Test a build without any asymmetric cryptography #298
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
gilles-peskine-arm
force-pushed
the
config-symmetric-only
branch
from
13f2acc to
d47e792
Compare
Add a reference configuration with most symmetric cryptographic algorithms enabled, but without any asymmetric cryptography. This checks that we don't have spurious unexpected dependencies on asymmetric-only modules such as bignum. Keep HAVE_ASM disabled because it's platform-specific. Keep HAVEGE disabled because it's untested and not recommended. Keep MEMORY_BUFFER_ALLOC out because it isn't related to cryptography at all and it makes memory sanitizers ineffective. Keep THREADING disabled because it requires special build options.
config-symmetric-only.h enables MBEDTLS_ENTROPY_NV_SEED so it needs a seedfile. Create it in test-ref-configs.pl so that the script works on its own, even if it is not invoked by all.sh.
gilles-peskine-arm
force-pushed
the
config-symmetric-only
branch
from
d47e792 to
581bfcf
Compare
gilles-peskine-arm
added
needs: review
| #define MBEDTLS_CONFIG_H | ||
|
|
||
| /* System support */ | ||
| //#define MBEDTLS_HAVE_ASM |
There was a problem hiding this comment.
Why is this line left in, even though it's commented?
There was a problem hiding this comment.
I left a couple of options commented out because I thought that they were options that should not be enabled in our test configuration, but could be useful to users who want to make a symmetric-only configuration tuned to their use case, and use this file as a starting point.
AndrzejKurek
previously approved these changes
Oct 21, 2019
| psa_storage_uid_t uid = file_uid_for_lifetime( lifetime ); | ||
| struct psa_storage_info_t info; | ||
| uint8_t *loaded = NULL; | ||
| int ok = 0; |
There was a problem hiding this comment.
In such cases I'd rather use "is_ok" to show that it's a boolean, but that's an opinion.
There was a problem hiding this comment.
int ok is what I've used in similar support functions before, so I used the same style here for consistency.
AndrzejKurek
previously approved these changes
Oct 22, 2019
Enabling memory_buffer_alloc is slow and makes ASan ineffective. We have a patch pending to remove it from the full config. In the meantime, disable it explicitly.
jainvikas8
approved these changes
Oct 31, 2019
AndrzejKurek
approved these changes
Nov 4, 2019
|
New CI run now that the problems with the Cypress boards are fixed: https://jenkins-internal.mbed.com/job/mbed-crypto-pr/job/PR-298-merge/15/ → PASS |
gilles-peskine-arm
removed
the
needs: review
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbed-crypto
that referenced
this pull request
Nov 15, 2019
* ARMmbed#292: Make psa_close_key(0) and psa_destroy_key(0) succeed * ARMmbed#299: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed * ARMmbed#259: Check `len` against buffers size upper bound in PSA tests * ARMmbed#288: Add ECDSA tests with hash and key of different lengths * ARMmbed#305: CTR_DRBG: grab a nonce from the entropy source if needed * ARMmbed#316: Stop transactions from being reentrant * ARMmbed#317: getting_started: Make it clear that keys are passed in * ARMmbed#314: Fix pk_write with EC key to use a constant size for the private value * ARMmbed#298: Test a build without any asymmetric cryptography * ARMmbed#284: Fix some possibly-undefined variable warnings * ARMmbed#315: Define MBEDTLS_PK_SIGNATURE_MAX_SIZE * ARMmbed#318: Finish side-porting commits from mbedtls-restricted that missed the split
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #296.
Also fix two bugs that the tests revealed:
component_test_se_fullwasn't using the full config, and there was a memory leak in an SE HAL test (fix duplicated in #304).