From 606671b6a55c8f4c6b4957f77c2aaacd89a80d5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jul 2025 13:09:00 +0200 Subject: [PATCH] Explicitly enable built-in entropy in sample and test configs Now that built-in entropy is a positive option `MBEDTLS_PSA_BUILTIN_GET_ENTROPY` instead of a negative option `MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES`, it needs to be enabled explicitly in sample and test configurations. Signed-off-by: Gilles Peskine --- configs/crypto-config-ccm-psk-tls1_2.h | 8 +------- configs/crypto-config-suite-b.h | 7 +------ configs/crypto-config-thread.h | 1 + 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index e4de8b3fb6..163520ed34 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,15 +31,9 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index dd304c1c5d..0437bda3ce 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -51,6 +51,7 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* For test certificates */ #define MBEDTLS_BASE64_C @@ -69,10 +70,4 @@ /* Significant speed benefit at the expense of some ROM */ #define MBEDTLS_ECP_NIST_OPTIM -/* - * You should adjust this to the exact number of sources you're using: default - * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 18206e1a9f..5475a0af20 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -60,6 +60,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES