From 076c97e29aaabc39eeed28d424dd5bd2bd709c68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:14:10 +0100 Subject: [PATCH 1/4] Simplify conditional guards in error.c Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY. No longer include superfluous headers and definition: string.h and platform.h are only needed for MBEDTLS_ERROR_C; time_t is not needed at all. Signed-off-by: Gilles Peskine --- library/error.c | 15 ++++++--------- scripts/data_files/error.fmt | 15 ++++++--------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/library/error.c b/library/error.c index eb52052b5..b83b8d1f1 100644 --- a/library/error.c +++ b/library/error.c @@ -51,20 +51,19 @@ #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #include "mbedtls/error.h" -#include -#endif + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include #if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" @@ -929,8 +928,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -942,6 +939,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 162d93b45..c5c8707dc 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -51,20 +51,19 @@ #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #include "mbedtls/error.h" -#include -#endif + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include HEADER_INCLUDED @@ -130,8 +129,6 @@ LOW_LEVEL_CODE_CHECKS #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -143,6 +140,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ From 0ac6e0a8dcd9ab452c0950b1358d162992418b77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 14:44:04 +0100 Subject: [PATCH 2/4] Sort entries to make it easier to eyeball the list No semantic change. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index a8bfa6e90..c6298d0ab 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -55,15 +55,15 @@ use warnings; use strict; my %configs = ( + 'config-ccm-psk-tls1_2.h' => { + 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + }, 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', }, 'config-suite-b.h' => { 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, - 'config-ccm-psk-tls1_2.h' => { - 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', - }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', }, From 43f2f4eeed4bb0cb28af1db02030c613a879b9c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:15:17 +0100 Subject: [PATCH 3/4] Add missing config from test-ref-configs.pl The sample configuration file config-no-entropy.h was not being tested. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index c6298d0ab..94fc3351e 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -61,6 +61,8 @@ my %configs = ( 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', }, + 'config-no-entropy.h' => { + }, 'config-suite-b.h' => { 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, From 8ffc158c3652ef221f91d534ea67bcbaf6fcc6d0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:40:05 +0100 Subject: [PATCH 4/4] Add a build with MBEDTLS_ERROR_STRERROR_DUMMY Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C. Previously, both options were enabled by default, but MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is enabled, so its effect was not tested. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 07ff62da7..a2a26b45b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1501,6 +1501,20 @@ component_test_no_64bit_multiplication () { make test } +component_test_no_strings () { + msg "build: no strings" # ~10s + scripts/config.pl full + # Disable options that activate a large amount of string constants. + scripts/config.pl unset MBEDTLS_DEBUG_C + scripts/config.pl unset MBEDTLS_ERROR_C + scripts/config.pl set MBEDTLS_ERROR_STRERROR_DUMMY + scripts/config.pl unset MBEDTLS_VERSION_FEATURES + make CFLAGS='-Werror -Os' + + msg "test: no strings" # ~ 10s + make test +} + component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.pl baremetal