[Buildroot] [PATCH 1/2] package/mbedtls3: new package
Fabrice Fontaine
fontaine.fabrice at gmail.com
Tue Dec 28 15:33:44 UTC 2021
mbedtls 3.x is incompatible with mbedtls 2.x:
https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md
mbedtls3 was created from mbedtls package with the following changes:
- license file is now LICENSE
- zlib compression is not available anymore
- config.h renamed to mbedtls_config.h
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
DEVELOPERS | 1 +
package/Config.in | 1 +
package/mbedtls3/Config.in | 21 ++++++++++++
package/mbedtls3/mbedtls3.hash | 4 +++
package/mbedtls3/mbedtls3.mk | 61 ++++++++++++++++++++++++++++++++++
5 files changed, 88 insertions(+)
create mode 100644 package/mbedtls3/Config.in
create mode 100644 package/mbedtls3/mbedtls3.hash
create mode 100644 package/mbedtls3/mbedtls3.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index 29390b0cc1..5604a1dd56 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -900,6 +900,7 @@ F: package/libupnp/
F: package/libv4l/
F: package/libxslt/
F: package/mbedtls/
+F: package/mbedtls3/
F: package/minissdpd/
F: package/minizip/
F: package/mongodb/
diff --git a/package/Config.in b/package/Config.in
index 2635cc4b3c..422eff525d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1419,6 +1419,7 @@ menu "Crypto"
source "package/libuecc/Config.in"
source "package/libxcrypt/Config.in"
source "package/mbedtls/Config.in"
+ source "package/mbedtls3/Config.in"
source "package/nettle/Config.in"
source "package/openssl/Config.in"
source "package/pkcs11-helper/Config.in"
diff --git a/package/mbedtls3/Config.in b/package/mbedtls3/Config.in
new file mode 100644
index 0000000000..83981bdf23
--- /dev/null
+++ b/package/mbedtls3/Config.in
@@ -0,0 +1,21 @@
+config BR2_PACKAGE_MBEDTLS3
+ bool "mbedtls3"
+ depends on !BR2_PACKAGE_MBEDTLS
+ help
+ mbed TLS (formerly known as PolarSSL) makes it trivially easy
+ for developers to include cryptographic and SSL/TLS
+ capabilities in their (embedded) products, facilitating this
+ functionality with a minimal coding footprint.
+
+ https://tls.mbed.org/
+
+if BR2_PACKAGE_MBEDTLS3
+
+config BR2_PACKAGE_MBEDTLS3_PROGRAMS
+ bool "mbedtls programs"
+ depends on BR2_USE_MMU # fork()
+ help
+ This option enables the installation and the build of
+ mbed TLS companion programs.
+
+endif
diff --git a/package/mbedtls3/mbedtls3.hash b/package/mbedtls3/mbedtls3.hash
new file mode 100644
index 0000000000..6da1030bff
--- /dev/null
+++ b/package/mbedtls3/mbedtls3.hash
@@ -0,0 +1,4 @@
+# From https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0:
+sha256 b02df6f68dd1537e115a8497d5c173dc71edc55ad084756e57a30f951b725acd mbedtls3-3.1.0.tar.gz
+# Locally calculated
+sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
diff --git a/package/mbedtls3/mbedtls3.mk b/package/mbedtls3/mbedtls3.mk
new file mode 100644
index 0000000000..c49b92aa9e
--- /dev/null
+++ b/package/mbedtls3/mbedtls3.mk
@@ -0,0 +1,61 @@
+################################################################################
+#
+# mbedtls3
+#
+################################################################################
+
+MBEDTLS3_VERSION = 3.1.0
+MBEDTLS3_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS3_VERSION))
+MBEDTLS3_CONF_OPTS = \
+ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS3_PROGRAMS),ON,OFF) \
+ -DENABLE_TESTING=OFF
+MBEDTLS3_INSTALL_STAGING = YES
+MBEDTLS3_LICENSE = Apache-2.0
+MBEDTLS3_LICENSE_FILES = LICENSE
+MBEDTLS3_CPE_ID_VENDOR = arm
+MBEDTLS3_CPE_ID_PRODUCT = mbed_tls
+
+# This is mandatory for hiawatha
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
+define MBEDTLS3_ENABLE_THREADING
+ $(SED) "s://#define MBEDTLS_THREADING_C:#define MBEDTLS_THREADING_C:" \
+ $(@D)/include/mbedtls/mbedtls_config.h
+ $(SED) "s://#define MBEDTLS_THREADING_PTHREAD:#define MBEDTLS_THREADING_PTHREAD:" \
+ $(@D)/include/mbedtls/mbedtls_config.h
+endef
+MBEDTLS3_POST_PATCH_HOOKS += MBEDTLS3_ENABLE_THREADING
+ifeq ($(BR2_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += -DLINK_WITH_PTHREAD=ON
+endif
+endif
+
+ifeq ($(BR2_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+ -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON
+else ifeq ($(BR2_SHARED_STATIC_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+ -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=ON
+else ifeq ($(BR2_SHARED_LIBS),y)
+MBEDTLS3_CONF_OPTS += \
+ -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF
+endif
+
+define MBEDTLS3_DISABLE_ASM
+ $(SED) '/^#define MBEDTLS_AESNI_C/d' \
+ $(@D)/include/mbedtls/mbedtls_config.h
+ $(SED) '/^#define MBEDTLS_HAVE_ASM/d' \
+ $(@D)/include/mbedtls/mbedtls_config.h
+ $(SED) '/^#define MBEDTLS_PADLOCK_C/d' \
+ $(@D)/include/mbedtls/mbedtls_config.h
+endef
+
+# ARM in thumb mode breaks debugging with asm optimizations
+# Microblaze asm optimizations are broken in general
+# MIPS R6 asm is not yet supported
+ifeq ($(BR2_ENABLE_DEBUG)$(BR2_ARM_INSTRUCTIONS_THUMB)$(BR2_ARM_INSTRUCTIONS_THUMB2),yy)
+MBEDTLS3_POST_CONFIGURE_HOOKS += MBEDTLS3_DISABLE_ASM
+else ifeq ($(BR2_microblaze)$(BR2_MIPS_CPU_MIPS32R6)$(BR2_MIPS_CPU_MIPS64R6),y)
+MBEDTLS3_POST_CONFIGURE_HOOKS += MBEDTLS3_DISABLE_ASM
+endif
+
+$(eval $(cmake-package))
--
2.33.0
More information about the buildroot
mailing list