ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/package/libs/mbedtls/Config.in b/package/libs/mbedtls/Config.in
new file mode 100644
index 0000000..0a760ed
--- /dev/null
+++ b/package/libs/mbedtls/Config.in
@@ -0,0 +1,230 @@
+if PACKAGE_libmbedtls
+
+comment "Option details in source code: include/mbedtls/mbedtls_config.h"
+
+comment "Ciphers - unselect old or less-used ciphers to reduce binary size"
+
+config MBEDTLS_AES_C
+ bool "MBEDTLS_AES_C"
+ default y
+
+config MBEDTLS_ARIA_C
+ bool "MBEDTLS_ARIA_C"
+ default n
+
+config MBEDTLS_CAMELLIA_C
+ bool "MBEDTLS_CAMELLIA_C"
+ default n
+
+config MBEDTLS_CCM_C
+ bool "MBEDTLS_CCM_C"
+ default n
+
+config MBEDTLS_CMAC_C
+ bool "MBEDTLS_CMAC_C (old but used by hostapd)"
+ default y
+
+config MBEDTLS_DES_C
+ bool "MBEDTLS_DES_C (old but used by hostapd)"
+ default y
+
+config MBEDTLS_GCM_C
+ bool "MBEDTLS_GCM_C"
+ default y
+
+config MBEDTLS_NIST_KW_C
+ bool "MBEDTLS_NIST_KW_C (old but used by hostapd)"
+ default y
+
+config MBEDTLS_RIPEMD160_C
+ bool "MBEDTLS_RIPEMD160_C"
+ default n
+
+config MBEDTLS_RSA_NO_CRT
+ bool "MBEDTLS_RSA_NO_CRT"
+ default y
+
+config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED"
+ default y
+
+config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED"
+ default n
+
+config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED"
+ default y
+
+config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
+ default n
+
+config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED"
+ default n
+
+config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED"
+ default n
+
+config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED"
+ default y
+
+config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+ default y
+
+config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
+ default n
+
+config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED"
+ default n
+
+comment "Curves - unselect old or less-used curves to reduce binary size"
+
+config MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED"
+ default y
+
+config MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED"
+ default y
+
+config MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
+ default y
+
+config MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED"
+ default y
+
+config MBEDTLS_ECP_DP_BP256R1_ENABLED
+ bool "MBEDTLS_ECP_DP_BP256R1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_BP384R1_ENABLED
+ bool "MBEDTLS_ECP_DP_BP384R1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_BP512R1_ENABLED
+ bool "MBEDTLS_ECP_DP_BP512R1_ENABLED"
+ default n
+
+config MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED"
+ default y
+
+config MBEDTLS_ECP_DP_CURVE448_ENABLED
+ bool "MBEDTLS_ECP_DP_CURVE448_ENABLED"
+ default n
+
+comment "Build Options - unselect features to reduce binary size"
+
+config MBEDTLS_CIPHER_MODE_OFB
+ bool "MBEDTLS_CIPHER_MODE_OFB"
+ default n
+
+config MBEDTLS_CIPHER_MODE_XTS
+ bool "MBEDTLS_CIPHER_MODE_XTS"
+ default n
+
+config MBEDTLS_DEBUG_C
+ bool "MBEDTLS_DEBUG_C"
+ default n
+
+config MBEDTLS_HKDF_C
+ bool "MBEDTLS_HKDF_C"
+ default n
+
+config MBEDTLS_PLATFORM_C
+ bool "MBEDTLS_PLATFORM_C"
+ default n
+
+config MBEDTLS_SELF_TEST
+ bool "MBEDTLS_SELF_TEST"
+ default n
+
+config MBEDTLS_THREADING_C
+ bool "MBEDTLS_THREADING_C"
+ default y
+
+config MBEDTLS_THREADING_PTHREAD
+ def_bool MBEDTLS_THREADING_C
+
+config MBEDTLS_VERSION_C
+ bool "MBEDTLS_VERSION_C"
+ default n
+
+config MBEDTLS_VERSION_FEATURES
+ bool "MBEDTLS_VERSION_FEATURES"
+ default n
+
+config MBEDTLS_PSA_CRYPTO_CLIENT
+ bool "MBEDTLS_PSA_CRYPTO_CLIENT"
+
+config MBEDTLS_DEPRECATED_WARNING
+ bool "MBEDTLS_DEPRECATED_WARNING"
+ default n
+
+config MBEDTLS_SSL_PROTO_TLS1_2
+ bool "MBEDTLS_SSL_PROTO_TLS1_2"
+ default y
+
+config MBEDTLS_SSL_PROTO_TLS1_3
+ bool "MBEDTLS_SSL_PROTO_TLS1_3"
+ select MBEDTLS_PSA_CRYPTO_CLIENT
+ select MBEDTLS_HKDF_C
+ default y
+
+config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ bool "MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE"
+ depends on MBEDTLS_SSL_PROTO_TLS1_3
+ default y
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED"
+ depends on MBEDTLS_SSL_PROTO_TLS1_3
+ default y
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED"
+ depends on MBEDTLS_SSL_PROTO_TLS1_3
+ default y
+
+config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED"
+ depends on MBEDTLS_SSL_PROTO_TLS1_3
+ default y
+
+comment "Build Options"
+
+config MBEDTLS_ENTROPY_FORCE_SHA256
+ bool "MBEDTLS_ENTROPY_FORCE_SHA256"
+ default y
+
+config MBEDTLS_SSL_RENEGOTIATION
+ bool "MBEDTLS_SSL_RENEGOTIATION"
+ depends on MBEDTLS_SSL_PROTO_TLS1_2
+ default n
+
+endif
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
new file mode 100644
index 0000000..f5bff13
--- /dev/null
+++ b/package/libs/mbedtls/Makefile
@@ -0,0 +1,180 @@
+#
+# Copyright (C) 2011-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mbedtls
+PKG_VERSION:=3.6.2
+PKG_RELEASE:=1
+PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL=https://github.com/Mbed-TLS/$(PKG_NAME)/releases/download/$(PKG_NAME)-$(PKG_VERSION)
+PKG_HASH:=8b54fb9bcf4d5a7078028e0520acddefb7900b3e66fec7f7175bb5b7d85ccdca
+
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:arm:mbed_tls
+
+MBEDTLS_BUILD_OPTS_CURVES= \
+ CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED \
+ CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+MBEDTLS_BUILD_OPTS_CIPHERS= \
+ CONFIG_MBEDTLS_AES_C \
+ CONFIG_MBEDTLS_ARIA_C \
+ CONFIG_MBEDTLS_CAMELLIA_C \
+ CONFIG_MBEDTLS_CCM_C \
+ CONFIG_MBEDTLS_CMAC_C \
+ CONFIG_MBEDTLS_DES_C \
+ CONFIG_MBEDTLS_GCM_C \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED \
+ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
+ CONFIG_MBEDTLS_NIST_KW_C \
+ CONFIG_MBEDTLS_RIPEMD160_C \
+ CONFIG_MBEDTLS_RSA_NO_CRT \
+ CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+
+MBEDTLS_BUILD_OPTS= \
+ $(MBEDTLS_BUILD_OPTS_CURVES) \
+ $(MBEDTLS_BUILD_OPTS_CIPHERS) \
+ CONFIG_MBEDTLS_CIPHER_MODE_OFB \
+ CONFIG_MBEDTLS_CIPHER_MODE_XTS \
+ CONFIG_MBEDTLS_DEBUG_C \
+ CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256 \
+ CONFIG_MBEDTLS_HKDF_C \
+ CONFIG_MBEDTLS_PLATFORM_C \
+ CONFIG_MBEDTLS_SELF_TEST \
+ CONFIG_MBEDTLS_SSL_RENEGOTIATION \
+ CONFIG_MBEDTLS_THREADING_C \
+ CONFIG_MBEDTLS_THREADING_PTHREAD \
+ CONFIG_MBEDTLS_VERSION_C \
+ CONFIG_MBEDTLS_VERSION_FEATURES \
+ CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT \
+ CONFIG_MBEDTLS_DEPRECATED_WARNING \
+ CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 \
+ CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 \
+ CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
+PKG_CONFIG_DEPENDS := $(MBEDTLS_BUILD_OPTS)
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/mbedtls/Default
+ TITLE:=Embedded SSL
+ URL:=https://www.trustedfirmware.org/projects/mbed-tls/
+endef
+
+define Package/mbedtls/Default/description
+The aim of the mbedtls project is to provide a quality, open-source
+cryptographic library written in C and targeted at embedded systems.
+endef
+
+define Package/libmbedtls
+$(call Package/mbedtls/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+ SUBMENU:=SSL
+ TITLE+= (library)
+ ABI_VERSION:=21
+ MENU:=1
+endef
+
+define Package/libmbedtls/config
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/mbedtls-util
+$(call Package/mbedtls/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE+= (utilities)
+ DEPENDS:=+libmbedtls
+endef
+
+define Package/libmbedtls/description
+$(call Package/mbedtls/Default/description)
+This package contains the mbedtls library.
+endef
+
+define Package/mbedtls-util/description
+$(call Package/mbedtls/Default/description)
+This package contains mbedtls helper programs for private key and
+CSR generation (gen_key, cert_req)
+endef
+
+TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))
+
+CMAKE_OPTIONS += \
+ -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
+ -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \
+ -DENABLE_TESTING:Bool=OFF \
+ -DENABLE_PROGRAMS:Bool=ON
+
+define Build/Prepare
+ $(call Build/Prepare/Default)
+
+ $(if $(strip $(foreach opt,$(MBEDTLS_BUILD_OPTS),$($(opt)))),
+ $(foreach opt,$(MBEDTLS_BUILD_OPTS),
+ $(PKG_BUILD_DIR)/scripts/config.py \
+ -f $(PKG_BUILD_DIR)/include/mbedtls/mbedtls_config.h \
+ $(if $($(opt)),set,unset) $(patsubst CONFIG_%,%,$(opt))),)
+endef
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/include/mbedtls \
+ $(PKG_INSTALL_DIR)/usr/include/psa \
+ $(1)/usr/include/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/cmake $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/mbedcrypto.pc \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/mbedtls.pc \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/mbedx509.pc \
+ $(1)/usr/lib/pkgconfig/
+endef
+
+define Package/libmbedtls/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
+endef
+
+define Package/mbedtls-util/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,libmbedtls))
+$(eval $(call BuildPackage,mbedtls-util))
diff --git a/package/libs/mbedtls/patches/100-fix-gcc14-build.patch b/package/libs/mbedtls/patches/100-fix-gcc14-build.patch
new file mode 100644
index 0000000..656e605
--- /dev/null
+++ b/package/libs/mbedtls/patches/100-fix-gcc14-build.patch
@@ -0,0 +1,11 @@
+--- a/library/common.h
++++ b/library/common.h
+@@ -199,7 +199,7 @@ static inline void mbedtls_xor(unsigned
+ uint8x16_t x = veorq_u8(v1, v2);
+ vst1q_u8(r + i, x);
+ }
+-#if defined(__IAR_SYSTEMS_ICC__)
++#if defined(__IAR_SYSTEMS_ICC__) || (defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION >= 140100)
+ /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case
+ * where n is a constant multiple of 16.
+ * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time
diff --git a/package/libs/mbedtls/patches/101-remove-test.patch b/package/libs/mbedtls/patches/101-remove-test.patch
new file mode 100644
index 0000000..5ac5e7c
--- /dev/null
+++ b/package/libs/mbedtls/patches/101-remove-test.patch
@@ -0,0 +1,16 @@
+--- a/programs/CMakeLists.txt
++++ b/programs/CMakeLists.txt
+@@ -1,13 +1,9 @@
+ add_subdirectory(aes)
+ add_subdirectory(cipher)
+-if (NOT WIN32)
+- add_subdirectory(fuzz)
+-endif()
+ add_subdirectory(hash)
+ add_subdirectory(pkey)
+ add_subdirectory(psa)
+ add_subdirectory(random)
+ add_subdirectory(ssl)
+-add_subdirectory(test)
+ add_subdirectory(util)
+ add_subdirectory(x509)