Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove MBEDTLS_TEST_NULL_ENTROPY #4388

Closed
chris-jones-arm opened this issue Apr 21, 2021 · 3 comments · Fixed by #4450
Closed

Remove MBEDTLS_TEST_NULL_ENTROPY #4388

chris-jones-arm opened this issue Apr 21, 2021 · 3 comments · Fixed by #4450
Assignees
@mstarzyk-mobica
Labels
component-platform Portability layer and build scripts enhancement good-first-issue Good for newcomers size-s Estimated task size: small (~2d)

Comments

@chris-jones-arm
Copy link
Contributor

Context

The config option MBEDTLS_TEST_NULL_ENTROPY builds the library with no configured entropy sources. This completely negates any and all security provided by the library and as such represents a large security hole in the library.

This option was originally requested a relatively long time ago and we no longer find the reasoning behind keeping the option acceptable as it does not provide any tangible benefit for users any more.

Rationale

To reduce testing burden from too many config options as well as remove obsolete options which no longer bear relevance to the current library direction we want to remove this option in the 3.0 release.

This is a large security issue as it could be misconfigured and must not be used in production, therefore we do not feel it has a place in the library.

There are also suitable alternatives for replicating this option such as using MBEDTLS_ENTROPY_NV_SEED or making a fake entropy function.

Work items for 3.0

  • Remove MBEDTLS_TEST_NULL_ENTROPY from config.h
  • Remove all references to MBEDTLS_TEST_NULL_ENTROPY so that git grep MBEDTLS_TEST_NULL_ENTROPY finds no occurrences in the library or test code.
@chris-jones-arm chris-jones-arm added enhancement component-platform Portability layer and build scripts good-first-issue Good for newcomers mbedtls-3 size-s Estimated task size: small (~2d) labels Apr 21, 2021
@gilles-peskine-arm
Copy link
Contributor

In 3.0, it's enough to remove MBEDTLS_TEST_NULL_ENTROPY from config.h and ensure that defining it either results in a compilation error or does nothing. We can take care of removing it from the code and build scripts later in 3.x.

@Regis-Caelum
Copy link

@chris-jones-arm I want to work on this issue, can you guide me please.

@gilles-peskine-arm
Copy link
Contributor

Hi @Regis-Caelum,

Thanks for volunteering to help! You can easily find all the places to change with git grep MBEDTLS_TEST_NULL_ENTROPY. I'm not sure what parts would be difficult. I would suggest the following order:

  1. tests/scripts/all.sh
  2. include/mbedtls/config.h
  3. Places where tests/scripts/check-names.sh complains about
  4. Tests
  5. Build scripts

Please don't hesitate to ask if you need help! Either here or on a draft pull request.

@mstarzyk-mobica mstarzyk-mobica self-assigned this Apr 29, 2021
@mstarzyk-mobica mstarzyk-mobica mentioned this issue Apr 30, 2021
Merged
@ronald-cron-arm ronald-cron-arm linked a pull request May 5, 2021 that will close this issue
Remove MBEDTLS_TEST_NULL_ENTROPY config option. #4450
Merged
@mpg mpg closed this as completed in #4450 May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mstarzyk-mobica mstarzyk-mobica

Labels
component-platform Portability layer and build scripts enhancement good-first-issue Good for newcomers size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove MBEDTLS_TEST_NULL_ENTROPY config option. mstarzyk-mobica/mbedtls
4 participants
@mstarzyk-mobica @gilles-peskine-arm @Regis-Caelum @chris-jones-arm