diff --git a/framework b/framework index 8ed11c99fe..e07b6643e8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 +Subproject commit e07b6643e8db5fe2fdc20be288b91a2194316862 diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 87ea6c3150..b8273bc757 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -59,10 +59,10 @@ */ #if defined(__has_attribute) #if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 +#if defined(__MINGW32__) #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((__format__(gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ +#else /* defined(__MINGW32__) */ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format(printf, string_index, first_to_check))) #endif @@ -73,30 +73,15 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. +/* Legacy definitions, kept for backward compatibility. + * Since Mbed TLS 4.1, the standard specifiers are always valid. + * We still define the macros because they're part of the Mbed TLS 4.0 API. + * In the library and test code, keep using them for code that's backported + * to 3.6. */ -#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_SIZET_HEX PRIxPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_SIZET_HEX "zx" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ +#define MBEDTLS_PRINTF_SIZET "zu" +#define MBEDTLS_PRINTF_SIZET_HEX "zx" +#define MBEDTLS_PRINTF_LONGLONG "lld" #if !defined(MBEDTLS_PRINTF_MS_TIME) #include diff --git a/library/debug.c b/library/debug.c index e622ac9ed4..59969070c4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,6 +21,30 @@ /* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 +/* Temporary hack: on MingW, do not honor the platform.h configuration + * for snprintf and vsnprintf. Instead, force the native functions, + * which are the standard ones, not the Windows legacy ones. + * + * This hack should be removed once TF-PSA-Crypto has been updated to + * use the standard printf family. + */ +#if defined(__MINGW32__) +#undef mbedtls_snprintf +#define mbedtls_snprintf snprintf +#undef mbedtls_vsnprintf +#define mbedtls_vsnprintf vsnprintf +#endif + +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) +{ + va_list argp; + va_start(argp, format); + int ret = mbedtls_vsnprintf(dest, maxlen, format, argp); + va_end(argp); + return ret; +} + static int debug_threshold = 0; void mbedtls_debug_set_threshold(int threshold) diff --git a/library/debug_internal.h b/library/debug_internal.h index d09e492094..2b869450f6 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -12,6 +12,19 @@ #include "mbedtls/debug.h" +/* This should be equivalent to mbedtls_snprintf(). But it might not be due + * to platform shenanigans. For example, Mbed TLS and TF-PSA-Crypto could + * have inconsistent platform definitions. On Mingw, some code might + * be built with a different setting of __USE_MINGW_ANSI_STDIO, resulting + * in an old non-C99 printf being used somewhere. + * + * Our library assumes that mbedtls_snprintf() and other printf functions + * are consistent throughout. This function is not an official API and + * is not meant to be used inside the library. It is provided to help + * debugging printf inconsistencies issues. If you need it, good luck! + */ +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(3, 4); /** * \brief Print a message to the debug output. This function is always used * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h new file mode 100644 index 0000000000..43dac8266b --- /dev/null +++ b/library/mbedtls_common.h @@ -0,0 +1,43 @@ +/** + * \file mbedtls_common.h + * + * \brief Utility macros for internal use in the library. + * + * This file should be included as the first thing in all library C files + * (directly, or indirectly via x509_internal.h or ssl_misc.h). + * It must not be included by sample programs, since sample programs + * illustrate what you can do without the library sources. + * It may be included (often indirectly) by test code that isn't purely + * black-box testing. + * + * This file takes care of setting up requirements for platform headers. + * It includes the library configuration and derived macros. + * It additionally defines various utility macros and other definitions + * (but no function declarations). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_COMMON_H +#define MBEDTLS_MBEDTLS_COMMON_H + +/* Before including any system header, declare some macros to tell system + * headers what we expect of them. + * + * Do this before including any header from TF-PSA-Crypto, since the + * convention is first-come-first-served (so that users can + * override some macros on the command line, and individual users can + * override some macros before including the common header). + */ +#include "mbedtls_platform_requirements.h" + +/* From this point onwards, ensure we have the library configuration and + * the configuration-derived macros. */ +#include + +/* Mbed TLS requires TF-PSA-Crypto internals. */ +#include "tf_psa_crypto_common.h" + +#endif /* MBEDTLS_MBEDTLS_COMMON_H */ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index a3deae3152..48be660015 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -6,6 +6,10 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* We are a special snowflake: we don't include "mbedtls_common.h", + * because that would pull and we need to + * tune the way it works. */ + /* Apply the TF-PSA-Crypto configuration first. We need to do this * before , because "mbedtls_config_check_before.h" * needs to run after the crypto config (including derived macros) is diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h new file mode 100644 index 0000000000..c86204e6fa --- /dev/null +++ b/library/mbedtls_platform_requirements.h @@ -0,0 +1,32 @@ +/** + * \file mbedtls_platform_requirements.h + * + * \brief Declare macros that tell system headers what we expect of them. + * + * This file must be included before any system header, and so in particular + * before build_info.h (which includes the user config, which may include + * system headers). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +#define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H + +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + * + * Defining __USE_MINGW_ANSI_STDIO=0 may work and provide a small code size + * and performance benefit for some combinations of older Mingw and Windows + * versions. Do this at your own risk and make sure that least + * test_suite_debug passes. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + +#endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f8c03dfa2f..5f8980a20e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index ea3aeb6351..fcb996b19d 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/private_access.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cb316706b7..fc00473cfc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -5,14 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/private/pk_private.h" - #include "ssl_test_lib.h" -#include "test/psa_crypto_helpers.h" - #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) { @@ -27,6 +21,8 @@ int main(void) } #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ +#include "test/psa_crypto_helpers.h" + /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ #define MEMORY_HEAP_SIZE 120000 diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 8310bd21f3..9d7fb99e09 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0ae2f79303..79cbad877d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "ssl_test_lib.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 62da9e92c8..491da1dd5f 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -8,6 +8,17 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/private/pk_private.h" #include "mbedtls/build_info.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 7312edf690..51cd45f026 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" @@ -441,8 +450,7 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ - "\n", \ + " - cannot check type '" #TYPE "' of size %zu\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 69bec9fe40..0d91ccbf32 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Error message information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/error.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index fc71f5d777..4b28764a7e 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Version feature information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "ssl_misc.h" +#include "mbedtls_common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 3d72056528..d9a5c5c2ed 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,46 @@ printf "%" MBEDTLS_PRINTF_SIZET, 0 printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" +printf "%" MBEDTLS_PRINTF_SIZET, 1 byte +printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42" + +printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes +depends_on:SIZE_MAX>=0xffffffffffffffff +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720" + printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912" + printf "%" MBEDTLS_PRINTF_MS_TIME, 0 printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 05b0112b93..2d5e5619b6 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -116,11 +116,11 @@ void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char * /* Nominal case: buffer just large enough */ TEST_CALLOC(output, n + 1); if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (int) x)); } else if (sizeof_x == sizeof(long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long) x)); } else if (sizeof_x == sizeof(long long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long long) x)); } else { TEST_FAIL( "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)");