Force some compilers to respect volatile reads Inspection of the generated assembly showed that before this commit, armcc 5 was optimizing away the successive reads to the volatile local variable that's used for double-checks. Inspection also reveals that inserting a call to an external function is enough to prevent it from doing that. The tested versions of ARM-GCC, Clang and Armcc 6 (aka armclang) all keep the double read, with our without a call to an external function in the middle. The inserted function can also be changed to insert a random delay if desired in the future, as it is appropriately places between the reads.

commit: 72a8c9e7dcca83a17c2c8429311822ab6bdbc450 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Nov 08 10:21:00 2019 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 21 15:14:59 2019 +0100
tree: 7f77d9b76f00ed4d91b06eea60953f7a624e5feb
parent: ca7b5ab5ef0e8943fda34c6347a2f10136bd7fcf [diff] [blame]
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 687ea98..6c171c3 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c

@@ -67,6 +67,7 @@
 #if defined(MBEDTLS_USE_TINYCRYPT)
 #include <tinycrypt/ecc.h>
 #include <tinycrypt/ecc_dsa.h>
+#include "mbedtls/platform_util.h"
 
 #if default_RNG_defined
 static uECC_RNG_Function g_rng_function = &default_CSPRNG;
@@ -304,6 +305,7 @@
 	/* Accept only if v == r. */
 	diff = uECC_vli_equal(rx, r);
 	if (diff == 0) {
+		mbedtls_platform_enforce_volatile_reads();
 		if (diff == 0) {
 			return UECC_SUCCESS;
 		}
commit	72a8c9e7dcca83a17c2c8429311822ab6bdbc450	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Nov 08 10:21:00 2019 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Nov 21 15:14:59 2019 +0100
tree	7f77d9b76f00ed4d91b06eea60953f7a624e5feb
parent	ca7b5ab5ef0e8943fda34c6347a2f10136bd7fcf [diff] [blame]