open-coap · JuhaPekkaa · Nov 7, 2025 · Nov 7, 2025 · Nov 7, 2025 · Nov 7, 2025
diff --git a/.github/workflows/compile-mbedtls.yml b/.github/workflows/compile-mbedtls.yml
@@ -51,7 +51,7 @@ jobs:
           VENV_DIR=$(mktemp -d)
           python3 -m venv ${VENV_DIR}
           source ${VENV_DIR}/bin/activate
-          LDFLAGS='-arch x86_64 -arch arm64' CFLAGS='-O2 -arch x86_64 -arch arm64' DLEXT=dylib OSARCH=darwin ./compileMbedtls.sh
+          DLEXT=dylib OSARCH=darwin CMAKE_EXTRA='-DCMAKE_OSX_ARCHITECTURES=arm64;x86_64' ./compileMbedtls.sh
       - name: Archive artifacts
         uses: actions/upload-artifact@v5
         with:
@@ -74,9 +74,7 @@ jobs:
           MBEDTLS_VERSION: ${{ inputs.mbedtlsVersion }}
         run: |
           WINDOWS=1 \
-          OBJEXT=obj \
           CMAKE_EXTRA='-DCMAKE_C_FLAGS=-D__USE_MINGW_ANSI_STDIO=0' \
-          LDFLAGS='-lbcrypt -lws2_32 -lwinmm -lgdi32 -L. -static-libgcc' \
           DLEXT=dll \
           OSARCH=win32-x86-64 \
           ./compileMbedtls.sh

diff --git a/Readme.md b/Readme.md
@@ -108,17 +108,15 @@ Linux (x86_64):
 
 Mac (intel and arm):
 
-`LDFLAGS='-arch x86_64 -arch arm64' CFLAGS='-O2 -arch x86_64 -arch arm64' DLEXT=dylib OSARCH=darwin ./compileMbedtls.sh`
+`DLEXT=dylib OSARCH=darwin CMAKE_EXTRA='-DCMAKE_OSX_ARCHITECTURES="arm64;x86_64"' ./compileMbedtls.sh`
 
 Windows
 
 - `docker run -it -v$(pwd):/work --rm dockcross/windows-static-x64 \
     sh -c "apt-get update && apt-get install -y python3-venv && \
     WINDOWS=1 \
-    LDFLAGS='-lws2_32 -lwinmm -lgdi32 -lbcrypt -L. -static-libgcc' \
-    DLEXT=dll \
     OBJEXT=obj \
-    CMAKE_EXTRA='-DCMAKE_C_FLAGS=-D__USE_MINGW_ANSI_STDIO=0' \
+    CMAKE_EXTRA='-DCMAKE_TOOLCHAIN_FILE=/usr/local/x86_64-w64-mingw32.toolchain.cmake -DCMAKE_C_FLAGS=-D__USE_MINGW_ANSI_STDIO=0' \
     OSARCH=win32-x86-64 \
     ./compileMbedtls.sh"`
 

diff --git a/compileMbedtls.sh b/compileMbedtls.sh
@@ -7,9 +7,8 @@ BUILD_DIR=mbedtls-lib/build/mbedtls-${MBEDTLS_VERSION}
 DLEXT="${DLEXT:-so}"
 OSARCH="${OSARCH:-linux-x86-64}"
 CC="${CC:-gcc}"
-LDFLAGS="${LDFLAGS:-}"
-OBJEXT="${OBJEXT:-o}"
 CMAKE_EXTRA="${CMAKE_EXTRA:-}"
+LIB_DIR="mbedtls-lib/bin/$OSARCH"
 
 # prepare build directory
 mkdir -p mbedtls-lib/build
@@ -31,22 +30,41 @@ fi
 python3 ${BUILD_DIR}/scripts/config.py -f "${BUILD_DIR}/include/mbedtls/mbedtls_config.h" unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 python3 ${BUILD_DIR}/scripts/config.py -f "${BUILD_DIR}/include/mbedtls/mbedtls_config.h" set MBEDTLS_SSL_DTLS_CONNECTION_ID
 
-# Run cmake configuration
-cmake -S "${BUILD_DIR}" -B "${BUILD_DIR}"/build -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_BUILD_TYPE=Release ${CMAKE_EXTRA}
+echo "Configuring CMake..."
+cmake \
+  -S "${BUILD_DIR}" \
+  -B "${BUILD_DIR}"/build \
+  -DUSE_SHARED_MBEDTLS_LIBRARY=On \
+  -DCMAKE_BUILD_TYPE=Release \
+  ${CMAKE_EXTRA}
 
-cmake --build "${BUILD_DIR}"/build --target lib
+echo "Building MbedTLS..."
+cmake --build "${BUILD_DIR}"/build --parallel --target lib
 
 # create single shared library
-LIB_DIR="mbedtls-lib/bin/$OSARCH"
 mkdir -p ${LIB_DIR}
 rm -f ${LIB_DIR}/* 2>/dev/null || true
 
-$CC -shared \
-    ${BUILD_DIR}/build/library/CMakeFiles/mbedtls.dir/*.${OBJEXT} \
-    ${BUILD_DIR}/build/library/CMakeFiles/mbedx509.dir/*.${OBJEXT} \
-    ${BUILD_DIR}/build/tf-psa-crypto/core/CMakeFiles/tfpsacrypto.dir/*.${OBJEXT} \
-    ${BUILD_DIR}/build/tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src/*.${OBJEXT} \
-    -o ${LIB_DIR}/libmbedtls-${MBEDTLS_VERSION}.${DLEXT} ${LDFLAGS}
+echo "Copying .so files out of build directory to $LIB_DIR..."
+find "${BUILD_DIR}/build/library" -maxdepth 1 -type f -name "*.${DLEXT}*" -exec cp {} "${LIB_DIR}/" \;
+
+# Rename file.so.4.0.0 => file.4.0.0.so
+if [[ "$DLEXT" == "so" ]]; then
+    # Linux
+    mv "${LIB_DIR}/libmbedtls.so.4.0.0" "${LIB_DIR}/libmbedtls-4.0.0.so"
+    mv "${LIB_DIR}/libmbedx509.so.4.0.0" "${LIB_DIR}/libmbedx509-4.0.0.so"
+    mv "${LIB_DIR}/libtfpsacrypto.so.1.0.0" "${LIB_DIR}/libtfpsacrypto-1.0.0.so"
+elif [[ "$DLEXT" == "dylib" ]]; then
+    # macOS
+    mv "${LIB_DIR}/libmbedtls.4.0.0.dylib" "${LIB_DIR}/libmbedtls-4.0.0.dylib"
+    mv "${LIB_DIR}/libmbedx509.4.0.0.dylib" "${LIB_DIR}/libmbedx509-4.0.0.dylib"
+    mv "${LIB_DIR}/libtfpsacrypto.1.0.0.dylib" "${LIB_DIR}/libtfpsacrypto-1.0.0.dylib"
+elif [[ "$DLEXT" == "dll" ]]; then
+    # Windows
+    mv "${LIB_DIR}/libmbedtls.dll" "${LIB_DIR}/mbedtls-4.0.0.dll"
+    mv "${LIB_DIR}/libmbedx509.dll" "${LIB_DIR}/mbedx509-4.0.0.dll"
+    mv "${LIB_DIR}/libtfpsacrypto.dll" "${LIB_DIR}/tfpsacrypto-1.0.0.dll"
+fi
 
 # generate kotlin object with memory sizes
 gcc mbedtls-lib/mbedtls_sizeof_generator.c \

diff --git a/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/MbedtlsApi.kt b/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/MbedtlsApi.kt
@@ -33,19 +33,26 @@ import java.util.Properties
 Defines mbedtls native functions that can be used from jvm.
  */
 internal object MbedtlsApi {
-    private val libraryName = javaClass.classLoader.getResourceAsStream("mbedtls.properties").use { resource ->
-        Properties().apply { load(resource) }.let { props ->
-            val mbedtlsVersion = props.getProperty("mbedtlsVersion")
-            if (Platform.isWindows()) "libmbedtls-$mbedtlsVersion" else "mbedtls-$mbedtlsVersion"
+
+    private var LIB_MBEDTLS: NativeLibrary
+    val PSA_VERSION: String by lazy { properties.getProperty("psaVersion") }
+    val MBEDTLS_VERSION: String by lazy { properties.getProperty("mbedtlsVersion") }
+
+    private val properties: Properties by lazy {
+        javaClass.classLoader.getResourceAsStream("mbedtls.properties").use { resource ->
+            Properties().apply { load(resource) }
         }
     }
-    private val LIB_MBEDTLS = NativeLibrary.getInstance(libraryName)
 
     init {
-        Native.register(LIB_MBEDTLS)
-        Native.register(Crypto::class.java, LIB_MBEDTLS)
-        Native.register(X509::class.java, LIB_MBEDTLS)
+        val libPrefix = if (Platform.isWindows()) "lib" else ""
+        val LIB_TFPSACRYPTO = NativeLibrary.getInstance(libPrefix + "tfpsacrypto-$PSA_VERSION")
+        val LIB_MBEDX509 = NativeLibrary.getInstance(libPrefix + "mbedx509-$MBEDTLS_VERSION")
+        LIB_MBEDTLS = NativeLibrary.getInstance(libPrefix + "mbedtls-$MBEDTLS_VERSION")
 
+        Native.register(LIB_MBEDTLS)
+        Native.register(X509::class.java, LIB_MBEDX509)
+        Native.register(Crypto::class.java, LIB_TFPSACRYPTO)
         configureLogThreshold()
     }
 

diff --git a/kotlin-mbedtls/src/main/resources/mbedtls.properties b/kotlin-mbedtls/src/main/resources/mbedtls.properties
@@ -15,3 +15,4 @@
 #
 
 mbedtlsVersion=4.0.0
+psaVersion=1.0.0
diff --git a/mbedtls-lib/bin/darwin/libmbedtls-4.0.0.dylib b/mbedtls-lib/bin/darwin/libmbedtls-4.0.0.dylib
diff --git a/mbedtls-lib/bin/darwin/libmbedx509-4.0.0.dylib b/mbedtls-lib/bin/darwin/libmbedx509-4.0.0.dylib
diff --git a/mbedtls-lib/bin/darwin/libtfpsacrypto-1.0.0.dylib b/mbedtls-lib/bin/darwin/libtfpsacrypto-1.0.0.dylib
diff --git a/mbedtls-lib/bin/linux-x86-64/libmbedtls-4.0.0.so b/mbedtls-lib/bin/linux-x86-64/libmbedtls-4.0.0.so
diff --git a/mbedtls-lib/bin/linux-x86-64/libmbedx509-4.0.0.so b/mbedtls-lib/bin/linux-x86-64/libmbedx509-4.0.0.so
diff --git a/mbedtls-lib/bin/linux-x86-64/libtfpsacrypto-1.0.0.so b/mbedtls-lib/bin/linux-x86-64/libtfpsacrypto-1.0.0.so
diff --git a/mbedtls-lib/bin/win32-x86-64/libmbedtls-4.0.0.dll b/mbedtls-lib/bin/win32-x86-64/libmbedtls-4.0.0.dll
diff --git a/mbedtls-lib/bin/win32-x86-64/libmbedx509-4.0.0.dll b/mbedtls-lib/bin/win32-x86-64/libmbedx509-4.0.0.dll
diff --git a/mbedtls-lib/bin/win32-x86-64/libtfpsacrypto-1.0.0.dll b/mbedtls-lib/bin/win32-x86-64/libtfpsacrypto-1.0.0.dll
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,3 +15,4 @@
		#

		mbedtlsVersion=4.0.0
		psaVersion=1.0.0