- added code and cmake build system support for mbedtls 3.6

CMakeLists.txt

@@ -144,12 +144,17 @@ set(FOUND_SQLITE3_SOURCE 1)
 message("Found sqlite3 source in third_party folder -> can compile with log service support")
 endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/sqlite/sqlite3.h)
 
+if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-3.6.0)
+set(WITH_MBEDTLS3 1)
+set(MBEDTLS_INCLUDE_DIR "${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-3.6.0/include")
+else()
 if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28)
 set(WITH_MBEDTLS 1)
 set(MBEDTLS_INCLUDE_DIR "${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28/include")
 endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.28)
+endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-3.6.0)
 
-if(WITH_MBEDTLS)
+if(WITH_MBEDTLS OR WITH_MBEDTLS3)
 
 add_definitions(-DCONFIG_MMS_SUPPORT_TLS=1)
 
@@ -165,7 +170,7 @@ if (CONFIG_IEC61850_SNTP_CLIENT)
 set(BUILD_SNTP_CLIENT_EXAMPLES 1)
 endif (CONFIG_IEC61850_SNTP_CLIENT)
 
-endif(WITH_MBEDTLS)
+endif(WITH_MBEDTLS OR WITH_MBEDTLS3)
 
 include(CheckCCompilerFlag)
 

hal/CMakeLists.txt

@@ -10,7 +10,7 @@ endif()
 project(hal)
 
 set(LIBHAL_VERSION_MAJOR "2")
-set(LIBHAL_VERSION_MINOR "1")
+set(LIBHAL_VERSION_MINOR "2")
 set(LIBHAL_VERSION_PATCH "0")
 
 # feature checks
@@ -116,10 +116,15 @@ ENDIF(WIN32)
 #set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" )
 
 if(WITH_MBEDTLS)
-message("Found mbedtls -> can compile HAL with TLS support")
+message("Found mbedtls 2.28 -> can compile HAL with TLS 1.2 support")
 set(WITH_MBEDTLS 1)
 endif(WITH_MBEDTLS)
 
+if (WITH_MBEDTLS3)
+message("Found mbedtls 3.6 -> can compile HAL with TLS 1.3 support")
+set(WITH_MBEDTLS3 1)
+endif(WITH_MBEDTLS3)
+
 if(WITH_MBEDTLS)
 include_directories(
 	${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls
@@ -147,6 +152,32 @@ list (APPEND libhal_SRCS ${tls_SRCS})
 
 endif(WITH_MBEDTLS)
 
+if(WITH_MBEDTLS3)
+include_directories(
+	${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls3
+    ${MBEDTLS_INCLUDE_DIR}
+)
+
+if(CONFIG_USE_EXTERNAL_MBEDTLS_DYNLIB)
+link_directories(${CONFIG_EXTERNAL_MBEDTLS_DYNLIB_PATH})
+else()
+file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-3.6.0/library/*.c)
+endif(CONFIG_USE_EXTERNAL_MBEDTLS_DYNLIB)
+
+add_definitions(-DMBEDTLS_CONFIG_FILE="mbedtls_config.h")
+
+set (libhal_SRCS ${libhal_SRCS}
+  ${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls3/tls_mbedtls.c
+)
+
+IF(MSVC)
+set_source_files_properties(${libhal_SRCS}
+                                       PROPERTIES LANGUAGE CXX)
+ENDIF()
+
+list (APPEND libhal_SRCS ${tls_SRCS})
+endif(WITH_MBEDTLS3)
+
 add_library (hal STATIC ${libhal_SRCS})
 
 add_library (hal-shared STATIC ${libhal_SRCS})

hal/tls/mbedtls3/mbedtls_config.h

@@ -0,0 +1,72 @@
+// https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files
+// #ifndef MBEDTLS_CONFIG_H
+// #define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_TIME_DATE
+#define MBEDTLS_NO_UDBL_DIVISION
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_DEBUG_C
+
+/* mbed TLS feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_TLS1_3
+// MIGRATE 2.28->3.x.x: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md#remove-support-for-tls-10-11-and-dtls-10
+// #define MBEDTLS_SSL_PROTO_TLS1_1
+// #define MBEDTLS_SSL_PROTO_TLS1
+#define MBEDTLS_SSL_RENEGOTIATION
+
+#error "MBEDTLS"
+
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+/* #define MBEDTLS_DES_C */
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_SSL_CACHE_C
+
+/* For test certificates */
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
+
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS5_C
+
+/* For testing with compat.sh */
+#define MBEDTLS_FS_IO
+
+// MIGRATE 2.28->3.x.x: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md#remove-mbedtls_x509_check__key_usage-options-from-mbedtls_configh
+// #define MBEDTLS_X509_CHECK_KEY_USAGE
+// #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+// MIGRATE 2.28->3.x.x: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md#introduce-a-level-of-indirection-and-versioning-in-the-config-files
+// #include "mbedtls/check_config.h"
+
+// #endif /* MBEDTLS_CONFIG_H */

src/CMakeLists.txt

@@ -1,9 +1,16 @@
+if(WITH_MBEDTLS3)
+include_directories(
+	${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls3
+    ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-3.6.0/include
+)
+else()
 if(WITH_MBEDTLS)
 include_directories(
 	${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls
     ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.28/include
 )
 endif(WITH_MBEDTLS)
+endif(WITH_MBEDTLS3)
 
 set (lib_common_SRCS
 ./common/string_map.c
@@ -189,7 +196,7 @@ set (lib_sv_SRCS
 ./sampled_values/sv_publisher.c
 )
 
-if(WITH_MBEDTLS AND (CONFIG_IEC61850_R_GOOSE OR CONFIG_IEC61850_R_SMV))
+if((WITH_MBEDTLS OR WITH_MBEDTLS3) AND (CONFIG_IEC61850_R_GOOSE OR CONFIG_IEC61850_R_SMV))
 set (lib_rsession_SRCS
 ./r_session/r_session.c
 ./r_session/r_session_crypto_mbedtls.c