Merge branch 'mbedtls-2.28' into 'mbedtls-2.28-restricted'

2025-05-09 11:21:21 +08:00 · 2024-03-20 09:27:24 +00:00 · 2024-03-20 09:27:24 +00:00 · d4b3fe7597
commit d4b3fe7597
parent 751dc022f4 a8215a604f
16 changed files with 160 additions and 13 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -39,6 +39,8 @@ else()
    project("Mbed TLS" C)
 endif()

+include(GNUInstallDirs)
+
 # Set the project root directory.
 set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})

@ -259,8 +261,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
 endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")

 if(LIB_INSTALL_DIR)
-else()
-    set(LIB_INSTALL_DIR lib)
+    set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
 endif()

 if(ENABLE_ZLIB_SUPPORT)
@ -278,6 +279,8 @@ list(APPEND libs ${thirdparty_lib})

 add_subdirectory(library)

+add_subdirectory(pkgconfig)
+
 #
 # The C files in tests/src directory contain test code shared among test suites
 # and programs. This shared test code is compiled and linked to test suites and
--- a/ChangeLog.d/cmake_use_GnuInstallDirs.txt
+++ b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
@ -0,0 +1,5 @@
+Changes
+   * cmake: Use GnuInstallDirs to customize install directories
+     Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
+     variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
+     LIB_INSTALL_DIR is set.
--- a/ChangeLog.d/fix-alpn-negotiating-bug.txt
+++ b/ChangeLog.d/fix-alpn-negotiating-bug.txt
@ -0,0 +1,3 @@
+Bugfix
+   * Fix the restoration of the ALPN when loading serialized connection with
+   * the mbedtls_ssl_context_load() API.
--- a/ChangeLog.d/pkg-config-files-addition.txt
+++ b/ChangeLog.d/pkg-config-files-addition.txt
@ -0,0 +1,3 @@
+Features
+   * Add pc files for pkg-config. eg.:
+     pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -241,7 +241,7 @@ foreach(target IN LISTS target_libraries)
            PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
    endif()
    install(TARGETS ${target}
-            DESTINATION ${LIB_INSTALL_DIR}
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}
            PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
 endforeach(target)

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6680,7 +6680,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
            /* alpn_chosen should point to an item in the configured list */
            for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
                if (strlen(*cur) == alpn_len &&
-                    memcmp(p, cur, alpn_len) == 0) {
+                    memcmp(p, *cur, alpn_len) == 0) {
                    ssl->alpn_chosen = *cur;
                    break;
                }
--- a/pkgconfig/CMakeLists.txt
+++ b/pkgconfig/CMakeLists.txt
@ -0,0 +1,28 @@
+if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+  include(JoinPaths.cmake)
+  join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
+  join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
+
+  #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below.
+  # Prefix with something that won't clash with newer versions of CMAKE.
+  set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
+  set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
+
+  # Following the conventsion for DESCRIPTION and HOMEPAGE_URL, VERSION wasn't added until 3.0 and depends on policy CMP0048
+  set(PKGCONFIG_VERSION 2.28.7)
+
+  configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+  configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+  configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+endif()
--- a/pkgconfig/JoinPaths.cmake
+++ b/pkgconfig/JoinPaths.cmake
@ -0,0 +1,27 @@
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This module provides function for joining paths
+# known from most languages
+#
+# Copyright The Mbed TLS Contributors
+#
+# This script originates from:
+#   - https://github.com/jtojnar/cmake-snips
+# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and
+# allowed for the change of Copyright.
+#
+# Modelled after Python’s os.path.join
+# https://docs.python.org/3.7/library/os.path.html#os.path.join
+# Windows not supported
+function(join_paths joined_path first_path_segment)
+    set(temp_path "${first_path_segment}")
+    foreach(current_segment IN LISTS ARGN)
+        if(NOT ("${current_segment}" STREQUAL ""))
+            if(IS_ABSOLUTE "${current_segment}")
+                set(temp_path "${current_segment}")
+            else()
+                set(temp_path "${temp_path}/${current_segment}")
+            endif()
+        endif()
+    endforeach()
+    set(${joined_path} "${temp_path}" PARENT_SCOPE)
+endfunction()
--- a/pkgconfig/mbedcrypto.pc.in
+++ b/pkgconfig/mbedcrypto.pc.in
@ -0,0 +1,10 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedcrypto
--- a/pkgconfig/mbedtls.pc.in
+++ b/pkgconfig/mbedtls.pc.in
@ -0,0 +1,11 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Requires.private: mbedcrypto mbedx509
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedtls
--- a/pkgconfig/mbedx509.pc.in
+++ b/pkgconfig/mbedx509.pc.in
@ -0,0 +1,11 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Requires.private: mbedcrypto
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedx509
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@ -86,6 +86,41 @@ void meta_test_fail(const char *name)
    mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
 }

+void meta_test_not_equal(const char *name)
+{
+    int left = 20;
+    int right = 10;
+
+    (void) name;
+
+    TEST_EQUAL(left, right);
+exit:
+    ;
+}
+
+void meta_test_not_le_s(const char *name)
+{
+    int left = 20;
+    int right = 10;
+
+    (void) name;
+
+    TEST_LE_S(left, right);
+exit:
+    ;
+}
+
+void meta_test_not_le_u(const char *name)
+{
+    size_t left = 20;
+    size_t right = 10;
+
+    (void) name;
+
+    TEST_LE_U(left, right);
+exit:
+    ;
+}

 /****************************************************************/
 /* Platform features */
@ -360,6 +395,9 @@ typedef struct {
 */
 metatest_t metatests[] = {
    { "test_fail", "any", meta_test_fail },
+    { "test_not_equal", "any", meta_test_not_equal },
+    { "test_not_le_s", "any", meta_test_not_le_s },
+    { "test_not_le_u", "any", meta_test_not_le_u },
    { "null_dereference", "any", null_pointer_dereference },
    { "null_call", "any", null_pointer_call },
    { "read_after_free", "asan", read_after_free },
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@ -67,6 +67,10 @@ then
  exit 1
 fi

+[ $VERBOSE ] && echo "Bumping PKGCONFIG_VERSION in pkgconfig/CMakeLists.txt"
+sed -e "s/PKGCONFIG_VERSION [0-9.]\{1,\}/PKGCONFIG_VERSION $VERSION/g" < pkgconfig/CMakeLists.txt > tmp
+mv tmp pkgconfig/CMakeLists.txt
+
 [ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
 sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
 mv tmp library/CMakeLists.txt
--- a/tests/scripts/quiet/cmake
+++ b/tests/scripts/quiet/cmake
@ -12,8 +12,8 @@
 # export VERBOSE_LOGS=1

 # don't silence invocations containing these arguments
-export NO_SILENCE=" --version "
+NO_SILENCE=" --version "

-export TOOL="cmake"
+TOOL="cmake"

-exec "$(dirname "$0")/quiet.sh" "$@"
+. "$(dirname "$0")/quiet.sh"
--- a/tests/scripts/quiet/make
+++ b/tests/scripts/quiet/make
@ -12,8 +12,8 @@
 # export VERBOSE_LOGS=1

 # don't silence invocations containing these arguments
-export NO_SILENCE=" --version | test "
+NO_SILENCE=" --version | test "

-export TOOL="make"
+TOOL="make"

-exec "$(dirname "$0")/quiet.sh" "$@"
+. "$(dirname "$0")/quiet.sh"
--- a/tests/scripts/quiet/quiet.sh
+++ b/tests/scripts/quiet/quiet.sh
@ -22,9 +22,13 @@
 #              be silenced, e.g. " --version | test ". In this example, "make lib test" will
 #              not be silent, but "make lib" will be.

-# Locate original tool
-TOOL_WITH_PATH=$(dirname "$0")/$TOOL
-ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1)
+# Identify path to original tool. There is an edge-case here where the quiet wrapper is on the path via
+# a symlink or relative path, but "type -ap" yields the wrapper with it's normalised path. We use
+# the -ef operator to compare paths, to avoid picking the wrapper in this case (to avoid infinitely
+# recursing).
+while IFS= read -r ORIGINAL_TOOL; do
+    if ! [[ $ORIGINAL_TOOL -ef "$0" ]]; then break; fi
+done < <(type -ap -- "$TOOL")

 print_quoted_args() {
    # similar to printf '%q' "$@"