PR #72475 disabled default enabling of many Mbed TLS features
including AES. This means that now it must be explicitly added
when required.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
PR #72475 disabled default enabling of most Mbed TLS features.
This means that:
- CONFIG_MBEDTLS_CIPHER_AES_ENABLED needs to be manually enabled
when required;
- CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC does not need to
be (almost) always added because there is no default RSA
key-exchange enabled, so PSA can be built without RSA support.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Before #72243 Mbed TLS was not using
USE_PSA and all PSA features were not enabled. After #72243
if BUILD_WITH_TFM is set:
- USE_PSA in Mbed TLS is enabled by default and
- all PSA features are enabled.
This commits reverts both changes for tests/crypto/mbedtls
test case.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
- Do not set CONFIG_MBEDTLS_ZEPHYR_ENTROPY in
tests/crypto/mbedtls because this can cause test failure on
real devices in which test thread do not have access to
drivers.
- make MBEDTLS_PSA_CRYPTO_RND_SOURCE depending on
MBEDTLS_PSA_CRYPTO_C because it only makes sense when the
latter is defined
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
CONFIG_MINIMAL_LIBC was required for:
- CONFIG_MINIMAL_LIBC_NON_REENTRANT_FUNCTIONS
- CONFIG_MINIMAL_LIBC_RAND
while CONFIG_ENTROPY_GENERATOR and CONFIG_MBEDTLS_ZEPHYR_ENTROPY
are required for CRYPTO_C.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Whenever MBEDTLS_BUILTIN is selected then
CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h" is set as a default value.
It is even impossible to change it, as without CUSTOM_MBEDTLS_CFG_FILE it
is just a hidden (not configurable by user) Kconfig option.
Remove explicit configuration from prj.conf.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
This commit introduces a new configuration called
`CONFIG_MINIMAL_LIBC_NON_REENTRANT_FUNCTIONS`, which enables the
traditional non-reentrant (i.e. not thread-safe) version of the C
standard library functions such as rand() and gmtime() when the
respective configs are enabled.
The non-reentrant functions make use of the globals and require an
additional memory partition (MPU region), which is scarce on low-end
devices, when CONFIG_USERSPACE=y.
The purpose of this option is to classify the MPU resource intensive
functions as a separate category and only enable them when there is a
demand for such.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
When MBEDTLS_RSA_C is defined, mbedtls define its local version of
rand() function. Since we already have rand() in our minimal libc, we
can safely remove this.
Signed-off-by: Yasushi SHOJI <yashi@spacecubics.com>
Unlike CONFIG_HW_STACK_PROTECTION, which greatly helps
expose stack overflows in test code, activating
userspace without putting threads in user mode is of
very limited value.
Now CONFIG_TEST_USERSPACE is off by default. Any test
which puts threads in user mode will need to set
CONFIG_TEST_USERSPACE.
This should greatly increase sanitycheck build times
as there is non-trivial build time overhead to
enabling this feature. This also allows some tests
which failed the build on RAM-constrained platforms
to compile properly.
tests/drivers/build_all is a special case; it doesn't
put threads in user mode, but we want to ensure all
the syscall handlers compile properly.
Fixes: #15103 (and probably others)
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
While it's possible to define which mbedTLS config header to use, our
samples should use config-tls-generic.h as default because this header
is configurable through Kconfig.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This redirects PRINT() to printf() and not printk() and
was causing stack overflows on some platforms.
Fixes: #8033
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The root cause for this issue was found in
https://github.com/zephyrproject-rtos/zephyr/issues/6470
so this kconfig isn't needed anymore.
This is a partial reversion of 6eef2f14. The actual feature is left
in place, as it's plausibly useful in other contexts (otherwise
assertions enabled by sanitycheck can't be disabled by the app as
they're passed in via CFLAGS).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The mbedtls test is hitting a compiler bug where two subtests will
soft fail on qemu_xtensa when assertions are enabled. This is despite
the fact that:
+ The failure is entirely internal to the mbedtls suite.
+ The mbedtls code does not use zephyr asserts
+ The mbedtls code does not call into zephyr code that might assert.
+ The behavior persists even when an irq_lock() is held across the
entire test, ruling out any asserts in interrupt/exception context.
+ And EVEN WHEN the mbedtls library blobs are bytewise identical
between assert and non-assert cases.
The bug seems to be a layout thing where the mbedtls code behavior
differently based on code address and/or link-time optimizations
(xtensa has a few).
Unfortunately sanitycheck enables assertions by setting CFLAGS
directly and not via kconfig, so we can't fix this by turning the
feature off in an app right now. This patch adds a simple "override"
flag that can be set by apps like this that hit bugs.
Again, note that zephyr assertions are not used nor needed by this one
test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The previous default, "config-threadnet.h", is more or less arbitrary
choice made in a commit 312def2c78 1.5 years ago. In particular,
it's not related to Thread support in Zephyr per se (there was no
such support at that time).
It doesn't make sense to have a default intended for a particular,
not widely used (yet) protocol. Instead, the default should work
out of the box with a contemporary widely deployed arrays of TLS
servers, which are HTTPS server. config-mini-tls1_2.h works with
https://google.com, and by extension, with many other servers on
the Internet.
So, have that as the default, and let applications with special
needs to override that to what they need.
Addresses: #6132
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
- replaced CONFIG_MAIN_STACK_SIZE with CONFIG_ZTEST_STACKSIZE
in the config file
- split the main file into two files:
- main.c has ztest entry and runs separate functions for ztest
- mbedtls.c has the original routines
JIRA: ZEP-2449
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>