search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.45k stars 2.59k forks source link

Build library failed for server mode only: missing-prototypes for mbedtls_ssl_conf_has_static_psk #9186

Closed M-Bab closed 2 months ago

M-Bab commented 4 months ago

Summary

I stumbled on this bug using mbedtls with the ESP-IDF Framework. But I was unsure if this is a general bug of mbedtls, so I cloned the original code and could reproduce the build fail with the most recent v3.6.0 and develop

System information

Mbed TLS version (number or commit id): v3.6.0 and develop Operating system and version: Manjaro 24.0 Configuration (if not default, please attach mbedtls_config.h): Undefine MBEDTLS_SSL_CLI_C Compiler and options (if you used a pre-built binary, please indicate how you obtained it): GCC 13 Additional environment information: -

Expected behavior

I should be able to build the mbedtls library without client mode. After all it looks like MBEDTLS_SSL_CLI_C is a selectable option in mbedtls_config.h. More technical insight in "Additional information".

Actual behavior

Build fails with:

Software/mbedtls/library/ssl_tls.c:2120:5: error: no previous prototype for ‘mbedtls_ssl_conf_has_static_psk’ [-Werror=missing-prototypes]
 2120 | int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf)

More technical insight in "Additional information".

Steps to reproduce

From an unmodified clone: Undefine MBEDTLS_SSL_CLI_C (e.g. comment it out) and try to build the library using CMake.

Additional information

I think I figured the problem out already:

  1. If we are in the MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED situation ssl_tls.c defines and uses the function mbedtls_ssl_conf_has_static_psk.
  2. But for the prototype declaration of the external function the define above is not enough: It also needs MBEDTLS_SSL_CLI_C
  3. This leads to the situation of a used function without prototype and mbedtls takes this pretty seriously. At least it looks like the Werror=missing-prototypes setting is very intentional in the CMake configuration file.
  4. Solution: Definitely declaration, definition and usage of the functions should all be aligned under the same define-requirements. Most likely either the MBEDTLS_SSL_CLI_C needs to be removed from the header or added in the source. But I am not enough of an mbedtls expert to create a PR right away.
misch7 commented 4 months ago

I can confirm the issue (and the proposed solution :). Ran into it just a few days ago and created a local (working) patch. My PR will follow today.