Skip to content

Commit d8e29be

Browse files
Update mbedtls from 2.28.0 to 2.28.2 (#2840)
* Update mbedtls from 2.28.0 to 2.28.2 * Remove version based folder structure from mbedtls
1 parent 3dc9ea3 commit d8e29be

File tree

254 files changed

+2310
-1545
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

254 files changed

+2310
-1545
lines changed

vendor/curl/premake5.lua

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ project "curl"
44
kind "StaticLib"
55
targetname "curl"
66

7-
includedirs { "include", "lib", "../mbedtls/2.28.0/include", "../zlib" }
7+
includedirs { "include", "lib", "../mbedtls/include", "../zlib" }
88
defines { "BUILDING_LIBCURL", "CURL_STATICLIB", "HTTP_ONLY", "USE_ZLIB", "HAVE_LIBZ", "HAVE_ZLIB_H", "HAVE_CONFIG_H" }
99
warnings "off"
1010

vendor/mbedtls/2.28.0/3rdparty/everest/README.md renamed to vendor/mbedtls/3rdparty/everest/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest.
22

33
This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
44

5-
The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
5+
The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).

vendor/mbedtls/2.28.0/3rdparty/everest/include/everest/everest.h renamed to vendor/mbedtls/3rdparty/everest/include/everest/everest.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen
9696
void *p_rng );
9797

9898
/**
99-
* \brief This function parses and processes a TLS ServerKeyExhange
99+
* \brief This function parses and processes a TLS ServerKeyExchange
100100
* payload.
101101
*
102102
* This is the first function used by a TLS client for ECDHE
@@ -116,7 +116,7 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
116116
const unsigned char **buf, const unsigned char *end );
117117

118118
/**
119-
* \brief This function parses and processes a TLS ServerKeyExhange
119+
* \brief This function parses and processes a TLS ServerKeyExchange
120120
* payload.
121121
*
122122
* This is the first function used by a TLS client for ECDHE

vendor/mbedtls/2.28.0/3rdparty/everest/library/everest.c renamed to vendor/mbedtls/3rdparty/everest/library/everest.c

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,7 @@
2828
#include "everest/x25519.h"
2929
#include "everest/everest.h"
3030

31-
#if defined(MBEDTLS_PLATFORM_C)
3231
#include "mbedtls/platform.h"
33-
#else
34-
#define mbedtls_calloc calloc
35-
#define mbedtls_free free
36-
#endif
3732

3833
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
3934

File renamed without changes.

vendor/mbedtls/2.28.0/README.md renamed to vendor/mbedtls/README.md

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,9 @@ We provide some non-standard configurations focused on specific use cases in the
1717
Documentation
1818
-------------
1919

20-
Documentation for the Mbed TLS interfaces in the default library configuration is available as part of the [Mbed TLS documentation](https://tls.mbed.org/api/).
20+
The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/).
21+
22+
Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/).
2123

2224
To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration:
2325

@@ -77,9 +79,9 @@ Setting the variable `SHARED` in your environment will build shared libraries in
7779

7880
Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line.
7981

80-
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
82+
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/) for articles on your platform or issue.
8183

82-
In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://tls.mbed.org/kb).
84+
In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/).
8385

8486
### CMake
8587

@@ -185,17 +187,17 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad
185187
- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
186188
- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
187189
- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
188-
- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
190+
- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on.
189191
- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
190192

191193
Porting Mbed TLS
192194
----------------
193195

194196
Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful:
195197

196-
- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
197-
- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
198-
- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
198+
- [Porting Mbed TLS to a new environment or OS](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS/)
199+
- [What external dependencies does Mbed TLS rely on?](https://mbed-tls.readthedocs.io/en/latest/kb/development/what-external-dependencies-does-mbedtls-rely-on/)
200+
- [How do I configure Mbed TLS](https://mbed-tls.readthedocs.io/en/latest/kb/compiling-and-building/how-do-i-configure-mbedtls/)
199201

200202
Mbed TLS is mostly written in portable C99; however, it has a few platform requirements that go beyond the standard, but are met by most modern architectures:
201203

@@ -208,11 +210,11 @@ Mbed TLS is mostly written in portable C99; however, it has a few platform requi
208210
PSA cryptography API
209211
--------------------
210212

211-
### PSA API design
213+
### PSA API
212214

213215
Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
214216

215-
The [PSA cryptography API](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
217+
The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
216218

217219
The design goals of the PSA cryptography API include:
218220

@@ -224,18 +226,14 @@ The design goals of the PSA cryptography API include:
224226

225227
Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially.
226228

227-
### PSA API documentation
228-
229-
A browsable copy of the PSA Cryptography API documents is available on the [PSA cryptography interfaces documentation portal](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) in [PDF](https://armmbed.github.io/mbed-crypto/PSA_Cryptography_API_Specification.pdf) and [HTML](https://armmbed.github.io/mbed-crypto/html/index.html) formats.
230-
231229
### PSA implementation in Mbed TLS
232230

233231
Mbed TLS includes a reference implementation of the PSA Cryptography API.
234232
This implementation is not yet as mature as the rest of the library. Some parts of the code have not been reviewed as thoroughly, and some parts of the PSA implementation are not yet well optimized for code size.
235233

236234
The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `config.h`.
237235

238-
There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
236+
There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/Mbed-TLS/mbed-crypto/labels/compliance) for an up-to-date list.
239237

240238
### Upcoming features
241239

@@ -260,5 +258,5 @@ Contact
260258
-------
261259

262260
* To report a security vulnerability in Mbed TLS, please email <mbed-tls-security@lists.trustedfirmware.org>. For more information, see [`SECURITY.md`](SECURITY.md).
263-
* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose).
261+
* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose).
264262
* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS.
Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
/**
2+
* \file config-ccm-psk-dtls1_2.h
3+
*
4+
* \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
5+
*/
6+
/*
7+
* Copyright The Mbed TLS Contributors
8+
* SPDX-License-Identifier: Apache-2.0
9+
*
10+
* Licensed under the Apache License, Version 2.0 (the "License"); you may
11+
* not use this file except in compliance with the License.
12+
* You may obtain a copy of the License at
13+
*
14+
* http://www.apache.org/licenses/LICENSE-2.0
15+
*
16+
* Unless required by applicable law or agreed to in writing, software
17+
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18+
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19+
* See the License for the specific language governing permissions and
20+
* limitations under the License.
21+
*/
22+
/*
23+
* Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
24+
*
25+
* Distinguishing features:
26+
* - Optimized for small code size, low bandwidth (on an unreliable transport),
27+
* and low RAM usage.
28+
* - No asymmetric cryptography (no certificates, no Diffie-Hellman key
29+
* exchange).
30+
* - Fully modern and secure (provided the pre-shared keys are generated and
31+
* stored securely).
32+
* - Very low record overhead with CCM-8.
33+
* - Includes several optional DTLS features typically used in IoT.
34+
*
35+
* See README.txt for usage instructions.
36+
*/
37+
#ifndef MBEDTLS_CONFIG_H
38+
#define MBEDTLS_CONFIG_H
39+
40+
/* System support */
41+
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
42+
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
43+
44+
/* Mbed TLS modules */
45+
#define MBEDTLS_AES_C
46+
#define MBEDTLS_CCM_C
47+
#define MBEDTLS_CIPHER_C
48+
#define MBEDTLS_CTR_DRBG_C
49+
#define MBEDTLS_ENTROPY_C
50+
#define MBEDTLS_MD_C
51+
#define MBEDTLS_NET_C
52+
#define MBEDTLS_SHA256_C
53+
#define MBEDTLS_SSL_CLI_C
54+
#define MBEDTLS_SSL_COOKIE_C
55+
#define MBEDTLS_SSL_SRV_C
56+
#define MBEDTLS_SSL_TLS_C
57+
#define MBEDTLS_TIMING_C
58+
59+
/* TLS protocol feature support */
60+
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
61+
#define MBEDTLS_SSL_PROTO_TLS1_2
62+
#define MBEDTLS_SSL_PROTO_DTLS
63+
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
64+
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
65+
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
66+
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
67+
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
68+
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
69+
70+
/*
71+
* Use only CCM_8 ciphersuites, and
72+
* save ROM and a few bytes of RAM by specifying our own ciphersuite list
73+
*/
74+
#define MBEDTLS_SSL_CIPHERSUITES \
75+
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \
76+
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
77+
78+
/*
79+
* Save RAM at the expense of interoperability: do this only if you control
80+
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
81+
* The optimal size here depends on the typical size of records.
82+
*/
83+
#define MBEDTLS_SSL_MAX_CONTENT_LEN 256
84+
85+
/* Save RAM at the expense of ROM */
86+
#define MBEDTLS_AES_ROM_TABLES
87+
88+
/* Save some RAM by adjusting to your exact needs */
89+
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
90+
91+
/*
92+
* You should adjust this to the exact number of sources you're using: default
93+
* is the "platform_entropy_poll" source plus a weak clock source, but you may
94+
* want to add other ones. Minimum is 3 for the entropy test suite.
95+
*/
96+
#define MBEDTLS_ENTROPY_MAX_SOURCES 3
97+
98+
/* These defines are present so that the config modifying scripts can enable
99+
* them during tests/scripts/test-ref-configs.pl */
100+
//#define MBEDTLS_USE_PSA_CRYPTO
101+
//#define MBEDTLS_PSA_CRYPTO_C
102+
103+
/* Error messages and TLS debugging traces
104+
* (huge code size increase, needed for tests/ssl-opt.sh) */
105+
//#define MBEDTLS_DEBUG_C
106+
//#define MBEDTLS_ERROR_C
107+
108+
#include "mbedtls/check_config.h"
109+
110+
#endif /* MBEDTLS_CONFIG_H */

vendor/mbedtls/2.28.0/configs/config-ccm-psk-tls1_2.h renamed to vendor/mbedtls/configs/config-ccm-psk-tls1_2.h

Lines changed: 35 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,15 @@
2121
*/
2222
/*
2323
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
24+
*
2425
* Distinguishing features:
25-
* - no bignum, no PK, no X509
26-
* - fully modern and secure (provided the pre-shared keys have high entropy)
27-
* - very low record overhead with CCM-8
28-
* - optimized for low RAM usage
26+
* - Optimized for small code size, low bandwidth (on a reliable transport),
27+
* and low RAM usage.
28+
* - No asymmetric cryptography (no certificates, no Diffie-Hellman key
29+
* exchange).
30+
* - Fully modern and secure (provided the pre-shared keys are generated and
31+
* stored securely).
32+
* - Very low record overhead with CCM-8.
2933
*
3034
* See README.txt for usage instructions.
3135
*/
@@ -36,11 +40,7 @@
3640
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
3741
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
3842

39-
/* mbed TLS feature support */
40-
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
41-
#define MBEDTLS_SSL_PROTO_TLS1_2
42-
43-
/* mbed TLS modules */
43+
/* Mbed TLS modules */
4444
#define MBEDTLS_AES_C
4545
#define MBEDTLS_CCM_C
4646
#define MBEDTLS_CIPHER_C
@@ -53,18 +53,9 @@
5353
#define MBEDTLS_SSL_SRV_C
5454
#define MBEDTLS_SSL_TLS_C
5555

56-
/* Save RAM at the expense of ROM */
57-
#define MBEDTLS_AES_ROM_TABLES
58-
59-
/* Save some RAM by adjusting to your exact needs */
60-
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
61-
62-
/*
63-
* You should adjust this to the exact number of sources you're using: default
64-
* is the "platform_entropy_poll" source, but you may want to add other ones
65-
* Minimum is 2 for the entropy test suite.
66-
*/
67-
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
56+
/* TLS protocol feature support */
57+
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
58+
#define MBEDTLS_SSL_PROTO_TLS1_2
6859

6960
/*
7061
* Use only CCM_8 ciphersuites, and
@@ -81,6 +72,29 @@
8172
*/
8273
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
8374

75+
/* Save RAM at the expense of ROM */
76+
#define MBEDTLS_AES_ROM_TABLES
77+
78+
/* Save some RAM by adjusting to your exact needs */
79+
#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */
80+
81+
/*
82+
* You should adjust this to the exact number of sources you're using: default
83+
* is the "platform_entropy_poll" source, but you may want to add other ones
84+
* Minimum is 2 for the entropy test suite.
85+
*/
86+
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
87+
88+
/* These defines are present so that the config modifying scripts can enable
89+
* them during tests/scripts/test-ref-configs.pl */
90+
//#define MBEDTLS_USE_PSA_CRYPTO
91+
//#define MBEDTLS_PSA_CRYPTO_C
92+
93+
/* Error messages and TLS debugging traces
94+
* (huge code size increase, needed for tests/ssl-opt.sh) */
95+
//#define MBEDTLS_DEBUG_C
96+
//#define MBEDTLS_ERROR_C
97+
8498
#include "mbedtls/check_config.h"
8599

86100
#endif /* MBEDTLS_CONFIG_H */

vendor/mbedtls/2.28.0/configs/config-mini-tls1_1.h renamed to vendor/mbedtls/configs/config-mini-tls1_1.h

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,20 @@
7171
/* For testing with compat.sh */
7272
#define MBEDTLS_FS_IO
7373

74+
/* These defines are present so that the config modifying scripts can enable
75+
* them during tests/scripts/test-ref-configs.pl */
76+
//#define MBEDTLS_USE_PSA_CRYPTO
77+
//#define MBEDTLS_PSA_CRYPTO_C
78+
79+
/* With MBEDTLS_PSA_CRYPTO_C, importing an RSA key requires MBEDTLS_PK_WRITE_C */
80+
#if defined(MBEDTLS_PSA_CRYPTO_C)
81+
#define MBEDTLS_PK_WRITE_C
82+
#endif
7483
#include "mbedtls/check_config.h"
7584

85+
/* Error messages and TLS debugging traces
86+
* (huge code size increase, needed for tests/ssl-opt.sh) */
87+
//#define MBEDTLS_DEBUG_C
88+
//#define MBEDTLS_ERROR_C
89+
7690
#endif /* MBEDTLS_CONFIG_H */

vendor/mbedtls/2.28.0/configs/config-no-entropy.h renamed to vendor/mbedtls/configs/config-no-entropy.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
*/
2222
/*
2323
* Minimal configuration of features that do not require an entropy source
24-
* Distinguishing reatures:
24+
* Distinguishing features:
2525
* - no entropy module
2626
* - no TLS protocol implementation available due to absence of an entropy
2727
* source

vendor/mbedtls/2.28.0/configs/config-suite-b.h renamed to vendor/mbedtls/configs/config-suite-b.h

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,12 +103,27 @@
103103

104104
/*
105105
* Save RAM at the expense of interoperability: do this only if you control
106-
* both ends of the connection! (See coments in "mbedtls/ssl.h".)
106+
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
107107
* The minimum size here depends on the certificate chain used as well as the
108108
* typical size of records.
109109
*/
110110
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
111111

112+
/* These defines are present so that the config modifying scripts can enable
113+
* them during tests/scripts/test-ref-configs.pl */
114+
//#define MBEDTLS_USE_PSA_CRYPTO
115+
//#define MBEDTLS_PSA_CRYPTO_C
116+
117+
/* With USE_PSA_CRYPTO, some PK operations also need PK_WRITE */
118+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
119+
#define MBEDTLS_PK_WRITE_C
120+
#endif
121+
122+
/* Error messages and TLS debugging traces
123+
* (huge code size increase, needed for tests/ssl-opt.sh) */
124+
//#define MBEDTLS_DEBUG_C
125+
//#define MBEDTLS_ERROR_C
126+
112127
#include "mbedtls/check_config.h"
113128

114129
#endif /* MBEDTLS_CONFIG_H */

vendor/mbedtls/2.28.0/configs/config-thread.h renamed to vendor/mbedtls/configs/config-thread.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,11 @@
8686
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
8787
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
8888

89+
/* These defines are present so that the config modifying scripts can enable
90+
* them during tests/scripts/test-ref-configs.pl */
91+
//#define MBEDTLS_USE_PSA_CRYPTO
92+
//#define MBEDTLS_PSA_CRYPTO_C
93+
8994
#include "mbedtls/check_config.h"
9095

9196
#endif /* MBEDTLS_CONFIG_H */
File renamed without changes.

0 commit comments

Comments
 (0)