beslan/mbed-os-hardfp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import Mbed OS hard-float snapshot

Browse Source
This commit is contained in:
Beslan
2026-06-01 20:15:04 +03:00
commit d3738e2f89
16278 changed files with 10628036 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
connectivity/mbedtls/tools/importer/Makefile Normal file
View File

@@ -0,0 +1,131 @@
###########################################################################
#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
###########################################################################
#
# Use this file to import an mbed TLS release into mbed-OS as follows:
#
# 1) Set the MBED_TLS_RELEASE variable to the required mbed TLS release tag
# 2) make update
# 3) make
# 4) commit and push changes via git
#
# Set the mbed TLS release to import (this can/should be edited before import)
MBED_TLS_RELEASE ?= mbedtls-2.22.0
MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls.git
# Translate between mbed TLS namespace and mbed namespace
TARGET_PREFIX:=../
TARGET_EXPERIMENTAL:=../../FEATURE_EXPERIMENTAL_API/
TARGET_SRC:=$(TARGET_PREFIX)src
TARGET_INC:=$(TARGET_PREFIX)inc
TARGET_PSA:=$(TARGET_EXPERIMENTAL)FEATURE_PSA/TARGET_MBED_PSA_SRV/mbedtls
TARGET_PSA_INC:=$(TARGET_PSA)/inc
TARGET_TESTS:=$(TARGET_PREFIX)TESTS
# mbed TLS source directory - hidden from mbed via TARGET_IGNORE
MBED_TLS_DIR:=TARGET_IGNORE/mbedtls
MBED_TLS_API:=$(MBED_TLS_DIR)/include/mbedtls
CRYPTO_API:=$(MBED_TLS_DIR)/include/psa
MBED_TLS_GIT_CFG=$(MBED_TLS_DIR)/.git/config
.PHONY: all deploy deploy-tests rsync mbedtls clean update
all: mbedtls
mbedtls: deploy
rsync:
#
# Copying mbed TLS into mbed library...
rm -rf $(TARGET_SRC)
rsync -a --exclude='*.txt' $(MBED_TLS_DIR)/library/ $(TARGET_SRC)
#
# Copying mbed TLS headers to mbed includes...
rm -rf $(TARGET_INC)
mkdir -p $(TARGET_INC)
mkdir -p $(TARGET_PSA_INC)
rsync -a --delete $(MBED_TLS_API) $(TARGET_INC)
rsync -a --delete --exclude='crypto_struct.h' $(CRYPTO_API) $(TARGET_PSA_INC)/
#
# Copying licenses
cp $(MBED_TLS_DIR)/LICENSE $(TARGET_PREFIX)
#
# Copying Mbed Crypto into Mbed OS...
rm -rf $(TARGET_PSA)
mkdir -p $(TARGET_PSA)
rsync -a --delete $(CRYPTO_API)/crypto_struct.h $(TARGET_PSA)/
rsync -a --delete $(MBED_TLS_DIR)/library/psa_*.c $(TARGET_PSA)/
rsync -a --delete $(MBED_TLS_DIR)/library/psa_*.h $(TARGET_PSA)/
#
# Remove PSA-specific C & H files (they go into $(TARGET_PSA))
rm -rf $(TARGET_SRC)/psa_*.c
rm -rf $(TARGET_SRC)/psa_*.h
deploy: rsync
#
# Adjusting the default mbed TLS config file to mbed purposes
./adjust-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config.h
#
# Adjusting the default mbed TLS check-config file to mbed purposes
./adjust-check-config.sh $(TARGET_INC)/mbedtls/check_config.h
#
# Copy and adjust the trimmed config that does not require entropy source
cp $(MBED_TLS_DIR)/configs/config-no-entropy.h $(TARGET_INC)/mbedtls/.
./adjust-no-entropy-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config-no-entropy.h
deploy-tests: deploy
#
# Copying mbed TLS tests...
rm -rf $(TARGET_TESTS)
mkdir -p $(TARGET_TESTS)
rsync -a --delete $(MBED_TLS_DIR)/tests/TESTS/ $(TARGET_TESTS)
mkdir -p $(TARGET_TESTS)/host_tests
cp $(MBED_TLS_DIR)/tests/scripts/mbedtls_test.py $(TARGET_TESTS)/host_tests/
update: $(MBED_TLS_GIT_CFG) $(MBED_TLS_HA_GIT_CFG)
#
# Updating to the specified mbed TLS library version
# (If it is not an initial checkout we will start with the repository
# being in a detached head state)
git -C $(MBED_TLS_DIR) fetch
#
# Checking out the required release
git -C $(MBED_TLS_DIR) checkout $(MBED_TLS_RELEASE)
#
# Update and checkout git submodules
git -C $(MBED_TLS_DIR) submodule update --init --recursive
#
# Updating checked out version tag
git -C $(MBED_TLS_DIR) describe --tags --abbrev=12 --dirty --always > $(TARGET_PREFIX)VERSION.txt
$(MBED_TLS_GIT_CFG):
rm -rf $(MBED_TLS_DIR)
git clone $(MBED_TLS_REPO_URL) $(MBED_TLS_DIR)
clean:
rm -f $(TARGET_PREFIX)LICENSE
rm -f $(TARGET_PREFIX)VERSION.txt
rm -f $(TARGET_PREFIX)AUTHORS.txt
rm -rf $(TARGET_SRC)
rm -rf $(TARGET_INC)
rm -rf $(MBED_TLS_DIR)
rm -rf $(TARGET_PSA)

2
connectivity/mbedtls/tools/importer/TARGET_IGNORE/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
mbedtls
mbed-tls-lib

58
connectivity/mbedtls/tools/importer/adjust-check-config.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2019, Arm Limited, All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
# Licensed under the Apache License, Version 2.0 (the License); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# * http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an AS IS BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# Removes checks from check_config.h that aren't needed for Mbed OS
#
# Usage: adjust-check-config.sh [path to check_config file]
#
set -eu
if [ $# -ne 1 ]; then
echo "Usage: $0 path/to/check_config.h" >&2
exit 1
fi
FILE=$1
conf() {
$SCRIPT -f $FILE --force $@
}
remove_code() {
MATCH_PATTERN=$(IFS=""; printf "%s" "$*")
perl -0pi -e "s/$MATCH_PATTERN//g" "$FILE"
}
# When using Mbed Crypto's PSA Entropy Injection feature on Mbed OS, it is
# not required to opt out of having entropy sources added to your entropy
# contexts by default (via MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES).
# As integrated in Mbed OS, MBEDTLS_PSA_INJECT_ENTROPY is compatible with
# actual entropy sources. PSA entropy injection is implemented using the
# standard Mbed TLS NV Seed feature, and is as compatible with other
# entropy sources as the standard Mbed TLS NV Seed feature which does
# support entropy mixing.
remove_code \
"#if defined\(MBEDTLS_PSA_INJECT_ENTROPY\) && \\\\\n" \
" !defined\(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES\)\n" \
"#error \"MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources\"\n" \
"#endif\n" \
"\n"

171
connectivity/mbedtls/tools/importer/adjust-config.sh Normal file
View File

@@ -0,0 +1,171 @@
#!/bin/sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# Comments and uncomments #define lines in the given configuration header file
# to configure the file for use in mbed OS.
#
# Usage: adjust-config.sh [path to config script] [path to config file]
#
set -eu
if [ $# -ne 2 ]; then
echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
exit 1
fi
SCRIPT=$1
FILE=$2
conf() {
$SCRIPT -f $FILE --force $@
}
# Add code before the matching line
prepend_code() {
MATCH_PATTERN="$1"
shift
CODE=$(IFS=""; printf "%s" "$*")
perl -i -pe \
"s/$MATCH_PATTERN/$CODE$MATCH_PATTERN/igs" \
"$FILE"
}
# Add code after the matching line
append_code() {
MATCH_PATTERN="$1"
shift
CODE=$(IFS=""; printf "%s" "$*")
perl -i -pe \
"s/$MATCH_PATTERN/$MATCH_PATTERN$CODE/igs" \
"$FILE"
}
# not supported on mbed OS, nor used by mbed Client
conf unset MBEDTLS_NET_C
conf unset MBEDTLS_TIMING_C
# not supported on all targets with mbed OS, nor used by mbed Client
conf unset MBEDTLS_HAVE_TIME_DATE
conf unset MBEDTLS_FS_IO
conf unset MBEDTLS_PSA_ITS_FILE_C
conf unset MBEDTLS_PSA_CRYPTO_STORAGE_C
conf set MBEDTLS_NO_PLATFORM_ENTROPY
conf unset MBEDTLS_CIPHER_MODE_CFB
conf unset MBEDTLS_CIPHER_MODE_OFB
conf unset MBEDTLS_CIPHER_MODE_CTR
conf unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
conf unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
conf unset MBEDTLS_CIPHER_PADDING_ZEROS
conf unset MBEDTLS_CIPHER_MODE_XTS
conf unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
conf unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
conf unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
conf unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
conf unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
conf unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
conf unset MBEDTLS_ECP_DP_BP256R1_ENABLED
conf unset MBEDTLS_ECP_DP_BP384R1_ENABLED
conf unset MBEDTLS_ECP_DP_BP512R1_ENABLED
conf unset MBEDTLS_PK_PARSE_EC_EXTENDED
conf unset MBEDTLS_AESNI_C
conf unset MBEDTLS_ARC4_C
conf unset MBEDTLS_BLOWFISH_C
conf unset MBEDTLS_CAMELLIA_C
conf unset MBEDTLS_DES_C
conf unset MBEDTLS_DHM_C
conf unset MBEDTLS_GENPRIME
conf unset MBEDTLS_MD5_C
conf unset MBEDTLS_PADLOCK_C
conf unset MBEDTLS_PEM_WRITE_C
conf unset MBEDTLS_PKCS5_C
conf unset MBEDTLS_PKCS12_C
conf unset MBEDTLS_RIPEMD160_C
conf unset MBEDTLS_SHA1_C
conf unset MBEDTLS_XTEA_C
conf set MBEDTLS_CMAC_C
conf set MBEDTLS_AES_ROM_TABLES
conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
conf unset MBEDTLS_X509_CSR_PARSE_C
conf unset MBEDTLS_X509_CREATE_C
conf unset MBEDTLS_X509_CRT_WRITE_C
conf unset MBEDTLS_X509_CSR_WRITE_C
conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
conf unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
conf unset MBEDTLS_SSL_FALLBACK_SCSV
conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
conf unset MBEDTLS_SSL_PROTO_TLS1
conf unset MBEDTLS_SSL_PROTO_TLS1_1
conf unset MBEDTLS_SSL_TRUNCATED_HMAC
conf unset MBEDTLS_PLATFORM_TIME_TYPE_MACRO
# The default size of MBEDTLS_MPI_MAX_SIZE is 1024 bytes.
# In some cases, this value is set to stack buffers.
# Reduce the maximal MBEDTLS_MPI_MAX_SIZE to 512 bytes,
# which should fit RSA 4096 bit keys.
conf set MBEDTLS_MPI_MAX_SIZE 512
# Explicitly unset MBEDTLS_USE_PSA_CRYPTO as this will be set based on the
# FEATURE_PSA flag in Mbed OS
conf unset MBEDTLS_USE_PSA_CRYPTO
# add an #ifndef to include config-no-entropy.h when the target does not have
# an entropy source we can use.
append_code \
"#ifndef MBEDTLS_CONFIG_H\n" \
"\n" \
"#include \"platform\/inc\/platform_mbed.h\"\n" \
"\n" \
"\/*\n" \
" * Only use features that do not require an entropy source when\n" \
" * DEVICE_ENTROPY_SOURCE is not defined in mbed OS.\n" \
" *\/\n" \
"#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \\\\\n" \
" !defined(MBEDTLS_ENTROPY_NV_SEED)\n" \
"#include \"mbedtls\/config-no-entropy.h\"\n" \
"\n" \
"#if defined(MBEDTLS_USER_CONFIG_FILE)\n" \
"#include MBEDTLS_USER_CONFIG_FILE\n" \
"#endif\n" \
"\n" \
"#else\n"
prepend_code \
"#endif \/\* MBEDTLS_CONFIG_H \*\/" \
"\n" \
"#endif \/* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY && !MBEDTLS_ENTROPY_NV_SEED *\/\n" \
"\n" \
"#if defined(MBEDTLS_TEST_NULL_ENTROPY)\n" \
"#warning \"MBEDTLS_TEST_NULL_ENTROPY has been enabled. This \" \\\\\n" \
" \"configuration is not secure and is not suitable for production use\"\n" \
"#endif\n" \
"\n" \
"#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \\\\\n" \
" !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_ENTROPY_NV_SEED)\n" \
"#error \"No entropy source was found at build time, so TLS \" \\\\\n" \
" \"functionality is not available\"\n" \
"#endif\n" \
"\n" \
"#if defined(FEATURE_EXPERIMENTAL_API) && defined(FEATURE_PSA)\n" \
" #define MBEDTLS_PSA_HAS_ITS_IO\n" \
" #define MBEDTLS_USE_PSA_CRYPTO\n" \
"#endif\n" \
"\n"

39
connectivity/mbedtls/tools/importer/adjust-no-entropy-config.sh Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2018, ARM Limited, All Rights Reserved
#
# Purpose
#
# Comments and uncomments #define lines in the given configuration header file
# to configure the file for use in mbed OS.
#
# Usage: adjust-no-entropy-config.sh [path to config script] [path to no-entropy config file]
#
set -eu
if [ $# -ne 2 ]; then
echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
exit 1
fi
SCRIPT=$1
FILE=$2
conf() {
$SCRIPT -o -f $FILE $@
}
add_code() {
MATCH_PATTERN="$1"
shift
CODE=$(IFS=""; printf "%s" "$*")
perl -i -pe \
"s/$MATCH_PATTERN/$MATCH_PATTERN$CODE/igs" \
"$FILE"
}
conf set MBEDTLS_CMAC_C
conf unset MBEDTLS_CIPHER_MODE_XTS