From 2ef377d56de6da8ccfe249a88c05d19677a8fbcc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 7 Oct 2019 18:44:21 +0200
Subject: [PATCH] all.sh: support variable seedfile size

The size of the seedfile used by the entropy module when
MBEDTLS_ENTROPY_NV_SEED is enabled is 32 byte when
MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is
disabled, and 64 bytes otherwise. A larger seedfile is ok on
entry (the code just grabs the first N bytes), but a smaller seedfile
is not ok. Therefore, if you run a component with a 32-byte seedfile
and then a component with a 64-byte seedfile, the second component
fails in the unit tests (up to test_suite_entropy which erases the
seedfile and creates a fresh one).

This is ok up to now because we only enable MBEDTLS_ENTROPY_NV_SEED
together with MBEDTLS_ENTROPY_FORCE_SHA256. But it prevents enabling
MBEDTLS_ENTROPY_NV_SEED without MBEDTLS_ENTROPY_FORCE_SHA256.

To fix this, unconditionally create a seedfile before each component.
---
 tests/scripts/all.sh | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2567cc0dd..3b2aef324 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -403,12 +403,6 @@ pre_check_git () {
     fi
 }
 
-pre_check_seedfile () {
-    if [ ! -f "./tests/seedfile" ]; then
-        dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
-    fi
-}
-
 pre_setup_keep_going () {
     failure_summary=
     failure_count=0
@@ -1272,7 +1266,16 @@ run_component () {
     cp -p "$CONFIG_H" "$CONFIG_BAK"
     current_component="$1"
     export MBEDTLS_TEST_CONFIGURATION="$current_component"
+
+    # Unconditionally create a seedfile that's sufficiently long.
+    # Do this before each component, because a previous component may
+    # have messed it up or shortened it.
+    dd if=/dev/urandom of=./tests/seedfile bs=64 count=1
+
+    # Run the component code.
     "$@"
+
+    # Restore the build tree to a clean state.
     cleanup
 }
 
@@ -1282,7 +1285,6 @@ pre_initialize_variables
 pre_parse_command_line "$@"
 
 pre_check_git
-pre_check_seedfile
 
 build_status=0
 if [ $KEEP_GOING -eq 1 ]; then