1#
2# Component Makefile
3#
4
5
6COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include
7
8COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle
9
10COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
11
12COMPONENT_SUBMODULES += mbedtls
13
14
15# Note: some mbedTLS hardware acceleration can be enabled/disabled by config.
16#
17# We don't need to exclude aes.o as these functions use a different prefix (esp_aes_x) and the
18# config option only changes the prefixes in the header so mbedtls_aes_x compiles to esp_aes_x
19#
20# The other port-specific files don't override internal mbedTLS functions, they just add new functions.
21
22ifndef CONFIG_MBEDTLS_HARDWARE_MPI
23    COMPONENT_OBJEXCLUDE += port/esp_bignum.o port/$(IDF_TARGET)/bignum.o
24endif
25
26
27
28ifndef CONFIG_MBEDTLS_HARDWARE_SHA
29    COMPONENT_OBJEXCLUDE += port/parallel_engine/esp_sha1.o port/parallel_engine/esp_sha256.o port/parallel_engine/esp_sha512.o
30endif
31
32ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
33
34GEN_CRT_BUNDLEPY := $(PYTHON) $(COMPONENT_PATH)/esp_crt_bundle/gen_crt_bundle.py
35DEFAULT_CRT_DIR := ${COMPONENT_PATH}/esp_crt_bundle
36X509_CERTIFICATE_BUNDLE := $(abspath x509_crt_bundle)
37CUSTOM_BUNDLE_PATH := $(PROJECT_PATH)/$(CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH)
38
39ifdef CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
40CRT_PATHS += $(CUSTOM_BUNDLE_PATH)
41endif
42
43ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
44CRT_PATHS += ${DEFAULT_CRT_DIR}/cacrt_all.pem
45endif
46
47ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN
48CRT_PATHS += ${DEFAULT_CRT_DIR}/cacrt_all.pem
49ARGS += --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv
50endif
51
52ARGS += --input $(CRT_PATHS) -q
53
54# Generate certificate bundle using generate_cert_bundle.py
55$(X509_CERTIFICATE_BUNDLE) : $(SDKCONFIG_MAKEFILE)
56	$(GEN_CRT_BUNDLEPY) $(ARGS)
57
58COMPONENT_EXTRA_CLEAN += $(X509_CERTIFICATE_BUNDLE)
59
60COMPONENT_EMBED_FILES := $(X509_CERTIFICATE_BUNDLE)
61
62endif
63
64ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER
65WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
66                 mbedtls_ssl_handshake_server_step \
67                 mbedtls_ssl_read \
68                 mbedtls_ssl_write \
69                 mbedtls_ssl_session_reset \
70                 mbedtls_ssl_free \
71                 mbedtls_ssl_setup \
72                 mbedtls_ssl_send_alert_message \
73                 mbedtls_ssl_close_notify
74
75COMPONENT_SRCDIRS += port/dynamic
76endif
77
78ifdef CONFIG_MBEDTLS_HARDWARE_MPI
79WRAP_FUNCTIONS += mbedtls_mpi_exp_mod
80endif
81
82ifneq ($(origin WRAP_FUNCTIONS),undefined)
83WRAP_ARGUMENT := -Wl,--wrap=
84COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
85endif
86