1#
2# CMake build system design considerations:
3#
4# - Include directories:
5#   + Do not define include directories globally using the include_directories
6#     command but rather at the target level using the
7#     target_include_directories command. That way, it is easier to guarantee
8#     that targets are built using the proper list of include directories.
9#   + Use the PUBLIC and PRIVATE keywords to specify the scope of include
10#     directories. That way, a target linking to a library (using the
11#     target_link_libraries command) inherits from the library PUBLIC include
12#     directories and not from the PRIVATE ones.
13# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling
14#   CMake in order to avoid target name clashes, via the use of
15#   MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the
16#   mbedtls, mbedx509, mbedcrypto and apidoc targets.
17#
18
19# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
20# until our infrastructure catches up.
21cmake_minimum_required(VERSION 3.5.1)
22
23include(CMakePackageConfigHelpers)
24
25# https://cmake.org/cmake/help/latest/policy/CMP0011.html
26# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
27# policy setting is deprecated, and will be removed in future versions.
28cmake_policy(SET CMP0011 NEW)
29# https://cmake.org/cmake/help/latest/policy/CMP0012.html
30# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2
31# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required
32# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting
33# is deprecated and will be removed in future versions.
34cmake_policy(SET CMP0012 NEW)
35
36if(TEST_CPP)
37    project("Mbed TLS" LANGUAGES C CXX)
38else()
39    project("Mbed TLS" LANGUAGES C)
40endif()
41
42include(GNUInstallDirs)
43
44# Determine if Mbed TLS is being built as a subproject using add_subdirectory()
45if(NOT DEFINED MBEDTLS_AS_SUBPROJECT)
46  set(MBEDTLS_AS_SUBPROJECT ON)
47  if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
48    set(MBEDTLS_AS_SUBPROJECT OFF)
49  endif()
50endif()
51
52# Set the project root directory.
53set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
54
55option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
56
57option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
58option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
59if(CMAKE_HOST_WIN32)
60    # N.B. The comment on the next line is significant! If you change it,
61    # edit the sed command in prepare_release.sh that modifies
62    # CMakeLists.txt.
63    option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
64else()
65    option(GEN_FILES "Generate the auto-generated files as needed" OFF)
66endif()
67
68option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT})
69
70string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
71string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
72string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
73string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
74
75# the test suites currently have compile errors with MSVC
76if(CMAKE_COMPILER_IS_MSVC)
77    option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
78else()
79    option(ENABLE_TESTING "Build Mbed TLS tests." ON)
80endif()
81
82# Warning string - created as a list for compatibility with CMake 2.8
83set(CTR_DRBG_128_BIT_KEY_WARN_L1 "****  WARNING!  MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
84set(CTR_DRBG_128_BIT_KEY_WARN_L2 "****  Using 128-bit keys for CTR_DRBG limits the security of generated\n")
85set(CTR_DRBG_128_BIT_KEY_WARN_L3 "****  keys and operations that use random values generated to 128-bit security\n")
86
87set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
88                         "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
89                         "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
90                         "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
91                         "${WARNING_BORDER}")
92
93# Python 3 is only needed here to check for configuration warnings.
94if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
95    set(Python3_FIND_STRATEGY LOCATION)
96    find_package(Python3 COMPONENTS Interpreter)
97    if(Python3_Interpreter_FOUND)
98        set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
99    endif()
100else()
101    find_package(PythonInterp 3)
102    if(PYTHONINTERP_FOUND)
103        set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
104    endif()
105endif()
106if(MBEDTLS_PYTHON_EXECUTABLE)
107
108    # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
109    execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
110                        RESULT_VARIABLE result)
111    if(${result} EQUAL 0)
112        message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
113    endif()
114
115endif()
116
117# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
118if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
119    set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
120        CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
121        FORCE)
122endif()
123
124# Make MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE into PATHs
125set(MBEDTLS_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS config file (overrides default).")
126set(MBEDTLS_USER_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS user config file (appended to default).")
127
128# Create a symbolic link from ${base_name} in the binary directory
129# to the corresponding path in the source directory.
130# Note: Copies the file(s) on Windows.
131function(link_to_source base_name)
132    set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
133    set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
134
135    # Linking to non-existent file is not desirable. At best you will have a
136    # dangling link, but when building in tree, this can create a symbolic link
137    # to itself.
138    if (EXISTS ${target} AND NOT EXISTS ${link})
139        if (CMAKE_HOST_UNIX)
140            execute_process(COMMAND ln -s ${target} ${link}
141                RESULT_VARIABLE result
142                ERROR_VARIABLE output)
143
144            if (NOT ${result} EQUAL 0)
145                message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
146            endif()
147        else()
148            if (IS_DIRECTORY ${target})
149                file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
150                foreach(file IN LISTS files)
151                    configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
152                endforeach(file)
153            else()
154                configure_file(${target} ${link} COPYONLY)
155            endif()
156        endif()
157    endif()
158endfunction(link_to_source)
159
160# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
161function(get_name_without_last_ext dest_var full_name)
162    # Split into a list on '.' (but a cmake list is just a ';'-separated string)
163    string(REPLACE "." ";" ext_parts "${full_name}")
164    # Remove the last item if there are more than one
165    list(LENGTH ext_parts ext_parts_len)
166    if (${ext_parts_len} GREATER "1")
167        math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
168        list(REMOVE_AT ext_parts ${ext_parts_last_item})
169    endif()
170    # Convert back to a string by replacing separators with '.'
171    string(REPLACE ";" "." no_ext_name "${ext_parts}")
172    # Copy into the desired variable
173    set(${dest_var} ${no_ext_name} PARENT_SCOPE)
174endfunction(get_name_without_last_ext)
175
176string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
177
178include(CheckCCompilerFlag)
179
180set(CMAKE_C_EXTENSIONS OFF)
181set(CMAKE_C_STANDARD 99)
182
183if(CMAKE_COMPILER_IS_GNU)
184    # some warnings we want are not available with old GCC versions
185    # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
186    execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
187                    OUTPUT_VARIABLE GCC_VERSION)
188    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
189    if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
190        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
191    endif()
192    if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
193        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
194    endif()
195    if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
196        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
197    endif()
198    if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
199        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
200    endif()
201    if (GCC_VERSION VERSION_GREATER 5.0)
202        CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
203        if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
204            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
205        endif()
206    endif()
207    if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
208      set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
209    endif()
210    set(CMAKE_C_FLAGS_RELEASE     "-O2")
211    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
212    set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
213    set(CMAKE_C_FLAGS_ASAN        "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
214    set(CMAKE_C_FLAGS_ASANDBG     "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
215    set(CMAKE_C_FLAGS_CHECK       "-Os")
216    set(CMAKE_C_FLAGS_CHECKFULL   "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
217endif(CMAKE_COMPILER_IS_GNU)
218
219if(CMAKE_COMPILER_IS_CLANG)
220    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
221    set(CMAKE_C_FLAGS_RELEASE     "-O2")
222    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
223    set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
224    set(CMAKE_C_FLAGS_ASAN        "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
225    set(CMAKE_C_FLAGS_ASANDBG     "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
226    set(CMAKE_C_FLAGS_MEMSAN      "-fsanitize=memory -O3")
227    set(CMAKE_C_FLAGS_MEMSANDBG   "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
228    set(CMAKE_C_FLAGS_CHECK       "-Os")
229endif(CMAKE_COMPILER_IS_CLANG)
230
231if(CMAKE_COMPILER_IS_IAR)
232    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
233    set(CMAKE_C_FLAGS_RELEASE     "-Ohz")
234    set(CMAKE_C_FLAGS_DEBUG       "--debug -On")
235endif(CMAKE_COMPILER_IS_IAR)
236
237if(CMAKE_COMPILER_IS_MSVC)
238    # Strictest warnings, UTF-8 source and execution charset
239    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3 /utf-8")
240endif(CMAKE_COMPILER_IS_MSVC)
241
242if(MBEDTLS_FATAL_WARNINGS)
243    if(CMAKE_COMPILER_IS_MSVC)
244        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
245    endif(CMAKE_COMPILER_IS_MSVC)
246
247    if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
248        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
249        if(UNSAFE_BUILD)
250            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
251            set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
252            set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
253        endif(UNSAFE_BUILD)
254    endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
255
256    if (CMAKE_COMPILER_IS_IAR)
257        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors")
258    endif(CMAKE_COMPILER_IS_IAR)
259endif(MBEDTLS_FATAL_WARNINGS)
260
261if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
262    if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
263        set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
264    endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
265endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
266
267if(LIB_INSTALL_DIR)
268    set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
269endif()
270
271add_subdirectory(include)
272
273add_subdirectory(3rdparty)
274
275add_subdirectory(library)
276
277#
278# The C files in tests/src directory contain test code shared among test suites
279# and programs. This shared test code is compiled and linked to test suites and
280# programs objects as a set of compiled objects. The compiled objects are NOT
281# built into a library that the test suite and program objects would link
282# against as they link against the mbedcrypto, mbedx509 and mbedtls libraries.
283# The reason is that such library is expected to have mutual dependencies with
284# the aforementioned libraries and that there is as of today no portable way of
285# handling such dependencies (only toolchain specific solutions).
286#
287# Thus the below definition of the `mbedtls_test` CMake library of objects
288# target. This library of objects is used by tests and programs CMake files
289# to define the test executables.
290#
291if(ENABLE_TESTING OR ENABLE_PROGRAMS)
292    file(GLOB MBEDTLS_TEST_FILES
293         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
294         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
295    add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
296    target_include_directories(mbedtls_test
297        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
298        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
299        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
300
301    file(GLOB MBEDTLS_TEST_HELPER_FILES
302         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
303    add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
304    target_include_directories(mbedtls_test_helpers
305        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
306        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
307        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
308        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)
309
310    # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
311    if(MBEDTLS_CONFIG_FILE)
312        target_compile_definitions(mbedtls_test
313            PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
314        target_compile_definitions(mbedtls_test_helpers
315            PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
316    endif()
317    if(MBEDTLS_USER_CONFIG_FILE)
318        target_compile_definitions(mbedtls_test
319            PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
320        target_compile_definitions(mbedtls_test_helpers
321            PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
322    endif()
323endif()
324
325if(ENABLE_PROGRAMS)
326    add_subdirectory(programs)
327endif()
328
329ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}apidoc
330    COMMAND doxygen mbedtls.doxyfile
331    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
332
333if(ENABLE_TESTING)
334    enable_testing()
335
336    add_subdirectory(tests)
337
338    # additional convenience targets for Unix only
339    if(UNIX)
340
341        # For coverage testing:
342        # 1. Build with:
343        #         cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make
344        # 2. Run the relevant tests for the part of the code you're interested in.
345        #    For the reference coverage measurement, see
346        #    tests/scripts/basic-build-test.sh
347        # 3. Run scripts/lcov.sh to generate an HTML report.
348        ADD_CUSTOM_TARGET(lcov
349            COMMAND scripts/lcov.sh
350        )
351
352        ADD_CUSTOM_TARGET(memcheck
353            COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
354            COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
355            COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
356            COMMAND rm -f memcheck.log
357            COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
358        )
359    endif(UNIX)
360
361    # Make scripts needed for testing available in an out-of-source build.
362    if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
363        link_to_source(scripts)
364        # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
365        # keep things simple with the sed commands in the memcheck target.
366        configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
367                    ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
368    endif()
369endif()
370
371if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
372    configure_package_config_file(
373        "cmake/MbedTLSConfig.cmake.in"
374        "cmake/MbedTLSConfig.cmake"
375            INSTALL_DESTINATION "cmake")
376
377    write_basic_package_version_file(
378        "cmake/MbedTLSConfigVersion.cmake"
379            COMPATIBILITY SameMajorVersion
380            VERSION 3.5.2)
381
382    install(
383        FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
384              "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
385        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS")
386
387    export(
388        EXPORT MbedTLSTargets
389        NAMESPACE MbedTLS::
390        FILE "cmake/MbedTLSTargets.cmake")
391
392    install(
393        EXPORT MbedTLSTargets
394        NAMESPACE MbedTLS::
395        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS"
396        FILE "MbedTLSTargets.cmake")
397
398    if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
399        # Do not export the package by default
400        cmake_policy(SET CMP0090 NEW)
401
402        # Make this package visible to the system
403        export(PACKAGE MbedTLS)
404    endif()
405endif()
406