When running a git hook, git sets certain environment variables (such
as GIT_INDEX_FILE) which force git to look at the main repository,
overriding other options. This trips up code_style.py whenever it
tries to run a git command on the framework submodule.
Fix this by explicitly clearing git-related environment-variables
before running git commands on the framework. This is recommended
by git's documentation[1]:
> Environment variables, such as GIT_DIR, GIT_WORK_TREE, etc., are
> exported so that Git commands run by the hook can correctly locate
> the repository. If your hook needs to invoke Git commands in a
> foreign repository or in a different working tree of the same
> repository, then it should clear these environment variables so
> they do not interfere with Git operations at the foreign location.
[1] https://git-scm.com/docs/githooks
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Some functions has input parameters which are erroneously
reported as "param[out]" in the documentation. This commit
fixes them.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
To deal with situations where we are comparing revisions before and
after the move of generate_psa_tests.py to the framework, look for
it in both the old and new locations.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
- smoke test client.c becomes a trivial call to psa_crypto_init()
- server.c now uses psa_sim_crypto_server.c's psa_crypto_call()
- Makefile is updated to build all the modules, and allow a different MAIN
- all.sh's test_psasim now tests the simulation of psa_hash_compute() too
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
A Perl script that creates them is also included as reference. This is not the
final script (that will be in Python) but a proof-of-concept to show that
creaation client and server wrappers can be scripted.
It is not hooked into the build: it must be run manually. It is not part of the
deliverables for this PR.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet. This has led some
projects to include configuration adjustment headers manually, but only
partially or in the wrong order, which can result in silent inconsistencies.
Error out if this happens, with a message mentioning check_config.h since
that's the likely root cause.
```
perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.
Including check_config.h at the wrong time is likely to cause spurious
errors.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
