commit fd566c3cd3eec3810e7d894f3c335802911f20e1
author Yann Gautier <yann.gautier@st.com> Fri Jan 19 17:44:41 2024 +0100
committer Yann Gautier <yann.gautier@st.com> Fri Jun 28 20:05:27 2024 +0200
tree 29b5a8df67019703e4854c93d503ed9cbca73b92
parent d7f618143a3d1b3a392fc4eb54812251dcb7ce8f

feat(mbedtls): add support for mbedtls-3.3

TF-A support for mbedtls3.x has been overdue by number of releases.
As per mbedtls support it was advised to use latest and greatest
mbedtls-3.3. But mbedtls-3.x breaks API compatibility with
mbedtls-2.x

To maintain comptability for mbedtls-2.x and enable mbedtls-3.x
support add a functionality into makefile to determine the major version
of mbedtls and use that to selective include or compile files
that are present.

With mbedtls-3.x numerous other config changes have been done.
Some of the config options deprecated or enabled by default.
Thus we decided to introduce a new 3.x config file part of this
change for building TF-A with mbedtls-3.3.

For futher information on migrating to mbedtls 3.x refer to:
https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md

Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
(cherry picked from commit 51e061591bbf13af2486c3bb5f37ed609578d145)
Change-Id: Ib034036c09fbdc573d9427b1eda6f2387bda2932

drivers/auth/mbedtls/mbedtls_common.mk

diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 16ce65f..63871a4 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -15,8 +15,17 @@
 
 MBEDTLS_INC		=	-I${MBEDTLS_DIR}/include
 
+MBEDTLS_MAJOR=$(shell grep -hP "define MBEDTLS_VERSION_MAJOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
+MBEDTLS_MINOR=$(shell grep -hP "define MBEDTLS_VERSION_MINOR" ${MBEDTLS_DIR}/include/mbedtls/*.h | grep -oe '\([0-9.]*\)')
+$(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${MBEDTLS_MINOR}])
+
 # Specify mbed TLS configuration file
-MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config.h>"
+ifeq (${MBEDTLS_MAJOR}, 2)
+	MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-2.h>"
+else ifeq (${MBEDTLS_MAJOR}, 3)
+	MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-3.h>"
+endif
+
 $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
 
 MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
@@ -28,6 +37,7 @@
 					asn1write.c 				\
 					cipher.c 				\
 					cipher_wrap.c 				\
+					constant_time.c 			\
 					memory_buffer_alloc.c			\
 					oid.c 					\
 					platform.c 				\
@@ -45,12 +55,29 @@
 					ecp_curves.c				\
 					ecp.c					\
 					rsa.c					\
-					rsa_internal.c				\
 					x509.c 					\
 					x509_crt.c 				\
-					constant_time.c 			\
 					)
 
+ifeq (${MBEDTLS_MAJOR}, 2)
+	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
+						rsa_internal.c		\
+						)
+else ifeq (${MBEDTLS_MAJOR}, 3)
+	LIBMBEDTLS_SRCS +=  $(addprefix ${MBEDTLS_DIR}/library/,	\
+						bignum_core.c		\
+						rsa_alt_helpers.c	\
+						hash_info.c		\
+						)
+
+	# Currently on Mbedtls-3 there is outstanding bug due to usage
+	# of redundant declaration[1], So disable redundant-decls
+	# compilation flag to avoid compilation error when compiling with
+	# Mbedtls-3.
+	# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
+	LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
+endif
+
 # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
 # algorithm to use. If the variable is not defined, select it based on
 # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,