1#
2# Component Makefile
3#
4
5
6COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include
7
8COMPONENT_PRIV_INCLUDEDIRS := mbedtls/library
9
10COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle
11
12COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
13
14ifdef CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1
15COMPONENT_OBJEXCLUDE += \
16mbedtls/library/ssl_ciphersuites.o \
17mbedtls/library/ecp.o \
18mbedtls/library/cipher_wrap.o \
19mbedtls/library/oid.o \
20mbedtls/library/ecp_curves.o \
21mbedtls/library/pk_wrap.o \
22mbedtls/library/ecdsa.o \
23mbedtls/library/x509_crt.o \
24mbedtls/library/ssl_tls.o \
25mbedtls/library/ssl_cli.o
26endif
27
28COMPONENT_SUBMODULES += mbedtls
29
30
31# Note: some mbedTLS hardware acceleration can be enabled/disabled by config.
32#
33# We don't need to exclude aes.o as these functions use a different prefix (esp_aes_x) and the
34# config option only changes the prefixes in the header so mbedtls_aes_x compiles to esp_aes_x
35#
36# The other port-specific files don't override internal mbedTLS functions, they just add new functions.
37
38ifndef CONFIG_MBEDTLS_HARDWARE_MPI
39    COMPONENT_OBJEXCLUDE += port/esp_bignum.o port/$(IDF_TARGET)/bignum.o
40endif
41
42
43
44ifndef CONFIG_MBEDTLS_HARDWARE_SHA
45    COMPONENT_OBJEXCLUDE += port/parallel_engine/esp_sha1.o port/parallel_engine/esp_sha256.o port/parallel_engine/esp_sha512.o
46endif
47
48ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
49
50GEN_CRT_BUNDLEPY := $(PYTHON) $(COMPONENT_PATH)/esp_crt_bundle/gen_crt_bundle.py
51DEFAULT_CRT_DIR := ${COMPONENT_PATH}/esp_crt_bundle
52X509_CERTIFICATE_BUNDLE := $(abspath x509_crt_bundle)
53CUSTOM_BUNDLE_PATH := $(PROJECT_PATH)/$(CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH)
54
55ifdef CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE
56CRT_PATHS += $(CUSTOM_BUNDLE_PATH)
57endif
58
59ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
60CRT_PATHS += ${DEFAULT_CRT_DIR}/cacrt_all.pem
61endif
62
63ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN
64CRT_PATHS += ${DEFAULT_CRT_DIR}/cacrt_all.pem
65ARGS += --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv
66endif
67
68ARGS += --input $(CRT_PATHS) -q
69
70# Generate certificate bundle using generate_cert_bundle.py
71$(X509_CERTIFICATE_BUNDLE) : $(SDKCONFIG_MAKEFILE)
72	$(GEN_CRT_BUNDLEPY) $(ARGS)
73
74COMPONENT_EXTRA_CLEAN += $(X509_CERTIFICATE_BUNDLE)
75
76COMPONENT_EMBED_FILES := $(X509_CERTIFICATE_BUNDLE)
77
78endif
79
80ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER
81WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
82                 mbedtls_ssl_handshake_server_step \
83                 mbedtls_ssl_read \
84                 mbedtls_ssl_write \
85                 mbedtls_ssl_session_reset \
86                 mbedtls_ssl_free \
87                 mbedtls_ssl_setup \
88                 mbedtls_ssl_send_alert_message \
89                 mbedtls_ssl_close_notify
90
91COMPONENT_SRCDIRS += port/dynamic
92endif
93
94ifneq ($(origin WRAP_FUNCTIONS),undefined)
95WRAP_ARGUMENT := -Wl,--wrap=
96COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
97endif
98