From 2182e8e420474444955b29bebfcc9f3f82ebbb78 Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 25 Jun 2024 09:12:25 -0600 Subject: [PATCH] mbedtls: Move local mbedtls to v3.6.0 The in-tree mbedtls (used for the simulator and some targets) is a few years old, and currently is unable to pass the rsa tests when built with clang. Update this mbed TLS to the v3.6.0 release. This fixes clang support in the simulator. There are a few minor changes to configuration and what files are needed to support newer version of Mbed TLS. Fixes #1986 Signed-off-by: David Brown --- ext/mbedtls | 2 +- sim/mcuboot-sys/build.rs | 19 ++++++++++++++++++- sim/mcuboot-sys/csupport/config-ec-psa.h | 1 + sim/mcuboot-sys/csupport/config-rsa-kw.h | 5 +---- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ext/mbedtls b/ext/mbedtls index 8df2f8e7b..2ca6c285a 160000 --- a/ext/mbedtls +++ b/ext/mbedtls @@ -1 +1 @@ -Subproject commit 8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b +Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206 diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs index 4221292f5..3999097bf 100644 --- a/sim/mcuboot-sys/build.rs +++ b/sim/mcuboot-sys/build.rs @@ -108,6 +108,7 @@ fn main() { conf.file("../../ext/mbedtls/library/chachapoly.c"); conf.file("../../ext/mbedtls/library/cipher.c"); conf.file("../../ext/mbedtls/library/cipher_wrap.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); conf.file("../../ext/mbedtls/library/ctr_drbg.c"); conf.file("../../ext/mbedtls/library/des.c"); conf.file("../../ext/mbedtls/library/ecdsa.c"); @@ -130,7 +131,6 @@ fn main() { conf.file("../../ext/mbedtls/library/psa_crypto.c"); conf.file("../../ext/mbedtls/library/psa_crypto_cipher.c"); conf.file("../../ext/mbedtls/library/psa_crypto_client.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_driver_wrappers.c"); conf.file("../../ext/mbedtls/library/psa_crypto_ecp.c"); conf.file("../../ext/mbedtls/library/psa_crypto_hash.c"); conf.file("../../ext/mbedtls/library/psa_crypto_mac.c"); @@ -138,6 +138,7 @@ fn main() { conf.file("../../ext/mbedtls/library/psa_crypto_slot_management.c"); conf.file("../../ext/mbedtls/library/psa_crypto_storage.c"); conf.file("../../ext/mbedtls/library/psa_its_file.c"); + conf.file("../../ext/mbedtls/library/psa_util.c"); conf.file("../../ext/mbedtls/library/ripemd160.c"); conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c"); conf.file("../../ext/mbedtls/library/sha1.c"); @@ -169,6 +170,9 @@ fn main() { conf.file("../../ext/mbedtls/library/rsa.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/platform.c"); conf.file("../../ext/mbedtls/library/platform_util.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); @@ -202,6 +206,9 @@ fn main() { conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecdsa.c"); conf.file("../../ext/mbedtls/library/ecp.c"); conf.file("../../ext/mbedtls/library/ecp_curves.c"); @@ -221,6 +228,9 @@ fn main() { conf.file("csupport/keys.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecp.c"); conf.file("../../ext/mbedtls/library/ecp_curves.c"); conf.file("../../ext/mbedtls/library/platform.c"); @@ -282,6 +292,9 @@ fn main() { conf.file("../../ext/mbedtls/library/md.c"); conf.file("../../ext/mbedtls/library/aes.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); } @@ -305,6 +318,7 @@ fn main() { conf.conf.include("../../ext/mbedtls/library"); conf.file("../../ext/mbedtls/library/platform_util.c"); conf.file("../../ext/mbedtls/library/nist_kw.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); conf.file("../../ext/mbedtls/library/cipher.c"); conf.file("../../ext/mbedtls/library/cipher_wrap.c"); conf.file("../../ext/mbedtls/library/aes.c"); @@ -369,6 +383,9 @@ fn main() { conf.file("../../ext/mbedtls/library/sha256.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecdh.c"); conf.file("../../ext/mbedtls/library/md.c"); conf.file("../../ext/mbedtls/library/aes.c"); diff --git a/sim/mcuboot-sys/csupport/config-ec-psa.h b/sim/mcuboot-sys/csupport/config-ec-psa.h index 5dbb4956e..309739838 100644 --- a/sim/mcuboot-sys/csupport/config-ec-psa.h +++ b/sim/mcuboot-sys/csupport/config-ec-psa.h @@ -22,6 +22,7 @@ #define MBEDTLS_BIGNUM_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C +#define MBEDTLS_CIPHER_C #if defined(MCUBOOT_SIGN_EC384) #define MBEDTLS_SHA384_C #define MBEDTLS_SHA512_C diff --git a/sim/mcuboot-sys/csupport/config-rsa-kw.h b/sim/mcuboot-sys/csupport/config-rsa-kw.h index e06debf47..43f47b4c4 100644 --- a/sim/mcuboot-sys/csupport/config-rsa-kw.h +++ b/sim/mcuboot-sys/csupport/config-rsa-kw.h @@ -63,6 +63,7 @@ /* mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C @@ -72,10 +73,6 @@ #define MBEDTLS_CIPHER_C #define MBEDTLS_NIST_KW_C -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 2048 -#define MBEDTLS_MPI_MAX_SIZE 256 - #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */