search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.51k stars 2.6k forks source link

Reduce stack usage #4064

Closed d-otte closed 1 year ago

d-otte commented 3 years ago

Some functions in mbedTLS use large amounts of stack (mbedtls_pk_write_key_pem() uses 5776 bytes in my configuration of v2.16.9).

stack_usage.txt stack_usage.csv.txt

Steps to reproduce the reports 

make "CFLAGS=-O2 -fstack-usage" lib
sed 's#^\([^:]*/\)\?\(\([^:/]*:\)\{2\}[^:]*\):#\2\t#1' library/*.su | ( echo -e "File\tFunction\tSize\tFlags"; sort -r -n -k3) > stack_usage.csv
csv2md "-d$(echo -e '\t')" stack_usage.csv > stack_usage.md

Justification - why does the library need this feature?
This is a big issue for systems, which have a quite limited stack (but may have sufficient heap memory). Many embedded system have internal SRAM which is used for the stack, but also external RAM which is used for the heap and static buffers.

Suggested enhancement
In most cases it is possible to avoid stack allocation and use memory from the heap. I hope to have pull requests ready this week.

Questions Are there special limitations, where heap memory must not be used?

gilles-peskine-arm commented 3 years ago

Mbed TLS uses malloc liberally. We are trying to reduce the usage of malloc, to better support constrainted or high-reliability systems that don't want dynamic memory allocation, but that concerns low-level crypto code, not key and certificate parsing.

However, in this specific case, it doesn't make sense to me that PEM processing would need optimizing for stack usage. Why would a constrained system use PEM at all?

stevew817 commented 3 years ago

This is a big issue for systems, which have a quite limited stack (but may have sufficient heap memory). Many embedded system have internal SRAM which is used for the stack, but also external RAM which is used for the heap and static buffers.

There are also systems which have the inverse problem. Plenty of stack space due to other call trees needing more stack, but constrained heap. I'm not sure where the line should be drawn, but this seems a bit at-will.

d-otte commented 3 years ago

I've just seen that PR #2118 addresses several oft the functions and used similar approaches. I would like to backport those changes to mbedtls 2.16.

gilles-peskine-arm commented 3 years ago

I think we've been too liberal with applying non-critical changes to LTS branches lately, leading to regressions such as https://github.com/ARMmbed/mbedtls/issues/3682. This is not a bug, it's a memory management balance change (which is not even a benefit on all platforms), so I'm opposed to changing the behavior in LTS branches.

aditya-deshpande-arm commented 1 year ago

Fixed by PR #3464