ext: lib: crypto: Generic mbedtls config file #8852
Conversation
This commits provides a config file for mbedtls that can be modifed by Kconfig. In result features like supported ciphersuites can be easily adjusted from Kconfig. Signed-off-by: Robert Lubos <[email protected]>
Default configuration of config-tls-generic.h mimics the current default config file configuration - config-mini-tls1_2.h, thererfore it can be safely used instead of it. Signed-off-by: Robert Lubos <[email protected]>
Use the new, default mbedTLS config file in TLS configuration of echo_client and echo_server. Signed-off-by: Robert Lubos <[email protected]>
rlubos
force-pushed
the
generic-mbedtls-config
branch
from
2b508a0 to
c722189
Compare
Codecov Report
@@ Coverage Diff @@
## master #8852 +/- ##
=======================================
Coverage 52.32% 52.32%
=======================================
Files 195 195
Lines 24730 24730
Branches 5140 5140
=======================================
Hits 12941 12941
Misses 9715 9715
Partials 2074 2074Continue to review full report at Codecov.
|
| By default only DER (binary) format of certificates is supported. Enable | ||
| this option to enable support for PEM format. | ||
|
|
||
| config TLS_USER_CONFIG_ENABLE |
There was a problem hiding this comment.
Did you consider having just a single Kconfig options for this? E.g. if TLS_USER_CONFIG_FILE is defined to non-empty value, #include it?
There was a problem hiding this comment.
Yes, that was my initial thought, but that would require to check for an empty string in preprocessor, and I didn't find an easy way to do that. Any suggestions on this?
There was a problem hiding this comment.
Yeah, I never thought what #if "" would evaluate too, but it's actually an error to use strings in #if at all:
a.c:1:11: error: token ""foo"" is not valid in preprocessor expressions
#define a "foo"
^
a.c:3:5: note: in expansion of macro ‘a’
#if a
^
So, nevermind.
|
@pfalcon Yes, there are no dependencies between these PRs. |
5 participants
Part of #7118.
This PR adds a generic config file for mbedTLS, that can be altered with Kconfig.
The idea behind this is to simplify TLS configuration for end-user. User can use Kconfig to select supported TLS algorithms, and the config file will automatically satisfy dependencies. It has been used with #7118, yet for this PR it has been freed from secure socket dependencies and improved a little bit.
For configs not covered by the generic config file (e. g. buffer sizes), a user can specify user config, that will be included at the end of generic config (similar behaviour as in the template config provided with mbedTLS).
The default configuration for
config-tls-generic.hmimics the configuration ofconfig-mini-tls1_2.h, hence it was set as a default config file. Tested withecho_client/echo_serversamples with correspondingnet-toolsutils.