1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/usr/bin/perl
# Tune the configuration file
use warnings;
use strict;
my $usage = <<EOU;
$0 [-f <file>] unset <name>
$0 [-f <file>] set <name> [<value>]
EOU
# for our eyes only:
# $0 [-f <file>] full|realfull
# Things that shouldn't be enabled with "full".
# Notes:
# - MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 and
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the
# respective tests were adapted
my @excluded = qw(
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
MBEDTLS_ECP_DP_M221_ENABLED
MBEDTLS_ECP_DP_M383_ENABLED
MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_ZLIB_SUPPORT
MBEDTLS_PKCS11_C
_ALT\s*$
);
# Things that should be enabled in "full" even if they match @excluded
my @non_excluded = qw(
PLATFORM_[A-Z0-9]+_ALT
);
my $config_file = "include/mbedtls/config.h";
# get -f option
if (@ARGV >= 2 && $ARGV[0] eq "-f") {
shift; # -f
$config_file = shift;
-f $config_file or die "No such file: $config_file\n";
} else {
if (! -f $config_file) {
chdir '..' or die;
-f $config_file
or die "Without -f, must be run from root or scripts\n"
}
}
# get action
die $usage unless @ARGV;
my $action = shift;
my ($name, $value);
if ($action eq "full" || $action eq "realfull") {
# nothing to do
} elsif ($action eq "unset") {
die $usage unless @ARGV;
$name = shift;
} elsif ($action eq "set") {
die $usage unless @ARGV;
$name = shift;
$value = shift if @ARGV;
} else {
die $usage;
}
die $usage if @ARGV;
open my $config_read, '<', $config_file or die "read $config_file: $!\n";
my @config_lines = <$config_read>;
close $config_read;
my ($exclude_re, $no_exclude_re);
if ($action eq "realfull") {
$exclude_re = qr/^$/;
$no_exclude_re = qr/./;
} else {
$exclude_re = join '|', @excluded;
$no_exclude_re = join '|', @non_excluded;
}
open my $config_write, '>', $config_file or die "write $config_file: $!\n";
my $done;
for my $line (@config_lines) {
if ($action eq "full" || $action eq "realfull") {
if ($line =~ /name SECTION: Module configuration options/) {
$done = 1;
}
if (!$done && $line =~ m!^//\s?#define! &&
( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) {
$line =~ s!^//\s?!!;
}
if (!$done && $line =~ m!^\s?#define! &&
! ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) {
$line =~ s!^!//!;
}
} elsif ($action eq "unset") {
if (!$done && $line =~ /^\s*#define\s*$name\b/) {
$line = '//' . $line;
$done = 1;
}
} elsif (!$done && $action eq "set") {
if ($line =~ m!^(?://)?\s*#define\s*$name\b!) {
$line = "#define $name";
$line .= " $value" if defined $value && $value ne "";
$line .= "\n";
$done = 1;
}
}
print $config_write $line;
}
close $config_write;
die "configuration section not found" if ($action eq "full" && !$done);
die "$name not found" if ($action ne "full" && !$done);
__END__
|
