From 7ebb3c5d012f95728735c880d9b776f49bbdd2eb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 15:06:10 +0000 Subject: [PATCH 1/9] Add metatests for failing TEST_EQUAL and TEST_LE_* After getting caught with deadlock issues when these tests fail, add a metatest to test them failing. Signed-off-by: Paul Elliott --- programs/test/metatest.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index b8dffa9bbd..acc6865baf 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -70,6 +70,41 @@ void meta_test_fail(const char *name) mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); } +void meta_test_not_equal(const char *name) +{ + int left = 20; + int right = 10; + + (void) name; + + TEST_EQUAL(left, right); +exit: + ; +} + +void meta_test_not_le_s(const char *name) +{ + int left = 20; + int right = 10; + + (void) name; + + TEST_LE_S(left, right); +exit: + ; +} + +void meta_test_not_le_u(const char *name) +{ + size_t left = 20; + size_t right = 10; + + (void) name; + + TEST_LE_U(left, right); +exit: + ; +} /****************************************************************/ /* Platform features */ @@ -285,6 +320,9 @@ typedef struct { */ metatest_t metatests[] = { { "test_fail", "any", meta_test_fail }, + { "test_not_equal", "any", meta_test_not_equal }, + { "test_not_le_s", "any", meta_test_not_le_s }, + { "test_not_le_u", "any", meta_test_not_le_u }, { "null_dereference", "any", null_pointer_dereference }, { "null_call", "any", null_pointer_call }, { "read_after_free", "asan", read_after_free }, From 202a16329da426a01c2754f7112db10c6fcdec75 Mon Sep 17 00:00:00 2001 From: Bill Roberts Date: Tue, 9 Jan 2024 13:10:05 -0600 Subject: [PATCH 2/9] pkg-config: add initial pkg-config files Add three package config files for mbedtls, mbedcrypto and mbedx509. Also update various project variables so the generated PC files have the required data needed without hardcoding it everywhere. This will help distros package the project following existing conventsions between a normal and -devel package that includes the headers and .pc files for pkg-config aware consumers. This also squashes: - fff51cecc ("Update ChangeLog.d/pkg-config-files-addition.txt") Fixes: #228 Signed-off-by: Bill Roberts --- CMakeLists.txt | 2 ++ ChangeLog.d/pkg-config-files-addition.txt | 3 +++ pkgconfig/CMakeLists.txt | 28 +++++++++++++++++++++++ pkgconfig/JoinPaths.cmake | 27 ++++++++++++++++++++++ pkgconfig/mbedcrypto.pc.in | 10 ++++++++ pkgconfig/mbedtls.pc.in | 11 +++++++++ pkgconfig/mbedx509.pc.in | 11 +++++++++ 7 files changed, 92 insertions(+) create mode 100644 ChangeLog.d/pkg-config-files-addition.txt create mode 100644 pkgconfig/CMakeLists.txt create mode 100644 pkgconfig/JoinPaths.cmake create mode 100644 pkgconfig/mbedcrypto.pc.in create mode 100644 pkgconfig/mbedtls.pc.in create mode 100644 pkgconfig/mbedx509.pc.in diff --git a/CMakeLists.txt b/CMakeLists.txt index b001bb70a1..7c6bbb753d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -278,6 +278,8 @@ list(APPEND libs ${thirdparty_lib}) add_subdirectory(library) +add_subdirectory(pkgconfig) + # # The C files in tests/src directory contain test code shared among test suites # and programs. This shared test code is compiled and linked to test suites and diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt new file mode 100644 index 0000000000..5df6ffb3be --- /dev/null +++ b/ChangeLog.d/pkg-config-files-addition.txt @@ -0,0 +1,3 @@ +Features + * Add pc files for pkg-config. eg.: + pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt new file mode 100644 index 0000000000..6def088d2e --- /dev/null +++ b/pkgconfig/CMakeLists.txt @@ -0,0 +1,28 @@ +if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + include(JoinPaths.cmake) + join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}") + join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}") + + #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below. + # Prefix with something that won't clash with newer versions of CMAKE. + set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") + set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") + + # Following the conventsion for DESCRIPTION and HOMEPAGE_URL, VERSION wasn't added until 3.0 and depends on policy CMP0048 + set(PKGCONFIG_VERSION 2.28.7) + + configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedtls.pc.in mbedtls.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedx509.pc.in mbedx509.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) +endif() diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake new file mode 100644 index 0000000000..193caed76a --- /dev/null +++ b/pkgconfig/JoinPaths.cmake @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# This module provides function for joining paths +# known from most languages +# +# Copyright The Mbed TLS Contributors +# +# This script originates from: +# - https://github.com/jtojnar/cmake-snips +# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and +# allowed for the change of Copyright. +# +# Modelled after Python’s os.path.join +# https://docs.python.org/3.7/library/os.path.html#os.path.join +# Windows not supported +function(join_paths joined_path first_path_segment) + set(temp_path "${first_path_segment}") + foreach(current_segment IN LISTS ARGN) + if(NOT ("${current_segment}" STREQUAL "")) + if(IS_ABSOLUTE "${current_segment}") + set(temp_path "${current_segment}") + else() + set(temp_path "${temp_path}/${current_segment}") + endif() + endif() + endforeach() + set(${joined_path} "${temp_path}" PARENT_SCOPE) +endfunction() diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in new file mode 100644 index 0000000000..d8f6750f1d --- /dev/null +++ b/pkgconfig/mbedcrypto.pc.in @@ -0,0 +1,10 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PKGCONFIG_VERSION@ +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedcrypto diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in new file mode 100644 index 0000000000..3802f6a4a3 --- /dev/null +++ b/pkgconfig/mbedtls.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PKGCONFIG_VERSION@ +Requires.private: mbedcrypto mbedx509 +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedtls diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in new file mode 100644 index 0000000000..12509470b4 --- /dev/null +++ b/pkgconfig/mbedx509.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PKGCONFIG_VERSION@ +Requires.private: mbedcrypto +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedx509 From a4486ceff25f586340645ad003bbf4d02e9fa9b0 Mon Sep 17 00:00:00 2001 From: Bill Roberts Date: Wed, 21 Feb 2024 09:10:08 -0600 Subject: [PATCH 3/9] scripts/bump_version.sh: update pkgconfig version Bump the version number in pkgconfig/CMakeLists.txt so the package config files stay in sync with the project VERSION. This is Related to: - aa4862a5e ("Bump the version number in CMakeLists.txt") But changes were made to support CMake prior to version 3.0. Signed-off-by: Bill Roberts --- scripts/bump_version.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 926e497b4e..5c8e55d6d0 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -67,6 +67,10 @@ then exit 1 fi +[ $VERBOSE ] && echo "Bumping PKGCONFIG_VERSION in pkgconfig/CMakeLists.txt" +sed -e "s/PKGCONFIG_VERSION [0-9.]\{1,\}/PKGCONFIG_VERSION $VERSION/g" < pkgconfig/CMakeLists.txt > tmp +mv tmp pkgconfig/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp mv tmp library/CMakeLists.txt From 5e5056d6abd2d9140b5b842ac245347bf66d5c29 Mon Sep 17 00:00:00 2001 From: Biswapriyo Nath Date: Fri, 22 Apr 2022 20:56:21 +0530 Subject: [PATCH 4/9] cmake: Use GnuInstallDirs to customize install directories Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set. Signed-off-by: Biswapriyo Nath --- CMakeLists.txt | 5 +++-- ChangeLog.d/cmake_use_GnuInstallDirs.txt | 5 +++++ library/CMakeLists.txt | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/cmake_use_GnuInstallDirs.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 7c6bbb753d..8444917787 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -39,6 +39,8 @@ else() project("Mbed TLS" C) endif() +include(GNUInstallDirs) + # Set the project root directory. set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) @@ -259,8 +261,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "Coverage") endif(CMAKE_BUILD_TYPE STREQUAL "Coverage") if(LIB_INSTALL_DIR) -else() - set(LIB_INSTALL_DIR lib) + set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}") endif() if(ENABLE_ZLIB_SUPPORT) diff --git a/ChangeLog.d/cmake_use_GnuInstallDirs.txt b/ChangeLog.d/cmake_use_GnuInstallDirs.txt new file mode 100644 index 0000000000..d8487555d1 --- /dev/null +++ b/ChangeLog.d/cmake_use_GnuInstallDirs.txt @@ -0,0 +1,5 @@ +Changes + * cmake: Use GnuInstallDirs to customize install directories + Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR + variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if + LIB_INSTALL_DIR is set. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 1b2980dbc6..798f42f713 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -239,7 +239,7 @@ foreach(target IN LISTS target_libraries) PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") endif() install(TARGETS ${target} - DESTINATION ${LIB_INSTALL_DIR} + DESTINATION ${CMAKE_INSTALL_LIBDIR} PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) From ec84093ae6511f7c80ca22a8379e1d623f10f598 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Mar 2024 18:09:35 +0000 Subject: [PATCH 5/9] Follow-up for less verbose logging Signed-off-by: Dave Rodgman --- tests/scripts/quiet/cmake | 2 +- tests/scripts/quiet/make | 2 +- tests/scripts/quiet/quiet.sh | 0 3 files changed, 2 insertions(+), 2 deletions(-) mode change 100755 => 100644 tests/scripts/quiet/quiet.sh diff --git a/tests/scripts/quiet/cmake b/tests/scripts/quiet/cmake index 930931d539..c03d8c3e3e 100755 --- a/tests/scripts/quiet/cmake +++ b/tests/scripts/quiet/cmake @@ -16,4 +16,4 @@ export NO_SILENCE=" --version " export TOOL="cmake" -exec "$(dirname "$0")/quiet.sh" "$@" +. "$(dirname "$0")/quiet.sh" diff --git a/tests/scripts/quiet/make b/tests/scripts/quiet/make index d022551df1..6af3a57ce4 100755 --- a/tests/scripts/quiet/make +++ b/tests/scripts/quiet/make @@ -16,4 +16,4 @@ export NO_SILENCE=" --version | test " export TOOL="make" -exec "$(dirname "$0")/quiet.sh" "$@" +. "$(dirname "$0")/quiet.sh" diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh old mode 100755 new mode 100644 From b75b47563a8095861cd691bb26b2f4aa48e75b2a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 7 Mar 2024 16:50:33 +0000 Subject: [PATCH 6/9] Avoid recursion for relative paths Signed-off-by: Dave Rodgman --- tests/scripts/quiet/quiet.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh index 30ee569a22..b1432301de 100644 --- a/tests/scripts/quiet/quiet.sh +++ b/tests/scripts/quiet/quiet.sh @@ -22,9 +22,16 @@ # be silenced, e.g. " --version | test ". In this example, "make lib test" will # not be silent, but "make lib" will be. -# Locate original tool -TOOL_WITH_PATH=$(dirname "$0")/$TOOL -ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1) +# Function to normalise paths +get_real_filename() { + leafname="$(basename "$1")" + ( cd $(dirname "$1"); echo "$(pwd)/$leafname" ) +} + +# Normalise path to wrapper script +WRAPPER_WITH_PATH=$(get_real_filename "$0") +# Identify original tool (compare normalised path to WRAPPER_WITH_PATH to avoid recursively calling the same wrapper script) +ORIGINAL_TOOL="$(for p in $(type -ap "$TOOL"); do get_real_filename "$p" ; done | grep -v -Fx "$WRAPPER_WITH_PATH" | head -n1)" print_quoted_args() { # similar to printf '%q' "$@" From 9554940fb5b36efccd83e0f87eac0389d439f545 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 12 Mar 2024 13:32:36 +0000 Subject: [PATCH 7/9] Remove unnecessary use of export Signed-off-by: Dave Rodgman --- tests/scripts/quiet/cmake | 4 ++-- tests/scripts/quiet/make | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/quiet/cmake b/tests/scripts/quiet/cmake index c03d8c3e3e..a34365bea6 100755 --- a/tests/scripts/quiet/cmake +++ b/tests/scripts/quiet/cmake @@ -12,8 +12,8 @@ # export VERBOSE_LOGS=1 # don't silence invocations containing these arguments -export NO_SILENCE=" --version " +NO_SILENCE=" --version " -export TOOL="cmake" +TOOL="cmake" . "$(dirname "$0")/quiet.sh" diff --git a/tests/scripts/quiet/make b/tests/scripts/quiet/make index 6af3a57ce4..920e5b875f 100755 --- a/tests/scripts/quiet/make +++ b/tests/scripts/quiet/make @@ -12,8 +12,8 @@ # export VERBOSE_LOGS=1 # don't silence invocations containing these arguments -export NO_SILENCE=" --version | test " +NO_SILENCE=" --version | test " -export TOOL="make" +TOOL="make" . "$(dirname "$0")/quiet.sh" From 98ff287ab467f108d589f00c0fbf011088cbe3f4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 12 Mar 2024 13:33:09 +0000 Subject: [PATCH 8/9] Simplify locating original tool Signed-off-by: Dave Rodgman --- tests/scripts/quiet/quiet.sh | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh index b1432301de..0f26184d0d 100644 --- a/tests/scripts/quiet/quiet.sh +++ b/tests/scripts/quiet/quiet.sh @@ -22,16 +22,13 @@ # be silenced, e.g. " --version | test ". In this example, "make lib test" will # not be silent, but "make lib" will be. -# Function to normalise paths -get_real_filename() { - leafname="$(basename "$1")" - ( cd $(dirname "$1"); echo "$(pwd)/$leafname" ) -} - -# Normalise path to wrapper script -WRAPPER_WITH_PATH=$(get_real_filename "$0") -# Identify original tool (compare normalised path to WRAPPER_WITH_PATH to avoid recursively calling the same wrapper script) -ORIGINAL_TOOL="$(for p in $(type -ap "$TOOL"); do get_real_filename "$p" ; done | grep -v -Fx "$WRAPPER_WITH_PATH" | head -n1)" +# Identify path to original tool. There is an edge-case here where the quiet wrapper is on the path via +# a symlink or relative path, but "type -ap" yields the wrapper with it's normalised path. We use +# the -ef operator to compare paths, to avoid picking the wrapper in this case (to avoid infinitely +# recursing). +while IFS= read -r ORIGINAL_TOOL; do + if ! [[ $ORIGINAL_TOOL -ef "$0" ]]; then break; fi +done < <(type -ap -- "$TOOL") print_quoted_args() { # similar to printf '%q' "$@" From 98ebf488f5f51376e0bf9d95501d588f1d97edee Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 15 Mar 2024 14:29:24 +0000 Subject: [PATCH 9/9] Fix bug in ALPN loading from serialized session Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-alpn-negotiating-bug.txt | 3 +++ library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-alpn-negotiating-bug.txt diff --git a/ChangeLog.d/fix-alpn-negotiating-bug.txt b/ChangeLog.d/fix-alpn-negotiating-bug.txt new file mode 100644 index 0000000000..3bceb37f38 --- /dev/null +++ b/ChangeLog.d/fix-alpn-negotiating-bug.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the restoration of the ALPN when loading serialized connection with + * the mbedtls_ssl_context_load() API. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 235959a9ee..c667a2923b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6680,7 +6680,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, /* alpn_chosen should point to an item in the configured list */ for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { if (strlen(*cur) == alpn_len && - memcmp(p, cur, alpn_len) == 0) { + memcmp(p, *cur, alpn_len) == 0) { ssl->alpn_chosen = *cur; break; }