From 8356b69339f21fdcf357dcb497441265e5cb0ed2 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Wed, 22 Jan 2025 15:47:59 +0000 Subject: [PATCH 1/2] [nrf fromtree] modules: mbedtls: Provide CONFIG_MBEDTLS_ASN1_PARSE_C The commit exports control of MBEDTLS_ASN1_PARSE_C, in mbedTLS module, via Kconfig. This allows applications to use ASN1 parser independently from other functions. Signed-off-by: Dominik Ermel (cherry picked from commit e8589d232b0d050edbb8709aab8391a50eb0b3b1) --- modules/mbedtls/Kconfig.tls-generic | 4 ++++ modules/mbedtls/configs/config-tls-generic.h | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic index f2e73ffaf258..f19171be33d1 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.tls-generic @@ -149,6 +149,7 @@ config MBEDTLS_ECDH_C config MBEDTLS_ECDSA_C bool "Elliptic curve DSA library" depends on MBEDTLS_ECP_C + select MBEDTLS_ASN1_PARSE_C config MBEDTLS_ECJPAKE_C bool "Elliptic curve J-PAKE library" @@ -402,6 +403,9 @@ endif # !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) config MBEDTLS_GENPRIME_ENABLED bool "prime-number generation code." +config MBEDTLS_ASN1_PARSE_C + bool "Support for ASN1 parser functions" + config MBEDTLS_PEM_CERTIFICATE_FORMAT bool "Support for PEM certificate format" help diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 9d46e3be4824..a605257668d9 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -431,7 +431,7 @@ #define MBEDTLS_PK_C #endif -#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_USE_C) +#if defined(CONFIG_MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_USE_C) #define MBEDTLS_ASN1_PARSE_C #endif From 85ceb576755388eab5dfc72047f456ec4ba36a9b Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 14 Mar 2025 17:39:41 +0000 Subject: [PATCH 2/2] [nrf fromlist] modules: mbedtls: Expose MBEDTLS_PLATFORM_NO_STD_FUNCTIONS The commit adds Kconfig options that allows users to select - MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - MBEDTLS_PLATFORM_SNPRINTF_ALT allowing Mbed TLS to use alternative definitions of STD functions. Upstream PR #: 87135 Signed-off-by: Dominik Ermel --- modules/mbedtls/Kconfig.tls-generic | 22 ++++++++++++++++++++ modules/mbedtls/configs/config-tls-generic.h | 8 +++++++ 2 files changed, 30 insertions(+) diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic index f19171be33d1..9214d3878caa 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.tls-generic @@ -406,6 +406,28 @@ config MBEDTLS_GENPRIME_ENABLED config MBEDTLS_ASN1_PARSE_C bool "Support for ASN1 parser functions" +config MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + bool "Remove usage of standard libc functions" + help + This prevents Mbed TLS from linking against the following standard functions + from libc: `snprintf`, `vsnprintf`, `printf`, `fprintf`, `calloc`, `free`, `setbuf`, `exit` + and `time`. By default Mbed TLS will use stub functions for all these functions. + These stubs are just meant to return successfully, but they don't implement + the required functionality. + Users can individually override each of these stubs by calling + `mbedtls_platform_set_xxx()` to set the their implementation of `xxx()` function + at runtime. + +if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + +config MBEDTLS_PLATFORM_SNPRINTF_ALT + bool "Allow setting custom snprintf at run-time" + help + Allow setting a custom `snprintf()` function with `mbedtls_platform_set_snprintf()`. + Include `mbedtls/platform.h` for the prototype of this function. + +endif # MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + config MBEDTLS_PEM_CERTIFICATE_FORMAT bool "Support for PEM certificate format" help diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index a605257668d9..1165314f1182 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -23,6 +23,14 @@ #define MBEDTLS_PLATFORM_ZEROIZE_ALT #endif +#if defined(CONFIG_MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#endif /* defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) */ + +#if defined(CONFIG_MBEDTLS_PLATFORM_SNPRINTF_ALT) +#define MBEDTLS_PLATFORM_SNPRINTF_ALT +#endif /* defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) */ + #if defined(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR) #define MBEDTLS_ENTROPY_HARDWARE_ALT #else