot commented May 20, 2022
edited
Loading

PR #17790: Size comparison from a1b322c to 1e440bb

Increases (13 builds for cc13x2_26x2, cyw30739, k32w, linux)
platform target config section a1b322c 1e440bb change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 668407 668687 280 0.0
.text 568288 568696 408 0.1
lock-ftd LP_CC2652R7 (read only) 675919 676199 280 0.0
.text 581028 581436 408 0.1
lock-mtd LP_CC2652R7 (read only) 625327 625599 272 0.0
.text 530548 530948 400 0.1
pump-app LP_CC2652R7 (read only) 676003 676275 272 0.0
.text 586620 587020 400 0.1
pump-controller-app LP_CC2652R7 (read only) 653963 654235 272 0.0
.text 569808 570208 400 0.1
shell LP_CC2652R7 (read only) 661494 661774 280 0.0
.text 564404 564812 408 0.1
cyw30739 light cyw930739m2evb_01 (read/write) 624150 624254 104 0.0
.app_xip_area 527508 527612 104 0.0
lock cyw930739m2evb_01 (read/write) 626962 627066 104 0.0
.app_xip_area 531776 531880 104 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 570882 570986 104 0.0
.app_xip_area 465980 466084 104 0.0
k32w light k32w061+release (read/write) 682488 682760 272 0.0
.text 598416 598688 272 0.0
lock k32w061+release (read/write) 728636 728908 272 0.0
.text 644172 644444 272 0.0
linux chip-tool-no-interactive-ipv6only arm64 (read only) 9206676 9213020 6344 0.1
(read/write) 645361 645409 48 0.0
.data.rel.ro 583112 583160 48 0.0
.rodata 446436 446988 552 0.1
.text 7298196 7303940 5744 0.1
thermostat-no-ble arm64 (read only) 2357292 2360836 3544 0.2
(read/write) 176609 176657 48 0.0
.data.rel.ro 79416 79464 48 0.1
.rodata 147548 147764 216 0.1
.text 1980768 1984048 3280 0.2
Decreases (6 builds for cc13x2_26x2)
platform target config section a1b322c 1e440bb change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read/write) 182424 182144 -280 -0.2
.rodata 99895 99767 -128 -0.1
lock-ftd LP_CC2652R7 (read/write) 166864 166584 -280 -0.2
.rodata 94407 94279 -128 -0.1
lock-mtd LP_CC2652R7 .rodata 94287 94159 -128 -0.1
pump-app LP_CC2652R7 (read/write) 168084 167812 -272 -0.2
.rodata 88899 88771 -128 -0.1
pump-controller-app LP_CC2652R7 (read/write) 189908 189636 -272 -0.1
.rodata 83675 83547 -128 -0.2
shell LP_CC2652R7 (read/write) 184896 184616 -280 -0.2
.rodata 96862 96734 -128 -0.1
Full report (34 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, telink)
platform target config section a1b322c 1e440bb change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 668407 668687 280 0.0
(read/write) 182424 182144 -280 -0.2
.bss 73812 73812 0 0.0
.data 3404 3404 0 0.0
.rodata 99895 99767 -128 -0.1
.text 568288 568696 408 0.1
lock-ftd LP_CC2652R7 (read only) 675919 676199 280 0.0
(read/write) 166864 166584 -280 -0.2
.bss 72820 72820 0 0.0
.data 3236 3236 0 0.0
.rodata 94407 94279 -128 -0.1
.text 581028 581436 408 0.1
lock-mtd LP_CC2652R7 (read only) 625327 625599 272 0.0
(read/write) 145652 145652 0 0.0
.bss 68556 68556 0 0.0
.data 3236 3236 0 0.0
.rodata 94287 94159 -128 -0.1
.text 530548 530948 400 0.1
pump-app LP_CC2652R7 (read only) 676003 676275 272 0.0
(read/write) 168084 167812 -272 -0.2
.bss 73100 73100 0 0.0
.data 3272 3272 0 0.0
.rodata 88899 88771 -128 -0.1
.text 586620 587020 400 0.1
pump-controller-app LP_CC2652R7 (read only) 653963 654235 272 0.0
(read/write) 189908 189636 -272 -0.1
.bss 73140 73140 0 0.0
.data 3232 3232 0 0.0
.rodata 83675 83547 -128 -0.2
.text 569808 570208 400 0.1
shell LP_CC2652R7 (read only) 661494 661774 280 0.0
(read/write) 184896 184616 -280 -0.2
.bss 76172 76172 0 0.0
.data 3408 3408 0 0.0
.rodata 96862 96734 -128 -0.1
.text 564404 564812 408 0.1
cyw30739 light cyw930739m2evb_01 (read/write) 624150 624254 104 0.0
.app_xip_area 527508 527612 104 0.0
.bss 79284 79284 0 0.0
.data 708 708 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 626962 627066 104 0.0
.app_xip_area 531776 531880 104 0.0
.bss 77860 77860 0 0.0
.data 672 672 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 570882 570986 104 0.0
.app_xip_area 465980 466084 104 0.0
.bss 87280 87280 0 0.0
.data 584 584 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 915988 915988 0 0.0
(read/write) 133372 133372 0 0.0
.bss 131312 131312 0 0.0
.data 2060 2060 0 0.0
.text 915980 915980 0 0.0
BRD4161A+rpc (read only) 950176 950176 0 0.0
(read/write) 150056 150056 0 0.0
.bss 147792 147792 0 0.0
.data 2264 2264 0 0.0
.text 950168 950168 0 0.0
BRD4161A+rs911x (read only) 790548 790548 0 0.0
(read/write) 129640 129640 0 0.0
.bss 127572 127572 0 0.0
.data 2068 2068 0 0.0
.text 790540 790540 0 0.0
lock-app BRD4161A+wf200 (read only) 946760 946760 0 0.0
(read/write) 124124 124124 0 0.0
.bss 122100 122100 0 0.0
.data 2024 2024 0 0.0
.text 946752 946752 0 0.0
window-app BRD4161A (read only) 897260 897260 0 0.0
(read/write) 133432 133432 0 0.0
.bss 131384 131384 0 0.0
.data 2048 2048 0 0.0
.text 897252 897252 0 0.0
esp32 all-clusters-app c3devkit (read only) 1002770 1002770 0 0.0
(read/write) 1478050 1478050 0 0.0
.dram0.bss 68376 68376 0 0.0
.dram0.data 14624 14624 0 0.0
.flash.rodata 209616 209616 0 0.0
.flash.text 1002770 1002770 0 0.0
.iram0.text 62954 62954 0 0.0
m5stack (read only) 1057595 1057595 0 0.0
(read/write) 480056 480056 0 0.0
.dram0.bss 73896 73896 0 0.0
.dram0.data 34200 34200 0 0.0
.flash.rodata 239964 239964 0 0.0
.flash.text 1052211 1052211 0 0.0
.iram0.text 123267 123267 0 0.0
k32w light k32w061+release (read/write) 682488 682760 272 0.0
.bss 80352 80352 0 0.0
.data 2016 2016 0 0.0
.text 598416 598688 272 0.0
lock k32w061+release (read/write) 728636 728908 272 0.0
.bss 80784 80784 0 0.0
.data 1976 1976 0 0.0
.text 644172 644444 272 0.0
linux all-clusters-app debug (read only) 2759561 2759561 0 0.0
(read/write) 176384 176384 0 0.0
.bss 85440 85440 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 82712 82712 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 1016 1016 0 0.0
.rodata 241373 241373 0 0.0
.text 2343634 2343634 0 0.0
bridge-app debug+rpc (read only) 2035481 2035481 0 0.0
(read/write) 148024 148024 0 0.0
.bss 73120 73120 0 0.0
.data 3936 3936 0 0.0
.data.rel.ro 65384 65384 0 0.0
.dynamic 592 592 0 0.0
.got 4272 4272 0 0.0
.init 27 27 0 0.0
.init_array 688 688 0 0.0
.rodata 169065 169065 0 0.0
.text 1709298 1709298 0 0.0
chip-tool debug (read only) 9460069 9460069 0 0.0
(read/write) 579192 579192 0 0.0
.bss 23936 23936 0 0.0
.data 1152 1152 0 0.0
.data.rel.ro 547800 547800 0 0.0
.dynamic 624 624 0 0.0
.got 5000 5000 0 0.0
.init 27 27 0 0.0
.init_array 656 656 0 0.0
.rodata 482013 482013 0 0.0
.text 7651125 7651125 0 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9206676 9213020 6344 0.1
(read/write) 645361 645409 48 0.0
.bss 42225 42225 0 0.0
.data 1192 1192 0 0.0
.data.rel.ro 583112 583160 48 0.0
.dynamic 560 560 0 0.0
.got 14984 14984 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 446436 446988 552 0.1
.text 7298196 7303940 5744 0.1
lighting-app debug+rpc (read only) 2327273 2327273 0 0.0
(read/write) 153440 153440 0 0.0
.bss 74912 74912 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 70728 70728 0 0.0
.dynamic 608 608 0 0.0
.got 4344 4344 0 0.0
.init 27 27 0 0.0
.init_array 792 792 0 0.0
.rodata 188073 188073 0 0.0
.text 1972850 1972850 0 0.0
lock-app debug (read only) 2240769 2240769 0 0.0
(read/write) 148152 148152 0 0.0
.bss 73600 73600 0 0.0
.data 1568 1568 0 0.0
.data.rel.ro 67272 67272 0 0.0
.dynamic 592 592 0 0.0
.got 4336 4336 0 0.0
.init 27 27 0 0.0
.init_array 752 752 0 0.0
.rodata 198713 198713 0 0.0
.text 1882098 1882098 0 0.0
ota-provider-app debug (read only) 2065977 2065977 0 0.0
(read/write) 141232 141232 0 0.0
.bss 73056 73056 0 0.0
.data 1768 1768 0 0.0
.data.rel.ro 60600 60600 0 0.0
.dynamic 608 608 0 0.0
.got 4504 4504 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 179872 179872 0 0.0
.text 1727538 1727538 0 0.0
ota-requestor-app debug (read only) 2094929 2094929 0 0.0
(read/write) 144040 144040 0 0.0
.bss 73728 73728 0 0.0
.data 1992 1992 0 0.0
.data.rel.ro 62664 62664 0 0.0
.dynamic 592 592 0 0.0
.got 4344 4344 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 175840 175840 0 0.0
.text 1759058 1759058 0 0.0
shell debug (read only) 2575769 2575769 0 0.0
(read/write) 200408 200408 0 0.0
.bss 116360 116360 0 0.0
.data 1376 1376 0 0.0
.data.rel.ro 76912 76912 0 0.0
.dynamic 608 608 0 0.0
.got 4192 4192 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 222354 222354 0 0.0
.text 2192242 2192242 0 0.0
thermostat-no-ble arm64 (read only) 2357292 2360836 3544 0.2
(read/write) 176609 176657 48 0.0
.bss 87873 87873 0 0.0
.data 1520 1520 0 0.0
.data.rel.ro 79416 79464 48 0.1
.dynamic 560 560 0 0.0
.got 4768 4768 0 0.0
.init 24 24 0 0.0
.init_array 376 376 0 0.0
.rodata 147548 147764 216 0.1
.text 1980768 1984048 3280 0.2
tv-app debug (read only) 2856913 2856913 0 0.0
(read/write) 279072 279072 0 0.0
.bss 191032 191032 0 0.0
.data 4672 4672 0 0.0
.data.rel.ro 77120 77120 0 0.0
.dynamic 592 592 0 0.0
.got 4720 4720 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 221137 221137 0 0.0
.text 2453602 2453602 0 0.0
tv-casting-app debug (read only) 5433385 5433385 0 0.0
(read/write) 225344 225344 0 0.0
.bss 78616 78616 0 0.0
.data 2400 2400 0 0.0
.data.rel.ro 138120 138120 0 0.0
.dynamic 608 608 0 0.0
.got 4728 4728 0 0.0
.init 27 27 0 0.0
.init_array 864 864 0 0.0
.rodata 340097 340097 0 0.0
.text 4733794 4733794 0 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2418936 2418936 0 0.0
.bss 202796 202796 0 0.0
.data 5872 5872 0 0.0
.text 1381580 1381580 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1182467 1182467 0 0.0
bss 138540 138540 0 0.0
rodata 152796 152796 0 0.0
text 812288 812288 0 0.0
telink light-switch-app tlsr9518adk80d (read/write) 782400 782400 0 0.0
bss 70744 70744 0 0.0
noinit 40416 40416 0 0.0
text 553442 553442 0 0.0
lighting-app tlsr9518adk80d (read/write) 802420 802420 0 0.0
bss 71000 71000 0 0.0
noinit 40416 40416 0 0.0
text 570154 570154 0 0.0

@mspang mspang marked this pull request as ready for review May 20, 2022 22:42
@andy31415 andy31415 merged commit b4586be into project-chip:master May 24, 2022
@mspang mspang deleted the for-chip/mbedtls-2.28 branch May 24, 2022 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emargolis emargolis emargolis approved these changes

@andy31415 andy31415 Awaiting requested review from andy31415

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@hawk248 hawk248 Awaiting requested review from hawk248

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kghost kghost Awaiting requested review from kghost

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@mrjerryjohns mrjerryjohns Awaiting requested review from mrjerryjohns

@msandstedt msandstedt Awaiting requested review from msandstedt

@rgoliver rgoliver Awaiting requested review from rgoliver

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

@yunhanw-google yunhanw-google Awaiting requested review from yunhanw-google

Assignees
No one assigned
Labels
fast track review - pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mspang @pankore @emargolis @andy31415