- 20 Apr, 2021 1 commit
-
-
Raptor Engineering Development Team authored
-
- 16 Mar, 2021 1 commit
-
-
Eduardo Montoya authored
Add support for usage of generic public key functions. Signed-off-by: Eduardo Montoya <eduardo.montoya@nordicsemi.no>
-
- 25 Jan, 2021 1 commit
-
-
Flavio Ceolin authored
Origin: ARMmbed/mbedTLS License: Apache-2.0 OR GPL-2.0-or-later URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.9 commit: 3fac0bae4a50113989b3d015cd2d948f51a6d9ac Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
- 10 Nov, 2020 1 commit
-
-
Marcin Niestroj authored
This option allows debugging of buffer allocator memory issues. Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
-
- 26 Oct, 2020 1 commit
-
-
Emil Hammarstrom authored
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
-
- 15 Sep, 2020 1 commit
-
-
Flavio Ceolin authored
Bump mbedTLS to 2.16.8 Origin: ARMmbed/mbedTLS License: Apache-2.0 OR GPL-2.0-or-later URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.8 commit: 848a4e06b375e067552f1a21d4bc69322c673217 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
- 11 Sep, 2020 1 commit
-
-
Jukka Rissanen authored
This option can be used to enable RFC 6066 server name indication (SNI) support in SSL. This requires that MBEDTLS_X509_CRT_PARSE_C is also set. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
-
- 02 Sep, 2020 1 commit
-
-
Tomasz Bursztyka authored
Switching device parameter to constant. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
-
- 03 Jul, 2020 1 commit
-
-
Eugene Cohen authored
PKCS1 v2.1 defines a more secure scheme by making use of RSAES-OAEP and RSAASSA-PSS. Add a config flag to enable this capability. Signed-off-by: Eugene Cohen <eugene@nuviainc.com>
-
- 30 May, 2020 3 commits
-
-
Robert Lubos authored
OpenThread needs these configs even when TLS is not enabled. Due to new check in mbedTLS config sanitizer, all TLS configs have to be disabled when TLS is not used, so we can no longer rely on these configs being enabled automatically in `tls-config-generic.h`. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
Flavio Ceolin authored
Zephyr's native posix port define _POSIX_C_SOURCE with a higher value during the build, so when mbedTLS defines it with a different value breaks the build. As Zephyr is already defining a higher value is guaranteed that mbedTLS required features will be available. So, just define it in case it was not defined before. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
Flavio Ceolin authored
Bump mbedTLS to 2.16.6 Origin: ARMmbed/mbedTLS License: Apache-2.0 URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.6 commit: 2a1d9332d55d1270084232e42df08fdb08129f1b Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
- 07 May, 2020 2 commits
-
-
Robert Lubos authored
Allow to configure CTR cipher mode via Kconfig. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
Robert Lubos authored
Fix naming inconsistencies for some cipher modes, to match mbedTLS naming for these configs. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
- 07 Feb, 2020 1 commit
-
-
Flavio Ceolin authored
Bump mbedTLS version to 2.16.4 Origin: ARMmbed/mbedTLS License: Apache-2.0 URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.4 commit: 39e2c0eeb6501980764793e8d54c49c0a42bde48 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
- 05 Nov, 2019 1 commit
-
-
Torsten Rasmussen authored
This commit removes the hard coded mbed TLS library name `lib..__modules__crypto__mbedtls.a` in top-level CMakeLists.txt file and instead uses zephyr_library_app_memory function. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
-
- 23 Oct, 2019 1 commit
-
-
Jan Van Winkel authored
Set speed optimization, instead of size, in case address sanitizer is enabled for native_posix. This is need as the i386 assembly code used in mbetls does not compile if address sanitizer is used together with size optimization. Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
-
- 14 Oct, 2019 1 commit
-
-
Sebastian Bøe authored
Misc. cleanup of build scripts. Most importantly, mbedTLS is no longer linked with zephyr_interface. It should not be as there is no reason to do so. This aligns with https://github.com/zephyrproject-rtos/zephyr/pull/19346 Also, glob the source files in 'library' instead of listing them to make it clear that all files are used. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
-
- 10 Sep, 2019 2 commits
-
-
Paul Sokolovsky authored
From mbedTLS's description: Enable deterministic ECDSA (RFC 6979). Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. This is avoided by the deterministic variant. Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
-
Robert Lubos authored
OpenThread tweaks some specific mbedTLS configs for it's own need, that allows to save some RAM/ROM. Allow to set these in generic config file if OpenThread is enabled. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
- 28 Aug, 2019 2 commits
-
-
Andy Gross authored
This patch fixes an issue with an uninitialized variable in the x509 mbedtls feature. I sent a related patch to the mbedtls project so that this can be fixed in the future. https://github.com/ARMmbed/mbedtls/pull/2392 Signed-off-by: Andy Gross <andy.gross@linaro.org>
-
Ioannis Glaropoulos authored
Bump mbedTLS version to 2.16.2. Origin: ARMmbed/mbedTLS License: Apache-2.0 URL: https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2 commit: d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
-
- 08 Jun, 2019 1 commit
-
-
Anas Nashif authored
To be able to deal with in-tree depenencies, we maintain the Kconfig in the zephyr tree to allow for a manifest without mbedtls. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
-
- 07 Jun, 2019 2 commits
-
-
Paul Sokolovsky authored
If CONFIG_POSIX_API is defined, automatically use time() function. The alternative to that is to explicitly configure mbedTLS' timing source via API, as required for "raw code", but if user enables POSIX API, we as well might use existing mbedTLS integration. Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
-
Paul Sokolovsky authored
That means that when mbedTLS will need functions like snprintf(), printf(), a few others, they will be used from libc, as done normally by most of software. Note that mentioned functions aren't normally used on code paths doing TLS communication per se. Instead, they are used by debug logging, additional "print info" style functions, etc. Before, when MBEDTLS_PLATFORM_NO_STD_FUNCTIONS was defined, those functions were stubbed out, so silently didn't work as expected (a specific symptom seen was that some debug messages were printed as garbage, because an buffer on stack was passed to dummy snprintf stub, which didn't do anything to it, and its uninitialized contents were printed afterwards. Instead, the expectation was that an application would call a "setter" function to set snprintf, etc. implementations as provided by application itself. For Zephyr, we clearly don't need to burden applications with such setup, instead Zephyr, as an OS, provides integrated environment were matters like that "just work". So, we just switch to libc-based functions. If there ever will be usecases for MBEDTLS_PLATFORM_NO_STD_FUNCTIONS, it can be made configurable later. Fixes: #16303 Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
-
- 10 May, 2019 2 commits
-
-
Robert Lubos authored
Extend generic mbedTLS config with entries needed by OpenThread: * MBEDTLS_CMAC_C * MBEDTLS_ENTROPY_C * MBEDTLS_SSL_EXPORT_KEYS * MBEDTLS_SHA256_SMALLER Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
Anas Nashif authored
Add needed file to make this a zephyr module. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
-
- 13 Mar, 2019 1 commit
-
-
Ulf Magnusson authored
Appears within an 'if MBEDTLS'. 'if FOO' is just shorthand for adding 'depends on FOO' to each item within the 'if'. Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
-
- 05 Mar, 2019 2 commits
-
-
Andrew Boie authored
The mbedtls library has some globals which results in faults when user mode tries to access them. Instantiate a memory partition for mbedtls's globals. The linker will place all globals found by building this library into this partition. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
-
Anas Nashif authored
MBEDTLS_SELF_TEST is needed when setting CONFIG_MBEDTLS_TEST Fixes #13919 Signed-off-by: Anas Nashif <anas.nashif@intel.com>
-
- 08 Feb, 2019 1 commit
-
-
Andy Gross authored
This patch fixes an issue with an uninitialized variable in the x509 mbedtls feature. I sent a related patch to the mbedtls project so that this can be fixed in the future. https://github.com/ARMmbed/mbedtls/pull/2392 Signed-off-by: Andy Gross <andy.gross@linaro.org>
-
- 01 Feb, 2019 1 commit
-
-
Robert Lubos authored
During recent refactoring of mbedTLS generic config file, a regression slipped in that prevented MBEDTLS_PEM_PARSE_C from being set, even though the option was selected in Kconfig. The reason for this is the fact that this config has dependency to MBEDTLS_X509_CRT_PARSE_C but it was moved above the line where MBEDTLS_X509_CRT_PARSE_C was actually set. Therefore, this dependency was never satisfied. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
- 23 Jan, 2019 1 commit
-
-
Aurelien Jarno authored
Extend generic mbedTLS configuration file with MBEDTLS_HAVE_ASM option, to allow the use of assembly code. This improves the performances of asymetric cryptography, however depending on the architecture and the CPU, this might have an impact on the code size. Set the default value ot the previous non-configurable value, ie enable it by default except on ARM. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-
- 22 Jan, 2019 1 commit
-
-
Robert Lubos authored
Extend generic mbedTLS configuration file with MBEDTLS_AES_ROM_TABLES option. This allows to save some RAM (~8kB) in favour of ROM and performance. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
- 30 Dec, 2018 1 commit
-
-
Aurelien Jarno authored
Since 2.14.1 release mbedTLS has a few API changes and deprecation which do not affect the Zephyr code and a new MBEDTLS_CHECK_PARAMS option that enables validation of parameters in the API. A list with all changes can be found in: ./ext/lib/crypto/mbedtls/ChangeLog Note that this version will become the basis of the next LTS (Long Term Support) branch that will be maintained for the next 3 years until at least the end of 2021. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-
- 28 Dec, 2018 1 commit
-
-
Aurelien Jarno authored
Since 2.12.0 release mbedTLS has an important security fix concerning RSA PKCS#1 v1.5 decryption (CVE-2018-19608). Besides that it has very few API changes, and the usual set of functional improvements, security fixes and bug fixes. A list with all changes can be found in: ./ext/lib/crypto/mbedtls/ChangeLog It should also be noted that the small change concerning _POSIX_C_SOURCE applied to x509.c has been moved to platform_util.c, this time with a proper define guard. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-
- 17 Dec, 2018 2 commits
-
-
Robert Lubos authored
Currently there is a mixed approach in prefixes from mbedTLS configuration (MBEDTLS_ and TLS_). The latter was used in generic config file and could bring up confusion that it can only be used with TLS subsystem. Hence unify the approach to MBEDTLS_ prefix to avoid such confusion. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
Robert Lubos authored
Extend generic mbedTLS config file with additional algorithms. Add separate RNG section. Add switches to enable all algorithms in specific group. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
-
- 07 Sep, 2018 1 commit
-
-
Flavio Ceolin authored
Since 2.9.0 release mbedTLS has some minor functional improvements, security fixes and bug fixed. A list with all changes can be found in: ./ext/lib/crypto/mbedtls/ChangeLog Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
-
- 15 Aug, 2018 1 commit
-
-
Ulf Magnusson authored
Consistently use config FOO bool/int/hex/string "Prompt text" instead of config FOO bool/int/hex/string prompt "Prompt text" (...and a bunch of other variations that e.g. swapped the order of the type and the 'prompt', or put other properties between them). The shorthand is fully equivalent to using 'prompt'. It saves lines and avoids tricking people into thinking there is some semantic difference. Most of the grunt work was done by a modified version of https://unix.stackexchange.com/questions/26284/ how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some of the rarer variations had to be converted manually. Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
-