HW Acceleration Alignment issue - IMXRT

Mbed TLS Bug Reports / Issues
1

Hi everyone,
I have implemented application which uses libcurl with mbedTLS version 2.28.4, and can safely download files from https, while using cypher suites that doesn’t uses HW acceleration (with poor performance).

The issue rises because of the usage of unaligned pointer from SSL message -
the message itself (entire buffer), is aligned but the header with another 5 bytes cause 13 bytes ofsset -
from ssl_internal.h:

/* Note: Even though the TLS record header is only 5 bytes
   long, we're internally using 8 bytes to store the
   implicit sequence number. */
#define MBEDTLS_SSL_HEADER_LEN 13

and therefore, the out_iv is in unaligned position:

void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
                                     mbedtls_ssl_transform *transform)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
        ssl->out_ctr = ssl->out_hdr +  3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
        ssl->out_cid = ssl->out_ctr +  8;
        ssl->out_len = ssl->out_cid;
        if (transform != NULL) {
            ssl->out_len += transform->out_cid_len;
        }
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
        ssl->out_len = ssl->out_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
        ssl->out_iv  = ssl->out_len + 2;
    } else
#endif
    {
        ssl->out_ctr = ssl->out_hdr - 8;
        ssl->out_len = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
        ssl->out_cid = ssl->out_len;
#endif
        ssl->out_iv  = ssl->out_hdr + 5;
    }

    ssl->out_msg = ssl->out_iv;
    /* Adjust out_msg to make space for explicit IV, if used. */
    if (transform != NULL) {
        ssl->out_msg += ssl_transform_get_explicit_iv_len(transform);
    }
}

Thus,
ssl->out_iv = ssl->out_hdr + 5; will result an unaligned offset,
and all the rest of the pointers are not aligned - causing an error to the HW accelerator (DCP)

Can you please advise?
BR,
Avishay

2

Hi,
Short update, the unaligned issue that I have seen, doesn’t relate to the DCP itself but to the Cache cleanup that needed to the cortex m7 and the RAM usage.
I can override it by cleaning the word in the unaligned address.
Although the HW acceleration now works, since the the addresses are not aligned, If one need to use DMA for example, it needs to deliver it one byte at a time, instead of word transactions, which in turn decreases the performance.
Thus, this is not a bug or issue (for me!), but more a request, to have the pointers for encryption/decryption aligned to 4 bytes,
Many thanks for the great work!
BR,
Avishay