From 7323b3e1127ae152f1d1dd0476f9f0f69fd146f3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Oct 2024 09:29:35 +0200 Subject: [PATCH 01/10] cmake: Remove UNSAFE_BUILD option The UNSAFE_BUILD option was introduced for the builds with NULL entropy (option MBEDTLS_TEST_NULL_ENTROPY) but this configuration option does not exist anymore. Signed-off-by: Ronald Cron --- CMakeLists.txt | 6 ------ tf-psa-crypto/TF-PSA-Crypto.cmake | 6 ------ 2 files changed, 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 46d06c21ea..6307904dee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -65,7 +65,6 @@ set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/framework) option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON) -option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) if(CMAKE_HOST_WIN32) # N.B. The comment on the next line is significant! If you change it, @@ -297,11 +296,6 @@ if(MBEDTLS_FATAL_WARNINGS) if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - if(UNSAFE_BUILD) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp") - set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp") - set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp") - endif(UNSAFE_BUILD) endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) if (CMAKE_COMPILER_IS_IAR) diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index b96dab210e..31d0ffe982 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -29,7 +29,6 @@ ADD_CUSTOM_TARGET(${TF_PSA_CRYPTO_TARGET_PREFIX}apidoc option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON) -option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(TF_PSA_CRYPTO_FATAL_WARNINGS "Compiler warnings treated as errors" ON) if(CMAKE_HOST_WIN32) # N.B. The comment on the next line is significant! If you change it, @@ -248,11 +247,6 @@ if(TF_PSA_CRYPTO_FATAL_WARNINGS) if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - if(UNSAFE_BUILD) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp") - set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp") - set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp") - endif(UNSAFE_BUILD) endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) if (CMAKE_COMPILER_IS_IAR) From d77fad25568e22e8d6f96ce93875cd244f832ffe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Oct 2024 09:24:31 +0200 Subject: [PATCH 02/10] Group C_FLAGS settings by compiler type Signed-off-by: Ronald Cron --- CMakeLists.txt | 27 ++++++++++++++------------- tf-psa-crypto/TF-PSA-Crypto.cmake | 29 ++++++++++++++++------------- 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6307904dee..642ded854c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -262,6 +262,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + + if(MBEDTLS_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + endif(MBEDTLS_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) @@ -276,32 +280,29 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") + if(MBEDTLS_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + endif(MBEDTLS_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_IAR) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") set(CMAKE_C_FLAGS_RELEASE "-Ohz") set(CMAKE_C_FLAGS_DEBUG "--debug -On") + + if(MBEDTLS_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") + endif(MBEDTLS_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_IAR) if(CMAKE_COMPILER_IS_MSVC) # Strictest warnings, UTF-8 source and execution charset set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8") -endif(CMAKE_COMPILER_IS_MSVC) -if(MBEDTLS_FATAL_WARNINGS) - if(CMAKE_COMPILER_IS_MSVC) + if(MBEDTLS_FATAL_WARNINGS) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") - endif(CMAKE_COMPILER_IS_MSVC) - - if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - - if (CMAKE_COMPILER_IS_IAR) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") - endif(CMAKE_COMPILER_IS_IAR) -endif(MBEDTLS_FATAL_WARNINGS) + endif(MBEDTLS_FATAL_WARNINGS) +endif(CMAKE_COMPILER_IS_MSVC) if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) set(CMAKE_CXX_STANDARD 11) diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index 31d0ffe982..66024b8357 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -204,6 +204,7 @@ if(CMAKE_COMPILER_IS_GNU) if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") endif() + set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") @@ -213,6 +214,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + + if(TF_PSA_CRYPTO_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + endif(TF_PSA_CRYPTO_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) @@ -227,32 +232,30 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Os") + + if(TF_PSA_CRYPTO_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + endif(TF_PSA_CRYPTO_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_IAR) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") set(CMAKE_C_FLAGS_RELEASE "-Ohz") set(CMAKE_C_FLAGS_DEBUG "--debug -On") + + if(TF_PSA_CRYPTO_FATAL_WARNINGS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") + endif(TF_PSA_CRYPTO_FATAL_WARNINGS) endif(CMAKE_COMPILER_IS_IAR) if(CMAKE_COMPILER_IS_MSVC) # Strictest warnings, UTF-8 source and execution charset set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8") -endif(CMAKE_COMPILER_IS_MSVC) -if(TF_PSA_CRYPTO_FATAL_WARNINGS) - if(CMAKE_COMPILER_IS_MSVC) + if(TF_PSA_CRYPTO_FATAL_WARNINGS) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") - endif(CMAKE_COMPILER_IS_MSVC) - - if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - - if (CMAKE_COMPILER_IS_IAR) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") - endif(CMAKE_COMPILER_IS_IAR) -endif(TF_PSA_CRYPTO_FATAL_WARNINGS) + endif(TF_PSA_CRYPTO_FATAL_WARNINGS) +endif(CMAKE_COMPILER_IS_MSVC) if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) set(CMAKE_CXX_STANDARD 11) From b2478989e238894dfce26145a8ea454584e54c0e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 7 Oct 2024 16:17:07 +0200 Subject: [PATCH 03/10] cmake: GNU GCC: Set base compile options target by target Signed-off-by: Ronald Cron --- CMakeLists.txt | 51 +++++++++-------- library/CMakeLists.txt | 4 ++ programs/aes/CMakeLists.txt | 1 + programs/cipher/CMakeLists.txt | 1 + programs/fuzz/CMakeLists.txt | 1 + programs/hash/CMakeLists.txt | 1 + programs/pkey/CMakeLists.txt | 2 + programs/psa/CMakeLists.txt | 1 + programs/random/CMakeLists.txt | 1 + programs/ssl/CMakeLists.txt | 2 + programs/test/CMakeLists.txt | 3 + programs/util/CMakeLists.txt | 1 + programs/x509/CMakeLists.txt | 1 + tests/CMakeLists.txt | 1 + tf-psa-crypto/TF-PSA-Crypto.cmake | 59 +++++++++++++------- tf-psa-crypto/core/CMakeLists.txt | 2 + tf-psa-crypto/drivers/builtin/CMakeLists.txt | 2 + tf-psa-crypto/drivers/everest/CMakeLists.txt | 1 + tf-psa-crypto/drivers/p256-m/CMakeLists.txt | 2 + tf-psa-crypto/tests/CMakeLists.txt | 1 + 20 files changed, 96 insertions(+), 42 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 642ded854c..1c6e8ab07d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -212,36 +212,42 @@ include(CheckCCompilerFlag) set(CMAKE_C_EXTENSIONS OFF) set(CMAKE_C_STANDARD 99) -if(CMAKE_COMPILER_IS_GNU) +function(set_base_compile_options target) + if(CMAKE_COMPILER_IS_GNU) + set_gnu_base_compile_options(${target}) + endif() +endfunction(set_base_compile_options) + +function(set_gnu_base_compile_options target) # some warnings we want are not available with old GCC versions # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes") + target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes) if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") + target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral) endif() if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla") + target_compile_options(${target} PRIVATE -Wvla) endif() if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") + target_compile_options(${target} PRIVATE -Wlogical-op) endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + target_compile_options(${target} PRIVATE -Wshadow) endif() if (GCC_VERSION VERSION_GREATER 5.0) CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + target_compile_options(${target} PRIVATE -Wformat-signedness) endif() endif() if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") + target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation) endif() - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") - set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") + target_compile_options(${target} PRIVATE $<$:-O2>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) # Old GCC versions hit a performance problem with test_suite_pkwrite # "Private keey write check EC" tests when building with Asan+UBSan # and -O3: those tests take more than 100x time than normal, with @@ -250,23 +256,22 @@ if(CMAKE_COMPILER_IS_GNU) # GCC 7.5 and above on Ubuntu 18.04 appear fine. # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0. # It doesn't slow down much even with modern compiler versions. + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>) if (GCC_VERSION VERSION_LESS 7.0) - message(STATUS "USING O2") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O2") + target_compile_options(${target} PRIVATE $<$:-O2>) else() - message(STATUS "USING O3") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") + target_compile_options(${target} PRIVATE $<$:-O3>) endif() - set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") - set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_CHECK "-Os") - set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + target_compile_options(${target} PRIVATE $<$:-Os>) + target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) if(MBEDTLS_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + target_compile_options(${target} PRIVATE -Werror) endif(MBEDTLS_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_GNU) +endfunction(set_gnu_base_compile_options) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") @@ -351,6 +356,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + set_base_compile_options(mbedtls_test) if(GEN_FILES) add_custom_command( OUTPUT @@ -396,6 +402,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) file(GLOB MBEDTLS_TEST_HELPER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c) add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) + set_base_compile_options(mbedtls_test_helpers) target_include_directories(mbedtls_test_helpers PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0415c6565b..f6776ed53d 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -153,20 +153,24 @@ endif() if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedx509_static_target} STATIC ${src_x509}) + set_base_compile_options(${mbedx509_static_target}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) add_library(${mbedtls_static_target} STATIC ${src_tls}) + set_base_compile_options(${mbedtls_static_target}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) + set_base_compile_options(${mbedx509_target}) set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) + set_base_compile_options(${mbedtls_target}) set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 4d4c890fbf..b6dde7199c 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -5,6 +5,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index effaf8a931..7d4e4525eb 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -5,6 +5,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index f5358ffff6..44fff9a348 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -40,6 +40,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) endif() add_executable(${exe} ${exe_sources}) + set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index 0ad974d9a9..c27c4e7153 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -7,6 +7,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index defbe281d9..9caec87325 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -6,6 +6,7 @@ add_dependencies(${programs_target} ${executables_mbedtls}) foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() @@ -34,6 +35,7 @@ add_dependencies(${programs_target} ${executables_mbedcrypto}) foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index cfc983c19c..707de434fc 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -29,6 +29,7 @@ endif() foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index f0c78259ff..a83bf9ea35 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -6,6 +6,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 02010d8a7f..6919a8e04e 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -40,6 +40,7 @@ foreach(exe IN LISTS executables) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") @@ -53,6 +54,7 @@ endforeach() if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c $) + set_base_compile_options(ssl_pthread_server) target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 928ab49b28..83bc9bf30b 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -29,6 +29,7 @@ if(TEST_CPP) WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" ) add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") + set_base_compile_options(cpp_dummy_build) target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include @@ -39,6 +40,7 @@ endif() if(USE_SHARED_MBEDTLS_LIBRARY AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]") add_executable(dlopen "dlopen.c") + set_base_compile_options(dlopen) target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include @@ -82,6 +84,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) endif() add_executable(${exe} ${exe}.c $ ${extra_sources}) + set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) target_include_directories(${exe} diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 9ceb13f7cf..ac713dce2e 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -11,6 +11,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index a09813c917..a31bada7fd 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -14,6 +14,7 @@ add_dependencies(${programs_target} ${executables}) foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) + set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a9d5c842b8..d19c2612c0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -156,6 +156,7 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $ $) + set_base_compile_options(test_suite_${data_name}) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index 66024b8357..d8e13c8845 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -177,48 +177,66 @@ include(CheckCCompilerFlag) set(CMAKE_C_EXTENSIONS OFF) set(CMAKE_C_STANDARD 99) -if(CMAKE_COMPILER_IS_GNU) +function(set_base_compile_options target) + if(CMAKE_COMPILER_IS_GNU) + set_gnu_base_compile_options(${target}) + endif() +endfunction(set_base_compile_options) + +function(set_gnu_base_compile_options target) # some warnings we want are not available with old GCC versions # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes") + target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes) if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") + target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral) endif() if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla") + target_compile_options(${target} PRIVATE -Wvla) endif() if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") + target_compile_options(${target} PRIVATE -Wlogical-op) endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + target_compile_options(${target} PRIVATE -Wshadow) endif() if (GCC_VERSION VERSION_GREATER 5.0) CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + target_compile_options(${target} PRIVATE -Wformat-signedness) endif() endif() if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") + target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation) endif() - - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") - set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") - set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_CHECK "-Os") - set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") + target_compile_options(${target} PRIVATE $<$:-O2>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) + # Old GCC versions hit a performance problem with test_suite_pkwrite + # "Private keey write check EC" tests when building with Asan+UBSan + # and -O3: those tests take more than 100x time than normal, with + # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on + # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64. + # GCC 7.5 and above on Ubuntu 18.04 appear fine. + # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0. + # It doesn't slow down much even with modern compiler versions. + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>) + if (GCC_VERSION VERSION_LESS 7.0) + target_compile_options(${target} PRIVATE $<$:-O2>) + else() + target_compile_options(${target} PRIVATE $<$:-O3>) + endif() + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + target_compile_options(${target} PRIVATE $<$:-Os>) + target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) if(TF_PSA_CRYPTO_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + target_compile_options(${target} PRIVATE -Werror) endif(TF_PSA_CRYPTO_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_GNU) +endfunction(set_gnu_base_compile_options) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") @@ -300,6 +318,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${MBEDTLS_DIR}/tests/src/*.c ${MBEDTLS_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + set_base_compile_options(mbedtls_test) if(GEN_FILES) add_custom_command( OUTPUT diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt index 0917cae2f4..b9225b33c5 100644 --- a/tf-psa-crypto/core/CMakeLists.txt +++ b/tf-psa-crypto/core/CMakeLists.txt @@ -91,6 +91,7 @@ set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest") if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) + set_base_compile_options(${mbedcrypto_static_target}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) @@ -108,6 +109,7 @@ endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_base_compile_options(${mbedcrypto_target}) set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt index 9ec1a87b42..3c1459a5c9 100644 --- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt +++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt @@ -54,6 +54,7 @@ set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest") if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) add_library(${builtin_static_target} STATIC ${src_builtin}) + set_base_compile_options(${builtin_static_target}) target_link_libraries(${builtin_static_target} PUBLIC ${libs}) if(TARGET ${everest_target}) target_link_libraries(${builtin_static_target} PUBLIC ${everest_target}) @@ -66,6 +67,7 @@ endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY) add_library(${builtin_target} SHARED ${src_builtin}) + set_base_compile_options(${builtin_target}) target_link_libraries(${builtin_target} PUBLIC ${libs}) if(TARGET ${everest_target}) target_link_libraries(${builtin_target} PUBLIC ${everest_target}) diff --git a/tf-psa-crypto/drivers/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt index e7048590ef..5671200387 100644 --- a/tf-psa-crypto/drivers/everest/CMakeLists.txt +++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt @@ -5,6 +5,7 @@ add_library(${everest_target} library/x25519.c library/Hacl_Curve25519_joined.c) +set_base_compile_options(${everest_target}) target_include_directories(${everest_target} PUBLIC $ $ diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt index ede2831950..af046da7be 100644 --- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt +++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt @@ -4,6 +4,8 @@ add_library(${p256m_target} p256-m_driver_entrypoints.c p256-m/p256-m.c) +set_base_compile_options(${p256m_target}) + target_include_directories(${p256m_target} PUBLIC $ $ diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt index 0e84bab201..9866e4f63d 100644 --- a/tf-psa-crypto/tests/CMakeLists.txt +++ b/tf-psa-crypto/tests/CMakeLists.txt @@ -294,6 +294,7 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) + set_base_compile_options(test_suite_${data_name}) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header From 4ae24f4fea185fda760b779694c5d8a83afa26bf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Oct 2024 17:53:13 +0200 Subject: [PATCH 04/10] cmake: GNU GCC: Add base link options target_compile_options() does not set link options as setting CMAKE_C_FLAGS does. Thus set link options with set_target_properties(). target_link_options() is not available in CMake 3.5 used in the CI. Signed-off-by: Ronald Cron --- CMakeLists.txt | 5 +++++ tf-psa-crypto/TF-PSA-Crypto.cmake | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c6e8ab07d..9cee8ceefe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -248,6 +248,7 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-O2>) target_compile_options(${target} PRIVATE $<$:-O0 -g3>) target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") # Old GCC versions hit a performance problem with test_suite_pkwrite # "Private keey write check EC" tests when building with Asan+UBSan # and -O3: those tests take more than 100x time than normal, with @@ -262,9 +263,13 @@ function(set_gnu_base_compile_options target) else() target_compile_options(${target} PRIVATE $<$:-O3>) endif() + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index d8e13c8845..6fcbdcfdbf 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -213,6 +213,7 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-O2>) target_compile_options(${target} PRIVATE $<$:-O0 -g3>) target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") # Old GCC versions hit a performance problem with test_suite_pkwrite # "Private keey write check EC" tests when building with Asan+UBSan # and -O3: those tests take more than 100x time than normal, with @@ -227,9 +228,13 @@ function(set_gnu_base_compile_options target) else() target_compile_options(${target} PRIVATE $<$:-O3>) endif() + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) From d9e1109d235733307c96e191bc8f5a289ba6eb62 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Oct 2024 10:01:46 +0200 Subject: [PATCH 05/10] cmake: clang: Set base compile and link options target by target Signed-off-by: Ronald Cron --- CMakeLists.txt | 38 +++++++++++++++++----------- tf-psa-crypto/TF-PSA-Crypto.cmake | 41 +++++++++++++++++++------------ 2 files changed, 49 insertions(+), 30 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9cee8ceefe..baf9a1c805 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -215,6 +215,8 @@ set(CMAKE_C_STANDARD 99) function(set_base_compile_options target) if(CMAKE_COMPILER_IS_GNU) set_gnu_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_CLANG) + set_clang_base_compile_options(${target}) endif() endfunction(set_base_compile_options) @@ -278,22 +280,30 @@ function(set_gnu_base_compile_options target) endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) -if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") - set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3") - set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") - set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_CHECK "-Os") +function(set_clang_base_compile_options target) + target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral) + target_compile_options(${target} PRIVATE $<$:-O2>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") + target_compile_options(${target} PRIVATE $<$:-fsanitize=memory>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory") + target_compile_options(${target} PRIVATE $<$:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory") + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") + target_compile_options(${target} PRIVATE $<$:-Os>) + if(MBEDTLS_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + target_compile_options(${target} PRIVATE -Werror) endif(MBEDTLS_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_CLANG) +endfunction(set_clang_base_compile_options) if(CMAKE_COMPILER_IS_IAR) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index 6fcbdcfdbf..9f5995ec71 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -180,6 +180,8 @@ set(CMAKE_C_STANDARD 99) function(set_base_compile_options target) if(CMAKE_COMPILER_IS_GNU) set_gnu_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_CLANG) + set_clang_base_compile_options(${target}) endif() endfunction(set_base_compile_options) @@ -243,23 +245,30 @@ function(set_gnu_base_compile_options target) endif(TF_PSA_CRYPTO_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) -if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") - set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3") - set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") - set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3") - set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") - set(CMAKE_C_FLAGS_CHECK "-Os") +function(set_clang_base_compile_options target) + target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral) + target_compile_options(${target} PRIVATE $<$:-O2>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3>) + target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") + target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") + target_compile_options(${target} PRIVATE $<$:-fsanitize=memory>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory") + target_compile_options(${target} PRIVATE $<$:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory") + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") + target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) + set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") + target_compile_options(${target} PRIVATE $<$:-Os>) - if(TF_PSA_CRYPTO_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - endif(TF_PSA_CRYPTO_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_CLANG) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE -Werror) + endif(MBEDTLS_FATAL_WARNINGS) +endfunction(set_clang_base_compile_options) if(CMAKE_COMPILER_IS_IAR) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") From 6f9d508714a1b23ea47c707929180a2c4a831d01 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Oct 2024 14:54:43 +0200 Subject: [PATCH 06/10] cmake: iar/msvc: Set base compile and link options target by target Signed-off-by: Ronald Cron --- CMakeLists.txt | 24 +++++++++++++---------- tf-psa-crypto/TF-PSA-Crypto.cmake | 32 +++++++++++++++++-------------- 2 files changed, 32 insertions(+), 24 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index baf9a1c805..0bde0ec5c1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -217,6 +217,10 @@ function(set_base_compile_options target) set_gnu_base_compile_options(${target}) elseif(CMAKE_COMPILER_IS_CLANG) set_clang_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_IAR) + set_iar_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_MSVC) + set_msvc_base_compile_options(${target}) endif() endfunction(set_base_compile_options) @@ -305,24 +309,24 @@ function(set_clang_base_compile_options target) endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) -if(CMAKE_COMPILER_IS_IAR) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") - set(CMAKE_C_FLAGS_RELEASE "-Ohz") - set(CMAKE_C_FLAGS_DEBUG "--debug -On") +function(set_iar_base_compile_options target) + target_compile_options(${target} PRIVATE --warn_about_c_style_casts) + target_compile_options(${target} PRIVATE $<$:-Ohz>) + target_compile_options(${target} PRIVATE $<$:--debug -On>) if(MBEDTLS_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") + target_compile_options(${target} PRIVATE --warnings_are_errors) endif(MBEDTLS_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_IAR) +endfunction(set_iar_base_compile_options) -if(CMAKE_COMPILER_IS_MSVC) +function(set_msvc_base_compile_options target) # Strictest warnings, UTF-8 source and execution charset - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8") + target_compile_options(${target} PRIVATE /W3 /utf-8) if(MBEDTLS_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") + target_compile_options(${target} PRIVATE /WX) endif(MBEDTLS_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_MSVC) +endfunction(set_msvc_base_compile_options) if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) set(CMAKE_CXX_STANDARD 11) diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index 9f5995ec71..dc710b1b65 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -182,6 +182,10 @@ function(set_base_compile_options target) set_gnu_base_compile_options(${target}) elseif(CMAKE_COMPILER_IS_CLANG) set_clang_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_IAR) + set_iar_base_compile_options(${target}) + elseif(CMAKE_COMPILER_IS_MSVC) + set_msvc_base_compile_options(${target}) endif() endfunction(set_base_compile_options) @@ -270,24 +274,24 @@ function(set_clang_base_compile_options target) endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) -if(CMAKE_COMPILER_IS_IAR) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts") - set(CMAKE_C_FLAGS_RELEASE "-Ohz") - set(CMAKE_C_FLAGS_DEBUG "--debug -On") +function(set_iar_base_compile_options target) + target_compile_options(${target} PRIVATE --warn_about_c_style_casts) + target_compile_options(${target} PRIVATE $<$:-Ohz>) + target_compile_options(${target} PRIVATE $<$:--debug -On>) - if(TF_PSA_CRYPTO_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors") - endif(TF_PSA_CRYPTO_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_IAR) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE --warnings_are_errors) + endif(MBEDTLS_FATAL_WARNINGS) +endfunction(set_iar_base_compile_options) -if(CMAKE_COMPILER_IS_MSVC) +function(set_msvc_base_compile_options target) # Strictest warnings, UTF-8 source and execution charset - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8") + target_compile_options(${target} PRIVATE /W3 /utf-8) - if(TF_PSA_CRYPTO_FATAL_WARNINGS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") - endif(TF_PSA_CRYPTO_FATAL_WARNINGS) -endif(CMAKE_COMPILER_IS_MSVC) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE /WX) + endif(MBEDTLS_FATAL_WARNINGS) +endfunction(set_msvc_base_compile_options) if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) set(CMAKE_CXX_STANDARD 11) From 051ee711bfed35971b26f39d1c38ae31f8d25f6c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Oct 2024 07:51:01 +0200 Subject: [PATCH 07/10] Remove now unnecessary shared lib specific compile option Signed-off-by: Ronald Cron --- CMakeLists.txt | 6 ------ tf-psa-crypto/TF-PSA-Crypto.cmake | 6 ------ 2 files changed, 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0bde0ec5c1..66f52fe754 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -337,12 +337,6 @@ if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) endif() endif() -if(CMAKE_BUILD_TYPE STREQUAL "Coverage") - if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG) - set(CMAKE_SHARED_LINKER_FLAGS "--coverage") - endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG) -endif(CMAKE_BUILD_TYPE STREQUAL "Coverage") - if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt") message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.") endif() diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake index dc710b1b65..13b7a45bf0 100644 --- a/tf-psa-crypto/TF-PSA-Crypto.cmake +++ b/tf-psa-crypto/TF-PSA-Crypto.cmake @@ -302,12 +302,6 @@ if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) endif() endif() -if(CMAKE_BUILD_TYPE STREQUAL "Coverage") - if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG) - set(CMAKE_SHARED_LINKER_FLAGS "--coverage") - endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG) -endif(CMAKE_BUILD_TYPE STREQUAL "Coverage") - if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt") message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.") endif() From d093edd2bd0db4e18f4193dee08e56053b80b61b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Oct 2024 11:57:10 +0200 Subject: [PATCH 08/10] cmake: tests: Set test specific compile options target by target Signed-off-by: Ronald Cron --- tests/CMakeLists.txt | 6 +++--- tf-psa-crypto/tests/CMakeLists.txt | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d19c2612c0..8318e8bf3b 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -157,6 +157,7 @@ function(add_test_suite suite_name) $ $) set_base_compile_options(test_suite_${data_name}) + target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS}) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header @@ -184,13 +185,12 @@ endfunction(add_test_suite) add_definitions("-D_POSIX_C_SOURCE=200809L") if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) endif(CMAKE_COMPILER_IS_CLANG) if(MSVC) # If a warning level has been defined, suppress all warnings for test code - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") + set(TEST_C_FLAGS /W0 /WX-) endif(MSVC) file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data) diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt index 9866e4f63d..0793dbe35f 100644 --- a/tf-psa-crypto/tests/CMakeLists.txt +++ b/tf-psa-crypto/tests/CMakeLists.txt @@ -295,6 +295,7 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) set_base_compile_options(test_suite_${data_name}) + target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS}) add_dependencies(test_suite_${data_name} ${dependency}) target_link_libraries(test_suite_${data_name} ${libs}) # Include test-specific header files from ./include and private header @@ -322,13 +323,12 @@ endfunction(add_test_suite) add_definitions("-D_POSIX_C_SOURCE=200809L") if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) endif(CMAKE_COMPILER_IS_CLANG) if(MSVC) # If a warning level has been defined, suppress all warnings for test code - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") + set(TEST_C_FLAGS /W0 /WX-) endif(MSVC) file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data) From 50bd4f887e7e319c688a90c36c12eda7f1618473 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Oct 2024 12:17:59 +0200 Subject: [PATCH 09/10] cmake: libs: Set libraries specific compile options target by target Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 8 ++++++-- tf-psa-crypto/core/CMakeLists.txt | 6 ++++-- tf-psa-crypto/drivers/builtin/CMakeLists.txt | 6 ++++-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f6776ed53d..1e09d31c57 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -89,11 +89,11 @@ else() endif() if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations") + set(LIBS_C_FLAGS -Wmissing-declarations) endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(LIBS_C_FLAGS -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_MSVC) @@ -154,11 +154,13 @@ endif() if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_base_compile_options(${mbedx509_static_target}) + target_compile_options(${mbedx509_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_base_compile_options(${mbedtls_static_target}) + target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) endif(USE_STATIC_MBEDTLS_LIBRARY) @@ -166,11 +168,13 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) + target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) set_base_compile_options(${mbedtls_target}) + target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt index b9225b33c5..1264acf33e 100644 --- a/tf-psa-crypto/core/CMakeLists.txt +++ b/tf-psa-crypto/core/CMakeLists.txt @@ -28,11 +28,11 @@ else() endif() if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") + set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes) endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_MSVC) @@ -92,6 +92,7 @@ set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest") if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_base_compile_options(${mbedcrypto_static_target}) + target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) @@ -110,6 +111,7 @@ if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) set_base_compile_options(${mbedcrypto_target}) + target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt index 3c1459a5c9..dd1a1130fe 100644 --- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt +++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt @@ -3,11 +3,11 @@ add_subdirectory(src) file(GLOB src_builtin RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} src/*.c) if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") + set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes) endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(LIBS_C_FLAGS -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_MSVC) @@ -55,6 +55,7 @@ set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest") if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) add_library(${builtin_static_target} STATIC ${src_builtin}) set_base_compile_options(${builtin_static_target}) + target_compile_options(${builtin_static_target} PRIVATE ${LIBS_C_FLAGS}) target_link_libraries(${builtin_static_target} PUBLIC ${libs}) if(TARGET ${everest_target}) target_link_libraries(${builtin_static_target} PUBLIC ${everest_target}) @@ -68,6 +69,7 @@ endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY) if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY) add_library(${builtin_target} SHARED ${src_builtin}) set_base_compile_options(${builtin_target}) + target_compile_options(${builtin_static_target} PRIVATE ${LIBS_C_FLAGS}) target_link_libraries(${builtin_target} PUBLIC ${libs}) if(TARGET ${everest_target}) target_link_libraries(${builtin_target} PUBLIC ${everest_target}) From 3e9cc2c213656198600b7a6113dc418de8ce7297 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Oct 2024 15:39:33 +0200 Subject: [PATCH 10/10] key_ladder_demo: Initialize additional data to all zeroes The header structure was initialized only field by field. This does not initialized the padding bytes and MemSan was complaining with use of uninitialized data in test_memsan all.sh component. Signed-off-by: Ronald Cron --- programs/psa/key_ladder_demo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 2734ceb7fb..0ea434fc5f 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -392,6 +392,7 @@ static psa_status_t wrap_data(const char *input_file_name, input_file = NULL; /* Construct a header. */ + memset(&header, 0, sizeof(header)); memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH); header.ad_size = sizeof(header); header.payload_size = input_size;