Instead of using "select" on certain EC configurations, which is
considered unsafe for various reasons, use a "depends on" and rely on
the user to set a proper configuration in the config file.
Update the respective project configurations to comply with the new
configuration scheme.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of relying on selected ciphesuite to enable mbed TLS EC configs,
add separate config entries to enable them. This allows to use EC
functionality w/o TLS/DTLS enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Before mbedTLS 3.0 there was just SHA512 option, which enabled both SHA384
and SHA512 support. mbedTLS 3.0 introduced SHA384 specific option, which
means that SHA384 got unsupported after merging
commit 4e6cfb67f9 ("modules: mbedTLS: Bump mbedTLS to 3.0").
Introduce SHA384 Kconfig options, so that support for it can be selected in
project configuration if needed. Since SHA384 still depends on SHA512 to be
selected, add such dependency in Kconfig.
Select SHA384 support in non-generic (not configured by Kconfig) mbedTLS
config headers, so that previous (before mbedTLS 3.0 was merged) behavior
is regained.
Fixes: 4e6cfb67f9 ("modules: mbedTLS: Bump mbedTLS to 3.0")
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Add Kconfig configuration options which allow to configure
session caching in mbed TLS.
Note, that mbed TLS only takes care of server-side caching, the
application (socket layer) needs to implement a session storage for
client.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
So far maximum PSK length was configured by mbedTLS as 32 bytes.
Introduce Kconfig option that will configure it instead of relying on
default value from mbedTLS library, so that user can easily adjust that
value to application needs.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Currently the MBEDTLS_HAVE_TIME_DATE mbedTLS option is enabled based on
the CONFIG_POSIX_API option. This doesn't seem right, since the enabling
the POSIX API does not guarantee that there is a valid time source in
the system. This was the case for the qemu_x86 platform, where enabling
POSIX_API caused TLS handshake failures due to certificate validation
errors caused by no valid time avaialble in the system.
Fix this by adding a specific KConfig entry for date/time configuration
in mbedTLS. Applications that need to enforce date verification in
mbedTLS should enable it explicitly instead of relying on the
non-obvious implicit configuration.
Fixes#35401
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit removes the prompt from MBEDTLS_USER_CONFIG_FILE unless
MBEDTLS_USER_CONFIG_ENABLE is true.
This fixes issues where other parts would specify a default value for
MBEDTLS_USER_CONFIG_FILE that would become stuck and not updated if
user re-configured the system using menuconfig.
Disabling the prompt ensures that only when a user specifically enables
MBEDTLS_USER_CONFIG_ENABLE and specify a custom user value in
MBEDTLS_USER_CONFIG_FILE the setting will be fixed.
Also updates the manifest with related change in the mbedtls project.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We move the Zephyr-specific CMakeLists.txt file into
the main Zephyr tree. We also move the zephyr_init.c
source file.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2021-05-09 09:59:22 -05:00
Renamed from modules/Kconfig.tls-generic (Browse further)
