Document check-config.h and *adjust*.h as internal headers #9061
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gilles-peskine-arm
added
enhancement
needs-review
gilles-peskine-arm
added
approved
This was referenced May 16, 2024
gilles-peskine-arm
added
needs-work
and removed
approved
|
Although 7f19db5 has been approved, there is more work to do:
Since the discussion around the enforcement is more sensitive in 3.6 LTS, I intend to wait until #9146 is approved, then do the rebase and forward-port to |
ChangeLog.d/check-config.txt
Outdated
| @@ -0,0 +1,6 @@ | |||
| Changes | |||
| * Explicitly state that mbedtls/check_config.h must not be included manually. | |||
There was a problem hiding this comment.
Shouldn't we change the cording in accordance to this PR from the backports?
There was a problem hiding this comment.
I'll forward-port once the 3.6 PR has been approved.
Including *adjust*.h directly is likely to cause them to be applied at the wrong time, resulting in an invalid or unintended configuration. Including check_config.h at the wrong time is likely to cause spurious errors. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. This has led some projects to include configuration adjustment headers manually, but only partially or in the wrong order, which can result in silent inconsistencies. Error out if this happens, with a message mentioning check_config.h since that's the likely root cause. ``` perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
dismissed stale reviews from mpg and minosgalanakis
via
c8d45cd
gilles-peskine-arm
force-pushed
the
config-headers-do-not-include
branch
from
7f19db5 to
c8d45cd
Compare
gilles-peskine-arm
added
needs-review
|
I've rebased to cover the new header file added in #9057, and forward-ported the compile-time errors added in the 3.6 version. So this is now the proposed final version of this PR. |
ronald-cron-arm
approved these changes
May 29, 2024
gilles-peskine-arm
added
approved
github-merge-queue
bot
removed this pull request from the merge queue due to no response for status checks
minosgalanakis
removed
the
needs-backports
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's technically possible to
#includethose headers, so users are doing it, and then complaining about the consequences. Resolve #9147.PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")