Skip to content

Add checks for NULL_ENTROPY and SSL_TLS in mbed OS #3088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2016
Merged

Add checks for NULL_ENTROPY and SSL_TLS in mbed OS #3088

merged 1 commit into from
Oct 20, 2016

Conversation

andresag01
Copy link

@andresag01 andresag01 commented Oct 20, 2016
edited
Loading

Description

Add preprocessor checks to mbed TLS through the importer scripts to ensure that compilation fails for targets that attempt to use SSL or entropy, but these are not supported by the target.

Status

READY

Migrations

NO

Todos

  • Tests

Deploy notes

This causes build errors while trying to build applications that require SSL or entropy sources but the target does not support it.

@andresag01
Copy link
Author

@sbutcher-arm @yanesca

@andresag01 andresag01 force-pushed the mbedtls-preoprocessor-checks branch from c789822 to 2227b9d Compare October 20, 2016 14:48
simonbutcher
simonbutcher reviewed Oct 20, 2016
View reviewed changes
features/mbedtls/inc/mbedtls/config.h

#if defined(MBEDTLS_TEST_NULL_ENTROPY)
#warning "MBEDTLS_TEST_NULL_ENTROPY is enabled, the application will " \
"not be secure! Please implement hardware entropy for your platform"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change the warning to:

WARNING! MBEDTLS_TEST_NULL_ENTROPY has been enabled. This configuration is not secure and is not suitable for production use.

simonbutcher
simonbutcher reviewed Oct 20, 2016
View reviewed changes
features/mbedtls/inc/mbedtls/config.h
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \
!defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change the error text to:

No entropy source was found at build time, so TLS functionality is not available.

@andresag01 andresag01 force-pushed the mbedtls-preoprocessor-checks branch from 2227b9d to 509a72c Compare October 20, 2016 16:07
@simonbutcher
Copy link
Contributor

LGTM.

@andresag01 andresag01 changed the title DRAFT: Add checks for NULL_ENTROPY and SSL_TLS in mbed OS Add checks for NULL_ENTROPY and SSL_TLS in mbed OS Oct 20, 2016
@sg-
Copy link
Contributor

sg- commented Oct 20, 2016

/morph test

0xc0170
0xc0170 approved these changes Oct 20, 2016
View reviewed changes
Copy link
Contributor

@0xc0170 0xc0170 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for the warning

@mazimkhan
Copy link

retest uvisor

@c1728p9 c1728p9 merged commit d1a71eb into ARMmbed:master Oct 20, 2016
@mbed-bot
Copy link

Result: FAILURE

Your command has finished executing! Here's what you wrote!

/morph test

Output

mbed Build Number: 926

Test failed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simonbutcher simonbutcher simonbutcher left review comments

@0xc0170 0xc0170 0xc0170 approved these changes

Assignees
No one assigned
Labels
release-version: 5.2.0-rc4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@andresag01 @simonbutcher @sg- @mazimkhan @mbed-bot @0xc0170 @c1728p9