Update Windows Crypto APIs #1453
Conversation
simonbutcher
added
CLA valid
needs-review
| @@ -92,7 +92,7 @@ if(CMAKE_COMPILER_IS_CLANG) | |||
| endif(CMAKE_COMPILER_IS_CLANG) | |||
|
|
|||
| if(WIN32) | |||
| set(libs ${libs} ws2_32) | |||
| set(libs ${libs} ws2_32 bcrypt) | |||
There was a problem hiding this comment.
This prevents building for old Windows versions, not just with Visual Studio but with e.g. mingw. Do we want that?
Not necessarily a blocker anyway, we can tell people with special needs (e.g. Windows XP) to edit the build scripts.
This applies to all the places where the build scripts have an added declaration to link with bcrypt.
There was a problem hiding this comment.
That's a decision we've already made. Please see the new policy on it.
Basically, this is going into development and the older LTS branches will be maintained for older Windows installations.
There was a problem hiding this comment.
@gilles-peskine-arm I do maintain patchsets for recent versions of mbed TLS, as I tend to support Windows 2000/XP as a side effect of linking against the system libc msvcrt.dll. (Of course, depending on the rest of the project, this is not always guaranteed.)
(Yes, this has been discouraged since 1999. This is why import libraries for the recent versioned libc are included with mingw-w64. But GCC continues doing so by default because it assumes a single, systemwide libc.so as on UNIX and Linux)
| if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) ) | ||
| return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); | ||
|
|
||
| w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir, | ||
| MAX_PATH - 3 ); |
There was a problem hiding this comment.
Preexisting: at some point someone is going to complain that CP_ACP is obsolescent. We should add a warning to state that this code depends on using a unibyte code page, because the output buffer size is in characters, not bytes. Changing to e.g. CP_UTF8 would require more complex code here. See https://msdn.microsoft.com/en-us/library/windows/desktop/dd319072(v=vs.85).aspx
There was a problem hiding this comment.
I don't see any functional bug here, just a maintenance issue that could lead to a bug in the future. This needs to be a comment in the code. What would be the bug? To switch to CP_UTF8? I don't know if it's the right thing. For all I know, CP_ACP is fine because we want to treat the file name as just some string to be passed (semantically) unchanged and we don't care about encoding.
There was a problem hiding this comment.
It seems to me that #1427 would bypass this issue. I'd still rather have the comment, even in the backports.
There was a problem hiding this comment.
I think I should have said raise it as an issue, not a bug, and that implies a fault.
I'm not sure my point was obvious enough to I'll explain it again. @irwir has created a PR to change the strings that touch the platform from char's to TCHAR's to allow portability between ASCII/UTF-8 and Unicode, including changing interface code so the public interface on Windows can accept TCHAR strings.
I do think we need to consider how we interface with Windows and what we should do about this, and consider if and how we address the issue.
My suggestion of raising an issue was really about that.
Anyway - I'll take your point and add a comment.
There was a problem hiding this comment.
I didn't want to change this code more than I had to when I originally added this, but since you've brought it up, it looks like the whole point of these conversions is to call FindFirstFileW and FindNextFileW, and then to convert their results back to narrow character strings to be used.
Another possibility is to dispense with wide character strings entirely, since the mbedTLS API always takes narrow character strings, and use the narrow character string Windows equivalents: the FindFirstFileA and FindNextFileA functions and the WIN32_FIND_DATAA type. Then the platform will do all the string conversions internally and this code can only deal in narrow character strings.
If you decide to move to a TCHAR API approach then all of this is moot, of course, but for however long you stick with narrow character strings, you might consider this.
There was a problem hiding this comment.
this code depends on using a unibyte code page
Is 'unibyte' word about one byte being one character?
In that case, ANSI is no more unibyte than UTF-8. Just remember ANSI code pages for Oriental languages.
Whereever needed, Windows provided two APIs for the same function: one ANSI, and one Unicode.
No conversion should be needed when strings and API were both of ANSI kind.
There was a problem hiding this comment.
Yes, “unibyte” means that 1 character = 1 byte. Thanks @irwir, I didn't know that ANSI could be multibyte (I'm not familiar with Windows APIs at all). Given that szDir is a WCHAR array, is the size correct? In other words, does an ANSI character always fit in a WCHAR?
There was a problem hiding this comment.
does an ANSI character always fit in a WCHAR?
That could be expected in most cases, but not guaranteed because WCHAR implies Unicode with its peculiarities.
MAX_PATH dedermines the number of array elements, not the number of characters (see description of WIN32_FIND_DATA structure). And, as said, conversion to wide character is not needed.
There was a problem hiding this comment.
Another possibility is to dispense with wide character strings entirely, since the mbedTLS API always takes narrow character strings
The cryptographic part actually uses bytes and does not care about characters.
Characters appear when API refers to path/file names. As I was told, the library was supposed to use UTF-8 encoding, and that is not what 'narrow' strings mean in Windows code.
| @@ -155,7 +155,7 @@ libmbedcrypto.dylib: $(OBJS_CRYPTO) | |||
|
|
|||
| libmbedcrypto.dll: $(OBJS_CRYPTO) | |||
| echo " LD $@" | |||
| $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,[email protected] -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) | |||
| $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,[email protected] -o $@ $(OBJS_CRYPTO) -lws2_32 -lbcrypt -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) | |||
There was a problem hiding this comment.
Blocker: you need to update something for the non-shared build as well. Under Ubuntu 17.10:
$ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1
…
CC test_suite_entropy.c
../library/libmbedcrypto.a(entropy_poll.o):entropy_poll.c:(.text+0x78): undefined reference to `BCryptGenRandom@16'
collect2: error: ld returned 1 exit status
Makefile:309: recipe for target 'test_suite_entropy.exe' failed
There was a problem hiding this comment.
Fixed in 63450c3.
|
We should document the minimum mingw version in README. If not, at least on the website (update the KB article https://tls.mbed.org/kb/compiling-and-building/compiling-mbedtls-in-mingw). |
|
@gilles-peskine-arm - We already have an open task in JIRA (IOTSSL-1042) to update the mingw documentation. |
|
Review comments from @gilles-peskine-arm addressed. Please review my responses and respond or approve. Thanks! |
|
Updated with a comment on the codepage @gilles-peskine-arm / @Patater - please re-review and approve. |
|
Testing done (in addition to CI checks): |
|
The provided solution files for x64 fail to build. This is either a regression introduced by this PR or because the PR is based on old versions of those files. If the latter, please consider rebasing on a more recent point in history to get our recent fixes to those solution files. |
|
@Patater - You're right. It was a regression introduced by the PR, which is now fixed. The PR is now passing the Windows CI and builds for Win32 and x64 with Visual Studio 2015 on my development machine. @gilles-peskine-arm / @Patater - please review and approve as you see fit. Please note I've also removed the obsolete Visual Studio 6 project files. |
There was a problem hiding this comment.
Blocker: scripts/generate_visualc_files.pl modifies some files, the VS files are not aligned with template. The culprit is commit b862f4c which should have included the template as well.
I also don't understand the reason for b862f4c. In the new commit message, please explain why the change was done. Feel free to amend b862f4c.
|
@gilles-peskine-arm b862f4c is basically a fixup to "Replace Windows APIs that are banned in Windows Store apps" (e241eb0). "Replace Windows APIs that are banned in Windows Store apps" introduces a regression by incorrectly re-adding mbedTLS.lib to the vcproj files, which we had removed to fix bug #1347. The commit history would be simpler and easier to understand if b862f4c were applied as a fixup to e241eb0, but that makes reviewing with GitHub more difficult. |
|
Thanks @Patater . Rather than change an old commit, which will make the history inaccurate and makes it harder to diagnose problems later, I'd rather have a fix-up commit that says ”do <such-and-such>. This reverts the incorrect change made in commit 1234 which caused <problem>.” |
simonbutcher
force-pushed
the
win32-crypto-api-fix
branch
from
cbbc28e to
a587c92
Compare
|
This PR failed in my attempts to merge it causing the CI release job to fail. I've rebased the PR (will need re-approval - sorry), and set off a new CI release job #894. Demoting to 'needs: work'. |
simonbutcher
added
needs-work
and removed
approved
|
The CI job #894 This passed before the rebase. |
|
I've tested with the Docker image in the CI, and the issue is the version of mingw is too old, being This is too old, and even Ubuntu 17.10 currently has a package version of This issue is with the CI and needs to be updated to merge this PR. |
|
retest |
|
i'm sad this PR hasn't been merged yet, but since it hasn't, i thought i'd point out an alternative that causes less changed files.
into entropy_poll.c (eg just after |
|
Is there any chance that this change ends up in a release any time soon? What is blocking it? Can I do something to help out? |
|
I'll pick this PR up again, rebase it and resubmit it. Hopefully we can get it in this time. |
|
@joycepg that trick only works for Microsoft C. |
|
Note: there was a PR on the crypto side that may or may not contain changes that need to be picked up here now: ARMmbed/mbed-crypto#341 |
|
Any news on this? I'm trying to build a project that uses mbedtls for UWP. |
|
For the record, we've been using that PR downstream in Godot Engine for a few years for our UWP build. Here's a diff of this PR compatible with mbedTLS 2.28.1: https://github.com/godotengine/godot/blob/master/thirdparty/mbedtls/patches/1453.diff Our UWP port doesn't see a lot of use though so I can't attest for how well this solves the issue, and whether mbedTLS works properly on UWP. |
The Not sure what's the state with Edit: A workaround for |
davidhorstmann-arm
added
the
historical-reviewing
|
For the record, |
|
Superseded by #8047 I believe? |
Description
This is an update on PR #730 to address issues building with mingw and Visual Studio when using
cmakegenerated files.To quote the original PR.
Also, removed the obsolete Visual Studio 6 data files which are no longer used.
Status
READY
Requires Backporting
NO
Migrations
NO
Todos