lede/package/libs/mbedtls/Makefile

#
# Copyright (C) 2011-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=mbedtls
PKG_VERSION:=2.16.7
PKG_RELEASE:=1
PKG_USE_MIPS16:=0

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=c95b11557ee97d2bdfd48cd57cf9b648a6cddd2ca879e3c35c4e7525f2871992

PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=gpl-2.0.txt
PKG_CPE_ID:=cpe:/a:arm:mbed_tls

PKG_CONFIG_DEPENDS:=CONFIG_LIBMBEDTLS_DEBUG_C

include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk

define Package/mbedtls/Default
  TITLE:=Embedded SSL
  URL:=https://tls.mbed.org
endef

define Package/mbedtls/Default/description
The aim of the mbedtls project is to provide a quality, open-source
cryptographic library written in C and targeted at embedded systems.
endef

define Package/libmbedtls
$(call Package/mbedtls/Default)
  SECTION:=libs
  CATEGORY:=Libraries
  SUBMENU:=SSL
  TITLE+= (library)
  ABI_VERSION:=12
endef

define Package/libmbedtls/config
config LIBMBEDTLS_DEBUG_C
	depends on PACKAGE_libmbedtls
	bool "Enable debug functions"
	default n
	help
	 This option enables mbedtls library's debug functions.

	 It increases the uncompressed libmbedtls binary size
	 by around 60 KiB (for an ARMv5 platform).

	 Usually, you don't need this, so don't select this if you're unsure.
endef

define Package/mbedtls-util
$(call Package/mbedtls/Default)
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE+= (utilities)
  DEPENDS:=+libmbedtls
endef

define Package/libmbedtls/description
$(call Package/mbedtls/Default/description)
This package contains the mbedtls library.
endef

define Package/mbedtls-util/description
$(call Package/mbedtls/Default/description)
This package contains mbedtls helper programs for private key and
CSR generation (gen_key, cert_req)
endef

PKG_INSTALL:=1

TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))

CMAKE_OPTIONS += \
	-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \
	-DENABLE_TESTING:Bool=OFF \
	-DENABLE_PROGRAMS:Bool=ON

define Build/Configure
	$(Build/Configure/Default)

	awk 'BEGIN { rc = 1 } \
	     /#define MBEDTLS_DEBUG_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_DEBUG_C),,// )#define MBEDTLS_DEBUG_C"; rc = 0 } \
	     { print } \
	     END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \
	     >$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \
	mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h
endef

define Build/InstallDev
	$(INSTALL_DIR) $(1)/usr/include
	$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/
	$(INSTALL_DIR) $(1)/usr/lib
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/
endef

define Package/libmbedtls/install
	$(INSTALL_DIR) $(1)/usr/lib
	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
endef

define Package/mbedtls-util/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/
endef

$(eval $(call BuildPackage,libmbedtls))
$(eval $(call BuildPackage,mbedtls-util))
update source 2017-09-06 19:19:45 +08:00			`#`
			`# Copyright (C) 2011-2015 OpenWrt.org`
			`#`
			`# This is free software, licensed under the GNU General Public License v2.`
			`# See /LICENSE for more information.`
			`#`

			`include $(TOPDIR)/rules.mk`

			`PKG_NAME:=mbedtls`
mbedtls: update to 2.16.7 (#5377) Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-08-30 21:17:26 +08:00			`PKG_VERSION:=2.16.7`
mbedtls: update to 2.16.6 (#4387) Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Cherry-pick from: openwrt/openwrt@02fcbe2. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-04-20 21:04:48 +08:00			`PKG_RELEASE:=1`
update source 2017-09-06 19:19:45 +08:00			`PKG_USE_MIPS16:=0`

mbedtls: update to 2.16.7 (#5377) Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-08-30 21:17:26 +08:00			`PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz`
			`PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?`
			`PKG_HASH:=c95b11557ee97d2bdfd48cd57cf9b648a6cddd2ca879e3c35c4e7525f2871992`
update source 2017-09-06 19:19:45 +08:00
			`PKG_BUILD_PARALLEL:=1`
mbedtls: update to 2.16.6 (#4387) Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Cherry-pick from: openwrt/openwrt@02fcbe2. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org> Co-authored-by: Magnus Kroken <mkroken@gmail.com> 2020-04-20 21:04:48 +08:00			`PKG_LICENSE:=GPL-2.0-or-later`
			`PKG_LICENSE_FILES:=gpl-2.0.txt`
update to R7.5.4 2018-01-15 18:26:41 +08:00			`PKG_CPE_ID:=cpe:/a:arm:mbed_tls`
update source 2017-09-06 19:19:45 +08:00
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`PKG_CONFIG_DEPENDS:=CONFIG_LIBMBEDTLS_DEBUG_C`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00
update source 2017-09-06 19:19:45 +08:00			`include $(INCLUDE_DIR)/package.mk`
			`include $(INCLUDE_DIR)/cmake.mk`

			`define Package/mbedtls/Default`
			`TITLE:=Embedded SSL`
			`URL:=https://tls.mbed.org`
			`endef`

			`define Package/mbedtls/Default/description`
			`The aim of the mbedtls project is to provide a quality, open-source`
			`cryptographic library written in C and targeted at embedded systems.`
			`endef`

			`define Package/libmbedtls`
			`$(call Package/mbedtls/Default)`
			`SECTION:=libs`
			`CATEGORY:=Libraries`
Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`SUBMENU:=SSL`
update source 2017-09-06 19:19:45 +08:00			`TITLE+= (library)`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`ABI_VERSION:=12`
			`endef`

			`define Package/libmbedtls/config`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config LIBMBEDTLS_DEBUG_C`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`depends on PACKAGE_libmbedtls`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`bool "Enable debug functions"`
			`default n`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`help`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`This option enables mbedtls library's debug functions.`

			`It increases the uncompressed libmbedtls binary size`
			`by around 60 KiB (for an ARMv5 platform).`

			`Usually, you don't need this, so don't select this if you're unsure.`
update source 2017-09-06 19:19:45 +08:00			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util`
			`$(call Package/mbedtls/Default)`
			`SECTION:=utils`
			`CATEGORY:=Utilities`
			`TITLE+= (utilities)`
			`DEPENDS:=+libmbedtls`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`define Package/libmbedtls/description`
			`$(call Package/mbedtls/Default/description)`
			`This package contains the mbedtls library.`
			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util/description`
			`$(call Package/mbedtls/Default/description)`
			`This package contains mbedtls helper programs for private key and`
			`CSR generation (gen_key, cert_req)`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`PKG_INSTALL:=1`

			`TARGET_CFLAGS += -ffunction-sections -fdata-sections`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))`
update source 2017-09-06 19:19:45 +08:00
			`CMAKE_OPTIONS += \`
			`-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \`
			`-DENABLE_TESTING:Bool=OFF \`
Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`-DENABLE_PROGRAMS:Bool=ON`
update source 2017-09-06 19:19:45 +08:00
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`define Build/Configure`
			`$(Build/Configure/Default)`

			`awk 'BEGIN { rc = 1 } \`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`/#define MBEDTLS_DEBUG_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_DEBUG_C),,// )#define MBEDTLS_DEBUG_C"; rc = 0 } \`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`{ print } \`
			`END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \`
			`>$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \`
			`mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`define Build/InstallDev`
			`$(INSTALL_DIR) $(1)/usr/include`
			`$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/`
			`$(INSTALL_DIR) $(1)/usr/lib`
			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib.so $(1)/usr/lib/`
			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/`
			`endef`

			`define Package/libmbedtls/install`
			`$(INSTALL_DIR) $(1)/usr/lib`
mbedtls: add support for x64 SSE2/AES-NI speedup 2019-10-16 21:57:28 -07:00			`$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib.so. $(1)/usr/lib/`
update source 2017-09-06 19:19:45 +08:00			`endef`

Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`define Package/mbedtls-util/install`
			`$(INSTALL_DIR) $(1)/usr/bin`
			`$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/`
			`$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/`
			`endef`

update source 2017-09-06 19:19:45 +08:00			`$(eval $(call BuildPackage,libmbedtls))`
Merge branch 'master' of github.com:lede-project/source 2018-04-23 18:50:49 +08:00			`$(eval $(call BuildPackage,mbedtls-util))`