Remove mutexes from ECP hardware acceleration

Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
This commit is contained in:
Janos Follath 2017-06-22 10:02:07 +01:00 committed by Simon Butcher
parent b6479192d8
commit bfea4a7c02
4 changed files with 6 additions and 33 deletions

View File

@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.y.z released YYYY-MM-DD = mbed TLS 2.x.x released xxxx-xx-xx
Security Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
@ -18,6 +18,11 @@ API changes
verification of the peer's certificate failed due to an overlong chain or verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback. a fatal error in the vrfy callback.
Changes
* Removed mutexes from ECP hardware accelerator code. Now all hardware
accelerator code in the library leaves concurrency handling to the
platform. Reported by Steven Cooreman. #863
= mbed TLS 2.5.1 released 2017-06-21 = mbed TLS 2.5.1 released 2017-06-21
Security Security

View File

@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
*/ */
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex;
#endif
#endif /* MBEDTLS_THREADING_C */ #endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus #ifdef __cplusplus

View File

@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
return( ret ); return( ret );
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 )
return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
{ {
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
@ -1719,11 +1714,6 @@ cleanup:
mbedtls_internal_ecp_free( grp ); mbedtls_internal_ecp_free( grp );
} }
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 )
return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
return( ret ); return( ret );
} }
@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) );
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 )
return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
{ {
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
@ -1853,11 +1838,6 @@ cleanup:
mbedtls_internal_ecp_free( grp ); mbedtls_internal_ecp_free( grp );
} }
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 )
return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
mbedtls_ecp_point_free( &mP ); mbedtls_ecp_point_free( &mP );

View File

@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
mbedtls_mutex_init( &mbedtls_threading_ecp_mutex );
#endif
} }
/* /*
@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void )
{ {
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
mbedtls_mutex_free( &mbedtls_threading_ecp_mutex );
#endif
} }
#endif /* MBEDTLS_THREADING_ALT */ #endif /* MBEDTLS_THREADING_ALT */
@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void )
#endif #endif
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT;
#endif
#endif /* MBEDTLS_THREADING_C */ #endif /* MBEDTLS_THREADING_C */