[Buildroot] [PATCH 1/2] package/mbedtls3: new package

Fabrice Fontaine fontaine.fabrice at gmail.com
Tue Dec 28 15:33:44 UTC 2021 

mbedtls 3.x is incompatible with mbedtls 2.x:
https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md

mbedtls3 was created from mbedtls package with the following changes:
 - license file is now LICENSE
 - zlib compression is not available anymore
 - config.h renamed to mbedtls_config.h

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 DEVELOPERS                     |  1 +
 package/Config.in              |  1 +
 package/mbedtls3/Config.in     | 21 ++++++++++++
 package/mbedtls3/mbedtls3.hash |  4 +++
 package/mbedtls3/mbedtls3.mk   | 61 ++++++++++++++++++++++++++++++++++
 5 files changed, 88 insertions(+)
 create mode 100644 package/mbedtls3/Config.in
 create mode 100644 package/mbedtls3/mbedtls3.hash
 create mode 100644 package/mbedtls3/mbedtls3.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 29390b0cc1..5604a1dd56 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -900,6 +900,7 @@ F:	package/libupnp/
 F:	package/libv4l/
 F:	package/libxslt/
 F:	package/mbedtls/
+F:	package/mbedtls3/
 F:	package/minissdpd/
 F:	package/minizip/
 F:	package/mongodb/
diff --git a/package/Config.in b/package/Config.in
index 2635cc4b3c..422eff525d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1419,6 +1419,7 @@ menu "Crypto"
 	source "package/libuecc/Config.in"
 	source "package/libxcrypt/Config.in"
 	source "package/mbedtls/Config.in"
+	source "package/mbedtls3/Config.in"
 	source "package/nettle/Config.in"
 	source "package/openssl/Config.in"
 	source "package/pkcs11-helper/Config.in"
diff --git a/package/mbedtls3/Config.in b/package/mbedtls3/Config.in
new file mode 100644
index 0000000000..83981bdf23
--- /dev/null
+++ b/package/mbedtls3/Config.in
@@ -0,0 +1,21 @@
+config BR2_PACKAGE_MBEDTLS3
+	bool "mbedtls3"
+	depends on !BR2_PACKAGE_MBEDTLS
+	help
+	  mbed TLS (formerly known as PolarSSL) makes it trivially easy
+	  for developers to include cryptographic and SSL/TLS
+	  capabilities in their (embedded) products, facilitating this
+	  functionality with a minimal coding footprint.
+
+	  https://tls.mbed.org/
+
+if BR2_PACKAGE_MBEDTLS3
+
+config BR2_PACKAGE_MBEDTLS3_PROGRAMS
+	bool "mbedtls programs"
+	depends on BR2_USE_MMU # fork()
+	help
+	  This option enables the installation and the build of
+	  mbed TLS companion programs.
+
+endif
diff --git a/package/mbedtls3/mbedtls3.hash b/package/mbedtls3/mbedtls3.hash
new file mode 100644
index 0000000000..6da1030bff
--- /dev/null
+++ b/package/mbedtls3/mbedtls3.hash
@@ -0,0 +1,4 @@
+# From https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0:
+sha256  b02df6f68dd1537e115a8497d5c173dc71edc55ad084756e57a30f951b725acd  mbedtls3-3.1.0.tar.gz
+# Locally calculated
+sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
diff --git a/package/mbedtls3/mbedtls3.mk b/package/mbedtls3/mbedtls3.mk
new file mode 100644
index 0000000000..c49b92aa9e
--- /dev/null
+++ b/package/mbedtls3/mbedtls3.mk
@@ -0,0 +1,61 @@
+################################################################################
+#
+# mbedtls3
+#
+################################################################################
+
+MBEDTLS3_VERSION = 3.1.0
+MBEDTLS3_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS3_VERSION))
+MBEDTLS3_CONF_OPTS = \
+	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS3_PROGRAMS),ON,OFF) \
+	-DENABLE_TESTING=OFF
+MBEDTLS3_INSTALL_STAGING = YES
+MBEDTLS3_LICENSE = Apache-2.0
+MBEDTLS3_LICENSE_FILES = LICENSE
+MBEDTLS3_CPE_ID_VENDOR = arm
+MBEDTLS3_CPE_ID_PRODUCT = mbed_tls
+
+# This is mandatory for hiawatha
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
+define MBEDTLS3_ENABLE_THREADING
+	$(SED) "s://#define MBEDTLS_THREADING_C:#define MBEDTLS_THREADING_C:" \
+		$(@D)/include/mbedtls/mbedtls_config.h
+	$(SED) "s://#define MBEDTLS_THREADING_PTHREAD:#define MBEDTLS_THREADING_PTHREAD:" \
+		$(@D)/include/mbedtls/mbedtls_config.h
+endef
+MBEDTLS3_POST_PATCH_HOOKS += MBEDTLS3_ENABLE_THREADING
+ifeq ($(BR2_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += -DLINK_WITH_PTHREAD=ON
+endif
+endif
+
+ifeq ($(BR2_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+	-DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON
+else ifeq ($(BR2_SHARED_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+	-DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=ON
+else ifeq ($(BR2_SHARED_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+	-DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF
+endif
+
+define MBEDTLS3_DISABLE_ASM
+	$(SED) '/^#define MBEDTLS_AESNI_C/d' \
+		$(@D)/include/mbedtls/mbedtls_config.h
+	$(SED) '/^#define MBEDTLS_HAVE_ASM/d' \
+		$(@D)/include/mbedtls/mbedtls_config.h
+	$(SED) '/^#define MBEDTLS_PADLOCK_C/d' \
+		$(@D)/include/mbedtls/mbedtls_config.h
+endef
+
+# ARM in thumb mode breaks debugging with asm optimizations
+# Microblaze asm optimizations are broken in general
+# MIPS R6 asm is not yet supported
+ifeq ($(BR2_ENABLE_DEBUG)$(BR2_ARM_INSTRUCTIONS_THUMB)$(BR2_ARM_INSTRUCTIONS_THUMB2),yy)
+MBEDTLS3_POST_CONFIGURE_HOOKS += MBEDTLS3_DISABLE_ASM
+else ifeq ($(BR2_microblaze)$(BR2_MIPS_CPU_MIPS32R6)$(BR2_MIPS_CPU_MIPS64R6),y)
+MBEDTLS3_POST_CONFIGURE_HOOKS += MBEDTLS3_DISABLE_ASM
+endif
+
+$(eval $(cmake-package))
-- 
2.33.0

More information about the buildroot mailing list