Merge pull request #3023 from gilles-peskine-arm/config-crypto
Add crypto-only preset configurations
This commit is contained in:
commit
5da20cc569
@ -232,6 +232,35 @@ def baremetal_adapter(name, active, section):
|
||||
return True
|
||||
return include_in_full(name) and keep_in_baremetal(name)
|
||||
|
||||
def include_in_crypto(name):
|
||||
"""Rules for symbols in a crypto configuration."""
|
||||
if name.startswith('MBEDTLS_X509_') or \
|
||||
name.startswith('MBEDTLS_SSL_') or \
|
||||
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
|
||||
return False
|
||||
if name in [
|
||||
'MBEDTLS_CERTS_C',
|
||||
'MBEDTLS_DEBUG_C',
|
||||
'MBEDTLS_NET_C',
|
||||
'MBEDTLS_PKCS11_C',
|
||||
]:
|
||||
return False
|
||||
return True
|
||||
|
||||
def crypto_adapter(adapter):
|
||||
"""Modify an adapter to disable non-crypto symbols.
|
||||
|
||||
``crypto_adapter(adapter)(name, active, section)`` is like
|
||||
``adapter(name, active, section)``, but unsets all X.509 and TLS symbols.
|
||||
"""
|
||||
def continuation(name, active, section):
|
||||
if not include_in_crypto(name):
|
||||
return False
|
||||
if adapter is None:
|
||||
return active
|
||||
return adapter(name, active, section)
|
||||
return continuation
|
||||
|
||||
class ConfigFile(Config):
|
||||
"""Representation of the Mbed TLS configuration read for a file.
|
||||
|
||||
@ -396,6 +425,14 @@ if __name__ == '__main__':
|
||||
add_adapter('realfull', realfull_adapter,
|
||||
"""Uncomment all boolean #defines.
|
||||
Suitable for generating documentation, but not for building.""")
|
||||
add_adapter('crypto', crypto_adapter(None),
|
||||
"""Only include crypto features. Exclude X.509 and TLS.""")
|
||||
add_adapter('crypto_baremetal', crypto_adapter(baremetal_adapter),
|
||||
"""Like baremetal, but with only crypto features,
|
||||
excluding X.509 and TLS.""")
|
||||
add_adapter('crypto_full', crypto_adapter(full_adapter),
|
||||
"""Like full, but with only crypto features,
|
||||
excluding X.509 and TLS.""")
|
||||
|
||||
args = parser.parse_args()
|
||||
config = ConfigFile(args.file)
|
||||
|
@ -899,6 +899,33 @@ component_build_deprecated () {
|
||||
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
}
|
||||
|
||||
# Check that the specified libraries exist and are empty.
|
||||
are_empty_libraries () {
|
||||
nm "$@" >/dev/null 2>/dev/null
|
||||
! nm "$@" 2>/dev/null | grep -v ':$' | grep .
|
||||
}
|
||||
|
||||
component_build_crypto_default () {
|
||||
msg "build: make, crypto only"
|
||||
scripts/config.py crypto
|
||||
make CFLAGS='-O1 -Werror'
|
||||
if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
||||
}
|
||||
|
||||
component_build_crypto_full () {
|
||||
msg "build: make, crypto only, full config"
|
||||
scripts/config.py crypto_full
|
||||
make CFLAGS='-O1 -Werror'
|
||||
if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
||||
}
|
||||
|
||||
component_build_crypto_baremetal () {
|
||||
msg "build: make, crypto only, baremetal config"
|
||||
scripts/config.py crypto_baremetal
|
||||
make CFLAGS='-O1 -Werror'
|
||||
if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
|
||||
}
|
||||
|
||||
component_test_depends_curves () {
|
||||
msg "test/build: curves.pl (gcc)" # ~ 4 min
|
||||
record_status tests/scripts/curves.pl
|
||||
|
@ -33,7 +33,8 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||
@ -70,7 +71,7 @@ cleanup:
|
||||
mbedtls_x509_csr_free( &csr );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user