Mbed-TLS Command Line Utility (mbedtls-clu)

Thought I would post this here as it may be of interest to someone.
I’ve slapped together (read: it works, but a bit ugly) an mbedtls compatible partial replacement of the openssl command line utility.

This was driven by Gargoyle wanting to move to shipping Mbed-TLS instead of OpenSSL for size considerations, but a desire to continue using OpenVPN EasyRSA.

A few quirks, not all of them documented and it needs a good cleanup and additional features, but maybe it is useful to someone. Code contributions welcome.
It also currently relies on another library for some lazy string manipulation which could be baked out, but I had a Gargoyle-centric purpose in mind when starting.

Example Makefile for including into OpenWrt

include $(TOPDIR)/rules.mk

PKG_NAME:=mbedtls-clu
PKG_SOURCE_DATE:=2024-02-03
PKG_SOURCE_VERSION:=081464ba1364d5847fa2bf6f02d6d0210498da69
PKG_VERSION:=1.0.0
PKG_RELEASE:=1

MAKE_PATH:=src

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=https://github.com/lantis1008/mbedtls-clu.git
PKG_MIRROR_HASH:=9305c723c4ddd7139e0e982c77a6af52b5d885dcfee1d6023fc7e912e3445e69

include $(INCLUDE_DIR)/package.mk

define Package/mbedtls-clu
	SECTION:=utils
	CATEGORY:=Utilities
	DEPENDS:=+libmbedtls +libericstools
	TITLE:=MbedTLS CLU
	MAINTAINER:=Michael Gray <support@lantisproject.com>
endef

define Package/mbedtls-clu/description
	This package contains the MbedTLS Command-Line Utility.
endef

define Package/mbedtls-clu/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mbedtls-clu $(1)/usr/bin/mbedtls
endef

$(eval $(call BuildPackage,mbedtls-clu))
2 Likes

Sounds like a good idea. Could indeed be useful.

Looks like OpenWrt has libmbedtlsXX where XX is a number (12 in 23.05) but opkg finds it ok.
But libericstools does not exist.

Are Eric's tools for the lazy string manipulation? :smiley:

Yeah pretty lazy but I was just trying to slap something together in a hurry. I could remove the dependency by bringing in then code I need or just coding it properly but it’s low on the priority at the moment.
If it was a barrier for someone using it I would solve it though.

I can understand that.
This as a package could indeed be very useful. Currently people work around the lack of such tools by installing openssl-util at the expense of using up lots of valuable space.
But now as libmbedtls is installed by default the value of a package like this suddenly ramps up dramatically.

The quickest way forward?

I would very much encourage you if you could spare some time for it!

This is the simplest way to achieve it for now. This at least makes it easier to try for new players.
For OpenWrt, DLINK_LIBERICTOOLS would be 0 and Gargoyle would set this 1.

include $(TOPDIR)/rules.mk

PKG_NAME:=mbedtls-clu
PKG_SOURCE_DATE:=2024-04-04
PKG_SOURCE_VERSION:=085fee4b401d58ceee2ca524c0b480ffe7aaeb7b
PKG_VERSION:=1.0.0
PKG_RELEASE:=2

MAKE_PATH:=src

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=https://github.com/lantis1008/mbedtls-clu.git
PKG_MIRROR_HASH:=ff96c13212c4dc83b221555a1712c891d01e87ddeb22393dc921708aa372f0d3

# Set to 1 to dynamically link libericstools, or 0 to static compile
DLINK_LIBERICSTOOLS:=0

include $(INCLUDE_DIR)/package.mk

ifeq (1,$(DLINK_LIBERICSTOOLS))
	LIBDEPENDS=+libericstools
else
	MAKE_FLAGS += \
		STATIC_LIBS="1"
endif

define Package/mbedtls-clu
	SECTION:=utils
	CATEGORY:=Utilities
	DEPENDS:=+libmbedtls $(LIBDEPENDS)
	TITLE:=MbedTLS CLU
	MAINTAINER:=Michael Gray <support@lantisproject.com>
endef

define Package/mbedtls-clu/description
	This package contains the MbedTLS Command-Line Utility.
endef

define Package/mbedtls-clu/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mbedtls-clu $(1)/usr/bin/mbedtls
endef

$(eval $(call BuildPackage,mbedtls-clu))