Document and fix the MBEDTLS_xxx_ALT logic for the full config
The intended logic around MBEDTLS_xxx_ALT is to exclude them from full because they require the alternative implementation of one or more library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different: they're alternative implementations of a platform function and they have a built-in default, so they should be included in full. Document this. Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now enabled in the full config. Explicitly exclude MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the non-platform ones, requiring an extra build-time dependency. Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
cfffc28a80
commit
32e889dfc3
@ -183,6 +183,7 @@ EXCLUDE_FROM_FULL = frozenset([
|
|||||||
'MBEDTLS_NO_UDBL_DIVISION', # variant toggle
|
'MBEDTLS_NO_UDBL_DIVISION', # variant toggle
|
||||||
'MBEDTLS_PKCS11_C', # build dependecy (libpkcs11-helper)
|
'MBEDTLS_PKCS11_C', # build dependecy (libpkcs11-helper)
|
||||||
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
||||||
|
'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', # similar to non-platform xxx_ALT, requires platform_alt.h
|
||||||
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # variant toggle
|
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # variant toggle
|
||||||
'MBEDTLS_PSA_CRYPTO_SE_C',
|
'MBEDTLS_PSA_CRYPTO_SE_C',
|
||||||
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
||||||
@ -200,18 +201,26 @@ EXCLUDE_FROM_FULL = frozenset([
|
|||||||
'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
|
'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
|
||||||
])
|
])
|
||||||
|
|
||||||
|
def is_seamless_alt(name):
|
||||||
|
"""Include xxx_ALT symbols that don't have external dependencies.
|
||||||
|
|
||||||
|
Include alternative implementations of platform functions, which are
|
||||||
|
configurable function pointers that default to the built-in function.
|
||||||
|
This way we test that the function pointers exist and build correctly
|
||||||
|
without changing the behavior, and tests can verify that the function
|
||||||
|
pointers are used by modifying those pointers.
|
||||||
|
|
||||||
|
Exclude alternative implementations of library functions since they require
|
||||||
|
an implementation of the relevant functions and an xxx_alt.h header.
|
||||||
|
"""
|
||||||
|
return name.startswith('MBEDTLS_PLATFORM_')
|
||||||
|
|
||||||
def include_in_full(name):
|
def include_in_full(name):
|
||||||
"""Rules for symbols in the "full" configuration."""
|
"""Rules for symbols in the "full" configuration."""
|
||||||
if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name):
|
|
||||||
# Include configurable functions that default to the built-in function.
|
|
||||||
# This way we test that they're in place without changing the behavior.
|
|
||||||
return True
|
|
||||||
if name in EXCLUDE_FROM_FULL:
|
if name in EXCLUDE_FROM_FULL:
|
||||||
return False
|
return False
|
||||||
if name.endswith('_ALT'):
|
if name.endswith('_ALT'):
|
||||||
# Exclude alt implementations since they require an implementation
|
return is_seamless_alt(name)
|
||||||
# of the relevant functions.
|
|
||||||
return False
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def full_adapter(name, active, section):
|
def full_adapter(name, active, section):
|
||||||
@ -235,6 +244,7 @@ EXCLUDE_FROM_BAREMETAL = frozenset([
|
|||||||
'MBEDTLS_HAVE_TIME_DATE', # requires a clock
|
'MBEDTLS_HAVE_TIME_DATE', # requires a clock
|
||||||
'MBEDTLS_NET_C', # requires POSIX-like networking
|
'MBEDTLS_NET_C', # requires POSIX-like networking
|
||||||
'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
|
'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
|
||||||
|
'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem
|
||||||
'MBEDTLS_PLATFORM_TIME_ALT', # requires timing
|
'MBEDTLS_PLATFORM_TIME_ALT', # requires timing
|
||||||
'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem
|
'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem
|
||||||
'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
|
'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
|
||||||
|
@ -1023,6 +1023,7 @@ component_test_check_params_without_platform () {
|
|||||||
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
|
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
|
||||||
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
@ -1052,6 +1053,7 @@ component_test_no_platform () {
|
|||||||
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
||||||
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
|
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
|
||||||
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
scripts/config.py unset MBEDTLS_FS_IO
|
scripts/config.py unset MBEDTLS_FS_IO
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
@ -1069,6 +1071,7 @@ component_build_no_std_function () {
|
|||||||
scripts/config.py full
|
scripts/config.py full
|
||||||
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1252,6 +1255,7 @@ component_test_null_entropy () {
|
|||||||
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||||
scripts/config.py set MBEDTLS_ENTROPY_C
|
scripts/config.py set MBEDTLS_ENTROPY_C
|
||||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||||
scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
|
scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||||
scripts/config.py unset MBEDTLS_HAVEGE_C
|
scripts/config.py unset MBEDTLS_HAVEGE_C
|
||||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
|
||||||
|
Loading…
Reference in New Issue
Block a user