From 9ff4b38253fc51d66364a8705ed27c7f5a46b7c9 Mon Sep 17 00:00:00 2001
From: xinitrcn1 <svinxsvinx@proton.me>
Date: Fri, 24 Oct 2025 09:12:12 +0000
Subject: [PATCH] mbedtls-3.6.5: new recipe (#13092)

Co-authored-by: lizzie <lizzie@eden-emu.dev>
---
 net-libs/mbedtls/mbedtls3-3.6.5.recipe        | 176 ++++++++++++++++++
 .../mbedtls/patches/mbedtls3-3.6.5.patchset   |  86 +++++++++
 2 files changed, 262 insertions(+)
 create mode 100644 net-libs/mbedtls/mbedtls3-3.6.5.recipe
 create mode 100644 net-libs/mbedtls/patches/mbedtls3-3.6.5.patchset

diff --git a/net-libs/mbedtls/mbedtls3-3.6.5.recipe b/net-libs/mbedtls/mbedtls3-3.6.5.recipe
new file mode 100644
index 000000000..0b9166f8c
--- /dev/null
+++ b/net-libs/mbedtls/mbedtls3-3.6.5.recipe
@@ -0,0 +1,176 @@
+SUMMARY="Open source, portable, easy to use, readable and flexible SSL library"
+DESCRIPTION="mbed TLS (formerly known as PolarSSL) makes it trivially easy for \
+developers to include cryptographic and SSL/TLS capabilities in their (embedded) \
+products, facilitating this functionality with a minimal coding footprint."
+HOMEPAGE="https://tls.mbed.org/"
+COPYRIGHT="2006-2018 ARM Limited"
+LICENSE="Apache v2"
+REVISION="1"
+SOURCE_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-$portVersion/mbedtls-$portVersion.tar.bz2"
+CHECKSUM_SHA256="4a11f1777bb95bf4ad96721cac945a26e04bf19f57d905f241fe77ebeddf46d8"
+SOURCE_DIR="mbedtls-$portVersion"
+PATCHES="mbedtls3-$portVersion.patchset"
+
+ARCHITECTURES="all !x86_gcc2"
+SECONDARY_ARCHITECTURES="x86"
+
+libVersion="$portVersion"
+libVersionCompat="$libVersion compat >= ${libVersion%%.*}"
+
+PROVIDES="
+	mbedtls3$secondaryArchSuffix = $portVersion
+	lib:libmbedcrypto$secondaryArchSuffix = $libVersionCompat
+	lib:libmbedtls$secondaryArchSuffix = $libVersionCompat
+	lib:libmbedx509$secondaryArchSuffix = $libVersionCompat
+	"
+REQUIRES="
+	haiku$secondaryArchSuffix
+	lib:libz$secondaryArchSuffix
+	"
+
+PROVIDES_tools="
+	mbedtls3${secondaryArchSuffix}_tools
+	cmd:aead_demo = $portVersion
+	cmd:aescrypt2 = $portVersion
+	cmd:benchmark = $portVersion
+	cmd:cert_app = $portVersion
+	cmd:cert_req = $portVersion
+	cmd:cert_write = $portVersion
+	cmd:cipher_aead_demo = $portVersion
+	cmd:crl_app = $portVersion
+	cmd:crypto_examples = $portVersion
+	cmd:crypt_and_hash = $portVersion
+	cmd:dh_client = $portVersion
+	cmd:dh_genprime = $portVersion
+	cmd:dh_server = $portVersion
+	cmd:dtls_client = $portVersion
+	cmd:dtls_server = $portVersion
+	cmd:ecdh_curve25519 = $portVersion
+	cmd:ecdsa = $portVersion
+	cmd:generic_sum = $portVersion
+	cmd:gen_entropy = $portVersion
+	cmd:gen_key = $portVersion
+	cmd:gen_random_ctr_drbg = $portVersion
+	cmd:gen_random_havege = $portVersion
+	cmd:hmac_demo = $portVersion
+	cmd:key_app = $portVersion
+	cmd:key_app_writer = $portVersion
+	cmd:key_ladder_demo = $portVersion
+	cmd:key_ladder_demo.sh = $portVersion
+	cmd:load_roots = $portVersion
+	cmd:md_hmac_demo = $portVersion
+	cmd:metatest = $portVersion
+	cmd:mini_client = $portVersion
+	cmd:mpi_demo = $portVersion
+	cmd:pem2der = $portVersion
+	cmd:pk_decrypt = $portVersion
+	cmd:pk_encrypt = $portVersion
+	cmd:pk_sign = $portVersion
+	cmd:pk_verify = $portVersion
+	cmd:psa_constant_names = $portVersion
+	cmd:psa_hash = $portVersion
+	cmd:query_compile_time_config = $portVersion
+	cmd:query_included_headers = $portVersion
+	cmd:req_app = $portVersion
+	cmd:rsa_decrypt = $portVersion
+	cmd:rsa_encrypt = $portVersion
+	cmd:rsa_genkey = $portVersion
+	cmd:rsa_sign = $portVersion
+	cmd:rsa_sign_pss = $portVersion
+	cmd:rsa_verify = $portVersion
+	cmd:rsa_verify_pss = $portVersion
+	cmd:selftest = $portVersion
+	cmd:ssl_cert_test = $portVersion
+	cmd:ssl_client1 = $portVersion
+	cmd:ssl_client2 = $portVersion
+	cmd:ssl_context_info = $portVersion
+	cmd:ssl_fork_server = $portVersion
+	cmd:ssl_mail_client = $portVersion
+	cmd:ssl_pthread_server = $portVersion
+	cmd:ssl_server = $portVersion
+	cmd:ssl_server2 = $portVersion
+	cmd:strerror = $portVersion
+	cmd:udp_proxy = $portVersion
+	cmd:udp_proxy_wrapper.sh = $portVersion
+	cmd:zeroize = $portVersion
+	"
+REQUIRES_tools="
+	mbedtls3$secondaryArchSuffix == $portVersion base
+	haiku$secondaryArchSuffix
+	lib:libz$secondaryArchSuffix
+	"
+CONFLICTS_tools="
+	mbedtls${secondaryArchSuffix}_tools
+	"
+
+PROVIDES_devel="
+	mbedtls3${secondaryArchSuffix}_devel = $portVersion
+	devel:libmbedcrypto$secondaryArchSuffix = $libVersionCompat
+	devel:libmbedtls$secondaryArchSuffix = $libVersionCompat
+	devel:libmbedx509$secondaryArchSuffix = $libVersionCompat
+	devel:libeverest$secondaryArchSuffix
+	devel:libp256m$secondaryArchSuffix
+	"
+REQUIRES_devel="
+	mbedtls3$secondaryArchSuffix == $portVersion base
+	"
+CONFLICTS_devel="
+	mbedtls${secondaryArchSuffix}_devel
+	"
+
+BUILD_REQUIRES="
+	haiku${secondaryArchSuffix}_devel
+	devel:libz$secondaryArchSuffix
+	"
+BUILD_PREREQUIRES="
+	cmd:cmake
+	cmd:gcc$secondaryArchSuffix
+	cmd:ninja
+	cmd:perl
+	cmd:python3
+	cmd:sed
+	"
+
+BUILD()
+{
+	export LDFLAGS="-lnetwork"
+	cmake -Bbuild -S. -G Ninja -DCMAKE_BUILD_TYPE=Release \
+		$cmakeDirArgs \
+		-DMBEDTLS_FATAL_WARNINGS=OFF \
+		-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
+		-DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
+		-Wno-dev
+	cmake --build build $jobArgs
+}
+
+INSTALL()
+{
+	cmake --install build
+
+	# remove useless binary
+	rm -r $prefix/bin/hello
+
+	prepareInstalledDevelLibs \
+		libmbedcrypto \
+		libmbedtls \
+		libmbedx509 \
+		libeverest \
+		libp256m
+	fixPkgconfig
+
+	# to be able to find libeverest and libp256m
+	sed "s,\${_IMPORT_PREFIX}/$relativeLibDir,\${_IMPORT_PREFIX}/$relativeDevelopLibDir," \
+		-i $libDir/cmake/MbedTLS/MbedTLSTargets-release.cmake
+
+	packageEntries devel \
+		"$developDir" \
+		"$libDir/cmake"
+
+	packageEntries tools \
+		$prefix/bin
+}
+
+TEST()
+{
+	LIBRARY_PATH="$sourceDir/library${LIBRARY_PATH:+:$LIBRARY_PATH}" ctest --test-dir build --output-on-failure
+}
diff --git a/net-libs/mbedtls/patches/mbedtls3-3.6.5.patchset b/net-libs/mbedtls/patches/mbedtls3-3.6.5.patchset
new file mode 100644
index 000000000..984ac236a
--- /dev/null
+++ b/net-libs/mbedtls/patches/mbedtls3-3.6.5.patchset
@@ -0,0 +1,86 @@
+From 026d5bec5ae378c85fe48b9e690d3c0dc2b88c56 Mon Sep 17 00:00:00 2001
+From: lizzie <lizzie@eden-emu.dev>
+Date: Thu, 23 Oct 2025 07:17:04 +0000
+Subject: [PATCH] haikuos fix for missing time() implementation
+
+---
+ library/platform_util.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/library/platform_util.c b/library/platform_util.c
+index 19ef07a..f6cb311 100644
+--- a/library/platform_util.c
++++ b/library/platform_util.c
+@@ -258,6 +258,9 @@ mbedtls_ms_time_t mbedtls_ms_time(void)
+     return current_ms;
+ }
+ #else
+-#error "No mbedtls_ms_time available"
++mbedtls_ms_time_t mbedtls_ms_time(void)
++{
++    return time(NULL) * 1000;
++}
+ #endif
+ #endif /* MBEDTLS_HAVE_TIME && !MBEDTLS_PLATFORM_MS_TIME_ALT */
+-- 
+2.51.0
+
+From 337e4bd036d45cd16cb38555fe98e4449e7d88fc Mon Sep 17 00:00:00 2001
+From: Luc Schrijvers <begasus@gmail.com>
+Date: Thu, 23 Oct 2025 08:49:36 +0000
+Subject: [PATCH 2/2] Using a hardcoded path like 'include' for headers path
+ doesn't follow GNUInstallDirs method.
+
+---
+ 3rdparty/everest/CMakeLists.txt | 2 +-
+ 3rdparty/p256-m/CMakeLists.txt  | 2 +-
+ include/CMakeLists.txt          | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
+index e0e5ade..f105c89 100644
+--- a/3rdparty/everest/CMakeLists.txt
++++ b/3rdparty/everest/CMakeLists.txt
+@@ -29,7 +29,7 @@ endif()
+ if(INSTALL_MBEDTLS_HEADERS)
+ 
+   install(DIRECTORY include/everest
+-    DESTINATION include
++    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+     DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+     FILES_MATCHING PATTERN "*.h")
+diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt
+index 2ef0d48..884002e 100644
+--- a/3rdparty/p256-m/CMakeLists.txt
++++ b/3rdparty/p256-m/CMakeLists.txt
+@@ -27,7 +27,7 @@ endif()
+ if(INSTALL_MBEDTLS_HEADERS)
+ 
+   install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+-    DESTINATION include
++    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+     DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+     FILES_MATCHING PATTERN "*.h")
+diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
+index e11e271..2df6661 100644
+--- a/include/CMakeLists.txt
++++ b/include/CMakeLists.txt
+@@ -6,11 +6,11 @@ if(INSTALL_MBEDTLS_HEADERS)
+     file(GLOB psa_headers "psa/*.h")
+ 
+     install(FILES ${headers}
+-        DESTINATION include/mbedtls
++        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+     install(FILES ${psa_headers}
+-        DESTINATION include/psa
++        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/psa
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+-- 
+2.51.0
+