compile issue if MBEDTLS_CERTS_C is not set in 2.28.1 #6243

hauke · 2022-08-27T21:48:30Z

Summary

I am getting the following compile problem when compiling mbedtls 2.28.1 in OpenWrt master:

-- Build files have been written to: /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1
awk 'BEGIN { rc = 1 } /#define MBEDTLS_DEBUG_C/ { $0 = "// #define MBEDTLS_DEBUG_C"; rc = 0 } { print } END { exit(rc) }' /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h >/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h.new && mv /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h.new /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h
awk 'BEGIN { rc = 1 } /#define MBEDTLS_HKDF_C/ { $0 = "// #define MBEDTLS_HKDF_C"; rc = 0 } { print } END { exit(rc) }' /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h >/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h.new && mv /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h.new /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include/mbedtls/config.h
sed -i '/fuzz/d' /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/CMakeLists.txt
sed -i '/test/d' /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/CMakeLists.txt
touch /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/.configured_5e1d5ee8fa334bc8ae9c07800ce6707c
rm -f /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/.built
touch /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/.built_check
MAKEFLAGS="" /home/hauke/openwrt/openwrt/staging_dir/host/bin/ninja  -j1 -C /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1 
ninja: Entering directory `/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1'
[0/1] Re-running CMake...
-- Configuring done
-- Generating done
-- Build files have been written to: /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1
[295/316] Building C object programs/ssl/CMakeFiles/ssl_server2.dir/ssl_server2.c.o
FAILED: programs/ssl/CMakeFiles/ssl_server2.dir/ssl_server2.c.o 
/home/hauke/openwrt/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/bin/aarch64-openwrt-linux-musl-gcc  -I/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/ssl/../../tests/include -I/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/include -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -fmacro-prefix-map=/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1=mbedtls-2.28.1 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections -Wall -Wextra -Wwrite-strings -Wformat=2 -Wno-format-nonliteral -Wvla -Wlogical-op -Wshadow -Wformat-signedness -Wformat-overflow=2 -Wformat-truncation -Werror -O2 -fPIE -MD -MT programs/ssl/CMakeFiles/ssl_server2.dir/ssl_server2.c.o -MF programs/ssl/CMakeFiles/ssl_server2.dir/ssl_server2.c.o.d -o programs/ssl/CMakeFiles/ssl_server2.dir/ssl_server2.c.o -c /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/ssl/ssl_server2.c
/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/ssl/ssl_server2.c: In function 'main':
/home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/programs/ssl/ssl_server2.c:4142:1: error: expected declaration or statement at end of input
 4142 | }
      | ^
ninja: build stopped: subcommand failed.
make[2]: *** [Makefile:142: /home/hauke/openwrt/openwrt/build_dir/target-aarch64_cortex-a53_musl/mbedtls-2.28.1/.built] Error 1
make[2]: Leaving directory '/home/hauke/openwrt/openwrt/package/libs/mbedtls'
time: package/libs/mbedtls/compile#30.75#2.63#32.45

OpenWrt builds for Linux and uses the following patch to adjust the default configuration:
https://github.com/openwrt/openwrt/blob/master/package/libs/mbedtls/patches/200-config.patch

I bisected it to this commit: 331c342

System information

Mbed TLS version: 2.28.1
Operating system and version: OpenWrt master (GCC 11.3, Linux 5.10, musl libc)
Configuration (if not default, please attach mbedtls_config.h): Default config + these changes: https://github.com/openwrt/openwrt/blob/master/package/libs/mbedtls/patches/200-config.patch
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): (GCC 11.3, Linux 5.10, musl libc)
Additional environment information:

Expected behavior

It should compile.

Actual behavior

It does not compile.

Steps to reproduce

Compile mbedtls 2.28.1 with this patch: https://github.com/openwrt/openwrt/blob/master/package/libs/mbedtls/patches/200-config.patch

Additional information

mbedtls 2.28.0 compiles fine.

The following patch fixed it for me:

Fix a compile problem introduced in commit 331c3421d1f0 ("Address review comments")

--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2511,7 +2511,6 @@ int main( int argc, char *argv[] )
         }
         key_cert_init2 = 2;
 #endif /* MBEDTLS_ECDSA_C */
-    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( opt.key_opaque != 0 )
@@ -2540,6 +2539,7 @@ int main( int argc, char *argv[] )
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_CERTS_C */
+    }
 
     mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

I haven't signed the CLA.

The text was updated successfully, but these errors were encountered:

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: Mbed-TLS/mbedtls#6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: Mbed-TLS/mbedtls#6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f387054)

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: Mbed-TLS/mbedtls#6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

This broke the build when MBEDTLS_CERTS_C is undefined. Fixes Mbed-TLS#6243. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

gilles-peskine-arm · 2023-02-01T17:54:21Z

Apologies for not fixing this in 2.28.2. We hadn't classified this as a regression, but looking closer we should have. The fix should be in 2.28.3.

Note that your patch is only correct when MBEDTLS_USE_PSA_CRYPTO is disabled (it is by default).

gilles-peskine-arm · 2023-02-28T09:41:50Z

The fix in #7013 has been merged.

This only fixes minor problems. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3 The 100-fix-compile.patch patch was merged upstream, see: Mbed-TLS/mbedtls#6243 Mbed-TLS/mbedtls#7013 The code style of all files in mbedtls 2.28.3 was changed. I took a new version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this pull request: Mbed-TLS/mbedtls#6475 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

This only fixes minor problems. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3 The 100-fix-compile.patch patch was merged upstream, see: Mbed-TLS/mbedtls#6243 Mbed-TLS/mbedtls#7013 The code style of all files in mbedtls 2.28.3 was changed. I took a new version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this pull request: Mbed-TLS/mbedtls#6475 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit d679b15)

hauke mentioned this issue Aug 27, 2022

mbedtls: update to version 2.28.1 openwrt/openwrt#10529

Closed

minosgalanakis added bug help-wanted This issue is not being actively worked on, but PRs welcome. component-platform Portability layer and build scripts good-first-issue Good for newcomers size-s Estimated task size: small (~2d) labels Aug 30, 2022

gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Feb 1, 2023

Fix misplaced #endif in test program

4d483a1

This broke the build when MBEDTLS_CERTS_C is undefined. Fixes Mbed-TLS#6243. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

gilles-peskine-arm mentioned this issue Feb 1, 2023

2.28 only: Fix the build without MBEDTLS_CERTS_C #7013

Merged

3 tasks

gilles-peskine-arm removed help-wanted This issue is not being actively worked on, but PRs welcome. good-first-issue Good for newcomers labels Feb 1, 2023

gilles-peskine-arm added this to Mbed TLS 3.4 release in EPICs for Mbed TLS Feb 1, 2023

daverodgman added this to Mbed TLS 3.4 release in Backlog for Mbed TLS Feb 22, 2023

daverodgman removed this from Mbed TLS 3.4 release in EPICs for Mbed TLS Feb 22, 2023

daverodgman added this to Mbed TLS 3.4 release in EPICs for Mbed TLS Feb 22, 2023

daverodgman removed this from Mbed TLS 3.4 release in Backlog for Mbed TLS Feb 22, 2023

gilles-peskine-arm closed this as completed Feb 28, 2023

hauke mentioned this issue Apr 2, 2023

mbedtls: Update to version 2.28.3 openwrt/openwrt#12316

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

compile issue if MBEDTLS_CERTS_C is not set in 2.28.1 #6243

compile issue if MBEDTLS_CERTS_C is not set in 2.28.1 #6243

hauke commented Aug 27, 2022

gilles-peskine-arm commented Feb 1, 2023

gilles-peskine-arm commented Feb 28, 2023

compile issue if MBEDTLS_CERTS_C is not set in 2.28.1 #6243

compile issue if MBEDTLS_CERTS_C is not set in 2.28.1 #6243

Comments

hauke commented Aug 27, 2022

Summary

System information

Expected behavior

Actual behavior

Steps to reproduce

Additional information

gilles-peskine-arm commented Feb 1, 2023

gilles-peskine-arm commented Feb 28, 2023