From 722a7e69404a5265c63ed2afcadec196b6e53877 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Feb 2020 19:05:19 +0100 Subject: [PATCH] Revert "Only build libmbedcrypto" This reverts commit 8298d70beecb6c3c1a375954e03f4ed1a80efc0a. Conflicts: * library/Makefile: removal of SOEXT_X509 and SOEXT_TLS vs change of value of SOEXT_CRYPTO. Keep all, with the new value of SOEXT_CRYPTO. --- Makefile | 4 +++ library/CMakeLists.txt | 72 ++++++++++++++++++++++++++++++++++++----- library/Makefile | 70 +++++++++++++++++++++++++++++++++++++-- scripts/bump_version.sh | 33 +++++++++++++++++++ tests/Makefile | 4 +-- 5 files changed, 171 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 4fd7f8eaa..026c6371b 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,8 @@ install: no_test cp -rp include/psa $(DESTDIR)/include mkdir -p $(DESTDIR)/lib + cp -RP library/libmbedtls.* $(DESTDIR)/lib + cp -RP library/libmbedx509.* $(DESTDIR)/lib cp -RP library/libmbedcrypto.* $(DESTDIR)/lib mkdir -p $(DESTDIR)/bin @@ -40,6 +42,8 @@ install: no_test uninstall: rm -rf $(DESTDIR)/include/mbedtls + rm -f $(DESTDIR)/lib/libmbedtls.* + rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* for p in programs/*/* ; do \ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 9780b1c5d..8db082862 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -95,6 +95,30 @@ endif() list(APPEND src_crypto ${thirdparty_src}) +set(src_x509 + certs.c + pkcs11.c + x509.c + x509_create.c + x509_crl.c + x509_crt.c + x509_csr.c + x509write_crt.c + x509write_csr.c +) + +set(src_tls + debug.c + net_sockets.c + ssl_cache.c + ssl_ciphersuites.c + ssl_cli.c + ssl_cookie.c + ssl_srv.c + ssl_ticket.c + ssl_tls.c +) + if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) @@ -137,8 +161,12 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) + set(mbedtls_static_target "mbedtls_static") + set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) + set(mbedtls_static_target "mbedtls") + set(mbedx509_static_target "mbedx509") set(mbedcrypto_static_target "mbedcrypto") endif() @@ -150,9 +178,23 @@ if(USE_STATIC_MBEDTLS_LIBRARY) PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) - install(TARGETS ${mbedcrypto_static_target} - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + if(USE_CRYPTO_SUBMODULE) + install(TARGETS ${mbedcrypto_static_target} + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + else() + add_library(${mbedx509_static_target} STATIC ${src_x509}) + set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) + target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) + + add_library(${mbedtls_static_target} STATIC ${src_tls}) + set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) + target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) + + install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + endif() endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) @@ -163,9 +205,23 @@ if(USE_SHARED_MBEDTLS_LIBRARY) PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) - install(TARGETS mbedcrypto - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + if(USE_CRYPTO_SUBMODULE) + install(TARGETS mbedcrypto + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + else() + add_library(mbedx509 SHARED ${src_x509}) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.0 SOVERSION 0) + target_link_libraries(mbedx509 ${libs} mbedcrypto) + + add_library(mbedtls SHARED ${src_tls}) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.0 SOVERSION 12) + target_link_libraries(mbedtls ${libs} mbedx509) + + install(TARGETS mbedtls mbedx509 mbedcrypto + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + endif() endif(USE_SHARED_MBEDTLS_LIBRARY) if(USE_CRYPTO_SUBMODULE) @@ -174,8 +230,8 @@ if(USE_CRYPTO_SUBMODULE) add_dependencies(crypto_lib mbedcrypto_static) endif() else() - add_custom_target(lib DEPENDS mbedcrypto) + add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - add_dependencies(lib mbedcrypto_static) + add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static) endif() endif() diff --git a/library/Makefile b/library/Makefile index ca063f486..8b7222942 100644 --- a/library/Makefile +++ b/library/Makefile @@ -36,6 +36,8 @@ LOCAL_CFLAGS += -fPIC -fpic endif endif +SOEXT_TLS=so.12 +SOEXT_X509=so.0 SOEXT_CRYPTO=so.4 # Set AR_DASH= (empty string) to use an ar implementation that does not accept @@ -105,6 +107,16 @@ include ../3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) +OBJS_X509= certs.o pkcs11.o x509.o \ + x509_create.o x509_crl.o x509_crt.o \ + x509_csr.o x509write_crt.o x509write_csr.o + +OBJS_TLS= debug.o net_sockets.o \ + ssl_cache.o ssl_ciphersuites.o \ + ssl_cli.o ssl_cookie.o \ + ssl_srv.o ssl_ticket.o \ + ssl_tls.o + .SILENT: .PHONY: all static shared clean @@ -115,9 +127,63 @@ else all: shared static endif -static: libmbedcrypto.a +static: libmbedcrypto.a libmbedx509.a libmbedtls.a -shared: libmbedcrypto.$(DLEXT) +shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) + +# tls +libmbedtls.a: $(OBJS_TLS) + echo " AR $@" + $(AR) $(ARFLAGS) $@ $(OBJS_TLS) +ifdef APPLE_BUILD +ifneq ($(APPLE_BUILD),0) + echo " RL $@" + $(RL) $(RLFLAGS) $@ +endif +endif + +libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so + echo " LD $@" + $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + +libmbedtls.so: libmbedtls.$(SOEXT_TLS) + echo " LN $@ -> $<" + ln -sf $< $@ + +libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib + echo " LD $@" + $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + +libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll + echo " LD $@" + $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -lmbedx509 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) + +# x509 +libmbedx509.a: $(OBJS_X509) + echo " AR $@" + $(AR) $(ARFLAGS) $@ $(OBJS_X509) +ifdef APPLE_BUILD +ifneq ($(APPLE_BUILD),0) + echo " RL $@" + $(RL) $(RLFLAGS) $@ +endif +endif + +libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so + echo " LD $@" + $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + +libmbedx509.so: libmbedx509.$(SOEXT_X509) + echo " LN $@ -> $<" + ln -sf $< $@ + +libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib + echo " LD $@" + $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + +libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll + echo " LD $@" + $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) # crypto libmbedcrypto.a: $(OBJS_CRYPTO) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index d76e313c8..cf875c88d 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -9,6 +9,7 @@ # Sets the version numbers in the source code to those given. # # Usage: bump_version.sh [ --version ] [ --so-crypto ] +# [ --so-x509 ] [ --so-tls ] # [ -v | --verbose ] [ -h | --help ] # @@ -29,6 +30,14 @@ do shift SO_CRYPTO=$1 ;; + --so-x509) + shift + SO_X509=$1 + ;; + --so-tls) + shift + SO_TLS=$1 + ;; -v|--verbose) # Be verbose VERBOSE="1" @@ -39,6 +48,8 @@ do echo -e " -h|--help\t\tPrint this help." echo -e " --version \tVersion to bump to." echo -e " --so-crypto \tSO version to bump libmbedcrypto to." + echo -e " --so-x509 \tSO version to bump libmbedx509 to." + echo -e " --so-tls \tSO version to bump libmbedtls to." echo -e " -v|--verbose\t\tVerbose." exit 1 ;; @@ -72,6 +83,28 @@ then mv tmp library/Makefile fi +if [ "X" != "X$SO_X509" ]; +then + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/CMakeLists.txt" + sed -e "/mbedx509/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_X509/g" < library/CMakeLists.txt > tmp + mv tmp library/CMakeLists.txt + + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" + sed -e "s/SOEXT_X509=so.[0-9]\{1,\}/SOEXT_X509=so.$SO_X509/g" < library/Makefile > tmp + mv tmp library/Makefile +fi + +if [ "X" != "X$SO_TLS" ]; +then + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/CMakeLists.txt" + sed -e "/mbedtls/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_TLS/g" < library/CMakeLists.txt > tmp + mv tmp library/CMakeLists.txt + + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" + sed -e "s/SOEXT_TLS=so.[0-9]\{1,\}/SOEXT_TLS=so.$SO_TLS/g" < library/Makefile > tmp + mv tmp library/Makefile +fi + [ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/version.h" read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION) VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )" diff --git a/tests/Makefile b/tests/Makefile index f7505b602..8fb187e23 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -19,9 +19,9 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L ifndef SHARED -DEP=../library/libmbedcrypto.a +DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) +DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) endif ifdef DEBUG