From 32e889dfc3c7808d254750f09f11f0c397482368 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 12 Apr 2020 23:43:28 +0200 Subject: [PATCH] Document and fix the MBEDTLS_xxx_ALT logic for the full config The intended logic around MBEDTLS_xxx_ALT is to exclude them from full because they require the alternative implementation of one or more library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different: they're alternative implementations of a platform function and they have a built-in default, so they should be included in full. Document this. Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where xxx contains an underscore. As a consequence, MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now enabled in the full config. Explicitly exclude MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the non-platform ones, requiring an extra build-time dependency. Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED. Signed-off-by: Gilles Peskine --- scripts/config.py | 24 +++++++++++++++++------- tests/scripts/all.sh | 4 ++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index d09353fd1..cd69ebfde 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -183,6 +183,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # variant toggle 'MBEDTLS_PKCS11_C', # build dependecy (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature + 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', # similar to non-platform xxx_ALT, requires platform_alt.h 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # variant toggle 'MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) @@ -200,18 +201,26 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz) ]) +def is_seamless_alt(name): + """Include xxx_ALT symbols that don't have external dependencies. + + Include alternative implementations of platform functions, which are + configurable function pointers that default to the built-in function. + This way we test that the function pointers exist and build correctly + without changing the behavior, and tests can verify that the function + pointers are used by modifying those pointers. + + Exclude alternative implementations of library functions since they require + an implementation of the relevant functions and an xxx_alt.h header. + """ + return name.startswith('MBEDTLS_PLATFORM_') + def include_in_full(name): """Rules for symbols in the "full" configuration.""" - if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name): - # Include configurable functions that default to the built-in function. - # This way we test that they're in place without changing the behavior. - return True if name in EXCLUDE_FROM_FULL: return False if name.endswith('_ALT'): - # Exclude alt implementations since they require an implementation - # of the relevant functions. - return False + return is_seamless_alt(name) return True def full_adapter(name, active, section): @@ -235,6 +244,7 @@ EXCLUDE_FROM_BAREMETAL = frozenset([ 'MBEDTLS_HAVE_TIME_DATE', # requires a clock 'MBEDTLS_NET_C', # requires POSIX-like networking 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h + 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem 'MBEDTLS_PLATFORM_TIME_ALT', # requires timing 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9b69aa204..1085de0a2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1023,6 +1023,7 @@ component_test_check_params_without_platform () { scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_MEMORY + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -1052,6 +1053,7 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_FS_IO scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C @@ -1069,6 +1071,7 @@ component_build_no_std_function () { scripts/config.py full scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' } @@ -1252,6 +1255,7 @@ component_test_null_entropy () { scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.py set MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.py unset MBEDTLS_HAVEGE_C CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .