From patchwork Mon Dec 11 17:05:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3521 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:8d12:b0:fc:24ac:f0cb with SMTP id i18csp5308790dys; Mon, 11 Dec 2023 09:06:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IFKX1XYFLX78zzzMrG3w2+W6UKvBC6yPObIJ13rKoAnpQ3cxggPg/Y91+MY7cUcu9SJIGqa X-Received: by 2002:a05:6a20:6a1f:b0:18c:2dad:8201 with SMTP id p31-20020a056a206a1f00b0018c2dad8201mr10729325pzk.4.1702314416310; Mon, 11 Dec 2023 09:06:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702314416; cv=none; d=google.com; s=arc-20160816; b=PLGHV8lni8mfuqPkQl+JlbpYUjY7ThNOIvvzC5vySjmPRzwVJ5r27jBLjMlvLyUcnT tJ1s+Kmx/HUugtfDyRjZ4Y2upuVJY/2I152T92E3Myl3Pg3RKpfhMcZRXptgFJR50CG5 jqOigYSWmfZDaGkOpjcRPNl0CjMWKlEmT7movaMFCptfkK9pgr3Bt+E/QpGCKkszIbyT 5bKvth0dvMU4oj/DzZLhxbvFE+ergVrrwfJE+/0kbLvNUCogoUZ5vclOQygPlui/Rvhg evwY0ImUKTHrkC9tgNucfPpyO+I95nCeks7ln5t7FoignjkSg//2fXTJjewmKiH6bjvh pj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=RbDbtnG4UdxwA6ACmUNzp/3eh7M1yD/7Uw21U/M+JU0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ok9FQc7CKlfPITODovF8lBCpEuyy5GY2OuUUUp2Vmwd8GUfb4ZXusnaOyW7osHEt2G 1YcmT3GbPxG0T1FLh0mFR1QUdueWG5dGRTeYALWBS9kMsPlpVIHMYjLmG/QjEb6K69DA Q+5e4gcvyqIMmHSQT2EsrbOlcvlKJbLA4tCoPA/CRpm/bQ/LhG1i8QFMgSVY2Sj0ngJ9 4MaN5zpSJKrzYy8nt//Nm1Zp4AVx89yCjvYCIBR9H/n2fccuYkQOWgBSto1pej+tlU+k VSfkeQbqgaf0IGwNddnn5Bmz8dHUHKK4+Gry1xb7s6anWQEJIVH3OumXL+lkAaoj5RD7 LDdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Dy1CUIdS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=g+rGSvt4; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=cdmi5vQw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 6-20020a630d46000000b005c661aaf200si6243881pgn.190.2023.12.11.09.06.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Dec 2023 09:06:56 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Dy1CUIdS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=g+rGSvt4; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=cdmi5vQw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rCjjK-0006Iw-Ko; Mon, 11 Dec 2023 17:06:07 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rCjjJ-0006Ik-50 for openvpn-devel@lists.sourceforge.net; Mon, 11 Dec 2023 17:06:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=x9S4ODz71yMd3LJYQbfp3YkCfB0s3C4gPg1hvzsm7cU=; b=Dy1CUIdSMKkpAQodaxp8K6uI/4 LPdWr6kQbWZEFVC+nW0YDSY9PFEWxDcLDMTqDnYO1BxfZuHDU307jhyMsD0d6ejq0Jo06vLCk2lsd o11sAE7T0TSj4ADV9DyvoHTHtZjLTG8ekNF4mjrFtIfSq3htDLKLC6oDrkkVQliO6wb8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=x9S4ODz71yMd3LJYQbfp3YkCfB0s3C4gPg1hvzsm7cU=; b=g+rGSvt4elPyuWqzlLaxr27Kgl f/uIYx7NXxzqQxhfA3HQ9cPYUb0Ika1cKgfcsaPVcj4x32FQ7SIes6s/pEbJ1HuI9npK1lvv4J6aP IPNL+TMMzmhrsISdTQPKRiY37clk1GD26SFfoh3y4VgkU3rT9EAQmgnFjL8jcvO6pdJU=; Received: from mout-p-103.mailbox.org ([80.241.56.161]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rCjjI-0004Se-7n for openvpn-devel@lists.sourceforge.net; Mon, 11 Dec 2023 17:06:05 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4Spp6Q6DBVz9skr; Mon, 11 Dec 2023 18:05:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1702314350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x9S4ODz71yMd3LJYQbfp3YkCfB0s3C4gPg1hvzsm7cU=; b=cdmi5vQwtDKkGHp9L9fD7ybdP1wrWRVs3PFATS6TAfSXeN/ismhyMkYHQXF5mj+6lg8bhw BEsNj3yYIfCUSoyTmaSVtH/6uD5W38TeD/ifnfYw08sjU+PrsjJJl1F5gD5IRHurWG4IEo 8VbmutNTmvHadnIzdX0ZJBvxznYADKxprNQVVsPMAcapVIRfUrD6hoQvxUGj/Q+RkLt3tw M0+1UxriD6IJa6yy1mnDF2Po9sWdX8G3hoHz4nFWT+k/afqrxV7tuw7tjsltVMNHM5B4/F uJrsaHzPW3n8N/dLUbBoYxgg4v6xYgksHe4uRwfTGYN37jzdmIanbsscVzOxqw== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Mon, 11 Dec 2023 18:05:49 +0100 Message-Id: <20231211170549.85749-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4Spp6Q6DBVz9skr X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe When installing mbed TLS 2.x and 3.x in parallel, it is useful to point cmake to the version that should be used. This fixes also building mbed TLS versions with cmake. Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.161 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rCjjI-0004Se-7n Subject: [Openvpn-devel] [PATCH v6] Fix building mbed TLS with CMake and allow specifying custom directories X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1785006041441970725?= X-GMAIL-MSGID: =?utf-8?q?1785006041441970725?= From: Arne Schwabe When installing mbed TLS 2.x and 3.x in parallel, it is useful to point cmake to the version that should be used. This fixes also building mbed TLS versions with cmake. Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/377 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/CMakeLists.txt b/CMakeLists.txt index 577bc5d..d40b213 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -32,6 +32,8 @@ endif () option(MBED "BUILD with mbed" OFF) +set(MBED_INCLUDE_PATH "" CACHE STRING "Path to mbed TLS include directory") +set(MBED_LIBRARY_PATH "" CACHE STRING "Path to mbed library directory") option(WOLFSSL "BUILD with wolfSSL" OFF) option(ENABLE_LZ4 "BUILD with lz4" ON) option(ENABLE_LZO "BUILD with lzo" ON) @@ -239,9 +241,33 @@ pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED IMPORTED_TARGET) endif () +function(check_mbed_configuration) + if (NOT (MBED_INCLUDE_PATH STREQUAL "") ) + set(CMAKE_REQUIRED_INCLUDES ${MBED_INCLUDE_PATH}) + endif () + if (NOT (MBED_LIBRARY_PATH STREQUAL "")) + set(CMAKE_REQUIRED_LINK_OPTIONS "-L${MBED_LIBRARY_PATH}") + endif () + set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto") + check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET) + check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB) + check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H) +endfunction() + +if (${MBED}) + check_mbed_configuration() +endif() + function(add_library_deps target) if (${MBED}) - target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto) + if (NOT (MBED_INCLUDE_PATH STREQUAL "") ) + target_include_directories(${target} PRIVATE ${MBED_INCLUDE_PATH}) + endif () + if(NOT (MBED_LIBRARY_PATH STREQUAL "")) + target_link_directories(${target} PRIVATE ${MBED_LIBRARY_PATH}) + endif () + + target_link_libraries(${target} PRIVATE -lmbedtls -lmbedx509 -lmbedcrypto) elseif (${WOLFSSL}) pkg_search_module(wolfssl wolfssl REQUIRED) target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES}) diff --git a/config.h.cmake.in b/config.h.cmake.in index baf9556..6c846f2 100644 --- a/config.h.cmake.in +++ b/config.h.cmake.in @@ -378,11 +378,11 @@ /* Define to 1 if you have the header file. */ #undef HAVE_VFORK_H -/* we always assume a recent mbed TLS version */ -#define HAVE_MBEDTLS_PSA_CRYPTO_H 1 +/* Availability of different mbed TLS features and APIs */ +#cmakedefine01 HAVE_MBEDTLS_PSA_CRYPTO_H #define HAVE_MBEDTLS_SSL_TLS_PRF 1 -#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1 -#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1 +#cmakedefine01 HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB +#cmakedefine01 HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET /* Path to ifconfig tool */ #define IFCONFIG_PATH "@IFCONFIG_PATH@" diff --git a/src/openvpn/mbedtls_compat.h b/src/openvpn/mbedtls_compat.h index 610215b..d742b54 100644 --- a/src/openvpn/mbedtls_compat.h +++ b/src/openvpn/mbedtls_compat.h @@ -77,13 +77,13 @@ const unsigned char *additional, size_t add_len) { -#if HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET +#if MBEDTLS_VERSION_NUMBER > 0x03000000 + return mbedtls_ctr_drbg_update(ctx, additional, add_len); +#elif HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len); -#elif MBEDTLS_VERSION_NUMBER < 0x03020100 +#else mbedtls_ctr_drbg_update(ctx, additional, add_len); return 0; -#else - return mbedtls_ctr_drbg_update(ctx, additional, add_len); #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */ }