From f8983dc321eb4aebadd4c3b9d5aee75ffe736336 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 1 Oct 2024 20:01:13 +0100 Subject: [PATCH 1/8] Remove common.h from tf-psa-crypto/core This commit removes common.h from tf-psa-crypto/core directory. Signed-off-by: Harry Ramsey --- tf-psa-crypto/core/common.h | 437 ------------------------------------ 1 file changed, 437 deletions(-) delete mode 100644 tf-psa-crypto/core/common.h diff --git a/tf-psa-crypto/core/common.h b/tf-psa-crypto/core/common.h deleted file mode 100644 index 7bb267429..000000000 --- a/tf-psa-crypto/core/common.h +++ /dev/null @@ -1,437 +0,0 @@ -/** - * \file common.h - * - * \brief Utility macros for internal use in the library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_LIBRARY_COMMON_H -#define MBEDTLS_LIBRARY_COMMON_H - -#include "mbedtls/build_info.h" -#include "alignment.h" - -#include -#include -#include -#include - -#if defined(__ARM_NEON) -#include -#define MBEDTLS_HAVE_NEON_INTRINSICS -#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) -#include -#define MBEDTLS_HAVE_NEON_INTRINSICS -#endif - -/** Helper to define a function as static except when building invasive tests. - * - * If a function is only used inside its own source file and should be - * declared `static` to allow the compiler to optimize for code size, - * but that function has unit tests, define it with - * ``` - * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... } - * ``` - * and declare it in a header in the `library/` directory with - * ``` - * #if defined(MBEDTLS_TEST_HOOKS) - * int mbedtls_foo(...); - * #endif - * ``` - */ -#if defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_STATIC_TESTABLE -#else -#define MBEDTLS_STATIC_TESTABLE static -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file); -#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \ - do { \ - if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \ - { \ - (*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \ - } \ - } while (0) -#else -#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) -#endif /* defined(MBEDTLS_TEST_HOOKS) */ - -/** \def ARRAY_LENGTH - * Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -/* A correct implementation of ARRAY_LENGTH, but which silently gives - * a nonsensical result if called with a pointer rather than an array. */ -#define ARRAY_LENGTH_UNSAFE(array) \ - (sizeof(array) / sizeof(*(array))) - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER(arg) \ - (!__builtin_types_compatible_p(__typeof__(arg), \ - __typeof__(&(arg)[0]))) -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR(const_expr) \ - (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) - -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN(condition, value) \ - (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) - -#define ARRAY_LENGTH(array) \ - (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ - ARRAY_LENGTH_UNSAFE(array))) - -#else -/* If we aren't sure the compiler supports our non-standard tricks, - * fall back to the unsafe implementation. */ -#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) -#endif -/** Allow library to access its structs' private members. - * - * Although structs defined in header files are publicly available, - * their members are private and should not be accessed by the user. - */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -/** - * \brief Securely zeroize a buffer then free it. - * - * Similar to making consecutive calls to - * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has - * code size savings, and potential for optimisation in the future. - * - * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0. - * - * \param buf Buffer to be zeroized then freed. - * \param len Length of the buffer in bytes - */ -void mbedtls_zeroize_and_free(void *buf, size_t len); - -/** Return an offset into a buffer. - * - * This is just the addition of an offset to a pointer, except that this - * function also accepts an offset of 0 into a buffer whose pointer is null. - * (`p + n` has undefined behavior when `p` is null, even when `n == 0`. - * A null pointer is a valid buffer pointer when the size is 0, for example - * as the result of `malloc(0)` on some platforms.) - * - * \param p Pointer to a buffer of at least n bytes. - * This may be \p NULL if \p n is zero. - * \param n An offset in bytes. - * \return Pointer to offset \p n in the buffer \p p. - * Note that this is only a valid pointer if the size of the - * buffer is at least \p n + 1. - */ -static inline unsigned char *mbedtls_buffer_offset( - unsigned char *p, size_t n) -{ - return p == NULL ? NULL : p + n; -} - -/** Return an offset into a read-only buffer. - * - * Similar to mbedtls_buffer_offset(), but for const pointers. - * - * \param p Pointer to a buffer of at least n bytes. - * This may be \p NULL if \p n is zero. - * \param n An offset in bytes. - * \return Pointer to offset \p n in the buffer \p p. - * Note that this is only a valid pointer if the size of the - * buffer is at least \p n + 1. - */ -static inline const unsigned char *mbedtls_buffer_offset_const( - const unsigned char *p, size_t n) -{ - return p == NULL ? NULL : p + n; -} - -/* Always inline mbedtls_xor() for similar reasons as mbedtls_xor_no_simd(). */ -#if defined(__IAR_SYSTEMS_ICC__) -#pragma inline = forced -#elif defined(__GNUC__) -__attribute__((always_inline)) -#endif -/** - * Perform a fast block XOR operation, such that - * r[i] = a[i] ^ b[i] where 0 <= i < n - * - * \param r Pointer to result (buffer of at least \p n bytes). \p r - * may be equal to either \p a or \p b, but behaviour when - * it overlaps in other ways is undefined. - * \param a Pointer to input (buffer of at least \p n bytes) - * \param b Pointer to input (buffer of at least \p n bytes) - * \param n Number of bytes to process. - * - * \note Depending on the situation, it may be faster to use either mbedtls_xor() or - * mbedtls_xor_no_simd() (these are functionally equivalent). - * If the result is used immediately after the xor operation in non-SIMD code (e.g, in - * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar - * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where - * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster. - * For targets without SIMD support, they will behave the same. - */ -static inline void mbedtls_xor(unsigned char *r, - const unsigned char *a, - const unsigned char *b, - size_t n) -{ - size_t i = 0; -#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ - (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) - /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ - for (; (i + 16) <= n; i += 16) { - uint8x16_t v1 = vld1q_u8(a + i); - uint8x16_t v2 = vld1q_u8(b + i); - uint8x16_t x = veorq_u8(v1, v2); - vst1q_u8(r + i, x); - } -#if defined(__IAR_SYSTEMS_ICC__) - /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case - * where n is a constant multiple of 16. - * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time - * constant, and is a very small perf regression if n is not a compile-time constant. */ - if (n % 16 == 0) { - return; - } -#endif -#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) - /* This codepath probably only makes sense on architectures with 64-bit registers */ - for (; (i + 8) <= n; i += 8) { - uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); - mbedtls_put_unaligned_uint64(r + i, x); - } -#if defined(__IAR_SYSTEMS_ICC__) - if (n % 8 == 0) { - return; - } -#endif -#else - for (; (i + 4) <= n; i += 4) { - uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); - mbedtls_put_unaligned_uint32(r + i, x); - } -#if defined(__IAR_SYSTEMS_ICC__) - if (n % 4 == 0) { - return; - } -#endif -#endif -#endif - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; - } -} - -/* Always inline mbedtls_xor_no_simd() as we see significant perf regressions when it does not get - * inlined (e.g., observed about 3x perf difference in gcm_mult_largetable with gcc 7 - 12) */ -#if defined(__IAR_SYSTEMS_ICC__) -#pragma inline = forced -#elif defined(__GNUC__) -__attribute__((always_inline)) -#endif -/** - * Perform a fast block XOR operation, such that - * r[i] = a[i] ^ b[i] where 0 <= i < n - * - * In some situations, this can perform better than mbedtls_xor() (e.g., it's about 5% - * better in AES-CBC). - * - * \param r Pointer to result (buffer of at least \p n bytes). \p r - * may be equal to either \p a or \p b, but behaviour when - * it overlaps in other ways is undefined. - * \param a Pointer to input (buffer of at least \p n bytes) - * \param b Pointer to input (buffer of at least \p n bytes) - * \param n Number of bytes to process. - * - * \note Depending on the situation, it may be faster to use either mbedtls_xor() or - * mbedtls_xor_no_simd() (these are functionally equivalent). - * If the result is used immediately after the xor operation in non-SIMD code (e.g, in - * AES-CBC), there may be additional latency to transfer the data from SIMD to scalar - * registers, and in this case, mbedtls_xor_no_simd() may be faster. In other cases where - * the result is not used immediately (e.g., in AES-CTR), mbedtls_xor() may be faster. - * For targets without SIMD support, they will behave the same. - */ -static inline void mbedtls_xor_no_simd(unsigned char *r, - const unsigned char *a, - const unsigned char *b, - size_t n) -{ - size_t i = 0; -#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) - /* This codepath probably only makes sense on architectures with 64-bit registers */ - for (; (i + 8) <= n; i += 8) { - uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); - mbedtls_put_unaligned_uint64(r + i, x); - } -#if defined(__IAR_SYSTEMS_ICC__) - /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case - * where n is a constant multiple of 8. - * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time - * constant, and is a very small perf regression if n is not a compile-time constant. */ - if (n % 8 == 0) { - return; - } -#endif -#else - for (; (i + 4) <= n; i += 4) { - uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); - mbedtls_put_unaligned_uint32(r + i, x); - } -#if defined(__IAR_SYSTEMS_ICC__) - if (n % 4 == 0) { - return; - } -#endif -#endif -#endif - for (; i < n; i++) { - r[i] = a[i] ^ b[i]; - } -} - -/* Fix MSVC C99 compatible issue - * MSVC support __func__ from visual studio 2015( 1900 ) - * Use MSVC predefine macro to avoid name check fail. - */ -#if (defined(_MSC_VER) && (_MSC_VER <= 1900)) -#define /*no-check-names*/ __func__ __FUNCTION__ -#endif - -/* Define `asm` for compilers which don't define it. */ -/* *INDENT-OFF* */ -#ifndef asm -#if defined(__IAR_SYSTEMS_ICC__) -#define asm __asm -#else -#define asm __asm__ -#endif -#endif -/* *INDENT-ON* */ - -/* - * Define the constraint used for read-only pointer operands to aarch64 asm. - * - * This is normally the usual "r", but for aarch64_32 (aka ILP32, - * as found in watchos), "p" is required to avoid warnings from clang. - * - * Note that clang does not recognise '+p' or '=p', and armclang - * does not recognise 'p' at all. Therefore, to update a pointer from - * aarch64 assembly, it is necessary to use something like: - * - * uintptr_t uptr = (uintptr_t) ptr; - * asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : ) - * ptr = (void*) uptr; - * - * Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings. - */ -#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM) -#if UINTPTR_MAX == 0xfffffffful -/* ILP32: Specify the pointer operand slightly differently, as per #7787. */ -#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p" -#elif UINTPTR_MAX == 0xfffffffffffffffful -/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */ -#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r" -#else -#error "Unrecognised pointer size for aarch64" -#endif -#endif - -/* Always provide a static assert macro, so it can be used unconditionally. - * It does nothing on systems where we don't know how to define a static assert. - */ -/* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it - * defines static_assert even with -std=c99, but then complains about it. - */ -#if defined(static_assert) && !defined(__FreeBSD__) -#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg) -#else -/* Make sure `MBEDTLS_STATIC_ASSERT(expr, msg);` is valid both inside and - * outside a function. We choose a struct declaration, which can be repeated - * any number of times and does not need a matching definition. */ -#define MBEDTLS_STATIC_ASSERT(expr, msg) \ - struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function -#endif - -#if defined(__has_builtin) -#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x) -#else -#define MBEDTLS_HAS_BUILTIN(x) 0 -#endif - -/* Define compiler branch hints */ -#if MBEDTLS_HAS_BUILTIN(__builtin_expect) -#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1) -#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0) -#else -#define MBEDTLS_LIKELY(x) x -#define MBEDTLS_UNLIKELY(x) x -#endif - -/* MBEDTLS_ASSUME may be used to provide additional information to the compiler - * which can result in smaller code-size. */ -#if MBEDTLS_HAS_BUILTIN(__builtin_assume) -/* clang provides __builtin_assume */ -#define MBEDTLS_ASSUME(x) __builtin_assume(x) -#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable) -/* gcc and IAR can use __builtin_unreachable */ -#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0) -#elif defined(_MSC_VER) -/* Supported by MSVC since VS 2005 */ -#define MBEDTLS_ASSUME(x) __assume(x) -#else -#define MBEDTLS_ASSUME(x) do { } while (0) -#endif - -/* For gcc -Os, override with -O2 for a given function. - * - * This will not affect behaviour for other optimisation settings, e.g. -O0. - */ -#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__OPTIMIZE_SIZE__) -#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE __attribute__((optimize("-O2"))) -#else -#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE -#endif - -/* Suppress compiler warnings for unused functions and variables. */ -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) -# if __has_attribute(unused) -# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -# endif -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) -# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) -/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support) - * is given; the pragma always works. - * Unfortunately the pragma affects the rest of the file where it is used, but this is harmless. - * Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't - * able to find documentation). - */ -# if (__VER__ >= 5020000) -# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177") -# endif -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER) -# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) -# define MBEDTLS_MAYBE_UNUSED -#endif - -#endif /* MBEDTLS_LIBRARY_COMMON_H */ From 84f868ec5395da45b3caadee550e512c251a2bd9 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 1 Oct 2024 20:02:56 +0100 Subject: [PATCH 2/8] Move library/common.h to tf-psa-crypto/core directory This commit moves common.h from library to tf-psa-crypto/core. Signed-off-by: Harry Ramsey --- {library => tf-psa-crypto/core}/common.h | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {library => tf-psa-crypto/core}/common.h (100%) diff --git a/library/common.h b/tf-psa-crypto/core/common.h similarity index 100% rename from library/common.h rename to tf-psa-crypto/core/common.h From 91c6d4f81936c2249923ffb99b579b87a82cafa6 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Thu, 3 Oct 2024 13:40:37 +0100 Subject: [PATCH 3/8] Add include for common.h Signed-off-by: Harry Ramsey --- library/x509_internal.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_internal.h b/library/x509_internal.h index 8a2d2ed00..78c529341 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -12,6 +12,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "common.h" #include "mbedtls/x509.h" #include "mbedtls/asn1.h" From 0f6bc41a226e55f522145607cbdc32d95f9653d7 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 4 Oct 2024 10:36:54 +0100 Subject: [PATCH 4/8] Update includes for each library file Signed-off-by: Harry Ramsey --- library/pkcs7.c | 3 +-- library/ssl_cache.c | 3 +-- library/ssl_ciphersuites.c | 2 +- library/ssl_client.c | 3 +-- library/ssl_client.h | 4 ---- library/ssl_cookie.c | 3 +-- library/ssl_debug_helpers.h | 4 +--- library/ssl_misc.h | 1 + library/ssl_msg.c | 3 +-- library/ssl_ticket.c | 3 +-- library/ssl_tls.c | 3 +-- library/ssl_tls12_client.c | 3 +-- library/ssl_tls12_server.c | 3 +-- library/ssl_tls13_client.c | 3 +-- library/ssl_tls13_generic.c | 3 +-- library/ssl_tls13_invasive.h | 2 +- library/ssl_tls13_keys.c | 3 +-- library/ssl_tls13_server.c | 3 +-- library/x509.c | 3 +-- library/x509_create.c | 3 +-- library/x509_crl.c | 3 +-- library/x509_crt.c | 3 +-- library/x509_csr.c | 3 +-- library/x509_internal.h | 3 ++- library/x509write.c | 4 ++-- library/x509write_crt.c | 3 +-- library/x509write_csr.c | 3 +-- 27 files changed, 28 insertions(+), 52 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3aac662ba..9b53ceea3 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -2,12 +2,11 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "x509_internal.h" #include "mbedtls/build_info.h" #if defined(MBEDTLS_PKCS7_C) #include "mbedtls/pkcs7.h" -#include "x509_internal.h" #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 772cb8fdf..28d0cfbb7 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -9,14 +9,13 @@ * to store and retrieve the session information. */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/platform.h" #include "mbedtls/ssl_cache.h" -#include "ssl_misc.h" #include "mbedtls/error.h" #include diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 402c1355c..149595083 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -7,7 +7,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_client.c b/library/ssl_client.c index 345e60893..823708173 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -17,7 +17,6 @@ #include "mbedtls/platform.h" #include "ssl_client.h" -#include "ssl_misc.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" diff --git a/library/ssl_client.h b/library/ssl_client.h index 05ee7e4cc..56e9bf857 100644 --- a/library/ssl_client.h +++ b/library/ssl_client.h @@ -8,11 +8,7 @@ #ifndef MBEDTLS_SSL_CLIENT_H #define MBEDTLS_SSL_CLIENT_H -#include "common.h" - -#if defined(MBEDTLS_SSL_TLS_C) #include "ssl_misc.h" -#endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index cba513d4f..0e374671c 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -9,14 +9,13 @@ * to store and retrieve the session information. */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_COOKIE_C) #include "mbedtls/platform.h" #include "mbedtls/ssl_cookie.h" -#include "ssl_misc.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/constant_time.h" diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 4889e77e0..6f843404c 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -11,13 +11,11 @@ #ifndef MBEDTLS_SSL_DEBUG_HELPERS_H #define MBEDTLS_SSL_DEBUG_HELPERS_H -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_DEBUG_C) #include "mbedtls/ssl.h" -#include "ssl_misc.h" - const char *mbedtls_ssl_states_str(mbedtls_ssl_states in); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 47e56e879..48bc69c0b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,6 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H +#include "common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0165fd639..7000e93e5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -10,14 +10,13 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_TLS_C) #include "mbedtls/platform.h" #include "mbedtls/ssl.h" -#include "ssl_misc.h" #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index bfb656cf6..615b37fd6 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -5,13 +5,12 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_TICKET_C) #include "mbedtls/platform.h" -#include "ssl_misc.h" #include "mbedtls/ssl_ticket.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 62472484d..39c7a2e3c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9,7 +9,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_TLS_C) @@ -18,7 +18,6 @@ #include "mbedtls/ssl.h" #include "ssl_client.h" #include "ssl_debug_helpers.h" -#include "ssl_misc.h" #include "debug_internal.h" #include "mbedtls/error.h" diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index eac6a3aad..0affc91c4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -13,7 +13,6 @@ #include "mbedtls/ssl.h" #include "ssl_client.h" -#include "ssl_misc.h" #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 03722ac33..76200be61 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -5,14 +5,13 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) #include "mbedtls/platform.h" #include "mbedtls/ssl.h" -#include "ssl_misc.h" #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 162e3a314..53c519c4b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -15,7 +15,6 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" -#include "ssl_misc.h" #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3f1f551dd..6a7d50272 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -19,7 +19,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "ssl_misc.h" #include "ssl_tls13_invasive.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index b4506f71c..73e0e304f 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -6,7 +6,7 @@ #ifndef MBEDTLS_SSL_TLS13_INVASIVE_H #define MBEDTLS_SSL_TLS13_INVASIVE_H -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 739414ea2..96aad1c4b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -17,7 +17,6 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" -#include "ssl_misc.h" #include "ssl_tls13_keys.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 9c949bd0b..ab27c94ef 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -16,7 +16,6 @@ #include "mbedtls/oid.h" #include "mbedtls/psa_util.h" -#include "ssl_misc.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" diff --git a/library/x509.c b/library/x509.c index be7b277bb..0571687da 100644 --- a/library/x509.c +++ b/library/x509.c @@ -15,11 +15,10 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_USE_C) -#include "x509_internal.h" #include "mbedtls/asn1.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509_create.c b/library/x509_create.c index 130983189..48ac080cb 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -5,11 +5,10 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CREATE_C) -#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index 7901992e2..e67fde721 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -15,12 +15,11 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CRL_PARSE_C) #include "mbedtls/x509_crl.h" -#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 1de1ee64c..00f310739 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -17,12 +17,11 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/x509_crt.h" -#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 813d64466..3a7826868 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -15,12 +15,11 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CSR_PARSE_C) #include "mbedtls/x509_csr.h" -#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index 78c529341..1ec808a2e 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -9,10 +9,11 @@ */ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H + +#include "common.h" #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" -#include "common.h" #include "mbedtls/x509.h" #include "mbedtls/asn1.h" diff --git a/library/x509write.c b/library/x509write.c index 4704900d3..8288c892b 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -4,11 +4,11 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "x509_internal.h" + #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" -#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ce9e4a610..8bce1ccf5 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -11,12 +11,11 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" -#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0d6f6bb1d..604c94c3e 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -10,11 +10,10 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) -#include "x509_internal.h" #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" From 4d432d6ea527cc9fc10faae4425818574a1e4868 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 11 Oct 2024 12:20:13 +0100 Subject: [PATCH 5/8] Remove mbedtls/build_info from pkcs7.c This commit removes #include "mbedtls/buildinfo.h" from pkcs7.c as it is not needed unlike other C modules. Signed-off-by: Harry Ramsey --- library/pkcs7.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 9b53ceea3..ff0567c6f 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -4,7 +4,6 @@ */ #include "x509_internal.h" -#include "mbedtls/build_info.h" #if defined(MBEDTLS_PKCS7_C) #include "mbedtls/pkcs7.h" #include "mbedtls/asn1.h" From e8e23fb51997797a381482c8456d43b8ed126262 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 11 Oct 2024 12:21:30 +0100 Subject: [PATCH 6/8] Include ssl_misc.h for additional SSL helper files This commit replaces #include "common.h" in favour of #include "ssl_misc.h". Signed-off-by: Harry Ramsey --- library/debug.c | 2 +- library/mps_reader.c | 2 +- library/mps_trace.c | 2 +- library/mps_trace.h | 2 +- library/net_sockets.c | 2 +- library/ssl_misc.h | 1 - library/version.c | 2 +- 7 files changed, 6 insertions(+), 7 deletions(-) diff --git a/library/debug.c b/library/debug.c index c36ed3c5c..a48635372 100644 --- a/library/debug.c +++ b/library/debug.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_DEBUG_C) diff --git a/library/mps_reader.c b/library/mps_reader.c index 27d0c04c1..0fe7dfe95 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/library/mps_trace.c b/library/mps_trace.c index 69f6e5a0f..98449b5f7 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/library/mps_trace.h b/library/mps_trace.h index b456b2ffd..ac2b75f6b 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -12,7 +12,7 @@ #ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H #define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H -#include "common.h" +#include "ssl_misc.h" #include "mps_common.h" #include "mps_trace.h" diff --git a/library/net_sockets.c b/library/net_sockets.c index ef89a88ef..33616bccb 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -15,7 +15,7 @@ #define _XOPEN_SOURCE 600 /* sockaddr_storage */ #endif -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_NET_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 48bc69c0b..5bda91a28 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -48,7 +48,6 @@ #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" #include "pk_internal.h" -#include "common.h" /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ diff --git a/library/version.c b/library/version.c index 04397332b..2cd947da7 100644 --- a/library/version.c +++ b/library/version.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_VERSION_C) From b81cd1af6418823a2b5ffbd3710ceac9b0e0afa4 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 14 Oct 2024 08:40:11 +0100 Subject: [PATCH 7/8] Update includes for generated files This commit replaces the include of "common.h" with "ssl_misc.h" for generated files. Signed-off-by: Harry Ramsey --- scripts/data_files/version_features.fmt | 2 +- scripts/generate_ssl_debug_helpers.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index d820d4d1a..fc71f5d77 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_VERSION_C) diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 600d16096..df3d9b93a 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -350,7 +350,7 @@ def __str__(self): * */ -#include "common.h" +#include "ssl_misc.h" #if defined(MBEDTLS_DEBUG_C) From fb6cea508fffea972bea29388b3775e65610a682 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 14 Oct 2024 08:41:31 +0100 Subject: [PATCH 8/8] Remove duplicate mbedtls/build_info.h include This commit removes duplicate includes for mbedtls/build_info.h where the file already includes common.h. Signed-off-by: Harry Ramsey --- library/ssl_misc.h | 1 - library/x509_internal.h | 2 -- 2 files changed, 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5bda91a28..66117dd31 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -11,7 +11,6 @@ #define MBEDTLS_SSL_MISC_H #include "common.h" -#include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index 1ec808a2e..ec1ac50db 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -13,8 +13,6 @@ #include "common.h" #include "mbedtls/private_access.h" -#include "mbedtls/build_info.h" - #include "mbedtls/x509.h" #include "mbedtls/asn1.h" #include "pk_internal.h"