Merge pull request #3867 from gilles-peskine-arm/error-include-string

Fix several configuration-related issues
2025-03-23 05:35:14 +00:00 · 2020-11-17 20:32:59 +01:00 · 2020-11-17 20:32:59 +01:00 · c70431451b
parent 9f4a01c33c 67aed9ada6
commit c70431451b
8 changed files with 54 additions and 26 deletions
--- a/ChangeLog.d/error-include-string.txt
+++ b/ChangeLog.d/error-include-string.txt
@ -0,0 +1,2 @@
+Bugfix
+   * Fix conditions for including string.h in error.c. Fixes #3866.
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -2057,7 +2057,11 @@
 * API to be configured separately from support through the mbedtls API.
 *
 * Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h
+ * can be found in include/psa/crypto_config.h.
+ *
+ * If you enable this option and write your own configuration file, you must
+ * include mbedtls/config_psa.h in your configuration file. The default
+ * provided mbedtls/config.h contains the necessary inclusion.
 *
 * This feature is still experimental and is not ready for production since
 * it is not completed.
@ -3856,7 +3860,9 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif

+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 #include "mbedtls/config_psa.h"
+#endif

 #include "mbedtls/check_config.h"

--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@ -41,6 +41,10 @@
 #include MBEDTLS_CONFIG_FILE
 #endif

+/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
+ * feature symbols. */
+#include "mbedtls/config_psa.h"
+
 /* PSA requires several types which C99 provides in stdint.h. */
 #include <stdint.h>

--- a/library/error.c
+++ b/library/error.c
@ -19,20 +19,20 @@

 #include "common.h"

-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-#include <string.h>
-#endif
+#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+
+#if defined(MBEDTLS_ERROR_C)

 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
 #define mbedtls_snprintf snprintf
-#define mbedtls_time_t   time_t
 #endif

-#if defined(MBEDTLS_ERROR_C)
-
 #include <stdio.h>
+#include <string.h>

 #if defined(MBEDTLS_AES_C)
 #include "mbedtls/aes.h"
@ -960,8 +960,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )

 #else /* MBEDTLS_ERROR_C */

-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
 /*
 * Provide an non-function in case MBEDTLS_ERROR_C is not defined
 */
@ -973,6 +971,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
        buf[0] = '\0';
 }

-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-
 #endif /* MBEDTLS_ERROR_C */
+
+#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@ -26,10 +26,12 @@
 #include <stdio.h>
 #include <stdlib.h>

-#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C)
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \
+    !defined(MBEDTLS_SSL_TLS_C)
 int main( void )
 {
-    printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n");
+    printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or "
+           "MBEDTLS_SSL_TLS_C not defined.\n");
    return( 0 );
 }
 #else
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@ -19,20 +19,20 @@

 #include "common.h"

-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-#include <string.h>
-#endif
+#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+
+#if defined(MBEDTLS_ERROR_C)

 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
 #define mbedtls_snprintf snprintf
-#define mbedtls_time_t   time_t
 #endif

-#if defined(MBEDTLS_ERROR_C)
-
 #include <stdio.h>
+#include <string.h>

 HEADER_INCLUDED

@ -149,8 +149,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )

 #else /* MBEDTLS_ERROR_C */

-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
 /*
 * Provide an non-function in case MBEDTLS_ERROR_C is not defined
 */
@ -162,6 +160,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
        buf[0] = '\0';
 }

-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-
 #endif /* MBEDTLS_ERROR_C */
+
+#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1895,6 +1895,20 @@ component_test_no_64bit_multiplication () {
    make test
 }

+component_test_no_strings () {
+    msg "build: no strings" # ~10s
+    scripts/config.py full
+    # Disable options that activate a large amount of string constants.
+    scripts/config.py unset MBEDTLS_DEBUG_C
+    scripts/config.py unset MBEDTLS_ERROR_C
+    scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
+    scripts/config.py unset MBEDTLS_VERSION_FEATURES
+    make CFLAGS='-Werror -Os'
+
+    msg "test: no strings" # ~ 10s
+    make test
+}
+
 component_build_arm_none_eabi_gcc () {
    msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
    scripts/config.py baremetal
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@ -28,17 +28,21 @@ use warnings;
 use strict;

 my %configs = (
+    'config-ccm-psk-tls1_2.h' => {
+        'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
+    },
    'config-mini-tls1_1.h' => {
        'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
    },
+    'config-no-entropy.h' => {
+    },
+    'config-psa-crypto.h' => {
+    },
    'config-suite-b.h' => {
        'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
    },
    'config-symmetric-only.h' => {
    },
-    'config-ccm-psk-tls1_2.h' => {
-        'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
-    },
    'config-thread.h' => {
        'opt' => '-f ECJPAKE.*nolog',
    },