Skip to content

Introduce generated config checks in mbedtls #10340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 19, 2025
Merged

Introduce generated config checks in mbedtls #10340

merged 5 commits into from
Sep 19, 2025
+80 −4

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Jul 31, 2025
edited
Loading

Introduce generate_config_checks.py and instructions to use it in the build scripts. Do not yet consume the generated files, to keep the same pace as crypto.

Contributes to #10147. See #10306 for what this will look like when consumed by the library.

Needs preceding PR: Mbed-TLS/mbedtls-framework#196, Mbed-TLS/TF-PSA-Crypto#404

PR checklist

@gilles-peskine-arm gilles-peskine-arm added needs-ci Needs to pass CI tests size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Jul 31, 2025
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch 2 times, most recently from b57825f to 8a6af1d Compare August 1, 2025 18:47
This was referenced Aug 2, 2025
Merged
Merged
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members, needs-preceding-pr Requires another PR to be merged first needs-reviewer This PR needs someone to pick it up for review and removed needs-ci Needs to pass CI tests labels Aug 2, 2025
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Aug 2, 2025
Merged
5 tasks
mpg
mpg previously approved these changes Sep 15, 2025
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from 8a6af1d to 4891336 Compare September 15, 2025 18:12
@gilles-peskine-arm
Copy link
Contributor Author

I rebased in on top of the head of development and updated the submodules with the companion PR. The previous version is available at https://github.com/gilles-peskine-arm/mbedtls/tree/config-checks-generator-mbedtls. I've also pushed a new commit "Use --list-for-cmake with generate_config_checks.py".

@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Sep 16, 2025
Merged
3 tasks
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from 4891336 to a0b7c83 Compare September 16, 2025 13:59
@gilles-peskine-arm gilles-peskine-arm added needs-ci Needs to pass CI tests and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Sep 16, 2025
mpg
mpg previously approved these changes Sep 16, 2025
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @ a0b7c83

@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from a0b7c83 to d99fa47 Compare September 16, 2025 20:10
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Sep 16, 2025
Merged
3 tasks
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from d99fa47 to f7337be Compare September 17, 2025 09:44
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Sep 17, 2025
Open
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from f7337be to da6c634 Compare September 17, 2025 11:12
@gilles-peskine-arm gilles-peskine-arm removed the needs-ci Needs to pass CI tests label Sep 17, 2025
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from da6c634 to a79425a Compare September 19, 2025 11:36
@gilles-peskine-arm
Update submodules with config_checks_generator.py
ff63066 
* Update framework with `config_checks_generator.py`.
* Update crypto with the files generated by `generate_config_checks.py`.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Generate checks for bad options in the config file
3374f6e 
Just a proof-of-concept for now. Interesting checks will come later.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Register generate_config_files.py outputs as generated files
b53b443 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Register crypto's generate_config_files.py outputs as generated files
67b115c 
Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no
mechanism for TF-PSA-Crypto to declare them.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Use --list-for-cmake with generate_config_checks.py
6712f1b 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm force-pushed the config-checks-generator-mbedtls branch from a79425a to 6712f1b Compare September 19, 2025 11:36
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests and removed needs-preceding-pr Requires another PR to be merged first needs-review Every commit must be reviewed by at least two team members, labels Sep 19, 2025
@gilles-peskine-arm
Copy link
Contributor Author

gilles-peskine-arm commented Sep 19, 2025
edited
Loading

This was hopefully the last rebase, updating the crypto submodule to the head of development including Mbed-TLS/TF-PSA-Crypto#404, and rebased on top of the head of mbedtls development (which will resolve the failure of the readthedocs job).

@gilles-peskine-arm gilles-peskine-arm added priority-very-high Highest priority - prioritise this over other review work and removed priority-high High priority - will be reviewed soon labels Sep 19, 2025
minosgalanakis
minosgalanakis approved these changes Sep 19, 2025
View reviewed changes
Copy link
Contributor

@minosgalanakis minosgalanakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-project-automation github-project-automation bot moved this from In Development to Has Approval in Roadmap pull requests (new board) Sep 19, 2025
@valeriosetti valeriosetti added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests labels Sep 19, 2025
@yanesca yanesca added this pull request to the merge queue Sep 19, 2025
Merged via the queue into Mbed-TLS:development with commit c84dbee Sep 19, 2025
5 of 8 checks passed
@github-project-automation github-project-automation bot moved this from Has Approval to Done in Roadmap pull requests (new board) Sep 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@minosgalanakis minosgalanakis minosgalanakis approved these changes

@valeriosetti valeriosetti valeriosetti approved these changes

@mpg mpg mpg left review comments

Assignees
No one assigned
Labels
approved Design and code approved - may be waiting for CI or backports priority-very-high Highest priority - prioritise this over other review work size-s Estimated task size: small (~2d)
Projects
Roadmap pull requests (new board)
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gilles-peskine-arm @mpg @minosgalanakis @valeriosetti @yanesca