ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-20 21:50:48 +08:00
Code Issues Releases Wiki Activity

Merge pull request #10340 from gilles-peskine-arm/config-checks-generator-mbedtls

Browse Source 
Introduce generated config checks in mbedtls
This commit is contained in:
Janos Follath
2025-09-19 15:39:05 +00:00
committed by GitHub
parent f328de9ddd 6712f1b6af
commit c84dbee82d
6 changed files with 80 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework

Submodule framework updated: 820a16cca7...92f5d45b22

3
library/.gitignore vendored
View File

@@ -4,6 +4,9 @@ libmbed*
###START_GENERATED_FILES### ###START_GENERATED_FILES###
/error.c /error.c
/mbedtls_config_check_before.h
/mbedtls_config_check_final.h
/mbedtls_config_check_user.h
/version_features.c /version_features.c
/ssl_debug_helpers_generated.c /ssl_debug_helpers_generated.c
###END_GENERATED_FILES### ###END_GENERATED_FILES###

22
library/CMakeLists.txt
View File

@@ -73,6 +73,27 @@ if(GEN_FILES)
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt
) )
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${MBEDTLS_DIR}/scripts/generate_config_checks.py
--list-for-cmake "${CMAKE_CURRENT_BINARY_DIR}"
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS)
add_custom_command(
OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${MBEDTLS_DIR}/scripts/generate_config_checks.py
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${MBEDTLS_DIR}/scripts/generate_config_checks.py
${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/config_checks_generator.py
)
add_custom_command( add_custom_command(
OUTPUT OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
@@ -89,6 +110,7 @@ if(GEN_FILES)
add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target
DEPENDS DEPENDS
${CMAKE_CURRENT_BINARY_DIR}/error.c ${CMAKE_CURRENT_BINARY_DIR}/error.c
${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}
) )
add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target

34
library/Makefile
View File

@@ -5,12 +5,24 @@ endif
TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core
TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src
# List the generated files without running a script, so that this
# works with no tooling dependencies when GEN_FILES is disabled.
GENERATED_FILES := \ GENERATED_FILES := \
mbedtls_config_check_before.h \
mbedtls_config_check_final.h \
mbedtls_config_check_user.h \
error.c \ error.c \
version_features.c \ version_features.c \
ssl_debug_helpers_generated.c \ ssl_debug_helpers_generated.c
# Also list the generated files from crypto that are needed in the build,
# because we don't have the list in a consumable form.
GENERATED_FILES += \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \
$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h
ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES)))
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
@@ -326,6 +338,24 @@ $(GENERATED_WRAPPER_FILES):
$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h
GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .)
$(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \
../framework/scripts/mbedtls_framework/config_checks_generator.py
$(GENERATED_CONFIG_CHECK_FILES):
echo " Gen $(GENERATED_CONFIG_CHECK_FILES)"
$(PYTHON) ../scripts/generate_config_checks.py
TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \
$(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \
--list $(TF_PSA_CRYPTO_CORE_PATH))
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \
../scripts/generate_config_checks.py \
../framework/scripts/mbedtls_framework/config_checks_generator.py
$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES):
echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)"
$(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py
clean: clean:
ifndef WINDOWS ifndef WINDOWS
rm -f *.o *.s libmbed* rm -f *.o *.s libmbed*

21
scripts/generate_config_checks.py Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env python3
"""Generate C preprocessor code to check for bad configurations.
"""
import framework_scripts_path # pylint: disable=unused-import
from mbedtls_framework.config_checks_generator import * \
#pylint: disable=wildcard-import,unused-wildcard-import
MBEDTLS_CHECKS = BranchData(
header_directory='library',
header_prefix='mbedtls_',
project_cpp_prefix='MBEDTLS',
checkers=[
Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'),
Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'),
],
)
if __name__ == '__main__':
main(MBEDTLS_CHECKS)

2
tf-psa-crypto

Submodule tf-psa-crypto updated: 4cc5bb4295...9a43f3fe86