Merge pull request #10073 from felixc-arm/remove-inject-entropy

[development] Remove MBEDTLS_PSA_INJECT_ENTROPY
2025-05-09 16:41:19 +08:00 · 2025-03-28 13:22:00 +00:00 · 2025-03-28 13:22:00 +00:00 · 3189752b2f
commit 3189752b2f
parent 064f68ec85 1459e75d3d
7 changed files with 3 additions and 50 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,5 @@
 # Random seed file created by test scripts and sample programs
 seedfile
-# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
-00000000ffffff52.psa_its
 # Log files created by all.sh to reduce the logs in case a component runs
 # successfully
 quiet-make.*
--- a/scripts/config.py
+++ b/scripts/config.py
@ -96,7 +96,6 @@ EXCLUDE_FROM_FULL = frozenset([
    'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
    'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change
    'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
-    'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
    'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
    'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
    'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@ -1,29 +0,0 @@
-/* TF_PSA_CRYPTO_USER_CONFIG_FILE for testing.
- * Only used for a few test configurations.
- *
- * Typical usage (note multiple levels of quoting):
- *     make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
- * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
- * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
- * is to read and write from the entropy seed file, which is located
- * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
- * (These could have been provided as library functions, but for historical
- * reasons, they weren't, and so each integrator has to provide a copy
- * of these functions.)
- *
- * Provide implementations of these functions for testing. */
-#include <stddef.h>
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
-#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
-#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@ -27,7 +27,6 @@ my @skip_functions = (
    'mbedtls_psa_crypto_free', # redefined rather than wrapped
    'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type
    'mbedtls_psa_get_stats', # uses unsupported type
-    'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway
    'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type
    'psa_get_key_slot_number', # not in the default config, uses unsupported type
    'psa_key_derivation_verify_bytes', # not implemented yet
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@ -118,10 +118,11 @@ class CoverageTask(outcome_analysis.CoverageTask):
            # Untested platform-specific optimizations.
            # https://github.com/Mbed-TLS/mbedtls/issues/9588
            'Config: MBEDTLS_HAVE_SSE2',
-            # Obsolete configuration option, to be replaced by
+            # Obsolete configuration options, to be replaced by
            # PSA entropy drivers.
            # https://github.com/Mbed-TLS/mbedtls/issues/8150
            'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
+            'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
            # Untested aspect of the platform interface.
            # https://github.com/Mbed-TLS/mbedtls/issues/9589
            'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@ -261,21 +261,6 @@ component_test_psa_external_rng_use_psa_crypto () {
    tests/ssl-opt.sh -f 'Default\|opaque'
 }

-component_test_psa_inject_entropy () {
-    msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
-    scripts/config.py full
-    scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
-    scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
-    scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
-    scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
-    scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
-    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
-
-    msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
-    make test
-}
-
 component_full_no_pkparse_pkwrite () {
    msg "build: full without pkparse and pkwrite"

--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b
+Subproject commit d66b78e4ad1f7a61502e3dcf62daed177facc03f