Initial Mbed-TLS 3 support to get the GitHub Actions working again

mingw has upgraded to Mbed-TLS 3.1.0, so all the mingw tests that need Mbed-TLS currently don't work. v2: add missing mbedtls/version.h into test/regress_mbedtls.c v3: suppress #warning "Including compat-2.x.h is deprecated" for mbedtls/compat-2.x.h
2025-01-09 00:56:20 +08:00 · 2022-06-23 23:06:14 +01:00 · 2022-06-23 23:06:14 +01:00 · 384c52e6be
commit 384c52e6be
parent 35e12a8175
4 changed files with 72 additions and 10 deletions
--- a/bufferevent_mbedtls.c
+++ b/bufferevent_mbedtls.c
@ -24,8 +24,15 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* Mbed-TLS 3.x does not currently expose a function to retrieve
   the bio parameters from the SSL object. When the above issue has been
   fixed, remove the MBEDTLS_ALLOW_PRIVATE_ACCESS define and use the
   appropriate getter function in bufferevent_mbedtls_socket_new rather than
   accessing the struct fields directly. */
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
 #include "mbedtls-compat.h"
-#include <mbedtls/config.h>
+#include <mbedtls/version.h>
 #include <mbedtls/ssl.h>
 #include <mbedtls/error.h>
--- a/cmake/FindMbedTLS.cmake
+++ b/cmake/FindMbedTLS.cmake
@ -75,16 +75,29 @@ find_path(MBEDTLS_INCLUDE_DIR
          ${_EXTRA_FIND_ARGS})
 # based on https://github.com/ARMmbed/mbedtls/issues/298
-if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
+function(mbedtls_get_version_numbers FILE)
-    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_STRING_LINE REGEX "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"[^\"]*\"$")
+    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_STRING_LINE REGEX "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"[^\"]*\"$")
-    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MAJOR_LINE REGEX "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+[0-9]+$")
+    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_MAJOR_LINE REGEX "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+[0-9]+$")
-    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_MINOR_LINE REGEX "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+[0-9]+$")
+    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_MINOR_LINE REGEX "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+[0-9]+$")
-    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" VERSION_PATCH_LINE REGEX "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+[0-9]+$")
+    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/${FILE}" VERSION_PATCH_LINE REGEX "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+[0-9]+$")
    string(REGEX REPLACE "^#define MBEDTLS_VERSION_STRING[ \\t\\n\\r]+\"([^\"]*)\"$" "\\1" MBEDTLS_VERSION "${VERSION_STRING_LINE}")
    string(REGEX REPLACE "^#define MBEDTLS_VERSION_MAJOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MAJOR "${VERSION_MAJOR_LINE}")
    string(REGEX REPLACE "^#define MBEDTLS_VERSION_MINOR[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_MINOR "${VERSION_MINOR_LINE}")
    string(REGEX REPLACE "^#define MBEDTLS_VERSION_PATCH[ \\t\\n\\r]+([0-9]+)$" "\\1" MBEDTLS_VERSION_PATCH "${VERSION_PATCH_LINE}")
    set(MBEDTLS_VERSION "${MBEDTLS_VERSION}" PARENT_SCOPE)
    set(MBEDTLS_VERSION_MAJOR "${MBEDTLS_VERSION_MAJOR}" PARENT_SCOPE)
    set(MBEDTLS_VERSION_MINOR "${MBEDTLS_VERSION_MINOR}" PARENT_SCOPE)
    set(MBEDTLS_VERSION_PATCH "${MBEDTLS_VERSION_PATCH}" PARENT_SCOPE)
 endfunction()
 if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
    mbedtls_get_version_numbers("mbedtls/version.h")
    if ("${MBEDTLS_VERSION}" STREQUAL "")
        mbedtls_get_version_numbers("mbedtls/build_info.h")
    endif()
 endif()
--- a/mbedtls-compat.h
+++ b/mbedtls-compat.h
@ -2,10 +2,29 @@
 #define MBEDTLS_COMPAT_H
 #include <mbedtls/version.h>
 #if MBEDTLS_VERSION_MAJOR >= 3
 # if defined(__clang__)
 #  pragma clang diagnostic push
 #  pragma clang diagnostic ignored "-Wcpp"
 # elif defined(__GNUC__)
 #  pragma GCC diagnostic push
 #  pragma GCC diagnostic ignored "-Wcpp"
 # endif
 # include <mbedtls/compat-2.x.h>
 # if defined(__clang__)
 #  pragma clang diagnostic pop
 # elif defined(__GNUC__)
 #  pragma GCC diagnostic pop
 # endif
 #endif // MBEDTLS_VERSION_MAJOR >= 3
 #if MBEDTLS_VERSION_MAJOR < 2 || (MBEDTLS_VERSION_MAJOR == 2 && MBEDTLS_VERSION_MINOR < 4)
-#include <mbedtls/net.h>
+# include <mbedtls/net.h>
 #else
-#include <mbedtls/net_sockets.h>
+# include <mbedtls/net_sockets.h>
 #endif
 #endif // LIBEVENT_MBEDTLS_COMPAT_H
--- a/test/regress_mbedtls.c
+++ b/test/regress_mbedtls.c
@ -27,6 +27,7 @@
 #define EVENT_VISIBILITY_WANT_DLLIMPORT
 #include "event2/util.h"
 #include <mbedtls/version.h>
 #include <mbedtls/ssl.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
@ -94,6 +95,20 @@ mbedtls_debug(
 		line, loglen, str));
 }
 static int
 mbedtls_rng(void* ctx, unsigned char* buffer, size_t len)
 {
 	int rc;
 	(void)ctx;
 	rc = evutil_secure_rng_init();
 	if (rc != 0)
 		return rc;
 	evutil_secure_rng_get_bytes(buffer, len);
 	return 0;
 }
 static mbedtls_pk_context *
 mbedtls_getkey(void)
 {
@ -101,8 +116,13 @@ mbedtls_getkey(void)
 	mbedtls_pk_context *pk = malloc(sizeof(mbedtls_pk_context));
 	tt_assert(pk);
 	mbedtls_pk_init(pk);
-	ret = mbedtls_pk_parse_key(
+	ret = mbedtls_pk_parse_key(pk,
-		pk, (const unsigned char *)KEY, sizeof(KEY), NULL, 0);
+		(const unsigned char *)KEY, sizeof(KEY),
 		NULL, 0
 #if MBEDTLS_VERSION_MAJOR >= 3
 		, mbedtls_rng, NULL
 #endif
 		);
 	tt_assert(ret == 0);
 	return pk;
 end:
@ -214,10 +234,13 @@ get_mbedtls_config(int endpoint)
 		MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
 	mbedtls_ssl_conf_rng(
 		the_mbedtls_conf[endpoint], mbedtls_ctr_drbg_random, &ctr_drbg);
 #if MBEDTLS_VERSION_MAJOR < 3
 	/* Mbed-TLS 3 doesn't support anything below TLS v1.2 */
 	if (disable_tls_11_and_12) {
 		mbedtls_ssl_conf_max_version(the_mbedtls_conf[endpoint],
 			MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1);
 	}
 #endif
 	if (endpoint == MBEDTLS_SSL_IS_SERVER) {
 		mbedtls_ssl_conf_own_cert(
 			the_mbedtls_conf[endpoint], the_cert, the_key);