update mbedtls (#2849)

* Fixing the parameters when using dynamic mbedtls lib

* update mbedtls to 3.5.1

* Update xmake.lua

* Update xmake.lua

* Update xmake.lua

* hack for shared

* use dllimport

* remove mingw code

* Update xmake.lua

* Update xmake.lua

* improve mbedtls

---------

Co-authored-by: xpxz <[email protected]>
Co-authored-by: star9029 <[email protected]>

packages/m/mbedtls/patches/3.5.1/aesni-mingw-i386.patch

@@ -0,0 +1,68 @@
+diff --git a/library/aesni.c b/library/aesni.c
+index 59bcd3d92..b92c73c29 100644
+--- a/library/aesni.c
++++ b/library/aesni.c
+@@ -21,14 +21,27 @@
+ #if defined(MBEDTLS_AESNI_HAVE_CODE)
+ 
+ #if MBEDTLS_AESNI_HAVE_CODE == 2
+-#if !defined(_WIN32)
++#if defined(__GNUC__)
+ #include <cpuid.h>
+-#else
++#elif defined(_MSC_VER)
+ #include <intrin.h>
++#else
++#error "`__cpuid` required by MBEDTLS_AESNI_C is not supported by the compiler"
+ #endif
+ #include <immintrin.h>
+ #endif
+ 
++#if defined(MBEDTLS_ARCH_IS_X86)
++#if defined(MBEDTLS_COMPILER_IS_GCC)
++#pragma GCC push_options
++#pragma GCC target ("pclmul,sse2,aes")
++#define MBEDTLS_POP_TARGET_PRAGMA
++#elif defined(__clang__)
++#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
++#define MBEDTLS_POP_TARGET_PRAGMA
++#endif
++#endif
++
+ #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ /*
+  * AES-NI support detection routine
+@@ -40,7 +53,7 @@ int mbedtls_aesni_has_support(unsigned int what)
+ 
+     if (!done) {
+ #if MBEDTLS_AESNI_HAVE_CODE == 2
+-        static unsigned info[4] = { 0, 0, 0, 0 };
++        static int info[4] = { 0, 0, 0, 0 };
+ #if defined(_MSC_VER)
+         __cpuid(info, 1);
+ #else
+@@ -175,7 +188,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16],
+                             const unsigned char a[16],
+                             const unsigned char b[16])
+ {
+-    __m128i aa, bb, cc, dd;
++    __m128i aa = { 0 }, bb = { 0 }, cc, dd;
+ 
+     /* The inputs are in big-endian order, so byte-reverse them */
+     for (size_t i = 0; i < 16; i++) {
+@@ -384,6 +397,15 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
+ }
+ #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+ 
++#if defined(MBEDTLS_POP_TARGET_PRAGMA)
++#if defined(__clang__)
++#pragma clang attribute pop
++#elif defined(__GNUC__)
++#pragma GCC pop_options
++#endif
++#undef MBEDTLS_POP_TARGET_PRAGMA
++#endif
++
+ #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
+ 
+ #if defined(__has_feature)

packages/m/mbedtls/xmake.lua

@@ -8,27 +8,53 @@ package("mbedtls")
     end})
     add_urls("https://github.com/Mbed-TLS/mbedtls.git")
 
+    add_versions("v3.5.1", "959a492721ba036afc21f04d1836d874f93ac124cf47cf62c9bcd3a753e49bdb")
     add_versions("v3.4.0", "9969088c86eb89f6f0a131e699c46ff57058288410f2087bd0d308f65e9fccb5")
     add_versions("v2.28.3", "0c0abbd6e33566c5c3c15af4fc19466c8edb62fa483d4ce98f1ba3f656656d2d")
     add_versions("v2.25.0", "6bf01ef178925f7db3c9027344a50855b116f2defe4a24cbdc0220111a371597")
     add_versions("v2.13.0", "6e747350bc13e8ff51799daa50f74230c6cd8e15977da55dd59f57b23dcf70a6")
     add_versions("v2.7.6", "e527d828ab82650102ca8031302e5d4bc68ea887b2d84e43d3da2a80a9e5a2c8")
 
+    add_patches("3.5.1", path.join(os.scriptdir(), "patches", "3.5.1", "aesni-mingw-i386.patch"), "4b5c5de69930049242cc1d6a84185881a936a27773ecaf975290ac591f38a41d")
+
     add_deps("cmake")
 
     add_links("mbedtls", "mbedx509", "mbedcrypto")
 
-    if is_plat("windows") then
-        add_syslinks("advapi32")
+    if is_plat("windows", "mingw") then
+        add_syslinks("ws2_32", "advapi32", "bcrypt")
     end
 
-    on_install(function (package)
+    on_install("windows|x86", "windows|x64", "linux", "macosx", "bsd", "mingw", "android", "iphoneos", "cross", "wasm", function (package)
         local configs = {"-DENABLE_TESTING=OFF", "-DENABLE_PROGRAMS=OFF", "-DMBEDTLS_FATAL_WARNINGS=OFF"}
-        table.insert(configs, "-DBUILD_SHARED_LIBS=" .. (package:config("shared") and "ON" or "OFF"))
-        import("package.tools.cmake").install(package, configs)
+        if package:config("shared") then
+            table.insert(configs, "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")
+            table.insert(configs, "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+            if package:is_plat("windows") then
+                table.insert(configs, "-DCMAKE_WINDOWS_EXPORT_ALL_SYMBOLS=ON")
+                io.replace("library/constant_time_impl.h", "extern volatile", "__declspec(dllimport) volatile", {plain = true})
+                io.replace("include/mbedtls/x509_crt.h", "extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;", "__declspec(dllimport) const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;", {plain = true})
+                io.replace("include/mbedtls/x509_crt.h", "extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;", "__declspec(dllimport) const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;", {plain = true})
+            end
+        else
+            table.insert(configs, "-DUSE_SHARED_MBEDTLS_LIBRARY=OFF")
+            table.insert(configs, "-DUSE_STATIC_MBEDTLS_LIBRARY=ON")
+        end
+        local cxflags
+        if package:is_plat("mingw") and package:is_arch("i386") then
+            cxflags = {"-maes", "-msse2", "-mpclmul"}
+        end
+        import("package.tools.cmake").install(package, configs, {cxflags = cxflags})
     end)
 
     on_test(function (package)
         assert(package:has_cfuncs("mbedtls_ssl_init", {includes = "mbedtls/ssl.h"}))
+        assert(package:check_cxxsnippets({test = [[
+            void test() {
+                mbedtls_aes_context ctx;
+
+                unsigned char key[32]; 
+                mbedtls_aes_setkey_enc(&ctx, key, 256);
+            }
+        ]]}, {includes = "mbedtls/aes.h"}))
     end)
-