Merge pull request #3867 from gilles-peskine-arm/error-include-string
Fix several configuration-related issues
diff --git a/ChangeLog.d/error-include-string.txt b/ChangeLog.d/error-include-string.txt
new file mode 100644
index 0000000..0a12c7b
--- /dev/null
+++ b/ChangeLog.d/error-include-string.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix conditions for including string.h in error.c. Fixes #3866.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2ac2cc6..98f88ae 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2057,7 +2057,11 @@
* API to be configured separately from support through the mbedtls API.
*
* Uncomment this to enable use of PSA Crypto configuration settings which
- * can be found in include/psa/crypto_config.h
+ * can be found in include/psa/crypto_config.h.
+ *
+ * If you enable this option and write your own configuration file, you must
+ * include mbedtls/config_psa.h in your configuration file. The default
+ * provided mbedtls/config.h contains the necessary inclusion.
*
* This feature is still experimental and is not ready for production since
* it is not completed.
@@ -3856,7 +3860,9 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#include "mbedtls/config_psa.h"
+#endif
#include "mbedtls/check_config.h"
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index c64f61d..4582a86 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -41,6 +41,10 @@
#include MBEDTLS_CONFIG_FILE
#endif
+/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
+ * feature symbols. */
+#include "mbedtls/config_psa.h"
+
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
diff --git a/library/error.c b/library/error.c
index cba61e9..901a369 100644
--- a/library/error.c
+++ b/library/error.c
@@ -19,20 +19,20 @@
#include "common.h"
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-#include <string.h>
-#endif
+#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+
+#if defined(MBEDTLS_ERROR_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
-#define mbedtls_time_t time_t
#endif
-#if defined(MBEDTLS_ERROR_C)
-
#include <stdio.h>
+#include <string.h>
#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
@@ -960,8 +960,6 @@
#else /* MBEDTLS_ERROR_C */
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
/*
* Provide an non-function in case MBEDTLS_ERROR_C is not defined
*/
@@ -973,6 +971,6 @@
buf[0] = '\0';
}
-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-
#endif /* MBEDTLS_ERROR_C */
+
+#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index d109c1e..a204d9e 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -26,10 +26,12 @@
#include <stdio.h>
#include <stdlib.h>
-#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C)
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \
+ !defined(MBEDTLS_SSL_TLS_C)
int main( void )
{
- printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n");
+ printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or "
+ "MBEDTLS_SSL_TLS_C not defined.\n");
return( 0 );
}
#else
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index fd72f8b..9e479bb 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -19,20 +19,20 @@
#include "common.h"
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-#include <string.h>
-#endif
+#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+
+#if defined(MBEDTLS_ERROR_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
-#define mbedtls_time_t time_t
#endif
-#if defined(MBEDTLS_ERROR_C)
-
#include <stdio.h>
+#include <string.h>
HEADER_INCLUDED
@@ -149,8 +149,6 @@
#else /* MBEDTLS_ERROR_C */
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
/*
* Provide an non-function in case MBEDTLS_ERROR_C is not defined
*/
@@ -162,6 +160,6 @@
buf[0] = '\0';
}
-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-
#endif /* MBEDTLS_ERROR_C */
+
+#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 757a9ec..88a3eaf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1895,6 +1895,20 @@
make test
}
+component_test_no_strings () {
+ msg "build: no strings" # ~10s
+ scripts/config.py full
+ # Disable options that activate a large amount of string constants.
+ scripts/config.py unset MBEDTLS_DEBUG_C
+ scripts/config.py unset MBEDTLS_ERROR_C
+ scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
+ scripts/config.py unset MBEDTLS_VERSION_FEATURES
+ make CFLAGS='-Werror -Os'
+
+ msg "test: no strings" # ~ 10s
+ make test
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
scripts/config.py baremetal
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 01edfe2..cf4175a 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -28,17 +28,21 @@
use strict;
my %configs = (
+ 'config-ccm-psk-tls1_2.h' => {
+ 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
+ },
'config-mini-tls1_1.h' => {
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
},
+ 'config-no-entropy.h' => {
+ },
+ 'config-psa-crypto.h' => {
+ },
'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
'config-symmetric-only.h' => {
},
- 'config-ccm-psk-tls1_2.h' => {
- 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
- },
'config-thread.h' => {
'opt' => '-f ECJPAKE.*nolog',
},