Merge pull request #10090 from valeriosetti/issue9618-development
[development] MBEDTLS_PLATFORM_GET_ENTROPY_ALT in 4.0
diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h
index e4de8b3..7a33b0d 100644
--- a/configs/crypto-config-ccm-psk-tls1_2.h
+++ b/configs/crypto-config-ccm-psk-tls1_2.h
@@ -31,6 +31,7 @@
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_PLATFORM_C
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES
diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
index 3fec3d0..92549ba 100644
--- a/configs/crypto-config-suite-b.h
+++ b/configs/crypto-config-suite-b.h
@@ -49,6 +49,7 @@
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_PLATFORM_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
index f71b1f0..d1c449e 100644
--- a/configs/crypto-config-thread.h
+++ b/configs/crypto-config-thread.h
@@ -56,6 +56,7 @@
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_PLATFORM_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
diff --git a/framework b/framework
index 1e7b5d5..1a83e0c 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3
+Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 7b4f520..ecf0149 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -73,8 +73,12 @@
cat <<'EOF'
+#include <iostream>
+
int main()
{
+ std::cout << "CPP dummy build\n";
+
mbedtls_platform_context *ctx = NULL;
mbedtls_platform_setup(ctx);
mbedtls_printf("CPP Build test passed\n");
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 4794cef..5157573 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -211,11 +211,18 @@
* back.
*/
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT)
+static void dummy_entropy(unsigned char *output, size_t output_size)
+{
+ srand(1);
+ for (size_t i = 0; i < output_size; i++) {
+ output[i] = rand();
+ }
+}
+
static void create_entropy_seed_file(void)
{
int result;
- size_t output_len = 0;
unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
/* Attempt to read the entropy seed file. If this fails - attempt to write
@@ -226,25 +233,14 @@
return;
}
- result = mbedtls_platform_entropy_poll(NULL,
- seed_value,
- MBEDTLS_ENTROPY_BLOCK_SIZE,
- &output_len);
- if (0 != result) {
- return;
- }
-
- if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) {
- return;
- }
-
+ dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
}
#endif
static int mbedtls_entropy_self_test_wrapper(int verbose)
{
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT)
create_entropy_seed_file();
#endif
return mbedtls_entropy_self_test(verbose);
diff --git a/scripts/config.py b/scripts/config.py
index 3fc3614..e5182a6 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -88,7 +88,6 @@
'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C
'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
- 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
@@ -123,6 +122,7 @@
an implementation of the relevant functions and an xxx_alt.h header.
"""
if name in (
+ 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT',
'MBEDTLS_PLATFORM_GMTIME_R_ALT',
'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
'MBEDTLS_PLATFORM_MS_TIME_ALT',
@@ -181,7 +181,7 @@
"""Config adapter for "baremetal"."""
if not is_boolean_setting(name, value):
return active
- if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
+ if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT':
# No OS-provided entropy source
return True
return include_in_full(name) and keep_in_baremetal(name)
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 614a493..e45a926 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -64,7 +64,7 @@
scripts/config.py unset MBEDTLS_NET_C || true
scripts/config.py unset MBEDTLS_TIMING_C || true
scripts/config.py unset MBEDTLS_FS_IO || true
- scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY || true
+ scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true
} >/dev/null 2>&1
make clean >/dev/null
diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh
index ef11439..1249930 100755
--- a/tests/psa-client-server/psasim/test/start_server.sh
+++ b/tests/psa-client-server/psasim/test/start_server.sh
@@ -8,7 +8,14 @@
# The server creates some local files when it starts up so we can wait for this
# event as signal that the server is ready so that we can start client(s).
function wait_for_server_startup() {
+ SECONDS=0
+ TIMEOUT=10
+
while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do
+ if [ "$SECONDS" -ge "$TIMEOUT" ]; then
+ echo "Timeout: psa_server not started within $TIMEOUT seconds."
+ return 1
+ fi
sleep 0.1
done
}
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index c7c9ed5..429a04f 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -121,7 +121,6 @@
# Obsolete configuration options, to be replaced by
# PSA entropy drivers.
# https://github.com/Mbed-TLS/mbedtls/issues/8150
- 'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
# Untested aspect of the platform interface.
# https://github.com/Mbed-TLS/mbedtls/issues/9589
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index 3108aa7..e533cdf 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -65,7 +65,9 @@
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
# Note: Explicitly generate files as these are turned off in releases
- cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR"
+ # Note: Use Clang compiler also for C++ (C uses it by default)
+ CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON \
+ -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR"
make
msg "test: cmake 'out-of-source' build"
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index bf537a9..a06ef1d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2207,6 +2207,7 @@
#define MBEDTLS_AES_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
+ #define MBEDTLS_PLATFORM_C
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_SELF_TEST
END
diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh
index bebd860..ade207a 100644
--- a/tests/scripts/components-configuration-platform.sh
+++ b/tests/scripts/components-configuration-platform.sh
@@ -20,13 +20,27 @@
make
}
+component_test_platform_get_entropy_alt()
+{
+ msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT"
+ # Use hardware polling as the only source for entropy
+ scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+
+ make
+
+ # Run all the tests
+ msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT"
+ make test
+}
+
component_build_no_sockets () {
# Note, C99 compliance can also be tested with the sockets support disabled,
# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
- scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
+ scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
}
@@ -106,6 +120,3 @@
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
make test
}
-
-
-
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 2dfa6d2..5fd9ede 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -132,7 +132,8 @@
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.py full
- CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
+ CC=clang CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Release \
+ -D ENABLE_TESTING=On -D TEST_CPP=1 .
make
msg "test: main suites (full config, clang)" # ~ 5s
@@ -280,6 +281,10 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ # Use the test alternative implementation of mbedtls_platform_get_entropy()
+ # which is provided in "framework/tests/src/fake_external_rng_for_test.c"
+ # since the default one is excluded in this scenario.
+ scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
diff --git a/tf-psa-crypto b/tf-psa-crypto
index f936d86..5ab6c9c 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6
+Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388