Add adjust-check-config script to mbedtls importer

In Mbed OS, there are configuration options with Mbed TLS that we are more comfortable allowing than we do with Mbed TLS on its own. Add a check-config adjusting script to enable removing or changing options in check_config.h
2019-06-24 13:47:38 +01:00 · 2019-06-24 13:47:38 +01:00 · 8f6667d3d2
parent 15b5b5da23
commit 8f6667d3d2
2 changed files with 61 additions and 0 deletions
--- a/features/mbedtls/importer/Makefile
+++ b/features/mbedtls/importer/Makefile
@ -132,6 +132,9 @@ deploy: rsync
 	# Adjusting the default mbed TLS config file to mbed purposes
 	./adjust-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config.h
 	#
+	# Adjusting the default mbed TLS check-config file to mbed purposes
+	./adjust-check-config.sh $(TARGET_INC)/mbedtls/check_config.h
+	#
 	# Copy and adjust the trimmed config that does not require entropy source
 	cp $(MBED_TLS_DIR)/configs/config-no-entropy.h $(TARGET_INC)/mbedtls/.
 	./adjust-no-entropy-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config-no-entropy.h
--- a/features/mbedtls/importer/adjust-check-config.sh
+++ b/features/mbedtls/importer/adjust-check-config.sh
@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2019, Arm Limited, All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+# Licensed under the Apache License, Version 2.0 (the License); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# * http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an AS IS BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Purpose
+#
+# Removes checks from check_config.h that aren't needed for Mbed OS
+#
+# Usage: adjust-check-config.sh [path to check_config file]
+#
+set -eu
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 path/to/check_config.h" >&2
+    exit 1
+fi
+
+FILE=$1
+
+conf() {
+    $SCRIPT -f $FILE --force $@
+}
+
+remove_code() {
+    MATCH_PATTERN=$(IFS=""; printf "%s" "$*")
+
+    perl -0pi -e "s/$MATCH_PATTERN//g" "$FILE"
+}
+
+# When using Mbed Crypto's PSA Entropy Injection feature on Mbed OS, it is
+# not required to opt out of having entropy sources added to your entropy
+# contexts by default (via MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES).
+# As integrated in Mbed OS, MBEDTLS_PSA_INJECT_ENTROPY is compatible with
+# actual entropy sources. PSA entropy injection is implemented using the
+# standard Mbed TLS NV Seed feature, and is as compatible with other
+# entropy sources as the standard Mbed TLS NV Seed feature which does
+# support entropy mixing.
+remove_code                                                                                 \
+    "#if defined\(MBEDTLS_PSA_INJECT_ENTROPY\) &&              \\\\\n"                      \
+    "    !defined\(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES\)\n"                                  \
+    "#error \"MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources\"\n" \
+    "#endif\n"                                                                              \
+    "\n"