From 4159c7154c30c68eb6a69d3088a1a7725175b9ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:14:10 +0100 Subject: [PATCH 1/4] Simplify conditional guards in error.c Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY. No longer include superfluous headers and definition: string.h and platform.h are only needed for MBEDTLS_ERROR_C; time_t is not needed at all. Signed-off-by: Gilles Peskine --- library/error.c | 15 ++++++--------- scripts/data_files/error.fmt | 15 ++++++--------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/library/error.c b/library/error.c index 0757268f2..9b04dcd20 100644 --- a/library/error.c +++ b/library/error.c @@ -51,20 +51,19 @@ #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #include "mbedtls/error.h" -#include -#endif + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include #if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" @@ -835,8 +834,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -848,6 +845,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 162d93b45..c5c8707dc 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -51,20 +51,19 @@ #endif #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #include "mbedtls/error.h" -#include -#endif + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include HEADER_INCLUDED @@ -130,8 +129,6 @@ LOW_LEVEL_CODE_CHECKS #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -143,6 +140,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ From 8305b5e936baf192d794b7d1a63fc645b96afe34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 14:44:04 +0100 Subject: [PATCH 2/4] Sort entries to make it easier to eyeball the list No semantic change. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 6937b38e4..f084c3ba5 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -55,16 +55,16 @@ use warnings; use strict; my %configs = ( + 'config-ccm-psk-tls1_2.h' => { + 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + }, 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', }, - 'config-suite-b.h' => { - 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", - }, 'config-picocoin.h' => { }, - 'config-ccm-psk-tls1_2.h' => { - 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'config-suite-b.h' => { + 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', From 1eb2a9582dd2e8f4d8e367f4d38a9910758db912 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:15:17 +0100 Subject: [PATCH 3/4] Add missing config from test-ref-configs.pl The sample configuration file config-no-entropy.h was not being tested. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index f084c3ba5..5d4604e05 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -61,6 +61,8 @@ my %configs = ( 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', }, + 'config-no-entropy.h' => { + }, 'config-picocoin.h' => { }, 'config-suite-b.h' => { From d754c8bad6bdeb738e480d2705340464b14f3818 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:40:05 +0100 Subject: [PATCH 4/4] Add a build with MBEDTLS_ERROR_STRERROR_DUMMY Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C. Previously, both options were enabled by default, but MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is enabled, so its effect was not tested. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 45765b258..bd95a21aa 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1332,6 +1332,20 @@ component_test_have_int64 () { make test } +component_test_no_strings () { + msg "build: no strings" # ~10s + scripts/config.pl full + # Disable options that activate a large amount of string constants. + scripts/config.pl unset MBEDTLS_DEBUG_C + scripts/config.pl unset MBEDTLS_ERROR_C + scripts/config.pl set MBEDTLS_ERROR_STRERROR_DUMMY + scripts/config.pl unset MBEDTLS_VERSION_FEATURES + make CFLAGS='-Werror -Os' + + msg "test: no strings" # ~ 10s + make test +} + component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.pl baremetal