package/mbedtls: fix zlib support

To enable compression support using zlib it is necessary to uncomment
the define for MBEDTLS_ZLIB_SUPPORT in config.h [1].

Note, that enabling TLS compression may make mbedTLS vulnerable to the
CRIME attack [1]. It should not be enabled unless is is sure CRIME and
similar attacks are not applicable to the particulare situation.

As zlib is probably enabled in most systems, maybe it is best to make
the compression support a user choice and add the warning from [1]?

[1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk
index a8bd61f129a8730ae7b5e834f8217267db7a4568..7171af9f9830a4dc394e5ca932ac4fd3ee3bea48 100644 (file)
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@@ -42,6 +42,11 @@ endif
 ifeq ($(BR2_PACKAGE_ZLIB),y)
 MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=ON
 MBEDTLS_DEPENDENCIES += zlib
+define MBEDTLS_ENABLE_ZLIB
+       $(SED) "s://#define MBEDTLS_ZLIB_SUPPORT:#define MBEDTLS_ZLIB_SUPPORT:" \
+               $(@D)/include/mbedtls/config.h
+endef
+MBEDTLS_POST_PATCH_HOOKS += MBEDTLS_ENABLE_ZLIB
 else
 MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=OFF
 endif