Remove redundant declarations and update docs#727
Remove redundant declarations and update docs#727bjwtaylor wants to merge 2 commits intoMbed-TLS:developmentfrom
Conversation
bjwtaylor
force-pushed
the
redundant-declarations
branch
2 times, most recently
from
434dc9e to
7f372f8
Compare
bjwtaylor
changed the title
Some functions in crypto.h are only there for doxygen purpopses and are declared fully in crypto_structs.h. This commit adds __DOXYGEN_ONLY__ guards aroudn these functions to prevent them generating a duplicate definition warning. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
bjwtaylor
force-pushed
the
redundant-declarations
branch
from
b812e34 to
91df7b5
Compare
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
bjwtaylor
force-pushed
the
redundant-declarations
branch
from
91df7b5 to
48d6411
Compare
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
The proposed change is not desirable.
It's not really clear to me what the goal is. If the goal is to compile with no warnings from gcc -Wredundant-decls, we need a different solution. That could be some header restructuring, or selectively disabling the warning using pragmas.
If we make our code clean with -Wredundant-decls, we need to add this to our build scripts so that it's enforced. However, it's not fully clear to me why this is desirable. We've never promised to pay attention to this warning and I don't see why it's useful.
| * @{ | ||
| */ | ||
|
|
||
| #ifdef __DOXYGEN_ONLY__ |
There was a problem hiding this comment.
Marking some function prototypes as Doxygen-only doesn't make sense. The reason to have prototypes is so that the C compiler sees them.
The reason some static inline functions have a prototype in crypto.h and a definition in crypto_struct.h is that the prototypes are the same for everyone, but the function definitions are not. By default, TF-PSA-Crypto presents itself a library. But it can also be integrated as a client and server, in which case the integrator makes some changes:
- On the client side:
- Define
MBEDTLS_PSA_CRYPTO_CLIENTbut notMBEDTLS_PSA_CRYPTO_C. - Edit
crypto_struct.hto change the definitions of operation structures, typically to have an operation handle instead of cryptographic material. - Provide implementations of the PSA API functions (excluding the
static inlinefunctions that manipulate a local struct) that makes remote procedure calls to the server.
- Define
- On the server side:
- Probably define
MBEDTLS_PSA_CRYPTO_SPMand likelyMBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER. - Implement the server side of the remote procedure calls.
- Probably define
While the definitions of the struct constructors in crypto_struct.h are customizable, their prototypes are not. Hence the prototypes live in crypto.h. And the prototypes must be visible to the C compiler.
There was a problem hiding this comment.
That being said, is the current code really what it should be? No, there are two things that I never got around to fixing.
psa_key_attributes_tis not supposed to be user-serviceable, unlike operation structures. So it should be incrypto_types.h, and its inline accessor functions should not be defined incrypto_struct.h.- The definitions of the struct constructor functions (
psa_xxx_init()) don't actually need to be incrypto_struct.h, because their textual definition is actually the same for everyone. They're defined in terms of the correspondingPSA_XXX_INITmacro. Only the macro needs to be customized if you customize the struct layout.
We could fix this. It would be an incompatible change for integrators who customize crypto_struct.h. We don't explicitly promise any backward compatibility for such custom integrations, so I think it would be ok to do what I just wrote in the development branch. But I don't think we should do it in an LTS branch unless there's a compelling reason, and I don't see a compelling reason.
There was a problem hiding this comment.
OK, thanks for your comments. Let's put this one on hold pending design review of the original issue. There is also a related PR here: Mbed-TLS/mbedtls#10659. It's the same issue, but not the same solution. Let me know what you think about this one, maybe we just decide we don't want to fix these warnings?
gilles-peskine-arm
added
size-s
2 participants
Description
Currently we have a duplicate definition warning caused by the same definition being in crypto.h and crypto_structs.h My understanding from the docs is crypto.h is the public API and crypto_structs.h is the backend implementation. If I have understood correctly there will always be a crypto_structs.h or similar definition and this will always be the definition we need the system to use. Therefore what I can tell this means crypto.h exists purely for documentation. I have therefore resolved the issue by guarding the duplicate definitions with DOXYGEN_ONLY. My understanding is this will remove them from compilation, however they will still be used in the API documentation.
Fix Mbed-TLS/mbedtls#10376
PR checklist