lede/package/libs/mbedtls/Makefile

#
# Copyright (C) 2011-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=mbedtls
PKG_VERSION:=2.28.1
PKG_RELEASE:=$(AUTORELEASE)
PKG_USE_MIPS16:=0

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4

PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=gpl-2.0.txt
PKG_CPE_ID:=cpe:/a:arm:mbed_tls

PKG_CONFIG_DEPENDS := \
	CONFIG_LIBMBEDTLS_DEBUG_C \
	CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES \
	CONFIG_LIBMBEDTLS_HAVE_SSE2 \
	CONFIG_LIBMBEDTLS_HKDF_C

include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk

define Package/mbedtls/Default
  TITLE:=Embedded SSL
  URL:=https://tls.mbed.org
endef

define Package/mbedtls/Default/description
The aim of the mbedtls project is to provide a quality, open-source
cryptographic library written in C and targeted at embedded systems.
endef

define Package/libmbedtls
$(call Package/mbedtls/Default)
  SECTION:=libs
  CATEGORY:=Libraries
  SUBMENU:=SSL
  TITLE+= (library)
  PKGFLAGS:=nonshared
  ABI_VERSION:=12
endef

define Package/libmbedtls/config
config LIBMBEDTLS_DEBUG_C
	depends on PACKAGE_libmbedtls
	bool "Enable debug functions"
	default n
	help
	 This option enables mbedtls library's debug functions.

	 It increases the uncompressed libmbedtls binary size
	 by around 60 KiB (for an ARMv5 platform).

	 Usually, you don't need this, so don't select this if you're unsure.

config LIBMBEDTLS_HAVE_ARMV8CE_AES
	depends on PACKAGE_libmbedtls
	bool
	default y
	prompt "Enable use of the ARMv8 Crypto Extensions"
	depends on aarch64 && !TARGET_bcm27xx
	help
	 Use of the ARMv8 Crypto Extensions greatly increase performance
	 (up to 4x faster on AES-GCM while 10x faster on raw AES).

	 If you don't sure, say Y here.

config LIBMBEDTLS_HAVE_SSE2
	depends on PACKAGE_libmbedtls
	bool
	default y if !TARGET_x86_legacy && !TARGET_x86_geode
	prompt "Enable use of x86 SSE2 instructions"
	depends on x86_64 || i386
	help
	 Use of SSE2 instructions greatly increase performance (up to
	 3x faster) with a minimum (~0.2%, or 23KB) increase in package
	 size, but it will bring no benefit if your hardware does not
	 support them, such as Geode GX and LX.  In this case you may
	 save 23KB by saying yes here.  AMD Geode NX, and Intel
	 Pentium 4 and above support SSE2.

config LIBMBEDTLS_HKDF_C
	depends on PACKAGE_libmbedtls
	bool "Enable the HKDF algorithm (RFC 5869)"
	default n
	help
	 This option adds support for the Hashed Message Authentication Code
	 (HMAC)-based key derivation function (HKDF).
endef

define Package/mbedtls-util
$(call Package/mbedtls/Default)
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE+= (utilities)
  DEPENDS:=+libmbedtls
endef

define Package/libmbedtls/description
$(call Package/mbedtls/Default/description)
This package contains the mbedtls library.
endef

define Package/mbedtls-util/description
$(call Package/mbedtls/Default/description)
This package contains mbedtls helper programs for private key and
CSR generation (gen_key, cert_req)
endef

TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))
ifneq ($(CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES),)
  TARGET_CFLAGS := $(filter-out -march=%,$(TARGET_CFLAGS)) -march=armv8-a+crypto
endif

CMAKE_OPTIONS += \
	-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
	-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \
	-DENABLE_TESTING:Bool=OFF \
	-DENABLE_PROGRAMS:Bool=ON

define Build/Configure
	$(Build/Configure/Default)

	awk 'BEGIN { rc = 1 } \
	     /#define MBEDTLS_DEBUG_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_DEBUG_C),,// )#define MBEDTLS_DEBUG_C"; rc = 0 } \
	     /#define MBEDTLS_ARMV8CE_AES_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES),,// )#define MBEDTLS_ARMV8CE_AES_C"; rc = 0 } \
	     /#define MBEDTLS_HAVE_SSE2/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HAVE_SSE2),,// )#define MBEDTLS_HAVE_SSE2"; rc = 0 } \
	     { print } \
	     END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \
	     >$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \
	mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h

	awk 'BEGIN { rc = 1 } \
	     /#define MBEDTLS_HKDF_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HKDF_C),,// )#define MBEDTLS_HKDF_C"; rc = 0 } \
	     { print } \
	     END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \
	     >$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \
	mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h

	sed -i '/fuzz/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt
	sed -i '/test/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt
endef

define Build/InstallDev
	$(INSTALL_DIR) $(1)/usr/include
	$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/
	$(INSTALL_DIR) $(1)/usr/lib
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/
endef

define Package/libmbedtls/install
	$(INSTALL_DIR) $(1)/usr/lib
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
endef

define Package/mbedtls-util/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/
endef

$(eval $(call BuildPackage,libmbedtls))
$(eval $(call BuildPackage,mbedtls-util))
update source 2017-09-06 19:19:45 +08:00			`#`
			`# Copyright (C) 2011-2015 OpenWrt.org`
			`#`
			`# This is free software, licensed under the GNU General Public License v2.`
			`# See /LICENSE for more information.`
			`#`

			`include $(TOPDIR)/rules.mk`

			`PKG_NAME:=mbedtls`
mbedtls: update to version 2.28.1 Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2022-08-27 23:11:30 +02:00			`PKG_VERSION:=2.28.1`
libs: sync upstream (#7420) * elfutils: update to 0.182 Add --disable-libdebuginfod with remove libcurl dependency. Remove totally unused host elfutils. Refreshed and rebased patches. Also happens to fix compilation with GCC11. Newer versions of elfutils seem to have some kind of dependency on obstack. Signed-off-by: Rosen Penev <rosenp@gmail.com> * libcap: update to 2.51 Switched to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com> * libnftnl: update to 1.2.0 Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com> * libpcap: update to 1.10.1 Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com> * mbedtls: update to 2.16.11 Switched to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com> * nettle: update to 3.7.3 Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com> * pcre: update to 8.45 Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: Rosen Penev <rosenp@gmail.com> 2021-07-19 20:56:38 +08:00			`PKG_RELEASE:=$(AUTORELEASE)`
update source 2017-09-06 19:19:45 +08:00			`PKG_USE_MIPS16:=0`

mbedtls: update to 2.16.7 (#5377) Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-08-30 21:17:26 +08:00			`PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz`
			`PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?`
mbedtls: update to version 2.28.1 Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2022-08-27 23:11:30 +02:00			`PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4`
update source 2017-09-06 19:19:45 +08:00
mbedtls: update to 2.16.6 (#4387) Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Cherry-pick from: openwrt/openwrt@02fcbe2. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-04-20 21:04:48 +08:00			`PKG_LICENSE:=GPL-2.0-or-later`
			`PKG_LICENSE_FILES:=gpl-2.0.txt`
update to R7.5.4 2018-01-15 18:26:41 +08:00			`PKG_CPE_ID:=cpe:/a:arm:mbed_tls`
update source 2017-09-06 19:19:45 +08:00
mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491) * mbedtls: update to 2.16.9 Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions A compact patch that provides AES and GCM implementations that utilize the ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which is disabled by default as we don't do runtime checking for the feature. The new implementation lives in armv8ce_aes.c. Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432 Thanks to Barry O'Rourke and others for that contribtion. Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM throughput increases about 4x, while raw AES speed is up to 10x faster. [updated Makefile to enable this function, adjusted commit message] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com> 2021-03-09 23:11:41 +08:00			`PKG_CONFIG_DEPENDS := \`
			`CONFIG_LIBMBEDTLS_DEBUG_C \`
mbedtls: add ARMv8 Crypto Extensions AES and SSE2 on x86 2021-06-17 15:37:02 +08:00			`CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES \`
			`CONFIG_LIBMBEDTLS_HAVE_SSE2 \`
mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491) * mbedtls: update to 2.16.9 Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions A compact patch that provides AES and GCM implementations that utilize the ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which is disabled by default as we don't do runtime checking for the feature. The new implementation lives in armv8ce_aes.c. Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432 Thanks to Barry O'Rourke and others for that contribtion. Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM throughput increases about 4x, while raw AES speed is up to 10x faster. [updated Makefile to enable this function, adjusted commit message] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com> 2021-03-09 23:11:41 +08:00			`CONFIG_LIBMBEDTLS_HKDF_C`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00
update source 2017-09-06 19:19:45 +08:00			`include $(INCLUDE_DIR)/package.mk`
			`include $(INCLUDE_DIR)/cmake.mk`

			`define Package/mbedtls/Default`
			`TITLE:=Embedded SSL`
			`URL:=https://tls.mbed.org`
			`endef`

			`define Package/mbedtls/Default/description`
			`The aim of the mbedtls project is to provide a quality, open-source`
			`cryptographic library written in C and targeted at embedded systems.`
			`endef`

			`define Package/libmbedtls`
			`$(call Package/mbedtls/Default)`
			`SECTION:=libs`
			`CATEGORY:=Libraries`
Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`SUBMENU:=SSL`
update source 2017-09-06 19:19:45 +08:00			`TITLE+= (library)`
mbedtls: refresh patches 2022-09-08 21:40:55 +08:00			`PKGFLAGS:=nonshared`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`ABI_VERSION:=12`
			`endef`

			`define Package/libmbedtls/config`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config LIBMBEDTLS_DEBUG_C`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`depends on PACKAGE_libmbedtls`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`bool "Enable debug functions"`
			`default n`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`help`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`This option enables mbedtls library's debug functions.`

			`It increases the uncompressed libmbedtls binary size`
			`by around 60 KiB (for an ARMv5 platform).`

			`Usually, you don't need this, so don't select this if you're unsure.`
mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491) * mbedtls: update to 2.16.9 Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions A compact patch that provides AES and GCM implementations that utilize the ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which is disabled by default as we don't do runtime checking for the feature. The new implementation lives in armv8ce_aes.c. Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432 Thanks to Barry O'Rourke and others for that contribtion. Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM throughput increases about 4x, while raw AES speed is up to 10x faster. [updated Makefile to enable this function, adjusted commit message] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com> 2021-03-09 23:11:41 +08:00
mbedtls: add ARMv8 Crypto Extensions AES and SSE2 on x86 2021-06-17 15:37:02 +08:00			`config LIBMBEDTLS_HAVE_ARMV8CE_AES`
			`depends on PACKAGE_libmbedtls`
			`bool`
			`default y`
			`prompt "Enable use of the ARMv8 Crypto Extensions"`
mbedtls: refresh patches 2022-09-08 21:40:55 +08:00			`depends on aarch64 && !TARGET_bcm27xx`
mbedtls: add ARMv8 Crypto Extensions AES and SSE2 on x86 2021-06-17 15:37:02 +08:00			`help`
			`Use of the ARMv8 Crypto Extensions greatly increase performance`
			`(up to 4x faster on AES-GCM while 10x faster on raw AES).`

			`If you don't sure, say Y here.`

			`config LIBMBEDTLS_HAVE_SSE2`
			`depends on PACKAGE_libmbedtls`
			`bool`
			`default y if !TARGET_x86_legacy && !TARGET_x86_geode`
			`prompt "Enable use of x86 SSE2 instructions"`
			`depends on x86_64 \|\| i386`
			`help`
			`Use of SSE2 instructions greatly increase performance (up to`
			`3x faster) with a minimum (~0.2%, or 23KB) increase in package`
			`size, but it will bring no benefit if your hardware does not`
			`support them, such as Geode GX and LX. In this case you may`
			`save 23KB by saying yes here. AMD Geode NX, and Intel`
			`Pentium 4 and above support SSE2.`

mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491) * mbedtls: update to 2.16.9 Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions A compact patch that provides AES and GCM implementations that utilize the ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which is disabled by default as we don't do runtime checking for the feature. The new implementation lives in armv8ce_aes.c. Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432 Thanks to Barry O'Rourke and others for that contribtion. Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM throughput increases about 4x, while raw AES speed is up to 10x faster. [updated Makefile to enable this function, adjusted commit message] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com> 2021-03-09 23:11:41 +08:00			`config LIBMBEDTLS_HKDF_C`
			`depends on PACKAGE_libmbedtls`
			`bool "Enable the HKDF algorithm (RFC 5869)"`
			`default n`
			`help`
			`This option adds support for the Hashed Message Authentication Code`
			`(HMAC)-based key derivation function (HKDF).`
update source 2017-09-06 19:19:45 +08:00			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util`
			`$(call Package/mbedtls/Default)`
			`SECTION:=utils`
			`CATEGORY:=Utilities`
			`TITLE+= (utilities)`
			`DEPENDS:=+libmbedtls`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`define Package/libmbedtls/description`
			`$(call Package/mbedtls/Default/description)`
			`This package contains the mbedtls library.`
			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util/description`
			`$(call Package/mbedtls/Default/description)`
			`This package contains mbedtls helper programs for private key and`
			`CSR generation (gen_key, cert_req)`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`TARGET_CFLAGS += -ffunction-sections -fdata-sections`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))`
mbedtls: add ARMv8 Crypto Extensions AES and SSE2 on x86 2021-06-17 15:37:02 +08:00			`ifneq ($(CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES),)`
			`TARGET_CFLAGS := $(filter-out -march=%,$(TARGET_CFLAGS)) -march=armv8-a+crypto`
			`endif`
update source 2017-09-06 19:19:45 +08:00
			`CMAKE_OPTIONS += \`
mbedtls: build with PIC Fixes compilation with GCC12 and dependent packages for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com> 2022-07-08 20:50:44 -07:00			`-DCMAKE_POSITION_INDEPENDENT_CODE=ON \`
update source 2017-09-06 19:19:45 +08:00			`-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \`
			`-DENABLE_TESTING:Bool=OFF \`
Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`-DENABLE_PROGRAMS:Bool=ON`
update source 2017-09-06 19:19:45 +08:00
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`define Build/Configure`
			`$(Build/Configure/Default)`

			`awk 'BEGIN { rc = 1 } \`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`/#define MBEDTLS_DEBUG_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_DEBUG_C),,// )#define MBEDTLS_DEBUG_C"; rc = 0 } \`
mbedtls: add ARMv8 Crypto Extensions AES and SSE2 on x86 2021-06-17 15:37:02 +08:00			`/#define MBEDTLS_ARMV8CE_AES_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES),,// )#define MBEDTLS_ARMV8CE_AES_C"; rc = 0 } \`
			`/#define MBEDTLS_HAVE_SSE2/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HAVE_SSE2),,// )#define MBEDTLS_HAVE_SSE2"; rc = 0 } \`
mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions (#6491) * mbedtls: update to 2.16.9 Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * mbedtls: Implements AES and GCM with ARMv8 Crypto Extensions A compact patch that provides AES and GCM implementations that utilize the ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which is disabled by default as we don't do runtime checking for the feature. The new implementation lives in armv8ce_aes.c. Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432 Thanks to Barry O'Rourke and others for that contribtion. Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM throughput increases about 4x, while raw AES speed is up to 10x faster. [updated Makefile to enable this function, adjusted commit message] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Rosen Penev <rosenp@gmail.com> Co-authored-by: QiuSimons <45143996+QiuSimons@users.noreply.github.com> 2021-03-09 23:11:41 +08:00			`{ print } \`
			`END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \`
			`>$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \`
			`mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h`

			`awk 'BEGIN { rc = 1 } \`
			`/#define MBEDTLS_HKDF_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_HKDF_C),,// )#define MBEDTLS_HKDF_C"; rc = 0 } \`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`{ print } \`
			`END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \`
			`>$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \`
			`mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h`
mbedtls: update to 2.28.0 LTS branch <https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0> "Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024." <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md> "Currently, the only supported LTS branch is: mbedtls-2.28. For a short time we also have the previous LTS, which has recently ended its support period, mbedtls-2.16. This branch will move into the archive namespace around the time of the next release." this will also add support for uacme ualpn support. size changes 221586 libmbedtls12_2.28.0-1_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> (remark about 2.16's EOS, slightly reworded) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> 2022-02-20 21:23:04 +02:00
			`sed -i '/fuzz/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt`
			`sed -i '/test/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`endef`

update source 2017-09-06 19:19:45 +08:00			`define Build/InstallDev`
			`$(INSTALL_DIR) $(1)/usr/include`
			`$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/`
			`$(INSTALL_DIR) $(1)/usr/lib`
			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib.so $(1)/usr/lib/`
			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/`
			`endef`

			`define Package/libmbedtls/install`
			`$(INSTALL_DIR) $(1)/usr/lib`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib.so. $(1)/usr/lib/`
update source 2017-09-06 19:19:45 +08:00			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util/install`
			`$(INSTALL_DIR) $(1)/usr/bin`
			`$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/`
			`$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`$(eval $(call BuildPackage,libmbedtls))`
mbedtls: refresh patches 2022-09-08 21:40:55 +08:00			`$(eval $(call BuildPackage,mbedtls-util))`