From 8df65636fd47d0748faa2fdc41e9e7412067abaa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 11:44:00 +0200 Subject: [PATCH 1/6] Clarify target name for library generated files The target mbedtls_generated_files_target could be misinterpreted as the target covering all project generated files, but it does not. It is specifically the target for files generated to build the mbedtls library. Rename it to libmbedtls_generated_files_target and align x509. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 063703bfe8..4f9da39f54 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -107,13 +107,13 @@ if(GEN_FILES) ${tls_error_headers} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/error.c ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/version_features.c @@ -198,9 +198,9 @@ if(USE_STATIC_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_STATIC_MBEDTLS_LIBRARY) @@ -219,9 +219,9 @@ if(USE_SHARED_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_SHARED_MBEDTLS_LIBRARY) From 879cba1a67d01317422870ff736057ca2d23247f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Sep 2025 16:55:11 +0200 Subject: [PATCH 2/6] cmake: Introduce version and soversion variables Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 +++++++-- library/CMakeLists.txt | 4 ++-- scripts/bump_version.sh | 24 ++++++++++-------------- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 12ddc2738d..659fd50885 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,15 +37,20 @@ cmake_policy(SET CMP0011 NEW) # is deprecated and will be removed in future versions. cmake_policy(SET CMP0012 NEW) +set(MBEDTLS_VERSION 4.0.0) +set(MBEDTLS_CRYPTO_SOVERSION 17) +set(MBEDTLS_X509_SOVERSION 8) +set(MBEDTLS_TLS_SOVERSION 22) + if(TEST_CPP) project("Mbed TLS" LANGUAGES C CXX - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) else() project("Mbed TLS" LANGUAGES C - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) endif() diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 4f9da39f54..59e175bb0a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -208,13 +208,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8) + set_target_properties(${mbedx509_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_X509_SOVERSION}) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) set_base_compile_options(${mbedtls_target}) target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) + set_target_properties(${mbedtls_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_TLS_SOVERSION}) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) if(GEN_FILES) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..a15bb9649b 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -70,18 +70,14 @@ then fi [ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp +sed -e "s/(MBEDTLS_VERSION [0-9.]\{1,\})/(MBEDTLS_VERSION $VERSION)/g" < CMakeLists.txt > tmp mv tmp CMakeLists.txt -[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp -mv tmp library/CMakeLists.txt - if [ "X" != "X$SO_CRYPTO" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/CMakeLists.txt" - sed -e "/mbedcrypto/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_CRYPTO/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in CMakeLists.txt" + sed -e "s/(MBEDTLS_CRYPTO_SOVERSION [0-9]\{1,\})/(MBEDTLS_CRYPTO_SOVERSION $SO_CRYPTO)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile" sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp @@ -90,9 +86,9 @@ fi if [ "X" != "X$SO_X509" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/CMakeLists.txt" - sed -e "/mbedx509/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_X509/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in CMakeLists.txt" + sed -e "s/(MBEDTLS_X509_SOVERSION [0-9]\{1,\})/(MBEDTLS_X509_SOVERSION $SO_X509)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp @@ -101,9 +97,9 @@ fi if [ "X" != "X$SO_TLS" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/CMakeLists.txt" - sed -e "/mbedtls/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_TLS/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in CMakeLists.txt" + sed -e "s/(MBEDTLS_TLS_SOVERSION [0-9]\{1,\})/(MBEDTLS_TLS_SOVERSION $SO_TLS)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp From c09a84e2852ab7343df79de054f5b4c3f5dd3481 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 14:34:56 +0200 Subject: [PATCH 3/6] cmake: library: Rework and improve the copy of the crypto libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 57 +++++++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 59e175bb0a..231e74e018 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -259,22 +259,49 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) get_target_property(target_type ${target} TYPE) if (target_type STREQUAL STATIC_LIBRARY) add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ ${CMAKE_BINARY_DIR}/library) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) else() + # Copy the crypto shared library from tf-psa-crypto: + # - ".so." on Unix + # - ".dylib" on macOS + # - ".dll" on Windows + # The full path to the file is given by $. + # + # On systems that use .so versioning, also create the symbolic links + # ".so." and ".so", which correspond to + # $ and $, + # respectively. + # + # On Windows, also copy the ".lib" file, whose full path is + # $. + add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + if(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + else() + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + ) + endif() endif() endforeach(target) From 466a1a29d9934a55fd293b05ac8bc0040c44a5aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 15:27:41 +0200 Subject: [PATCH 4/6] cmake: Provide the crypto libs under their historical name Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 231e74e018..45e6f64ab2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -263,6 +263,9 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + "libmbedcrypto.a" ) else() # Copy the crypto shared library from tf-psa-crypto: @@ -278,20 +281,38 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) # # On Windows, also copy the ".lib" file, whose full path is # $. - + # + # Provide also the crypto libraries under their historical names: + # "libmbedcrypto.*" add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ ) - if(WIN32 AND NOT CYGWIN) + if(APPLE) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.dylib + ) + elseif(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.dll + ) add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ - ) + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.lib + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -301,7 +322,16 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ $ - ) + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.so.${MBEDTLS_VERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_VERSION} + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + libmbedcrypto.so + ) endif() endif() endforeach(target) From a33b371f36f9e271ff40f272a0a2346a5add8ee5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Sep 2025 14:21:16 +0200 Subject: [PATCH 5/6] programs/tests/dlopen.c: Prioritize libtfpsacrypto.so Prioritize libtfpsacrypto.so over libmbedcrypto.so as the crypto library to load to be sure we test the loading of libtfpsacrypto.so. Signed-off-by: Ronald Cron --- programs/test/dlopen.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 58a6af52e7..2a67635f0d 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -84,13 +84,13 @@ int main(void) #if defined(MBEDTLS_MD_C) const char *crypto_so_filename = NULL; - void *crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + void *crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); if (dlerror() == NULL) { - crypto_so_filename = MBEDCRYPTO_SO_FILENAME; - } else { - crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; + } else { + crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + CHECK_DLERROR("dlopen", MBEDCRYPTO_SO_FILENAME); + crypto_so_filename = MBEDCRYPTO_SO_FILENAME; } #pragma GCC diagnostic push /* dlsym() returns an object pointer which is meant to be used as a From 35d59c6cb62c665a87f99138f318961fb1d7a38f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 17:16:01 +0200 Subject: [PATCH 6/6] cmake: Install libmbedcrypto.* libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 32 ++++++++++++++++++- .../test/cmake_package_install/CMakeLists.txt | 1 + tests/scripts/components-build-system.sh | 10 ++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 45e6f64ab2..0cc654d35e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -267,6 +267,10 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ "libmbedcrypto.a" ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.a" + ) else() # Copy the crypto shared library from tf-psa-crypto: # - ".so." on Unix @@ -296,7 +300,11 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ libmbedcrypto.dylib - ) + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.dylib" + ) elseif(WIN32 AND NOT CYGWIN) add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -313,6 +321,14 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ libmbedcrypto.lib ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_BINDIR} + RENAME "libmbedcrypto.dll" + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.lib" + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -332,6 +348,20 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} libmbedcrypto.so ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.so.${MBEDTLS_VERSION}" + ) + install(CODE " + set(_libdir \"\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\") + + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_VERSION}\" + \${_libdir}/libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}) + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}\" + \${_libdir}/libmbedcrypto.so) + ") endif() endif() endforeach(target) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index 60a4481e48..723538f7f7 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -17,6 +17,7 @@ execute_process( "-DENABLE_TESTING=NO" # Turn on generated files explicitly in case this is a release "-DGEN_FILES=ON" + "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") execute_process( diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index e533cdf0f9..9a277e3c56 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -138,6 +138,16 @@ component_test_cmake_as_package_install () { cd programs/test/cmake_package_install cmake . make + + if ! cmp -s "mbedtls/lib/libtfpsacrypto.a" "mbedtls/lib/libmbedcrypto.a"; then + echo "Error: Crypto static libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + if ! cmp -s "mbedtls/lib/libtfpsacrypto.so" "mbedtls/lib/libmbedcrypto.so"; then + echo "Error: Crypto shared libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + ./cmake_package_install }