If CONFIG_POSIX_API is defined, automatically use time() function.
The alternative to that is to explicitly configure mbedTLS' timing
source via API, as required for "raw code", but if user enables
POSIX API, we as well might use existing mbedTLS integration.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
That means that when mbedTLS will need functions like snprintf(),
printf(), a few others, they will be used from libc, as done
normally by most of software. Note that mentioned functions
aren't normally used on code paths doing TLS communication per se.
Instead, they are used by debug logging, additional "print info"
style functions, etc.
Before, when MBEDTLS_PLATFORM_NO_STD_FUNCTIONS was defined, those
functions were stubbed out, so silently didn't work as expected
(a specific symptom seen was that some debug messages were printed
as garbage, because an buffer on stack was passed to dummy snprintf
stub, which didn't do anything to it, and its uninitialized contents
were printed afterwards. Instead, the expectation was that an
application would call a "setter" function to set snprintf, etc.
implementations as provided by application itself.
For Zephyr, we clearly don't need to burden applications with such
setup, instead Zephyr, as an OS, provides integrated environment
were matters like that "just work". So, we just switch to libc-based
functions. If there ever will be usecases for
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS, it can be made configurable later.
Fixes: #16303
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This menu contains just the MCUMGR symbol and its children. Get rid of
one menu level by removing it.
Makes the 'External Sources' menu look like this:
HALs --->
Cryptography --->
[ ] Fnmatch Support
[ ] OpenAMP Support
(open-amp) OpenAMP library source path
[ ] mcumgr Support
('OpenAMP library source path' being visible there might be a separate
issue.)
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Use tinycbor from the tinycbor repo directly and drop the library from
ext/.
Add entry to west.yml and update SHA.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Appears within an 'if MBEDTLS'.
'if FOO' is just shorthand for adding 'depends on FOO' to each item
within the 'if'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Maybe this is some "just in case" thing that got copied around. There's
no need to have a blank line at the beginning or end of Kconfig files.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
If we enable newlib we run into an issue with fcntl.h and the openamp
proxy support. We don't utilize the proxy support so just disable it by
default.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The mbedtls library has some globals which results in faults
when user mode tries to access them.
Instantiate a memory partition for mbedtls's globals.
The linker will place all globals found by building this
library into this partition.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Same change as in commit 8cf8db3a73 ("Kconfig: Use a short, consistent
style for prompts"), fixing stuff that got introduced since then.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This function conflicts with a function of the same name in mcuboot.
This happens when building USB DFU support into mcuboot.
DFU over USB uses image manager and mcuboot internals to manage images
downloaded to the device.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
This patch fixes an issue with an uninitialized variable in the x509
mbedtls feature. I sent a related patch to the mbedtls project so
that this can be fixed in the future.
https://github.com/ARMmbed/mbedtls/pull/2392
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Changes in flash_map API makes flash_area structure proper
interface for point the image area instead of direct flash-bank-offsets.
This patch align code to changed APIa and allows to support operation
on the partition in any flash device.
Signed-off-by: Findlay Feng <i@fengch.me>
During recent refactoring of mbedTLS generic config file, a regression
slipped in that prevented MBEDTLS_PEM_PARSE_C from being set, even
though the option was selected in Kconfig. The reason for this is the
fact that this config has dependency to MBEDTLS_X509_CRT_PARSE_C but it
was moved above the line where MBEDTLS_X509_CRT_PARSE_C was actually
set. Therefore, this dependency was never satisfied.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Update to new OpenAMP v2018.10 release. This release allows us to
utilize just rpmsg without remoteproc. The API set has changed and
requires updates to the openamp sample. Additionally, the changes
in this release reduce the code size footprint, and support a static
allocation memory model.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Extend generic mbedTLS configuration file with MBEDTLS_HAVE_ASM option,
to allow the use of assembly code. This improves the performances of
asymetric cryptography, however depending on the architecture and the
CPU, this might have an impact on the code size.
Set the default value ot the previous non-configurable value, ie enable
it by default except on ARM.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Extend generic mbedTLS configuration file with MBEDTLS_AES_ROM_TABLES
option. This allows to save some RAM (~8kB) in favour of ROM and
performance.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There is an effort underway to make most of the Zephyr build script's
reentrant. Meaning, the build scripts can be executed multiple times
during the same CMake invocation.
Reentrancy enables several use-cases, the motivating one is the
ability to build several Zephyr executables, or images, for instance a
bootloader and an application.
For build scripts to be reentrant they cannot be directly referencing
global variables, like target names, but must instead reference
variables, which can vary from entry to entry.
Therefore, in this patch, we replace global targets with variables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Since 2.14.1 release mbedTLS has a few API changes and deprecation which
do not affect the Zephyr code and a new MBEDTLS_CHECK_PARAMS option that
enables validation of parameters in the API. A list with all changes can
be found in:
./ext/lib/crypto/mbedtls/ChangeLog
Note that this version will become the basis of the next LTS (Long Term
Support) branch that will be maintained for the next 3 years until at
least the end of 2021.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Since 2.12.0 release mbedTLS has an important security fix concerning
RSA PKCS#1 v1.5 decryption (CVE-2018-19608). Besides that it has very
few API changes, and the usual set of functional improvements, security
fixes and bug fixes. A list with all changes can be found in:
./ext/lib/crypto/mbedtls/ChangeLog
It should also be noted that the small change concerning _POSIX_C_SOURCE
applied to x509.c has been moved to platform_util.c, this time with a
proper define guard.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Currently there is a mixed approach in prefixes from mbedTLS
configuration (MBEDTLS_ and TLS_). The latter was used in generic config
file and could bring up confusion that it can only be used with TLS
subsystem. Hence unify the approach to MBEDTLS_ prefix to avoid such
confusion.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Extend generic mbedTLS config file with additional algorithms. Add
separate RNG section. Add switches to enable all algorithms in specific
group.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
This patch introduce version which add two new features:
- ability to resume partial upload
- option to not compile taskstat and echo commands
Origin: mcumgr
License: Apache 2.0
URL: https://github.com/apache/mynewt-mcumgr
Commit: 6251689367fcfe92898b90978b877a242b6e4b24
Purpose: New features
Maintained-by: External
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
The toolchain information is using out of date (and misspelled)
environment variables. Rather than duplicate information here which is
already present in the getting started guide, just link to it.
Clean up some other docs.
Signed-off-by: Marti Bolivar <marti@foundries.io>
This patch introduce version which fixes following bug:
It was possible to erase slot 1 while it stores confirmed image
while ongoing test run - this is unwanted behavior which allow
to even brick remote device accidentally.
This patch add check for such case of test run etc.
This also aligns condition required for erase command
execution to similar as upload command requires.
Origin: mcumgr
License: Apache 2.0
URL: https://github.com/apache/mynewt-mcumgr
Commit: 91a76b95b1b81aba06e30ee168e5ee5975cdfe93
Purpose: Bug Fix
Maintained-by: External
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Library will be used by new shell implementation.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
Since 2.9.0 release mbedTLS has some minor functional improvements,
security fixes and bug fixed. A list with all changes can be found
in:
./ext/lib/crypto/mbedtls/ChangeLog
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Update tinycrypt to latest revision, two commits after 0.2.8 release.
These commits are only bug fixes and one of them is fixing incorrect
buffer size in decryption with CBC mode.
This algorithm is being used by tinycrypt shim and is tested in
samples/drivers/crypto/.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
- Remove redundant 'n' defaults. 'n' is the default value for bool
symbols.
This makes the auto-generated documentation clearer as well: You get
"implicitly defaults to n" instead of
"- n if <propagated dependencies>".
- Shorten
<type>
prompt "foo"
to
<type> "foo"
This works for all types, not just bool.
- Various formatting nits.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Default configuration of config-tls-generic.h mimics the current default
config file configuration - config-mini-tls1_2.h, thererfore it can be
safely used instead of it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commits provides a config file for mbedtls that can be modifed by
Kconfig. In result features like supported ciphersuites can be easily
adjusted from Kconfig.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This update to the latest master of mcumgr fixes a memory corruption in
the image management and updates the readme.
Fixes#7924
Origin: mcumgr
License: Apache 2.0
URL: https://github.com/apache/mynewt-mcumgr
commit: a837a731b94927c6198e39744cd6d979be23942a
Purpose: Fix memory corruption
Maintained-by: External
Signed-off-by: Johannes Hutter <johannes@proglove.de>
Bool symbols implicitly default to 'n'.
A 'default n' could make sense e.g. in a Kconfig.defconfig file, if you
wanted to override a 'default y' on the base definition of the symbol,
but it doesn't seem to be used like that on any of these symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
mbedTLS 2.9.0 removed several macros from the config-ccm-psk-tls1_2.h
configuration that we need defined to build mbedTLS in zephyr. This
fixes the CI build failure in samples/net/mbedtls_sslclient
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Mbed TLS 2.9.0 introduces some minor functional improvements including
code size reductions with smaller AES tables, and initial support for
Curve448 along with some security fixes and bug fixes.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Introduce a Kconfig option (CONFIG_OPENAMP_SRC_PATH) that allows us to
point to an external copy of open-amp.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
With recent changes to open-amp we can now include and build it directly
as a zephyr library rather than doing a recursive make. We remove
ext/lib/ipc/open-amp.cmake as part of this change and introduce a
Kconfig option for open-amp.
Fixes: #7673
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Anas Nashif