4 files changed, 146 insertions, 1 deletions

diff --git a/fetchReleases.py b/fetchReleases.py
index cca8f9b..0945c43 100644
--- a/fetchReleases.py
+++ b/fetchReleases.py
@@ -162,12 +162,42 @@ def fetch_gcrypt():
 
 
 
+def fetch_mbedtls():
+    # Mbed-TLS/mbedtls
+    pkg = "mbedtls"
+    owner = "Mbed-TLS"
+    repo = "mbedtls"
+    release_url = f"https://api.github.com/repos/{owner}/{repo}/releases"
+    resp = requests.get(release_url)
+
+    single_version_template = env.from_string("""{{ flat_version }} = buildECTesterStandalone {
+    {{ pkg }} = { version="{{ version }}"; hash="{{ digest }}"; };
+  };""")
+    renders = []
+    for release in resp.json():
+        if not release['draft'] and not release['prerelease']:
+            version = release['tag_name']
+            print(version)
+            flat_version = version.replace('.', '')
+            download_url = f"https://github.com/{owner}/{repo}/archive/{version}.tar.gz"
+            digest = get_source_hash(download_url, unpack=True)
+
+
+            rendered = single_version_template.render(pkg=pkg, digest=digest, flat_version=flat_version, version=version).strip()
+            renders.append(rendered)
+
+    all_versions = all_versions_template.render(pkg_versions=renders).strip()
+    with open(f"./nix/{pkg}_pkg_versions.nix", "w") as handle:
+        handle.write(all_versions)
+
 
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument("lib")
     args = parser.parse_args()
 
+    print(f"Fetching versions and source hashes for: {args.lib}")
+
     match args.lib:
         case "botan":
             fetch_botan()
@@ -177,6 +207,10 @@ def main():
             fetch_openssl()
         case "gcrypt":
             fetch_gcrypt()
+        case "mbedtls":
+            fetch_mbedtls()
+        case _:
+            print("Unknown library")
 
 
 if __name__ == '__main__':
diff --git a/flake.nix b/flake.nix
index b3dc8db..36d4e89 100644
--- a/flake.nix
+++ b/flake.nix
@@ -77,6 +77,18 @@
         libgpg-error = pkgs.libgpg-error.overrideAttrs (final: prev: {
           configureFlags = ( prev.configureFlags or [] ) ++ [ "--enable-static" ];
         });
+
+        mbedtlsBuilder = { version, hash}: pkgs.mbedtls.overrideAttrs (final: prev: {
+          src = if version == null then prev.src else pkgs.fetchFromGitHub {
+            owner = "Mbed-TLS";
+            repo = "mbedtls";
+            rev = "mbedtls-${version}";
+            inherit hash;
+            # mbedtls >= 3.6.0 uses git submodules
+            fetchSubmodules = true;
+          };
+        });
+
         libtomcryptBuilder = { tcVersion, tcHash, tmVersion, tmHash }:
         (pkgs.libtomcrypt.override { libtommath = libtommathBuilder { version = tmVersion; hash = tmHash; }; }).overrideAttrs (final: prev: 
         let
@@ -203,7 +215,7 @@
         opensslShimBuilder = { version, hash }: import ./nix/opensslshim.nix { inherit pkgs; openssl = (opensslBuilder { version = version; hash = hash;}); };
         boringsslShim = import ./nix/boringsslshim.nix { inherit pkgs; boringssl = boringssl; };
         gcryptShimBuilder = { version, hash}: import ./nix/gcryptshim.nix { inherit pkgs libgpg-error; libgcrypt = libgcryptBuilder { inherit version hash; }; };
-        mbedtlsShim = import ./nix/mbedtlsshim.nix { pkgs = pkgs; };
+        mbedtlsShimBuilder = { version, hash }: import ./nix/mbedtlsshim.nix { inherit pkgs; mbedtls = ( mbedtlsBuilder { inherit version hash; }); };
         ippcpShim = import ./nix/ippcpshim.nix { pkgs = pkgs; ipp-crypto = customPkgs.ipp-crypto; };
         nettleShim = import ./nix/nettleshim.nix { inherit pkgs nettle gmp; };
         libresslShim = import ./nix/libresslshim.nix { inherit pkgs libressl; };
@@ -218,6 +230,7 @@
           openssl ? { version = null; hash = null; },
           boringssl ? { version = null; hash = null; },
           gcrypt ? { version = null; hash = null; },
+          mbedtls ? { version = null; hash = null; },
         }: (
           let
             tomcryptShim = tomcryptShimBuilder {
@@ -230,6 +243,7 @@
             botanShim = botanShimBuilder { inherit (botan) version source_extension hash; };
             cryptoppShim = cryptoppShimBuilder { inherit (cryptopp) version hash; };
             gcryptShim = gcryptShimBuilder { inherit (gcrypt) version hash; };
+            mbedtlsShim = mbedtlsShimBuilder { inherit (mbedtls) version hash; };
           in
           with pkgs;
             gradle2nix.builders.${system}.buildGradlePackage rec {
@@ -287,6 +301,7 @@
           openssl = pkgs.callPackage ./nix/openssl_pkg_versions.nix { inherit buildECTesterStandalone; };
           boringssl = pkgs.callPackage ./nix/boringssl_pkg_versions.nix { inherit buildECTesterStandalone; };
           gcrypt = pkgs.callPackage ./nix/gcrypt_pkg_versions.nix { inherit buildECTesterStandalone; };
+          mbedtls = pkgs.callPackage ./nix/mbedtls_pkg_versions.nix { inherit buildECTesterStandalone; };
 
           fetchReleases = with pkgs.python3Packages; buildPythonApplication {
             pname = "fetchReleases";
diff --git a/nix/mbedtls_pkg_versions.nix b/nix/mbedtls_pkg_versions.nix
new file mode 100644
index 0000000..e429a4a
--- /dev/null
+++ b/nix/mbedtls_pkg_versions.nix
@@ -0,0 +1,95 @@
+{
+  buildECTesterStandalone
+}:
+{
+  v360 = buildECTesterStandalone {
+    mbedtls = { version="v3.6.0"; hash="sha256-yzGBkrqh+T/5GS66xL5zJstCmvcfG09TfxqA3F8UPJg="; };
+  };
+  v2288 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.8"; hash="sha256-A1DYZrvJ8SRujroVwqPfcTOSgLnT5xRat/RVdq2fL/o="; };
+  };
+  v352 = buildECTesterStandalone {
+    mbedtls = { version="v3.5.2"; hash="sha256-lVGmnSYccNmRS6vfF/fDiny5cYRPc/wJBpgciFLPUvM="; };
+  };
+  v2287 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.7"; hash="sha256-JI0Frbz4HkPqrLQNrSIj1ikN8201h4kd1wTwyPotERw="; };
+  };
+  v351 = buildECTesterStandalone {
+    mbedtls = { version="v3.5.1"; hash="sha256-HxsHcGbSExp1aG5yMR/J3kPL4zqnmNoN5T5wfV3APaw="; };
+  };
+  v2286 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.6"; hash="sha256-1YyA3O0/u7Tcf8rhNmrMGF64/tnitQH65THpXa7N7P8="; };
+  };
+  mbedtls-350 = buildECTesterStandalone {
+    mbedtls = { version="mbedtls-3.5.0"; hash="sha256-uHHQmaAmFS8Vd7PrAfRpK+aNi3pJ76XBC7rFWcd16NU="; };
+  };
+  mbedtls-2285 = buildECTesterStandalone {
+    mbedtls = { version="mbedtls-2.28.5"; hash="sha256-Gl4UQMSvAwYbOi2b/AUMz+zgkOl1o0UA2VveF/3ek8o="; };
+  };
+  v341 = buildECTesterStandalone {
+    mbedtls = { version="v3.4.1"; hash="sha256-NIjyRcVbg6lT6+RlTz5Jt6V9T85mvta5grOSLIAK9Ts="; };
+  };
+  v2284 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.4"; hash="sha256-88Lnj9NgS5PWg2hydvb9cwi6s6BG3UMvkUH2Ny1jmtE="; };
+  };
+  v340 = buildECTesterStandalone {
+    mbedtls = { version="v3.4.0"; hash="sha256-1YA4hp/VEjph5k0qJqhhH4nBbTP3Qu2pl7WpuvPkVfg="; };
+  };
+  v2283 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.3"; hash="sha256-w5bJErCNRZLE8rHcuZlK3bOqel97gPPMKH2cPGUR6Zw="; };
+  };
+  v330 = buildECTesterStandalone {
+    mbedtls = { version="v3.3.0"; hash="sha256-yb5migP5Tcw99XHFzJkCct4f5R6ztxPR43VQcfTGRtE="; };
+  };
+  v2282 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.2"; hash="sha256-rbWvPrFoY31QyW/TbMndPXTzAJS6qT/bo6J0IL6jRvQ="; };
+  };
+  v321 = buildECTesterStandalone {
+    mbedtls = { version="v3.2.1"; hash="sha256-+M36NvFe4gw2PRbld/2JV3yBGrqK6soWcmrSEkUNcrc="; };
+  };
+  v320 = buildECTesterStandalone {
+    mbedtls = { version="v3.2.0"; hash="sha256-b0c8E3eFwHw2bbvAOQY55RRkXVcx9hUCmkZA9QlRodQ="; };
+  };
+  v2281 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.1"; hash="sha256-brbZB3fINDeVWXf50ct4bxYkoBVyD6bBBijZyFQSnyw="; };
+  };
+  v310 = buildECTesterStandalone {
+    mbedtls = { version="v3.1.0"; hash="sha256-esQe1qnM1yBzNPpd+qog3/8guttt6CKUiyzIQ1nMfJs="; };
+  };
+  v2280 = buildECTesterStandalone {
+    mbedtls = { version="v2.28.0"; hash="sha256-VDoIUBaK2e0E5nkwU1u3Wvxc+s6OzBSdIeHsJKJuZ2g="; };
+  };
+  v21612 = buildECTesterStandalone {
+    mbedtls = { version="v2.16.12"; hash="sha256-EjIbPWiqq0Xif1sXV59mM0qfDjsHuOomDlRWrFKlt6Q="; };
+  };
+  v300 = buildECTesterStandalone {
+    mbedtls = { version="v3.0.0"; hash="sha256-M4PQwsa856Hy3QXKwnNRp4alk5oVJBGkDEjZWf6vT4s="; };
+  };
+  v2270 = buildECTesterStandalone {
+    mbedtls = { version="v2.27.0"; hash="sha256-vlZZnN/XAlmoDhRJTZUcrToeCiGaQrKe6k2t3G1My0M="; };
+  };
+  v21611 = buildECTesterStandalone {
+    mbedtls = { version="v2.16.11"; hash="sha256-sas6xdOUM8cTomXEBpvi6eCOLcCO9vvRmvUIu4kEdRg="; };
+  };
+  v2260 = buildECTesterStandalone {
+    mbedtls = { version="v2.26.0"; hash="sha256-VbgYI7I6BxcuW9EvRr0CXVPsRBNlsIl3Pti8/XK9nGk="; };
+  };
+  v21610 = buildECTesterStandalone {
+    mbedtls = { version="v2.16.10"; hash="sha256-ar1JVepzNjD6jgp9V0G/YNajO7s0sxYe3t0v8O0sVs4="; };
+  };
+  v2719 = buildECTesterStandalone {
+    mbedtls = { version="v2.7.19"; hash="sha256-0GAoJMq6O0j8WwwhknD486XcaCALZ3TW5mxKcliISmY="; };
+  };
+  v2250 = buildECTesterStandalone {
+    mbedtls = { version="v2.25.0"; hash="sha256-UQ0z374ptC1m7Ezomj7BuMG2+yYg+ByOGYI9zKzlceQ="; };
+  };
+  v2169 = buildECTesterStandalone {
+    mbedtls = { version="v2.16.9"; hash="sha256-jhWJh4gKU0JOERANiYSI3me0oMDTRJ7ZQaKhNc6w51c="; };
+  };
+  v2718 = buildECTesterStandalone {
+    mbedtls = { version="v2.7.18"; hash="sha256-SkAK9lTqdc3VbJyu8VNHR1PPUlt/+swIJl/R5l7zhUg="; };
+  };
+  v2240 = buildECTesterStandalone {
+    mbedtls = { version="v2.24.0"; hash="sha256-zO65lsM/nw0NfqvRGT+n8sRT2hpdvMzcJR4nve7F0SM="; };
+  };
+}
diff --git a/nix/mbedtlsshim.nix b/nix/mbedtlsshim.nix
index 2dff2f0..cbb850c 100644
--- a/nix/mbedtlsshim.nix
+++ b/nix/mbedtlsshim.nix
@@ -1,5 +1,6 @@
 {
   pkgs
+  , mbedtls
 }:
 with pkgs; stdenv.mkDerivation rec {
   name = "MbedTLSShim";