diff --git a/ci/espressif_run.sh b/ci/espressif_run.sh index 74b77cbbc..90e9556c8 100755 --- a/ci/espressif_run.sh +++ b/ci/espressif_run.sh @@ -9,6 +9,11 @@ IDF_PATH="${HOME}/esp-idf" set -eo pipefail +revert_mcuboot() { + (cd "${MCUBOOT_ROOTDIR}/ext/mbedtls"; + git checkout v3.0.0) +} + prepare_environment() { # Prepare the environment for ESP-IDF @@ -44,6 +49,7 @@ build_mcuboot() { cmake --build "${build_dir}"/ } +revert_mcuboot prepare_environment if [ -n "${MCUBOOT_FEATURES}" ]; then diff --git a/ext/mbedtls b/ext/mbedtls index 8df2f8e7b..2ca6c285a 160000 --- a/ext/mbedtls +++ b/ext/mbedtls @@ -1 +1 @@ -Subproject commit 8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b +Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206 diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs index ea17d8014..88003d660 100644 --- a/sim/mcuboot-sys/build.rs +++ b/sim/mcuboot-sys/build.rs @@ -108,6 +108,7 @@ fn main() { conf.file("../../ext/mbedtls/library/chachapoly.c"); conf.file("../../ext/mbedtls/library/cipher.c"); conf.file("../../ext/mbedtls/library/cipher_wrap.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); conf.file("../../ext/mbedtls/library/ctr_drbg.c"); conf.file("../../ext/mbedtls/library/des.c"); conf.file("../../ext/mbedtls/library/ecdsa.c"); @@ -130,7 +131,6 @@ fn main() { conf.file("../../ext/mbedtls/library/psa_crypto.c"); conf.file("../../ext/mbedtls/library/psa_crypto_cipher.c"); conf.file("../../ext/mbedtls/library/psa_crypto_client.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_driver_wrappers.c"); conf.file("../../ext/mbedtls/library/psa_crypto_ecp.c"); conf.file("../../ext/mbedtls/library/psa_crypto_hash.c"); conf.file("../../ext/mbedtls/library/psa_crypto_mac.c"); @@ -138,6 +138,7 @@ fn main() { conf.file("../../ext/mbedtls/library/psa_crypto_slot_management.c"); conf.file("../../ext/mbedtls/library/psa_crypto_storage.c"); conf.file("../../ext/mbedtls/library/psa_its_file.c"); + conf.file("../../ext/mbedtls/library/psa_util.c"); conf.file("../../ext/mbedtls/library/ripemd160.c"); conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c"); conf.file("../../ext/mbedtls/library/sha1.c"); @@ -169,6 +170,9 @@ fn main() { conf.file("../../ext/mbedtls/library/rsa.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/platform.c"); conf.file("../../ext/mbedtls/library/platform_util.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); @@ -202,6 +206,9 @@ fn main() { conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecdsa.c"); conf.file("../../ext/mbedtls/library/ecp.c"); conf.file("../../ext/mbedtls/library/ecp_curves.c"); @@ -221,6 +228,9 @@ fn main() { conf.file("csupport/keys.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecp.c"); conf.file("../../ext/mbedtls/library/ecp_curves.c"); conf.file("../../ext/mbedtls/library/platform.c"); @@ -282,6 +292,9 @@ fn main() { conf.file("../../ext/mbedtls/library/md.c"); conf.file("../../ext/mbedtls/library/aes.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); } @@ -305,6 +318,7 @@ fn main() { conf.conf.include("../../ext/mbedtls/library"); conf.file("../../ext/mbedtls/library/platform_util.c"); conf.file("../../ext/mbedtls/library/nist_kw.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); conf.file("../../ext/mbedtls/library/cipher.c"); conf.file("../../ext/mbedtls/library/cipher_wrap.c"); conf.file("../../ext/mbedtls/library/aes.c"); @@ -369,6 +383,9 @@ fn main() { conf.file("../../ext/mbedtls/library/sha256.c"); conf.file("../../ext/mbedtls/library/asn1parse.c"); conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/bignum_core.c"); + conf.file("../../ext/mbedtls/library/constant_time.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); conf.file("../../ext/mbedtls/library/ecdh.c"); conf.file("../../ext/mbedtls/library/md.c"); conf.file("../../ext/mbedtls/library/aes.c"); diff --git a/sim/mcuboot-sys/csupport/config-ec-psa.h b/sim/mcuboot-sys/csupport/config-ec-psa.h index 5dbb4956e..309739838 100644 --- a/sim/mcuboot-sys/csupport/config-ec-psa.h +++ b/sim/mcuboot-sys/csupport/config-ec-psa.h @@ -22,6 +22,7 @@ #define MBEDTLS_BIGNUM_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C +#define MBEDTLS_CIPHER_C #if defined(MCUBOOT_SIGN_EC384) #define MBEDTLS_SHA384_C #define MBEDTLS_SHA512_C diff --git a/sim/mcuboot-sys/csupport/config-rsa-kw.h b/sim/mcuboot-sys/csupport/config-rsa-kw.h index e06debf47..43f47b4c4 100644 --- a/sim/mcuboot-sys/csupport/config-rsa-kw.h +++ b/sim/mcuboot-sys/csupport/config-rsa-kw.h @@ -63,6 +63,7 @@ /* mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C @@ -72,10 +73,6 @@ #define MBEDTLS_CIPHER_C #define MBEDTLS_NIST_KW_C -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 2048 -#define MBEDTLS_MPI_MAX_SIZE 256 - #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */