modules: mbedtls: Update mbedTLS commit and apply fixes (2c277197) · Commits · Wenxi XU / zephyr

drivers/crypto/crypto_mtls_shim.c

+9 −9

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@
		#endif /* CONFIG_MBEDTLS_CFG_FILE */

		#include <mbedtls/ccm.h>
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		#include <mbedtls/gcm.h>
		#endif
		#include <mbedtls/aes.h>
		@@ -36,7 +36,7 @@ LOG_MODULE_REGISTER(mbedtls);
		struct mtls_shim_session {
		union {
		mbedtls_ccm_context mtls_ccm;
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		mbedtls_gcm_context mtls_gcm;
		#endif
		mbedtls_aes_context mtls_aes;
		@@ -226,7 +226,7 @@ static int mtls_ccm_decrypt_auth(struct cipher_ctx *ctx,
		return 0;
		}

		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		static int mtls_gcm_encrypt_auth(struct cipher_ctx *ctx,
		struct cipher_aead_pkt *apkt,
		u8_t *nonce)
		@@ -284,7 +284,7 @@ static int mtls_gcm_decrypt_auth(struct cipher_ctx *ctx,

		return 0;
		}
		#endif /* CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED */
		#endif /* CONFIG_MBEDTLS_CIPHER_GCM_ENABLED */

		static int mtls_get_unused_session_index(void)
		{
		@@ -306,7 +306,7 @@ static int mtls_session_setup(struct device dev, struct cipher_ctx ctx,
		{
		mbedtls_aes_context *aes_ctx;
		mbedtls_ccm_context *ccm_ctx;
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		mbedtls_gcm_context *gcm_ctx;
		#endif
		int ctx_idx;
		@@ -324,7 +324,7 @@ static int mtls_session_setup(struct device dev, struct cipher_ctx ctx,

		if (mode != CRYPTO_CIPHER_MODE_CCM &&
		mode != CRYPTO_CIPHER_MODE_CBC &&
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		mode != CRYPTO_CIPHER_MODE_GCM &&
		#endif
		mode != CRYPTO_CIPHER_MODE_ECB) {
		@@ -400,7 +400,7 @@ static int mtls_session_setup(struct device dev, struct cipher_ctx ctx,
		ctx->ops.ccm_crypt_hndlr = mtls_ccm_decrypt_auth;
		}
		break;
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		case CRYPTO_CIPHER_MODE_GCM:
		gcm_ctx = &mtls_sessions[ctx_idx].mtls_gcm;
		mbedtls_gcm_init(gcm_ctx);
		@@ -418,7 +418,7 @@ static int mtls_session_setup(struct device dev, struct cipher_ctx ctx,
		ctx->ops.gcm_crypt_hndlr = mtls_gcm_decrypt_auth;
		}
		break;
		#endif /* CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED */
		#endif /* CONFIG_MBEDTLS_CIPHER_GCM_ENABLED */
		default:
		LOG_ERR("Unhandled mode");
		mtls_sessions[ctx_idx].in_use = false;
		@@ -438,7 +438,7 @@ static int mtls_session_free(struct device dev, struct cipher_ctx ctx)

		if (mtls_session->mode == CRYPTO_CIPHER_MODE_CCM) {
		mbedtls_ccm_free(&mtls_session->mtls_ccm);
		#ifdef CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED
		#ifdef CONFIG_MBEDTLS_CIPHER_GCM_ENABLED
		} else if (mtls_session->mode == CRYPTO_CIPHER_MODE_GCM) {
		mbedtls_gcm_free(&mtls_session->mtls_gcm);
		#endif

modules/Kconfig.tls-generic

+11 −7

Original line number	Diff line number	Diff line
		@@ -170,9 +170,10 @@ config MBEDTLS_CIPHER_ALL_ENABLED
		select MBEDTLS_CIPHER_CHACHA20_ENABLED
		select MBEDTLS_CIPHER_BLOWFISH_ENABLED
		select MBEDTLS_CIPHER_CCM_ENABLED
		select MBEDTLS_CIPHER_GCM_ENABLED
		select MBEDTLS_CIPHER_MODE_XTS_ENABLED
		select MBEDTLS_CIPHER_MODE_GCM_ENABLED
		select MBEDTLS_CIPHER_CBC_ENABLED
		select MBEDTLS_CIPHER_MODE_CBC_ENABLED
		select MBEDTLS_CIPHER_MODE_CTR_ENABLED
		select MBEDTLS_CHACHAPOLY_AEAD_ENABLED

		config MBEDTLS_CIPHER_AES_ENABLED
		@@ -204,18 +205,21 @@ config MBEDTLS_CIPHER_CCM_ENABLED
		bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
		depends on MBEDTLS_CIPHER_AES_ENABLED \|\| MBEDTLS_CIPHER_CAMELLIA_ENABLED

		config MBEDTLS_CIPHER_MODE_XTS_ENABLED
		bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
		config MBEDTLS_CIPHER_GCM_ENABLED
		bool "Enable the Galois/Counter Mode (GCM) for AES"
		depends on MBEDTLS_CIPHER_AES_ENABLED \|\| MBEDTLS_CIPHER_CAMELLIA_ENABLED

		config MBEDTLS_CIPHER_MODE_GCM_ENABLED
		bool "Enable the Galois/Counter Mode (GCM) for AES"
		config MBEDTLS_CIPHER_MODE_XTS_ENABLED
		bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
		depends on MBEDTLS_CIPHER_AES_ENABLED \|\| MBEDTLS_CIPHER_CAMELLIA_ENABLED

		config MBEDTLS_CIPHER_CBC_ENABLED
		config MBEDTLS_CIPHER_MODE_CBC_ENABLED
		bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
		default y if !NET_L2_OPENTHREAD

		config MBEDTLS_CIPHER_MODE_CTR_ENABLED
		bool "Enable Counter Block Cipher mode (CTR) for symmetric ciphers."

		config MBEDTLS_CHACHAPOLY_AEAD_ENABLED
		bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
		depends on MBEDTLS_CIPHER_CHACHA20_ENABLED \|\| MBEDTLS_MAC_POLY1305_ENABLED

samples/drivers/crypto/prj_mtls_shim.conf

+1 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@ CONFIG_MBEDTLS_BUILTIN=y
		CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
		CONFIG_MBEDTLS_HEAP_SIZE=512
		CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
		CONFIG_MBEDTLS_CIPHER_MODE_GCM_ENABLED=y
		CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
		CONFIG_MAIN_STACK_SIZE=4096

		CONFIG_CRYPTO=y

west.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -80,7 +80,7 @@ manifest:
		revision: 74fc2e753a997bd71cefa34dd9c56dcb954b42e2
		path: modules/lib/gui/lvgl
		- name: mbedtls
		revision: cf7020eb4c7ef93319f2d6d2403a21e12a879bf6
		revision: 821154171b246f64eaeef3ccc267f58d8274739a
		path: modules/crypto/mbedtls
		- name: mcuboot
		revision: 5657d00e662adbd32addc8525862249b631334c5

Admin message