The mldsa-native and mlkem-native headers use preprocessor tricks to
construct identifiers. We can't recognize those. So f a symbol found in the
binary is in the expected sub-namespace for those parts of the library,
allow it to be undeclared.
Make the exception general enough for mldsa-native (needed now) and
mlkem-native (needed soon).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The pattern for internal macros was weird, in part, because of the unusual
short names we use in bignum code. Make the pattern stricter, but add an
exception mechanism. Declare an exception for those bignum names, but
allow them only in bignum code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
I needed that to understand how the data is represented (str vs Match, list
vs set vs tuple, ...).
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use a typed namespace instead of a dictionary with heterogenously typed values.
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
`python` might be the wrong version, for example it might be Python 2 on
some systems, or it might be a different version of Python 3. Use
`sys.executable`, so that the same version gets used consistently.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't recurse into every subdirectory: that also removed files from
out-of-tree builds that the user may have placed into subdirectories. With
make as the build tool, the cleanup is mostly recoverable, but with ninja as
the build tool, you have to manually run `cmake` again after running
`all.sh`.
Instead, look for things to clean only in directories managed by git.
This also has the benefit of not touching `**/Makefile` if there hasn't been
an in-tree CMake build.
Fixes https://github.com/Mbed-TLS/mbedtls-framework/issues/252
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mypy only checks types in functions that have a return type annotation.
In `check_generated_files`, change from returning `None` to returning a
boolean, since the function is supposed to check some boolean-valued
assertion. So far, the function always returns `True`.
In `main`, explicitly return an `int` value as expected by the caller. When
calling `check_generated_files`, convert the boolean result into an exit
status.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Provide one method to just give a boolean result, and one to give a
diff-like output as a simple string.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add code to compare the shadow file containing the list of config options
with the options in the config file. Also add code to update (or just
create) the shadow file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The list of current options needs to be up-to-date, so we can't just use
historical data.
Users may edit the default config file (`include/tf-psa-crypto/crypto_config.h`
or `include/mbedtls/mbedtls_config.h`). One of the reasons we use the list of
config options is to prevent users from defining internal macros in their
config file (in code generated by `generated_config_checks.py`). An internal
macro is one that isn't listed in the official config file. So we need to
know what macros are listed in the official config file, regardless of edits
to the current config file.
Hence we read a "shadow file" which contains the official list of options,
rather than the "live" config file. This file will need to be kept
up-to-date during development, but is not user-editable.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Load the list of C preprocessor macros that are options in the configuration
file (`mbedtls/mbedtls_config.h` or `psa/crypto_config.h`), and the list of
C preprocessor macros that are defined in `*adjust*.h` but are not public
options (derived internal macros).
The new module `config_macros` supports both querying the current tree and
querying historical data saved by `save_config_macros.sh`, with the same
query interface. The part that queries historical data subsumes the
`config_history` module.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The same library may be present in the same build tree, eg.
libtfpsacrypto.so, which gets copied from the tf-psa-crypto/core/ to
library/ during an Mbed TLS build.
Make sure that the duplicated libraries are byte-for-byte identical,
otherwise abort the test.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Fix non-file elements appearing in
`generate_test_cert_macros.py --list-dependencies`. That only worked
because Mbed TLS didn't call it as intended (not done in `CMakeLists.txt`
or `make_generated_files.py`, and buggy in `tests/Makefile`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- ECDH_C is not longer needed since the previous commit
- CIPHER_C and ECDSA_C were already useless
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Make __write_test_driver_files an instance method
instead of a static method as it is supposed to
be used only in an instance context.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Gilles Peskine