Due to new checks in mbedTLS config sanitizer, TLS option can no longer
be left enabled, when TLS is not used. OpenThread needs MBEDTLS_MD_C
and MBEDTLS_CIPHER_C even without TLS being used, so we need an option
to enable them manually.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Update mbedTLS commit along with the following fixes:
* Fix naming inconsistencies in some cipher modes, to match core mbedTLS
configs
* Add Kconfig to enable CTR cipher mode
Fixes#22421
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Same deal as in commit eddd98f811 ("kconfig: Replace some single-symbol
'if's with 'depends on'"), for the remaining cases outside defconfig
files. See that commit for an explanation.
Will do the defconfigs separately in case there are any complaints
there.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Kconfig.tls-generic is already 'source'd within an 'if MBEDTLS' in
modules/Kconfig.mbedtls (the 'if' covers most of the file).
Flagged by https://github.com/zephyrproject-rtos/ci-tools/pull/128.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
A single menu within an if like
if FOO
menu "blah"
...
endmenu
endif
can be replaced with
menu "blah"
depends on FOO
...
endmenu
Fix up all existing instances.
Also remove redundant extra menus underneath 'menuconfig' symbols.
'menuconfig' already creates a menu.
Also remove the menu in arch/arm/core/aarch32/Kconfig around the
"Floating point ABI" choice. The choice depends on FLOAT, which depends
on CPU_HAS_CPU, so remove the 'depends on CPU_HAS_FPU' too.
Piggyback removing a redundant 'default n' for BME280.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
So far OpenThread compiled it's own, internal copy of mbedTLS library.
This commit changes this behavior by using Zephyr's mbedTLS instance
appropriately configured for OpenThread needs.
Generic mbedTLS config file was used in this case, so that application
can still configure remaining parts of mbedTLS for it's own needs.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
OpenThread tweaks some specific mbedTLS configs for it's own need, that
allows to save some RAM/ROM. Allow to set these in generic config file
if OpenThread is enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
From mbedTLS's description:
Enable deterministic ECDSA (RFC 6979).
Standard ECDSA is "fragile" in the sense that lack of entropy when
signing may result in a compromise of the long-term signing key. This
is avoided by the deterministic variant.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A lot of the Kconfig stuff gets copied around, so encourage a clean
compact style:
- Reduce license header spam
- Fix some broken indentation
- Turn a meaningless 'menuconfig' into a 'config'
- Remove a redundant QMSI menu
- Unscrunch comments: #Foo -> # Foo
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Robert Lubos