Merge branch 'mbedtls-2.28' into 'mbedtls-2.28-restricted'

2025-08-05 19:35:48 +03:00 · 2024-03-20 09:27:24 +00:00
parent 751dc022f4 a8215a604f
commit d4b3fe7597
16 changed files with 160 additions and 13 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,6 +39,8 @@ else()
    project("Mbed TLS" C)
 endif()
 include(GNUInstallDirs)
 # Set the project root directory.
 set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
@@ -259,8 +261,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
 endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
 if(LIB_INSTALL_DIR)
-else()
+    set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
    set(LIB_INSTALL_DIR lib)
 endif()
 if(ENABLE_ZLIB_SUPPORT)
@@ -278,6 +279,8 @@ list(APPEND libs ${thirdparty_lib})
 add_subdirectory(library)
 add_subdirectory(pkgconfig)
 #
 # The C files in tests/src directory contain test code shared among test suites
 # and programs. This shared test code is compiled and linked to test suites and
--- a/ChangeLog.d/cmake_use_GnuInstallDirs.txt
+++ b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
@@ -0,0 +1,5 @@
 Changes
   * cmake: Use GnuInstallDirs to customize install directories
     Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
     variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
     LIB_INSTALL_DIR is set.
--- a/ChangeLog.d/fix-alpn-negotiating-bug.txt
+++ b/ChangeLog.d/fix-alpn-negotiating-bug.txt
@@ -0,0 +1,3 @@
 Bugfix
   * Fix the restoration of the ALPN when loading serialized connection with
   * the mbedtls_ssl_context_load() API.
--- a/ChangeLog.d/pkg-config-files-addition.txt
+++ b/ChangeLog.d/pkg-config-files-addition.txt
@@ -0,0 +1,3 @@
 Features
   * Add pc files for pkg-config. eg.:
     pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -241,7 +241,7 @@ foreach(target IN LISTS target_libraries)
            PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
    endif()
    install(TARGETS ${target}
-            DESTINATION ${LIB_INSTALL_DIR}
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}
            PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
 endforeach(target)
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6680,7 +6680,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
            /* alpn_chosen should point to an item in the configured list */
            for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
                if (strlen(*cur) == alpn_len &&
-                    memcmp(p, cur, alpn_len) == 0) {
+                    memcmp(p, *cur, alpn_len) == 0) {
                    ssl->alpn_chosen = *cur;
                    break;
                }
--- a/pkgconfig/CMakeLists.txt
+++ b/pkgconfig/CMakeLists.txt
@@ -0,0 +1,28 @@
 if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
  include(JoinPaths.cmake)
  join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
  join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
  #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below.
  # Prefix with something that won't clash with newer versions of CMAKE.
  set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
  set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
  # Following the conventsion for DESCRIPTION and HOMEPAGE_URL, VERSION wasn't added until 3.0 and depends on policy CMP0048
  set(PKGCONFIG_VERSION 2.28.7)
  configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
    install(FILES
    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
  configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
    install(FILES
    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
  configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
    install(FILES
    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
 endif()
--- a/pkgconfig/JoinPaths.cmake
+++ b/pkgconfig/JoinPaths.cmake
@@ -0,0 +1,27 @@
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 # This module provides function for joining paths
 # known from most languages
 #
 # Copyright The Mbed TLS Contributors
 #
 # This script originates from:
 #   - https://github.com/jtojnar/cmake-snips
 # Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and
 # allowed for the change of Copyright.
 #
 # Modelled after Python’s os.path.join
 # https://docs.python.org/3.7/library/os.path.html#os.path.join
 # Windows not supported
 function(join_paths joined_path first_path_segment)
    set(temp_path "${first_path_segment}")
    foreach(current_segment IN LISTS ARGN)
        if(NOT ("${current_segment}" STREQUAL ""))
            if(IS_ABSOLUTE "${current_segment}")
                set(temp_path "${current_segment}")
            else()
                set(temp_path "${temp_path}/${current_segment}")
            endif()
        endif()
    endforeach()
    set(${joined_path} "${temp_path}" PARENT_SCOPE)
 endfunction()
--- a/pkgconfig/mbedcrypto.pc.in
+++ b/pkgconfig/mbedcrypto.pc.in
@@ -0,0 +1,10 @@
 prefix=@CMAKE_INSTALL_PREFIX@
 includedir=@PKGCONFIG_INCLUDEDIR@
 libdir=@PKGCONFIG_LIBDIR@
 Name: @PROJECT_NAME@
 Description: @PKGCONFIG_PROJECT_DESCRIPTION@
 URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
 Version: @PKGCONFIG_VERSION@
 Cflags: -I"${includedir}"
 Libs: -L"${libdir}" -lmbedcrypto
--- a/pkgconfig/mbedtls.pc.in
+++ b/pkgconfig/mbedtls.pc.in
@@ -0,0 +1,11 @@
 prefix=@CMAKE_INSTALL_PREFIX@
 includedir=@PKGCONFIG_INCLUDEDIR@
 libdir=@PKGCONFIG_LIBDIR@
 Name: @PROJECT_NAME@
 Description: @PKGCONFIG_PROJECT_DESCRIPTION@
 URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
 Version: @PKGCONFIG_VERSION@
 Requires.private: mbedcrypto mbedx509
 Cflags: -I"${includedir}"
 Libs: -L"${libdir}" -lmbedtls
--- a/pkgconfig/mbedx509.pc.in
+++ b/pkgconfig/mbedx509.pc.in
@@ -0,0 +1,11 @@
 prefix=@CMAKE_INSTALL_PREFIX@
 includedir=@PKGCONFIG_INCLUDEDIR@
 libdir=@PKGCONFIG_LIBDIR@
 Name: @PROJECT_NAME@
 Description: @PKGCONFIG_PROJECT_DESCRIPTION@
 URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
 Version: @PKGCONFIG_VERSION@
 Requires.private: mbedcrypto
 Cflags: -I"${includedir}"
 Libs: -L"${libdir}" -lmbedx509
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -86,6 +86,41 @@ void meta_test_fail(const char *name)
    mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
 }
 void meta_test_not_equal(const char *name)
 {
    int left = 20;
    int right = 10;
    (void) name;
    TEST_EQUAL(left, right);
 exit:
    ;
 }
 void meta_test_not_le_s(const char *name)
 {
    int left = 20;
    int right = 10;
    (void) name;
    TEST_LE_S(left, right);
 exit:
    ;
 }
 void meta_test_not_le_u(const char *name)
 {
    size_t left = 20;
    size_t right = 10;
    (void) name;
    TEST_LE_U(left, right);
 exit:
    ;
 }
 /****************************************************************/
 /* Platform features */
@@ -360,6 +395,9 @@ typedef struct {
 */
 metatest_t metatests[] = {
    { "test_fail", "any", meta_test_fail },
    { "test_not_equal", "any", meta_test_not_equal },
    { "test_not_le_s", "any", meta_test_not_le_s },
    { "test_not_le_u", "any", meta_test_not_le_u },
    { "null_dereference", "any", null_pointer_dereference },
    { "null_call", "any", null_pointer_call },
    { "read_after_free", "asan", read_after_free },
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -67,6 +67,10 @@ then
  exit 1
 fi
 [ $VERBOSE ] && echo "Bumping PKGCONFIG_VERSION in pkgconfig/CMakeLists.txt"
 sed -e "s/PKGCONFIG_VERSION [0-9.]\{1,\}/PKGCONFIG_VERSION $VERSION/g" < pkgconfig/CMakeLists.txt > tmp
 mv tmp pkgconfig/CMakeLists.txt
 [ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
 sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
 mv tmp library/CMakeLists.txt
--- a/tests/scripts/quiet/cmake
+++ b/tests/scripts/quiet/cmake
@@ -12,8 +12,8 @@
 # export VERBOSE_LOGS=1
 # don't silence invocations containing these arguments
-export NO_SILENCE=" --version "
+NO_SILENCE=" --version "
-export TOOL="cmake"
+TOOL="cmake"
-exec "$(dirname "$0")/quiet.sh" "$@"
+. "$(dirname "$0")/quiet.sh"
--- a/tests/scripts/quiet/make
+++ b/tests/scripts/quiet/make
@@ -12,8 +12,8 @@
 # export VERBOSE_LOGS=1
 # don't silence invocations containing these arguments
-export NO_SILENCE=" --version | test "
+NO_SILENCE=" --version | test "
-export TOOL="make"
+TOOL="make"
-exec "$(dirname "$0")/quiet.sh" "$@"
+. "$(dirname "$0")/quiet.sh"
--- a/tests/scripts/quiet/quiet.sh
+++ b/tests/scripts/quiet/quiet.sh
@@ -22,9 +22,13 @@
 #              be silenced, e.g. " --version | test ". In this example, "make lib test" will
 #              not be silent, but "make lib" will be.
-# Locate original tool
+# Identify path to original tool. There is an edge-case here where the quiet wrapper is on the path via
-TOOL_WITH_PATH=$(dirname "$0")/$TOOL
+# a symlink or relative path, but "type -ap" yields the wrapper with it's normalised path. We use
-ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1)
+# the -ef operator to compare paths, to avoid picking the wrapper in this case (to avoid infinitely
 # recursing).
 while IFS= read -r ORIGINAL_TOOL; do
    if ! [[ $ORIGINAL_TOOL -ef "$0" ]]; then break; fi
 done < <(type -ap -- "$TOOL")
 print_quoted_args() {
    # similar to printf '%q' "$@"