From 6ab25b932dc5c9b02eaf7f502dfe5efeb9ee0ab1 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 27 Jan 2024 14:22:36 -0800 Subject: [PATCH] Mbed TLS CMake improvements. Try to use the Mbed TLS cmake configuration data if present, and refactor our FindModule to adhere to the same basic API. --- cmake/FindMbedTLS.cmake | 122 ++++++++++++++++++++ cmake/FindmbedTLS.cmake | 86 -------------- cmake/NNGHelpers.cmake | 8 +- src/supplemental/tls/mbedtls/CMakeLists.txt | 19 ++- 4 files changed, 143 insertions(+), 92 deletions(-) create mode 100644 cmake/FindMbedTLS.cmake delete mode 100644 cmake/FindmbedTLS.cmake diff --git a/cmake/FindMbedTLS.cmake b/cmake/FindMbedTLS.cmake new file mode 100644 index 000000000..553a19539 --- /dev/null +++ b/cmake/FindMbedTLS.cmake @@ -0,0 +1,122 @@ +# +# Copyright 2024 Staysail Systems, Inc. +# Copyright 2017 Capitar IT Group BV +# +# This software is supplied under the terms of the MIT License, a +# copy of which should be located in the distribution where this +# file was obtained (LICENSE.txt). A copy of the license may also be +# found online at https://opensource.org/licenses/MIT. +# + +# +# Try to find the Mbed TLS libraries. +# This tries to emulate the same expectations that the stock Mbed TLS +# module uses in Mbed TLS v3.x. +# +# Sets the following: +# +# MbedTLS_FOUND - True if we found Mbed TLS. +# MbedTLS_TARGET - Target of the mbedtls library. +# MbedX509_TARGET - Target of the mbedx509 library. +# MbedCrypto_TARGET - Target of the mbedcrypto library. +# MbedTLS_VERSION - $major.$minor.$revision (e.g. ``2.6.0``). +# +# MBEDTLS_CRYPTO_LIBRARY - The mbedcrypto library. +# MBEDTLS_X509_LIBRARY - The mbedx509 library. +# MBEDTLS_TLS_LIBRARY - The mbedtls library. +# MBEDTLS_LIBRARIES - List of all three Mbed TLS libraries. +# +# Hints: +# +# Set ``MBEDTLS_ROOT_DIR`` to the root directory of Mbed TLS installation. +# + +set(_MBEDTLS_ROOT_HINTS ${MBEDTLS_ROOT_DIR} ENV MBEDTLS_ROOT_DIR) + +set(_MBED_REQUIRED_VARS MbedTLS_TARGET MbedX509_TARGET MbedCrypto_TARGET MbedTLS_VERSION) + +include(FindPackageHandleStandardArgs) +include(CMakePushCheckState) + +find_path(_MBEDTLS_INCLUDE_DIR + NAMES mbedtls/ssl.h + HINTS ${_MBEDTLS_ROOT_HINTS} + # PATHS /usr/local + PATH_SUFFIXES include) + +find_library(_MBEDCRYPTO_LIBRARY + NAMES mbedcrypto + HINTS ${_MBEDTLS_ROOT_HINTS} + # PATHS /usr/local + # PATH_SUFFIXES lib + ) + +find_library(_MBEDX509_LIBRARY + NAMES mbedx509 + HINTS ${_MBEDTLS_ROOT_HINTS} + #PATHS /usr/local + # PATH_SUFFIXES lib + ) + +find_library(_MBEDTLS_LIBRARY + NAMES mbedtls + HINTS ${_MBEDTLS_ROOT_HINTS} + #PATHS /usr/local + #PATH_SUFFIXES lib + ) + +if ("${_MBEDTLS_TLS_LIBRARY}" STREQUAL "_MBEDTLS_TLS_LIBRARY-NOTFOUND") + message("Failed to find Mbed TLS library") +else() + + cmake_push_check_state(RESET) + set(CMAKE_REQUIRED_INCLUDES ${_MBEDTLS_INCLUDE_DIR} ${CMAKE_REQUIRED_INCLUDES_${BUILD_TYPE}}) + list(APPEND CMAKE_REQUIRED_LIBRARIES ${_MBEDTLS_LIBRARY} ${_MBEDX509_LIBRARY} ${_MBEDCRYPTO_LIBRARY}) + check_symbol_exists(mbedtls_ssl_init "mbedtls/ssl.h" _MBEDTLS_V2_OR_NEWER) + cmake_pop_check_state() + + if (NOT _MBEDTLS_V2_OR_NEWER) + message("Mbed TLS too old (must be version 2 or newer) ${_MBEDTLS_V2_OR_NEWER} UP ${_MbedTLS_V2}") + + else() + # Extract the version from the header... hopefully it matches the library. + if (EXISTS ${_MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h) + file(STRINGS ${_MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERLINE + REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") + else () + file(STRINGS ${_MBEDTLS_INCLUDE_DIR}/mbedtls/version.h _MBEDTLS_VERLINE + REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") + endif () + + string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MbedTLS_VERSION ${_MBEDTLS_VERLINE}) + message("Mbed TLS version: ${MbedTLS_VERSION}") + endif() +endif() + + +add_library(MbedTLS::mbedtls UNKNOWN IMPORTED) +add_library(MbedTLS::mbedx509 UNKNOWN IMPORTED) +add_library(MbedTLS::mbedcrypto UNKNOWN IMPORTED) + + +set_target_properties(MbedTLS::mbedtls PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${_MBEDTLS_INCLUDE_DIR}") +set_target_properties(MbedTLS::mbedx509 PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${_MBEDTLS_INCLUDE_DIR}") +set_target_properties(MbedTLS::mbedcrypto PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${_MBEDTLS_INCLUDE_DIR}") + +if (WIN32) + set_target_properties(MbedTLS::mbedtls PROPERTIES IMPORTED_IMPLIB "${_MBEDTLS_LIBRARY}") + set_target_properties(MbedTLS::mbedx509 PROPERTIES IMPORTED_IMPLIB "${_MBEDX509_LIBRARY}") + set_target_properties(MbedTLS::mbedcrypto PROPERTIES IMPORTED_IMPLIB "${_MBEDCRYPTO_LIBRARY}") +else() + set_target_properties(MbedTLS::mbedtls PROPERTIES IMPORTED_LOCATION "${_MBEDTLS_LIBRARY}") + set_target_properties(MbedTLS::mbedx509 PROPERTIES IMPORTED_LOCATION "${_MBEDX509_LIBRARY}") + set_target_properties(MbedTLS::mbedcrypto PROPERTIES IMPORTED_LOCATION "${_MBEDCRYPTO_LIBRARY}") +endif() + +set(MbedTLS_TARGET MbedTLS::mbedtls) +set(MbedX509_TARGET MbedTLS::mbedx509) +set(MbedCrypto_TARGET MbedTLS::mbedcrypto) + +find_package_handle_standard_args(MbedTLS REQUIRED_VARS ${_MBED_REQUIRED_VARS}) +mark_as_advanced(${_MBED_REQUIRED_VARS}) + diff --git a/cmake/FindmbedTLS.cmake b/cmake/FindmbedTLS.cmake deleted file mode 100644 index 804a03927..000000000 --- a/cmake/FindmbedTLS.cmake +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright 2020 Staysail Systems, Inc. -# Copyright 2017 Capitar IT Group BV -# -# This software is supplied under the terms of the MIT License, a -# copy of which should be located in the distribution where this -# file was obtained (LICENSE.txt). A copy of the license may also be -# found online at https://opensource.org/licenses/MIT. -# - -# -# Try to find the Mbed TLS libraries. -# -# Sets the following: -# -# MBEDTLS_INCLUDE_DIR - Where to find mbedtls/ssl.h, etc. -# MBEDTLS_FOUND - True if we found Mbed TLS. -# MBEDTLS_CRYPTO_LIBRARY - The mbedcrypto library. -# MBEDTLS_X509_LIBRARY - The mbedx509 library. -# MBEDTLS_TLS_LIBRARY - The mbedtls library. -# MBEDTLS_LIBRARIES - List of all three Mbed TLS libraries. -# MBEDTLS_VERSION - $major.$minor.$revision (e.g. ``2.6.0``). -# -# Hints: -# -# Set ``MBEDTLS_ROOT_DIR`` to the root directory of Mbed TLS installation. -# - -set(_MBEDTLS_ROOT_HINTS ${MBEDTLS_ROOT_DIR} ENV MBEDTLS_ROOT_DIR) - -include(FindPackageHandleStandardArgs) - -find_path(MBEDTLS_INCLUDE_DIR - NAMES mbedtls/ssl.h - HINTS ${_MBEDTLS_ROOT_HINTS} - PATHS /usr/local - PATH_SUFFIXES include) - -find_library(MBEDTLS_CRYPTO_LIBRARY - NAMES mbedcrypto - HINTS ${_MBEDTLS_ROOT_HINTS} - PATHS /usr/local - PATH_SUFFIXES lib) - -find_library(MBEDTLS_X509_LIBRARY - NAMES mbedx509 - HINTS ${_MBEDTLS_ROOT_HINTS} - PATHS /usr/local - PATH_SUFFIXES lib) - -find_library(MBEDTLS_TLS_LIBRARY - NAMES mbedtls - HINTS ${_MBEDTLS_ROOT_HINTS} - PATHS /usr/local - PATH_SUFFIXES lib) - -set(MBEDTLS_LIBRARIES - ${MBEDTLS_TLS_LIBRARY} - ${MBEDTLS_X509_LIBRARY} - ${MBEDTLS_CRYPTO_LIBRARY}) - -if (${MBEDTLS_TLS_LIBRARY-NOTFOUND}) - message(FATAL_ERROR "Failed to find Mbed TLS library") -endif () - -mark_as_advanced( - MBEDSSL_INCLUDE_DIR - MBEDTLS_LIBRARIES - MBEDTLS_CRYPTO_LIBRARY - MBEDTLS_X509_LIBRARY - MBEDTLS_TLS_LIBRARY) - -# Extract the version from the header... hopefully it matches the library. -if (EXISTS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h) - file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERLINE - REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") -else () - file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h _MBEDTLS_VERLINE - REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") -endif () - -string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERLINE}) - -find_package_handle_standard_args(mbedTLS - REQUIRED_VARS MBEDTLS_TLS_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES VERSION_VAR MBEDTLS_VERSION) - diff --git a/cmake/NNGHelpers.cmake b/cmake/NNGHelpers.cmake index d97d800c3..b2daa1dc2 100644 --- a/cmake/NNGHelpers.cmake +++ b/cmake/NNGHelpers.cmake @@ -1,5 +1,5 @@ # -# Copyright 2020 Staysail Systems, Inc. +# Copyright 2024 Staysail Systems, Inc. # # This software is supplied under the terms of the MIT License, a # copy of which should be located in the distribution where this @@ -55,6 +55,12 @@ function(nng_link_libraries) target_link_libraries(nng_testing PRIVATE ${ARGN}) endfunction() +function(nng_link_libraries_public) + target_link_libraries(nng PRIVATE ${ARGN}) + target_link_libraries(nng_testing PRIVATE ${ARGN}) +endfunction() + + # nng_include_directories adds include directories. function(nng_include_directories) target_include_directories(nng PRIVATE ${ARGN}) diff --git a/src/supplemental/tls/mbedtls/CMakeLists.txt b/src/supplemental/tls/mbedtls/CMakeLists.txt index 2d639efa6..fda226e54 100644 --- a/src/supplemental/tls/mbedtls/CMakeLists.txt +++ b/src/supplemental/tls/mbedtls/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright 2020 Staysail Systems, Inc. +# Copyright 2024 Staysail Systems, Inc. # # This software is supplied under the terms of the MIT License, a # copy of which should be located in the distribution where this @@ -10,7 +10,7 @@ if (NNG_TLS_ENGINE STREQUAL "mbed") message(WARNING " ************************************************************ - Linking against Mbed TLS changes license terms (Apache 2.0). + Linking against Mbed TLS may change license terms. Consult a lawyer and the license files for details. ************************************************************") nng_sources(tls.c) @@ -23,8 +23,17 @@ if (NNG_TLS_ENGINE STREQUAL "mbed") if (TARGET mbedtls) nng_link_libraries(mbedtls) else() - nng_find_package(mbedTLS) - nng_link_libraries(${MBEDTLS_LIBRARIES}) - nng_include_directories(${MBEDTLS_INCLUDE_DIR}) + # We want to prefer config mode over our local find package. + # mbedTLS v3 has a config file, which should work better than + # what we do here. We do restore the setting though because + # user applications might not expect this. + if (NOT CMAKE_FIND_PAKCAGE_PREFER_CONFIG) + set(CMAKE_FIND_PACKAGE_PREFER_CONFIG TRUE) + find_package(MbedTLS REQUIRED) + set(CMAKE_FIND_PACKAGE_PREFER_CONFIG FALSE) + else() + find_package(MbedTLS REQUIRED) + endif() + nng_link_libraries_public(MbedTLS::mbedtls MbedTLS::mbedcrypto MbedTLS::mbedx509) endif() endif()