Matter changes for Mbed TLS update to v4.1.0#718
Conversation
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
from
ca5b983 to
207f2ad
Compare
tomi-font
changed the title
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
from
be416d5 to
fdd3558
Compare
|
|
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
2 times, most recently
from
5c9471a to
bba025b
Compare
LuDuda
left a comment
LuDuda
left a comment
There was a problem hiding this comment.
LGTM 👍
@kkasperczyk-no can you take a look from commits perspective? There are few noups and toups. At some point we would need to upstream the commits -> though upstream might need some #ifdefs for mbedTLS version as paths changed..
|
Thanks for having a look @LuDuda! And yes, definitely take a look at the changes we made (in the |
Unless there is a very important reason for keeping it as a nordic patch I would suggest making all commits as nrf toups, so we could contribute it and would not need to maintain the no up in the future. And yes, if changing include paths is required probably it would be a good idea to use ifdef with mbedtls version, otherwise it will fail for the other platforms that have not switched to newer version yet. Alternative solution is using ifdef for CHIP_PLATFORM_NRFCONNECT, but this is a last resort solution in the common files. |
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
2 times, most recently
from
a0da682 to
a1645ce
Compare
LuDuda
left a comment
LuDuda
left a comment
There was a problem hiding this comment.
LGTM 👍
Changes seems fine and reasonable. Thanks.
This option is removed from NCS. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
To PSA_KEY_ID_FROM_CRACEN_KMU_SLOT. Renaming was done in sdk-nrf. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With the new TF-PSA-CRYPTO there are renames in the variables: MBEDTLS_PSA_CRYPTO_CONFIG_FILE -> TF_PSA_CRYPTO_CONFIG_FILE MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -> TF_PSA_CRYPTO_USER_CONFIG_FILE Rename these variables accordingly here. Noup as the upstream repo still compiles with mbedTLS 3.6.5 which does not have these names. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
This is not used anymore when TLS is not enabled. I need to double check if this causes any problem when TLS is enabled and remove this message later :) Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
It has been removed. Replace it with CONFIG_PSA_CRYPTO. In addition, fix some spacing issues in the same file. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Remove options that are gone. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The mbedTLS legacy crypto library with Oberon is not available with the new TF-PSA-Crypto and thus this Kconfig option is removed. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
2 times, most recently
from
952709f to
ee07117
Compare
Guard the includes depending on the Mbed TLS version. Also ecp.h now lives inside the TF-PSA-Crypto repo, and they chaged the path add a private prefix, so adapt to that as well. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
x509_csr.h seems to be unsed in CHIPCryptoPALPSA.cpp so remove it. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Guard all the mbedTLS related includes based on the CHIP_CRYPTO_USE_X509 define, since when this is not defined all the functions in the file seem to just return an error of not supported and thus the includes are not used. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
tomi-font
force-pushed
the
mbedtls_update_4.1.0
branch
from
ee07117 to
cc79ba8
Compare
6 participants
manifest-pr-skip
Testing
NCS PR: nrfconnect/sdk-nrf/pull/28496