mirror of
				https://github.com/Mbed-TLS/mbedtls.git
				synced 2025-10-26 00:37:41 +03:00 
			
		
		
		
	Merge pull request #10210 from gilles-peskine-arm/nv-seed-only-3.6
3.6 only: Test a build with entropy only from NV seed
This commit is contained in:
		| @@ -86,10 +86,6 @@ class CoverageTask(outcome_analysis.CoverageTask): | |||||||
|             # Untested platform-specific optimizations. |             # Untested platform-specific optimizations. | ||||||
|             # https://github.com/Mbed-TLS/mbedtls/issues/9588 |             # https://github.com/Mbed-TLS/mbedtls/issues/9588 | ||||||
|             'Config: MBEDTLS_HAVE_SSE2', |             'Config: MBEDTLS_HAVE_SSE2', | ||||||
|             # Obsolete configuration option, to be replaced by |  | ||||||
|             # PSA entropy drivers. |  | ||||||
|             # https://github.com/Mbed-TLS/mbedtls/issues/8150 |  | ||||||
|             'Config: MBEDTLS_NO_PLATFORM_ENTROPY', |  | ||||||
|             # Untested aspect of the platform interface. |             # Untested aspect of the platform interface. | ||||||
|             # https://github.com/Mbed-TLS/mbedtls/issues/9589 |             # https://github.com/Mbed-TLS/mbedtls/issues/9589 | ||||||
|             'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', |             'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', | ||||||
|   | |||||||
| @@ -426,6 +426,23 @@ component_test_psa_external_rng_use_psa_crypto () { | |||||||
|     tests/ssl-opt.sh -f 'Default\|opaque' |     tests/ssl-opt.sh -f 'Default\|opaque' | ||||||
| } | } | ||||||
|  |  | ||||||
|  | component_test_entropy_nv_seed_only () { | ||||||
|  |     msg "build: full minus platform entropy (NV seed only)" | ||||||
|  |     scripts/config.py full | ||||||
|  |     scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY | ||||||
|  |     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" | ||||||
|  |  | ||||||
|  |     msg "build: full minus platform entropy (NV seed only)" | ||||||
|  |     make test | ||||||
|  |  | ||||||
|  |     # Check that the library seems to refer to the seedfile, but not to | ||||||
|  |     # platform entropy sources. | ||||||
|  |     grep seedfile library/platform.o | ||||||
|  |     not grep getrandom library/entropy*.o | ||||||
|  |     not grep /dev/random library/entropy*.o | ||||||
|  |     not grep /dev/.random library/entropy*.o | ||||||
|  | } | ||||||
|  |  | ||||||
| component_test_psa_inject_entropy () { | component_test_psa_inject_entropy () { | ||||||
|     msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" |     msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" | ||||||
|     scripts/config.py full |     scripts/config.py full | ||||||
|   | |||||||
| @@ -1,5 +1,10 @@ | |||||||
| # Interesting combinations of low-level crypto options | # Interesting combinations of low-level crypto options | ||||||
|  |  | ||||||
|  | # Entropy: available in mbedtls_entropy_init(), thanks to NV seed, no platform sources, no custom source | ||||||
|  | Config: entropy: NV seed only | ||||||
|  | depends_on:!MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_NO_PLATFORM_ENTROPY:!MBEDTLS_ENTROPY_HARDWARE_ALT | ||||||
|  | pass: | ||||||
|  |  | ||||||
| Config: ECC: Weierstrass curves only | Config: ECC: Weierstrass curves only | ||||||
| depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED | depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED | ||||||
| pass: | pass: | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user