commit 32e889dfc3c7808d254750f09f11f0c397482368
author Gilles Peskine <Gilles.Peskine@arm.com> Sun Apr 12 23:43:28 2020 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Apr 14 21:23:48 2020 +0200
tree c67c6645e5fb3a7b290e0fae76fcbd08db0cfaf1
parent cfffc28a8066c3364185279013d9611812e4746e

Document and fix the MBEDTLS_xxx_ALT logic for the full config

The intended logic around MBEDTLS_xxx_ALT is to exclude them from full
because they require the alternative implementation of one or more
library functions, except that MBEDTLS_PLATFORM_xxx_ALT are different:
they're alternative implementations of a platform function and they
have a built-in default, so they should be included in full. Document
this.

Fix a bug whereby MBEDTLS_PLATFORM_xxx_ALT didn't catch symbols where
xxx contains an underscore. As a consequence,
MBEDTLS_PLATFORM_GMTIME_R_ALT and MBEDTLS_PLATFORM_NV_SEED_ALT are now
enabled in the full config. Explicitly exclude
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT because it behaves like the
non-platform ones, requiring an extra build-time dependency.
Explicitly exclude MBEDTLS_PLATFORM_NV_SEED_ALT from baremetal
because it requires MBEDTLS_ENTROPY_NV_SEED, and likewise explicitly
unset it from builds that unset MBEDTLS_ENTROPY_NV_SEED.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

scripts/config.py

diff --git a/scripts/config.py b/scripts/config.py
index d09353f..cd69ebf 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -183,6 +183,7 @@
     'MBEDTLS_NO_UDBL_DIVISION', # variant toggle
     'MBEDTLS_PKCS11_C', # build dependecy (libpkcs11-helper)
     'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
+    'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', # similar to non-platform xxx_ALT, requires platform_alt.h
     'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # variant toggle
     'MBEDTLS_PSA_CRYPTO_SE_C',
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
@@ -200,18 +201,26 @@
     'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
 ])
 
+def is_seamless_alt(name):
+    """Include xxx_ALT symbols that don't have external dependencies.
+
+    Include alternative implementations of platform functions, which  are
+    configurable function pointers that default to the built-in function.
+    This way we test that the function pointers exist and build correctly
+    without changing the behavior, and tests can verify that the function
+    pointers are used by modifying those pointers.
+
+    Exclude alternative implementations of library functions since they require
+    an implementation of the relevant functions and an xxx_alt.h header.
+    """
+    return name.startswith('MBEDTLS_PLATFORM_')
+
 def include_in_full(name):
     """Rules for symbols in the "full" configuration."""
-    if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name):
-        # Include configurable functions that default to the built-in function.
-        # This way we test that they're in place without changing the behavior.
-        return True
     if name in EXCLUDE_FROM_FULL:
         return False
     if name.endswith('_ALT'):
-        # Exclude alt implementations since they require an implementation
-        # of the relevant functions.
-        return False
+        return is_seamless_alt(name)
     return True
 
 def full_adapter(name, active, section):
@@ -235,6 +244,7 @@
     'MBEDTLS_HAVE_TIME_DATE', # requires a clock
     'MBEDTLS_NET_C', # requires POSIX-like networking
     'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
+    'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem
     'MBEDTLS_PLATFORM_TIME_ALT', # requires timing
     'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem
     'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem

tests/scripts/all.sh

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9b69aa2..1085de0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1023,6 +1023,7 @@
     scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
@@ -1052,6 +1053,7 @@
     scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
     scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
+    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.py unset MBEDTLS_FS_IO
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
@@ -1069,6 +1071,7 @@
     scripts/config.py full
     scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
 }
 
@@ -1252,6 +1255,7 @@
     scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
     scripts/config.py set MBEDTLS_ENTROPY_C
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
     scripts/config.py unset MBEDTLS_HAVEGE_C
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .