Update to MbedTLS 3.4.0
Update the MbedTLS external component version to the latest release and
make the necessary changes to integrate the new version:
- The install path of MbedTLSConfig.cmake has slightly changed, update
the PACKAGE_DIR passed to LazyFetch.
- A new config option was introduced to support the Armv8-A crypto
extension for AES (MBEDTLS_AESCE_C). The runtime feature detection
is current only supported for Linux, otherwise it's assumed that if
the config option is enabled, the hardware does have support. Since
this cannot be guaranteed in our case (e.g. the FVP platform doesn't
have this extension by default), the config option should be unset.
- Update the "Add capability to build libmbedcrypto only" carried
patch file.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Ia8469134a42808e76524c6b0160470dc77a87d0c
diff --git a/components/service/crypto/backend/mbedcrypto/config_mbedtls_user.h b/components/service/crypto/backend/mbedcrypto/config_mbedtls_user.h
index 95b6a3a..b92bded 100644
--- a/components/service/crypto/backend/mbedcrypto/config_mbedtls_user.h
+++ b/components/service/crypto/backend/mbedcrypto/config_mbedtls_user.h
@@ -27,6 +27,7 @@
#undef MBEDTLS_PSA_ITS_FILE_C
#undef MBEDTLS_TIMING_C
#undef MBEDTLS_AESNI_C
+#undef MBEDTLS_AESCE_C
#undef MBEDTLS_PADLOCK_C
diff --git a/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch b/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch
index e85634c..3041ac6 100644
--- a/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch
+++ b/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch
@@ -1,7 +1,7 @@
-From b8d7d8bd3e447d471f56dc95e0315c965f393edd Mon Sep 17 00:00:00 2001
+From d225c9ba98e8aafdd462bdff3f8159886a89e1d3 Mon Sep 17 00:00:00 2001
From: Gyorgy Szing <Gyorgy.Szing@arm.com>
Date: Tue, 28 Mar 2023 18:20:44 +0200
-Subject: [PATCH 1/1] Add capability to build libmbedcrypto only
+Subject: [PATCH] Add capability to build libmbedcrypto only
Introduce the CRYPTO_ONLY option which configures cmake to build only
libmbedcrypto.
@@ -11,23 +11,24 @@
to upstream this change.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
---
- library/CMakeLists.txt | 57 +++++++++++++++++++++++++++++-------------
- 1 file changed, 39 insertions(+), 18 deletions(-)
+ library/CMakeLists.txt | 60 ++++++++++++++++++++++++++++--------------
+ 1 file changed, 40 insertions(+), 20 deletions(-)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index c9714bbfb..d0087c616 100644
+index 535988303..a70848e82 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -2,6 +2,7 @@ option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
-+option(CRYPTO_ONLY "Build mbedcrypto linrary only." On)
++option(CRYPTO_ONLY "Build mbedcrypto library only." On)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
-@@ -248,18 +249,27 @@ if (USE_STATIC_MBEDTLS_LIBRARY)
+@@ -250,7 +251,11 @@ if (USE_STATIC_MBEDTLS_LIBRARY)
set(mbedcrypto_static_target ${mbedcrypto_target})
endif()
@@ -40,24 +41,24 @@
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
string(APPEND mbedtls_static_target "_static")
- string(APPEND mbedx509_static_target "_static")
+@@ -258,9 +263,13 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
string(APPEND mbedcrypto_static_target "_static")
-+
-+ list(APPEND target_libraries
-+ ${mbedcrypto_static_target})
-+
-+if (NOT CRYPTO_ONLY)
list(APPEND target_libraries
- ${mbedcrypto_static_target}
- ${mbedx509_static_target}
- ${mbedtls_static_target})
+- ${mbedx509_static_target}
+- ${mbedtls_static_target})
++ ${mbedcrypto_static_target})
++
++ if (NOT CRYPTO_ONLY)
++ list(APPEND target_libraries
++ ${mbedx509_static_target}
++ ${mbedtls_static_target})
++ endif()
endif()
-+endif()
if(USE_STATIC_MBEDTLS_LIBRARY)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
-@@ -270,13 +280,15 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
+@@ -272,13 +281,15 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
target_link_libraries(${mbedcrypto_static_target} PUBLIC everest)
endif()
@@ -79,31 +80,31 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
-@@ -288,14 +300,15 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+@@ -290,14 +301,15 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
if(TARGET everest)
target_link_libraries(${mbedcrypto_target} PUBLIC everest)
endif()
-
- add_library(${mbedx509_target} SHARED ${src_x509})
-- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.3.0 SOVERSION 4)
+- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.0 SOVERSION 5)
- target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
-
- add_library(${mbedtls_target} SHARED ${src_tls})
-- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.3.0 SOVERSION 19)
+- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.0 SOVERSION 19)
- target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
+ if (NOT CRYPTO_ONLY)
+ add_library(${mbedx509_target} SHARED ${src_x509})
-+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.3.0 SOVERSION 4)
++ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.0 SOVERSION 5)
+ target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
+
+ add_library(${mbedtls_target} SHARED ${src_tls})
-+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.3.0 SOVERSION 19)
++ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.0 SOVERSION 19)
+ target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
+ endif()
endif(USE_SHARED_MBEDTLS_LIBRARY)
foreach(target IN LISTS target_libraries)
-@@ -320,7 +333,15 @@ endforeach(target)
+@@ -322,7 +334,15 @@ endforeach(target)
set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
@@ -122,5 +123,4 @@
+ endif()
endif()
--
-2.39.1.windows.1
-
+2.34.1
diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
index a3d63f0..74513db 100644
--- a/external/MbedTLS/MbedTLS.cmake
+++ b/external/MbedTLS/MbedTLS.cmake
@@ -7,7 +7,7 @@
set(MBEDTLS_URL "https://github.com/Mbed-TLS/mbedtls.git"
CACHE STRING "Mbed TLS repository URL")
-set(MBEDTLS_REFSPEC "mbedtls-3.3.0"
+set(MBEDTLS_REFSPEC "mbedtls-3.4.0"
CACHE STRING "Mbed TLS git refspec")
set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src"
CACHE PATH "MbedTLS source directory")
@@ -51,7 +51,7 @@
LazyFetch_MakeAvailable(DEP_NAME MbedTLS
FETCH_OPTIONS ${GIT_OPTIONS}
INSTALL_DIR ${MBEDTLS_INSTALL_DIR}
- PACKAGE_DIR ${MBEDTLS_INSTALL_DIR}/cmake
+ PACKAGE_DIR ${MBEDTLS_INSTALL_DIR}
CACHE_FILE "${TS_ROOT}/external/MbedTLS/mbedtls-init-cache.cmake.in"
SOURCE_DIR "${MBEDTLS_SOURCE_DIR}"
)