Skip to content

Allow TLS configuration when no TRGN or NV seed #2915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Allow TLS configuration when no TRGN or NV seed #2915

wants to merge 1 commit into from

Conversation

c1728p9
Copy link
Contributor

@c1728p9 c1728p9 commented Oct 4, 2016

Description

Remove the code which forces the no entropy configuration when
MBEDTLS_ENTROPY_HARDWARE_ALT is not defined. This makes it possible for
users to turn on null entropy from the configuration system.

Related PRs

#2843

Related issues

#2914
ARMmbed/mbed-os-example-client#83
ARMmbed/mbed-os-example-client#84

Todos

  • Tests

@c1728p9
Copy link
Contributor Author

c1728p9 commented Oct 4, 2016

/morph test

@c1728p9 c1728p9 force-pushed the fix_tls_configuration branch from 71b4f32 to b40c057 Compare October 4, 2016 19:06
@c1728p9
Allow TLS configuration when no TRGN or NV seed
38ddeb6 
Remove the code which forces the no entropy configuration when
MBEDTLS_ENTROPY_HARDWARE_ALT is not defined. This makes it possible for
users to turn on null entropy from the configuration system.
@c1728p9 c1728p9 force-pushed the fix_tls_configuration branch from b40c057 to 38ddeb6 Compare October 4, 2016 19:07
@bridadan
Copy link
Contributor

bridadan commented Oct 4, 2016

/morph test

@c1728p9 c1728p9 mentioned this pull request Oct 4, 2016
Closed
@mbed-bot
Copy link

mbed-bot commented Oct 4, 2016

Result: FAILURE

Your command has finished executing! Here's what you wrote!

/morph test

Output

mbed Build Number: 1050

Test Prep failed!

@bridadan
Copy link
Contributor

bridadan commented Oct 4, 2016

/morph test

@sg- sg- added the needs: CI label Oct 4, 2016
@mbed-bot
Copy link

mbed-bot commented Oct 5, 2016

Result: SUCCESS

Your command has finished executing! Here's what you wrote!

/morph test

Output

mbed Build Number: 1055

All builds and test passed!

@sg-
Copy link
Contributor

sg- commented Oct 5, 2016

This has a problem linking mbed-client-testapp

Link: mbed-client-testapp
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk.o: In function `mbedtls_pk_verify_ext':
pk.c:(.text.mbedtls_pk_verify_ext+0x68): undefined reference to `mbedtls_rsa_rsassa_pss_verify_ext'
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk_wrap.o: In function `rsa_free_wrap':
pk_wrap.c:(.text.rsa_free_wrap+0x4): undefined reference to `mbedtls_rsa_free'
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk_wrap.o: In function `rsa_alloc_wrap':
pk_wrap.c:(.text.rsa_alloc_wrap+0x12): undefined reference to `mbedtls_rsa_init'
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk_wrap.o: In function `rsa_check_pair_wrap':
pk_wrap.c:(.text.rsa_check_pair_wrap+0x0): undefined reference to `mbedtls_rsa_check_pub_priv'
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk_wrap.o: In function `rsa_encrypt_wrap':
pk_wrap.c:(.text.rsa_encrypt_wrap+0x22): undefined reference to `mbedtls_rsa_pkcs1_encrypt'
./BUILD/k64f/gcc_arm/mbed-os/features/mbedtls/src/pk_wrap.o: In function `rsa_decrypt_wrap':
pk_wrap.c:(.text.rsa_decrypt_wrap+0x22): undefined reference to `mbedtls_rsa_pkcs1_decrypt'
...

@0xc0170
Copy link
Contributor

0xc0170 commented Oct 5, 2016

I think this bug should be fixed via #2926 ? @andresag01 can you provide details please

@simonbutcher
Copy link
Contributor

The bug is better fixed by #2926, which fixes the issue properly.

Otherwise there are several issues with this PR:

  • This pull request changes an imported file, so will be overwritten on the next import of mbed TLS. Fixes to mbed TLS MUST be done upstream.
  • This change will break mbed TLS on all platforms that don't have an entropy source, which in turn will break the mbed test suite.

Please close this PR and evaluate #2926 instead.

@c1728p9 c1728p9 closed this Oct 5, 2016
@cmonr cmonr removed the needs: CI label Apr 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@c1728p9 @bridadan @mbed-bot @sg- @0xc0170 @simonbutcher @cmonr