gmtime_r and mbedtls_time on Windows

[NWilson]

This PR fixes a couple of issues:

• mbedTLS should not be calling gmtime_r. Even with a mutex, the call is simply unsafe (other threads in the application could be calling it, obviously without holding mbedTLS's mutex). It's simply not appropriate to be using non-thread-safe APIs in a security library.
• On Windows, the mbedtls_time platform abstraction does not work, because for some reason the time() API is not used on Windows? I can't think of any reason not to use it, the Windows time implementation ought to go through the same platform abstraction layer as any other feature.
• The second commit fixes the build with -std=c99. There are a couple of existing places in the code where this is broken, plus gmtime_r adds another one.

Issue: #704

[RonEld]

@NWilson Thank you for your continuous contributions!
We will have a look at it.

[k-stachowiak]

The PR introduces valuable changes, especially the synchronization problem fix. Additionally it cleans up some legacy code, however before it is merged two things must be done:

• please remove the obsolete mutex definition,
• add entry in the changelog crediting yourself as the contributor.

Also for the sake of backporting the removal of the WinAPI timing function use should be considered before this can be merged.

[k-stachowiak]

This change needs to be accompanied by an analogous change in threading.c. The remaining definition is the reason for the CI failure.

[k-stachowiak]

This change makes the code a lot cleaner, however it will prevent us from backporting it as it definitely breaks WinCE compatibility. If you whish this PR to be backported to 2.7 and 2.1 versions please withdraw this change. Otherwise it is good.

[NWilson]

I'm happy with no backporting, so I've left this change in. It's not an urgent fix.

[simonbutcher]

I think this is a functional change to a feature, and is more an improvement than a bug fix, so no backport is necessary in my view.

[k-stachowiak]

@NWilson Thanks for your contribution! I checked for the reason the CI fails and I found a minor issue with the PR. I've put more detailed commets in the form of a review. Would you be willing to introduce the suggested changes?

[NWilson]

I've updated the PR by rebasing it, removing the mutex definition, and re-running the tests. Thanks for the review.

Sorry for lumping two different issues together here (gmtime_r and -std=c99 build), I only did them together because gmtime_r has various macro visibility requirements, and I wanted to test with those, and found that the rest of mbedTLS doesn't respect the POSIX visibility requirements!

[k-stachowiak]

Thank you for a quick response (a lot quicker than ours, sorry for the delay on our side)! The PR looks good now; I will arrange for the ultimate reviews once we've got a result from the CI.

[AndrzejKurek]

I would opt for adding a test using -std=c99.
If we're extending the compatibility, it would be nice to make sure it does not break in the future. What do you think, @sbutcher-arm ?

[NWilson]

I'm not sure how to add a test - it would involve adding something to the scripts run from .travis.yml I guess, since it's not a code feature per-so, more a test of whether the project builds under various different CFLAGS. I can't find anything quite like that at the moment.

[NWilson]

Bump - there are no existing tests for compilation using -std=c99, is it necessary to add such tests for the PR to be accepted?

[simonbutcher]

Just a couple of minor review point.

[simonbutcher]

This should be __linux__. I believe __linux is obsolete, although I haven't found an authoritative source on this.

[NWilson]

Well spotted, I hadn't realised, but you're right.

[simonbutcher]

I think this is a functional change to a feature, and is more an improvement than a bug fix, so no backport is necessary in my view.

[simonbutcher]

I'm not sure what you mean by features.h. Do you mean MBEDTLS_USER_CONFIG_FILE? Or do you mean a glibc specific header? Could you please clarify the comment?

[NWilson]

It's the Linux features.h header, which is part of the Linux POSIX visibility system. See man feature_test_macros. I'll clarify the comment.

[simonbutcher]

I'm a bit concerned how this PR will work with Mbed OS, and what support there is in Mbed OS for gmtime_r(). There is a related PR over in Mbed OS to enable RTC support, and I'd like this not to break that.

cc: @k-stachowiak

Also in response to @NWilson's question concerning the --std=c99 test, if it passes the CI and all.sh it's fine.

[k-stachowiak]

@sbutcher-arm @NWilson I can test the two PRs interaction on an RTC enabled device on Monday.

[NWilson]

I can't find the relevant mbedOS documentation. What libc does it use? It looks like it might use newlib in future, but doesn't currently, and I can't find any reference to the standard C functions provided by mbedOS.

Unless mbedOS is living under a rock, gmtime_r should be available if gmtime is.

This shouldn't have any relation to Real-Time Clock support; gmtime is a hardware-independent algorithm that doesn't need to know about the current time at all.

I agree we don't want to break mbedOS, but I wouldn't expect it to (I can't test given I don't have any ARM boards or simulators set up).

[k-stachowiak]

I have verified in practise that the gmtime_r function produces results consistent with gmtime and therefore I sustain my approval for the PR. @sbutcher do you think the PR can be approved?

[simonbutcher]

Following @NWilson additional commits, can you please re-review?

Dismissing review, as it's stale due to subsequent work.

[k-stachowiak]

I found one blocker (missing define in a Makefile - easily fixable), one potential minor issue (unnecessary constant in one of the defines), and have a minor suggestion.

I must request changes due to the blocking issue.

[k-stachowiak]

I can't find a reference saying that _XOPEN_SOURCE needs to be defined as 500 for gm_time_r; it merely needs to be defined. Unless there is an actual need for the specific value please remove the 500.

[k-stachowiak]

@k-stachowiak You are only partially right. Removing the 500 literal will cause other standard functions not to be available during the build.

[k-stachowiak]

This must also be added in the Makefile.

This could be provided in tests/scripts/generate_code.pl for the consistency - having all the feature macros in the source files. However I do not have a strong opinion on this.

[simonbutcher]

@NWilson - As ever, your contributions are very welcome. If you don't have time for responding to the review comments or doing any rework, please let us know and we'll pick this up and finish it off for you.

[NWilson]

Sorry, it just took me a while to get round to it! The changes were small, I've done them now and re-run the build. Also rebased to fix a conflict in the ChangeLog file.

I didn't edit the commits, the changes are contained in the final commit for ease of reviewing. Thanks!

[simonbutcher]

Thanks @NWilson! Hopefully we can get it in this time.

[k-stachowiak]

Thank you for addressing the comments. Unfortunately I was wrong on one of the remarks, in the way that it breaks our build in gcc 4.8.4. Could you please revert the change that I pointed out in a review comment? Otherwise the PR looks good to me.

[k-stachowiak]

Apparently I was overzealous with request for this change. It turns out that snprintf requires one of the following:

_BSD_SOURCE || _XOPEN_SOURCE >= 500 || _ISOC99_SOURCE || _POSIX_C_SOURCE >= 200112L

So unfortunately this change needs to be reverted.

[NWilson]

OK, I've rolled back that change.

[k-stachowiak]

LGTM now.

[simonbutcher]

retest

[k-stachowiak]

I have investigated the FreeBSD build issue on a VM. The problem is, that, contrary to what has been documented in some places, _XOPEN_SOURCE >= 500 is not always enough to enable snprintf( ).

Looking here reveals, that in order to unlock this part of the API, we need to get the __ISO_C_VISIBLE symbol to resolve to at least 1999, which based on this leads to a conclusion that setting _POSIX_C_SOURCE to at least 200112 should do.

@NWilson For your convenience, I have submitted a PR with a relevant change to your clone. If you don't have any objections, you may merge it there, which in turn should lead to the commit being submitted here.

[simonbutcher]

retest

[k-stachowiak]

@sbutcher-arm @AndrzejKurek The CI tests have passed. Could you please review the new changes that made it possible?