mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-03 23:43:40 +00:00
0b8ece6beb
Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. This has led some projects to include configuration adjustment headers manually, but only partially or in the wrong order, which can result in silent inconsistencies. Error out if this happens, with a message mentioning check_config.h since that's the likely root cause. ``` perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> |
||
---|---|---|
.. | ||
build_info.h | ||
crypto_adjust_auto_enabled.h | ||
crypto_adjust_config_dependencies.h | ||
crypto_adjust_config_key_pair_types.h | ||
crypto_adjust_config_synonyms.h | ||
crypto_builtin_composites.h | ||
crypto_builtin_key_derivation.h | ||
crypto_builtin_primitives.h | ||
crypto_compat.h | ||
crypto_config.h | ||
crypto_driver_common.h | ||
crypto_driver_contexts_composites.h | ||
crypto_driver_contexts_key_derivation.h | ||
crypto_driver_contexts_primitives.h | ||
crypto_extra.h | ||
crypto_legacy.h | ||
crypto_platform.h | ||
crypto_se_driver.h | ||
crypto_sizes.h | ||
crypto_struct.h | ||
crypto_types.h | ||
crypto_values.h | ||
crypto.h |