From 8e44a94d395c011fdba40f4bb83f6d648169b048 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Sep 2025 15:27:20 +0200 Subject: [PATCH] Automatically generate checkers for removed options Read the list of historical config options in 3.6, compare that to 1.0/4.0 and emit the appropriate checkers. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 29 +++++++++++++++++++++++------ tests/scripts/test_config_checks.py | 4 ++-- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index c5d8054207..a2a174bb4c 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -3,9 +3,12 @@ """Generate C preprocessor code to check for bad configurations. """ +from typing import Iterator + import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import +from mbedtls_framework import config_history class CryptoInternal(SubprojectInternal): SUBPROJECT = 'TF-PSA-Crypto' @@ -13,16 +16,30 @@ class CryptoInternal(SubprojectInternal): class CryptoOption(SubprojectOption): SUBPROJECT = 'psa/crypto_config.h' +def checkers_for_removed_options() -> Iterator[Checker]: + """Discover removed options. Yield corresponding checkers.""" + history = config_history.ConfigHistory() + old_public = history.options('mbedtls', '3.6') + new_public = history.options('mbedtls', '4.0') + crypto_public = history.options('tfpsacrypto', '1.0') + crypto_internal = history.internal('tfpsacrypto', '1.0') + for option in sorted(old_public - new_public): + if option in crypto_public: + yield CryptoOption(option) + elif option in crypto_internal: + yield CryptoInternal(option) + else: + yield Removed(option, 'Mbed TLS 4.0') + +def all_checkers() -> Iterator[Checker]: + """Yield all checkers.""" + yield from checkers_for_removed_options() + MBEDTLS_CHECKS = BranchData( header_directory='library', header_prefix='mbedtls_', project_cpp_prefix='MBEDTLS', - checkers=[ - CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'), - CryptoOption('MBEDTLS_BASE64_C'), - Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), - Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), - ], + checkers=list(all_checkers()), ) if __name__ == '__main__': diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 911e2d9a58..86fd4db095 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -59,7 +59,7 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): """Error when redundantly setting a subproject internal option.""" self.bad_case('#define PSA_WANT_ALG_MD5 1', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_MD5_C_added(self) -> None: """Error when setting a subproject internal option that was disabled.""" @@ -68,7 +68,7 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): #undef MBEDTLS_MD5_C ''', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: """Ok to redundantly set a subproject option."""