Open
Conversation
…fig.h Move TizenRT platform-specific settings (HAVE_TIME_DATE guard, deprecated warning flag, ECP optimisation, SSL cache size, ciphersuite list, etc.) out of the upstream-tracking mbedtls_config.h and into mbedtls_tizenrt_config.h. Also enable additional cipher modules (ARIA, CHACHA20, CHACHAPOLY, NIST_KW, CURVE448) and restore upstream defaults for ECP window size and MPI max size. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 and the associated CAEnableAnonECDHCipherSuite() API entirely: - ssl_ciphersuites.h/.c: drop cipher-suite define and MBEDTLS_KEY_EXCHANGE_ECDH_ANON - casecurityinterface.h: remove CAEnableAnonECDHCipherSuite() declaration - caconnectivitymanager.c: remove CAEnableAnonECDHCipherSuite() implementation - ca_adapter_net_ssl.c: remove SSL_ECDH_ANON enum value and related cipher mapping/selection logic - oxmjustworks.c: stop enabling anonymous cipher suite during JustWorks provisioning - doxmresource.c: remove all CAEnableAnonECDHCipherSuite() call sites - ssladapter_test.cpp: remove anonymous cipher suite test case Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The function is OCF/IoTivity-specific, so guard both the declaration (ssl.h) and the definition (ssl_tls.c) with MBEDTLS_OCF_PATCH instead of the broader MBEDTLS_TIZENRT_PATCH. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…context The server_raw_public_key and client_raw_public_key fields in mbedtls_ecdh_context have no users in the codebase; remove them. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upgrade mbedtls to 4.1.0 (tf-psa-crypto 1.1.0) and adapt all
hardware acceleration to the new PSA crypto driver model.
mbedtls 4.1.0 removes all MBEDTLS_*_ALT hook mechanisms. Hardware
acceleration must now be provided as PSA transparent/opaque drivers.
New PSA driver files (alt/):
- tizenrt_psa_driver.h/c : ECC opaque driver (ECDH + ECDSA sign/verify)
Private keys stay inside Samsung SE; PSA key buffer holds only the
hardware slot reference {key_index, key_type}.
- tizenrt_psa_cipher_driver.c : AES transparent cipher driver
(ECB/CBC/CTR/CFB128). Unsupported modes fall through to software.
- entropy_poll_alt.c : hardware RNG via mbedtls_platform_get_entropy()
(replaces MBEDTLS_ENTROPY_HARDWARE_ALT / mbedtls_hardware_poll()).
- ms_time_alt.c : mbedtls_ms_time() via clock_gettime(CLOCK_MONOTONIC)
(TizenRT does not define _POSIX_VERSION so the built-in path fails).
Driver dispatch wiring:
- psa_crypto_driver_wrappers.h : added TIZENRT_SSS_OPAQUE_DRIVER_ID,
TIZENRT_TRANSPARENT_CIPHER_DRIVER_ID and all dispatch cases.
- psa_crypto_driver_wrappers_no_static.c : added opaque key buffer-size
and public-key export cases for PSA_KEY_LOCATION_TIZENRT_SSS.
- psa/crypto_driver_contexts_primitives.h : added
tizenrt_transparent_cipher_operation_t and tizenrt_ctx union member.
Build system:
- alt/Make.defs: compile new files under CONFIG_SE / CONFIG_HW_ECDH_PARAM /
CONFIG_HW_ECDSA_VERIFICATION / CONFIG_HW_AES_ENC / CONFIG_HW_RNG guards;
define -DTIZENRT_PSA_DRIVER_PRESENT and -DMBEDTLS_PSA_DRIVER_GET_ENTROPY.
- Makefile: add psa_crypto_driver_wrappers_no_static.c to SRC_PSA_CSRCS.
Config / porting fixes:
- mbedtls_config.c / tf_psa_crypto_config.c: remove auto-generated check
headers (CMake artefacts); keep only manually-written checks.
- psa/crypto_config.h: guard MBEDTLS_PSA_BUILTIN_GET_ENTROPY so it is
disabled when MBEDTLS_PSA_DRIVER_GET_ENTROPY is active; add
MBEDTLS_PLATFORM_MS_TIME_ALT alongside MBEDTLS_HAVE_TIME.
- net_sockets.c: fix errno assignment (set_errno()), add FD_SETSIZE from
__SELECT_NDESCRIPTORS, fix socklen_t detection for TizenRT.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.