mirror/pico-sdk
1
0
Fork 0
mirror of https://github.com/raspberrypi/pico-sdk.git synced 2025-04-16 23:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update mbedtls, lwip and cyw43-driver (#2405)

Browse Source 
* Update LwIP to 2.2.1
* Update to mbedtls to 3.6.1
* Update lib/cyw43-driver to 1.1.0
* Support using a more recent version of mbedtls
altcp_tls_mbedtls.c is not compatible with mbedtls 3.x so use a
patched version until this is resolved.
* Make sure MBEDTLS_VERSION_MAJOR is visible to LwIP.
* Test mbedtls in kitchen sink
* Add mbedtls to bazel
This commit is contained in:
Peter Harper 2025-04-11 17:14:02 +01:00 committed by GitHub
parent 93ea261677
commit d47c0c89ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 1724 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/cmake.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
uses: actions/checkout@v4
- name: Checkout submodules
run: git submodule update --init
run: git submodule update --init --recursive
- name: Create Build Environment
# Some projects don't allow in-source building, so create a separate build directory

11
MODULE.bazel
View File

@ -106,7 +106,7 @@ new_git_repository(
new_git_repository(
name = "cyw43-driver",
build_file = "//src/rp2_common/pico_cyw43_driver:cyw43-driver.BUILD",
commit = "c1075d4bc440422cf2b2fd12c64a1f53f77660ee", # keep-in-sync-with-submodule: lib/cyw43-driver
commit = "dd7568229f3bf7a37737b9e1ef250c26efe75b23", # keep-in-sync-with-submodule: lib/cyw43-driver
remote = "https://github.com/georgerobotics/cyw43-driver.git",
)
@ -114,10 +114,17 @@ new_git_repository(
new_git_repository(
name = "lwip",
build_file = "//src/rp2_common/pico_lwip:lwip.BUILD",
commit = "0a0452b2c39bdd91e252aef045c115f88f6ca773", # keep-in-sync-with-submodule: lib/lwip
commit = "77dcd25a72509eb83f72b033d219b1d40cd8eb95", # keep-in-sync-with-submodule: lib/lwip
remote = "https://github.com/lwip-tcpip/lwip.git",
)
new_git_repository(
name = "mbedtls",
build_file = "//src/rp2_common/pico_mbedtls:mbedtls.BUILD",
commit = "107ea89daaefb9867ea9121002fbbdf926780e98", # keep-in-sync-with-submodule: lib/mbedtls
remote = "https://github.com/Mbed-TLS/mbedtls.git",
)
register_toolchains(
"//bazel/toolchain:linux-aarch64-rp2040",
"//bazel/toolchain:linux-aarch64-rp2350",

6
bazel/config/BUILD.bazel
View File

@ -294,3 +294,9 @@ label_flag(
name = "PICO_FREERTOS_LIB",
build_setting_default = "//bazel:empty_cc_lib",
)
# PICO_BAZEL_CONFIG: PICO_MBEDTL_CONFIG, [Bazel only] The cc_library that provides mbedtls_config.h, default=//bazel:empty_cc_lib, group=pico_mbedtls
label_flag(
name = "PICO_MBEDTLS_CONFIG",
build_setting_default = "//bazel:empty_cc_lib",
)

6
bazel/constraint/BUILD.bazel
View File

@ -252,3 +252,9 @@ label_flag_matches(
flag = "//bazel/config:PICO_FREERTOS_LIB",
value = "//bazel:empty_cc_lib",
)
label_flag_matches(
name = "pico_mbedtls_config_unset",
flag = "//bazel/config:PICO_MBEDTLS_CONFIG",
value = "//bazel:empty_cc_lib",
)

2
bazel/util/transition.bzl
View File

@ -114,6 +114,7 @@ kitchen_sink_test_binary = declare_transtion(
attrs = {
"bt_stack_config": attr.label(mandatory = True),
"lwip_config": attr.label(mandatory = True),
"mbedtls_config": attr.label(mandatory = True),
"enable_ble": attr.bool(default = False),
"enable_bt_classic": attr.bool(default = False),
# This could be shared, but we don't in order to make it clearer that
@ -127,6 +128,7 @@ kitchen_sink_test_binary = declare_transtion(
"@pico-sdk//bazel/config:PICO_LWIP_CONFIG": "lwip_config",
"@pico-sdk//bazel/config:PICO_BT_ENABLE_BLE": "enable_ble",
"@pico-sdk//bazel/config:PICO_BT_ENABLE_CLASSIC": "enable_bt_classic",
"@pico-sdk//bazel/config:PICO_MBEDTLS_CONFIG": "mbedtls_config",
},
)

1
docs/index.h
View File

@ -80,6 +80,7 @@
* \defgroup tinyusb_device tinyusb_device
* \defgroup tinyusb_host tinyusb_host
* \endcond
* \cond pico_mbedtls \defgroup pico_mbedtls pico_mbedtls \endcond
* @}
*
* \defgroup networking Networking Libraries

2
lib/cyw43-driver

@ -1 +1 @@
Subproject commit c1075d4bc440422cf2b2fd12c64a1f53f77660ee
Subproject commit dd7568229f3bf7a37737b9e1ef250c26efe75b23

2
lib/lwip

@ -1 +1 @@
Subproject commit 0a0452b2c39bdd91e252aef045c115f88f6ca773
Subproject commit 77dcd25a72509eb83f72b033d219b1d40cd8eb95

2
lib/mbedtls

@ -1 +1 @@
Subproject commit 5a764e5555c64337ed17444410269ff21cb617b1
Subproject commit 107ea89daaefb9867ea9121002fbbdf926780e98

2
src/cmake/rp2_common.cmake
View File

@ -127,9 +127,9 @@ if (NOT PICO_BARE_METAL)
pico_add_subdirectory(rp2_common/pico_async_context)
pico_add_subdirectory(rp2_common/pico_btstack)
pico_add_subdirectory(rp2_common/pico_cyw43_driver)
pico_add_subdirectory(rp2_common/pico_mbedtls)
pico_add_subdirectory(rp2_common/pico_lwip)
pico_add_subdirectory(rp2_common/pico_cyw43_arch)
pico_add_subdirectory(rp2_common/pico_mbedtls)
pico_add_subdirectory(rp2_common/pico_time_adapter)

1
src/rp2_common/pico_btstack/CMakeLists.txt
View File

@ -1,3 +1,4 @@
# PICO_CMAKE_CONFIG: PICO_BTSTACK_PATH, Path to an alternative version of btstack overriding the version in pico-sdk/libs/btstack. Can be passed to cmake or set in your environment, type=string, group=pico_btstack
if (DEFINED ENV{PICO_BTSTACK_PATH} AND (NOT PICO_BTSTACK_PATH))
set(PICO_BTSTACK_PATH $ENV{PICO_BTSTACK_PATH})
message("Using PICO_BTSTACK_PATH from environment ('${PICO_BTSTACK_PATH}')")

1
src/rp2_common/pico_cyw43_driver/CMakeLists.txt
View File

@ -1,3 +1,4 @@
# PICO_CMAKE_CONFIG: PICO_CYW43_DRIVER_PATH, Path to an alternative version of cyw43-driver overriding the version in pico-sdk/libs/cyw43-driver, type=string, group=pico_cyw43_driver
if (DEFINED ENV{PICO_CYW43_DRIVER_PATH} AND (NOT PICO_CYW43_DRIVER_PATH))
set(PICO_CYW43_DRIVER_PATH $ENV{PICO_CYW43_DRIVER_PATH})
message("Using PICO_CYW43_DRIVER_PATH from environment ('${PICO_CYW43_DRIVER_PATH}')")

9
src/rp2_common/pico_lwip/BUILD.bazel
View File

@ -131,14 +131,15 @@ alias(
actual = "@lwip//:pico_lwip_tftp",
)
alias(
cc_library(
name = "pico_lwip_mbedtls",
actual = "@lwip//:pico_lwip_mbedtls",
srcs = ["altcp_tls_mbedtls.c"],
deps = ["@lwip//:pico_lwip_mbedtls"],
)
alias(
name = "pico_lwip_mqttt",
actual = "@lwip//:pico_lwip_mqttt",
name = "pico_lwip_mqtt",
actual = "@lwip//:pico_lwip_mqtt",
)
alias(

18
src/rp2_common/pico_lwip/CMakeLists.txt
View File

@ -1,3 +1,4 @@
# PICO_CMAKE_CONFIG: PICO_LWIP_PATH, Path to an alternative version of lwip overriding the version in pico-sdk/libs/lwip. Can be passed to cmake or set in your environment, type=string, group=pico_lwip
if (DEFINED ENV{PICO_LWIP_PATH} AND (NOT PICO_LWIP_PATH))
set(PICO_LWIP_PATH $ENV{PICO_LWIP_PATH})
message("Using PICO_LWIP_PATH from environment ('${PICO_LWIP_PATH}')")
@ -234,14 +235,29 @@ if (EXISTS ${PICO_LWIP_PATH}/${LWIP_TEST_PATH})
${PICO_LWIP_PATH}/src/apps/tftp/tftp.c
)
# Mbed TLS files
pico_add_library(pico_lwip_mbedtls NOFLAG)
target_sources(pico_lwip_mbedtls INTERFACE
${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls_mem.c
${PICO_LWIP_PATH}/src/apps/snmp/snmpv3_mbedtls.c
)
# altcp_tls_mbedtls.c is not compatible with mbedtls 3.x so use a patched version until this is resolved
# See https://savannah.nongnu.org/patch/index.php?10448
if (MBEDTLS_VERSION_MAJOR AND MBEDTLS_VERSION_MAJOR GREATER_EQUAL 3)
target_sources(pico_lwip_mbedtls INTERFACE
${CMAKE_CURRENT_LIST_DIR}/altcp_tls_mbedtls.c
)
target_include_directories(pico_lwip_mbedtls INTERFACE
${PICO_LWIP_PATH}/src/apps/altcp_tls
)
else()
target_sources(pico_lwip_mbedtls INTERFACE
${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
)
endif()
# MQTT client files
pico_add_library(pico_lwip_mqtt NOFLAG)
target_sources(pico_lwip_mqtt INTERFACE

1401
src/rp2_common/pico_lwip/altcp_tls_mbedtls.c Normal file
View File

File diff suppressed because it is too large Load Diff

22
src/rp2_common/pico_lwip/lwip.BUILD
View File

@ -25,7 +25,15 @@ cc_library(
deps = [
":pico_lwip_headers",
"@pico-sdk//bazel/config:PICO_LWIP_CONFIG",
],
]
# altcp_alloc.c *might* depend on mbedtls
+ select({
"@pico-sdk//bazel/constraint:pico_mbedtls_config_unset": [],
"//conditions:default": [
"@pico-sdk//src/rp2_common/pico_mbedtls:pico_mbedtls_library",
]
})
,
target_compatible_with = incompatible_with_config("@pico-sdk//bazel/constraint:pico_lwip_config_unset")
)
@ -138,15 +146,21 @@ cc_library(
cc_library(
name = "pico_lwip_mbedtls",
srcs = [
"src/apps/altcp_tls/altcp_tls_mbedtls.c",
# This source file has issues with mbedtls 3.x
# See https://savannah.nongnu.org/patch/index.php?10448
#"src/apps/altcp_tls/altcp_tls_mbedtls.c",
"src/apps/altcp_tls/altcp_tls_mbedtls_mem.c",
"src/apps/snmp/snmpv3_mbedtls.c",
],
deps = [":pico_lwip_core"],
includes = ["src/apps/altcp_tls"],
deps = [
":pico_lwip_core",
"@pico-sdk//src/rp2_common/pico_mbedtls:pico_mbedtls_config"
],
)
cc_library(
name = "pico_lwip_mqttt",
name = "pico_lwip_mqtt",
srcs = ["src/apps/mqtt/mqtt.c"],
deps = [":pico_lwip_core"],
)

21
src/rp2_common/pico_mbedtls/BUILD.bazel
View File

@ -2,6 +2,13 @@ load("//bazel:defs.bzl", "compatible_with_rp2")
package(default_visibility = ["//visibility:public"])
cc_library(
name = "pico_mbedtls_config",
includes = ["include"],
hdrs = ["include/pico_mbedtls_config.h"],
defines = ['MBEDTLS_CONFIG_FILE=\\"pico_mbedtls_config.h\\"'],
)
cc_library(
name = "pico_mbedtls",
srcs = ["pico_mbedtls.c"],
@ -9,9 +16,17 @@ cc_library(
includes = ["include"],
target_compatible_with = compatible_with_rp2(),
deps = [
"//bazel/config:PICO_MBEDTLS_LIB",
":pico_mbedtls_library",
":pico_mbedtls_config",
"//src/rp2_common:pico_platform",
"//src/rp2_common/pico_rand",
"//src/rp2_common/pico_sha256",
],
] + select({
"//bazel/constraint:rp2350": [ "//src/rp2_common/pico_sha256" ],
"//conditions:default": [ ],
}),
)
alias(
name = "pico_mbedtls_library",
actual = "@mbedtls//:pico_mbedtls_library",
)

307
src/rp2_common/pico_mbedtls/CMakeLists.txt
View File

@ -1,3 +1,4 @@
# PICO_CMAKE_CONFIG: PICO_MBEDTLS_PATH, Path to an alternative version of mbedtls overriding the version in pico-sdk/libs/mbedtls. Can be passed to cmake or set in your environment, type=string, group=pico_mbedtls
if (DEFINED ENV{PICO_MBEDTLS_PATH} AND (NOT PICO_MBEDTLS_PATH))
set(PICO_MBEDTLS_PATH $ENV{PICO_MBEDTLS_PATH})
message("Using PICO_MBEDTLS_PATH from environment ('${PICO_MBEDTLS_PATH}')")
@ -15,117 +16,168 @@ if (EXISTS ${PICO_MBEDTLS_PATH}/${MBEDTLS_TEST_PATH})
pico_register_common_scope_var(PICO_MBEDTLS_PATH)
set(src_crypto
aes.c
aesni.c
arc4.c
aria.c
asn1parse.c
asn1write.c
base64.c
bignum.c
blowfish.c
camellia.c
ccm.c
chacha20.c
chachapoly.c
cipher.c
cipher_wrap.c
constant_time.c
cmac.c
ctr_drbg.c
des.c
dhm.c
ecdh.c
ecdsa.c
ecjpake.c
ecp.c
ecp_curves.c
entropy.c
entropy_poll.c
error.c
gcm.c
havege.c
hkdf.c
hmac_drbg.c
md.c
md2.c
md4.c
md5.c
memory_buffer_alloc.c
mps_reader.c
mps_trace.c
nist_kw.c
oid.c
padlock.c
pem.c
pk.c
pk_wrap.c
pkcs12.c
pkcs5.c
pkparse.c
pkwrite.c
platform.c
platform_util.c
poly1305.c
psa_crypto.c
psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
psa_crypto_driver_wrappers.c
psa_crypto_ecp.c
psa_crypto_hash.c
psa_crypto_mac.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_its_file.c
ripemd160.c
rsa.c
rsa_internal.c
sha1.c
sha256.c
sha512.c
threading.c
timing.c
version.c
version_features.c
xtea.c
)
list(TRANSFORM src_crypto PREPEND ${PICO_MBEDTLS_PATH}/library/)
# Support version 2.28.8 or 3.6.2
if (NOT MBEDTLS_VERSION_MAJOR)
if (EXISTS ${PICO_MBEDTLS_PATH}/library/ssl_cli.c)
set(MBEDTLS_VERSION_MAJOR 2)
elseif (EXISTS ${PICO_MBEDTLS_PATH}/library/ssl_client.c)
set(MBEDTLS_VERSION_MAJOR 3)
else()
message(WARNING "Cannot determine the version of mbedtls")
endif()
pico_register_common_scope_var(MBEDTLS_VERSION_MAJOR)
endif()
function(src_crypto_list)
set(src_crypto
aes.c
aesni.c
aria.c
asn1parse.c
asn1write.c
base64.c
bignum.c
camellia.c
ccm.c
chacha20.c
chachapoly.c
cipher.c
cipher_wrap.c
constant_time.c
cmac.c
ctr_drbg.c
des.c
dhm.c
ecdh.c
ecdsa.c
ecjpake.c
ecp.c
ecp_curves.c
entropy.c
entropy_poll.c
error.c
gcm.c
hkdf.c
hmac_drbg.c
md.c
md5.c
memory_buffer_alloc.c
mps_reader.c
mps_trace.c
nist_kw.c
oid.c
padlock.c
pem.c
pk.c
pk_wrap.c
pkcs12.c
pkcs5.c
pkparse.c
pkwrite.c
platform.c
platform_util.c
poly1305.c
psa_crypto.c
psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
psa_crypto_ecp.c
psa_crypto_hash.c
psa_crypto_mac.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
psa_crypto_storage.c
psa_its_file.c
ripemd160.c
rsa.c
sha1.c
sha256.c
sha512.c
threading.c
timing.c
version.c
version_features.c
)
if (MBEDTLS_VERSION_MAJOR EQUAL 2)
list(APPEND src_crypto
arc4.c
blowfish.c
havege.c
md2.c
md4.c
psa_crypto_driver_wrappers.c
rsa_internal.c xtea.c
)
elseif (MBEDTLS_VERSION_MAJOR EQUAL 3)
list(APPEND src_crypto
bignum_core.c
rsa_alt_helpers.c
pk_ecc.c
)
endif()
list(TRANSFORM src_crypto PREPEND ${PICO_MBEDTLS_PATH}/library/)
set(src_crypto ${src_crypto} PARENT_SCOPE)
endfunction()
src_crypto_list()
pico_add_library(pico_mbedtls_crypto NOFLAG)
target_sources(pico_mbedtls_crypto INTERFACE ${src_crypto})
set(src_x509
certs.c
pkcs11.c
x509.c
x509_create.c
x509_crl.c
x509_crt.c
x509_csr.c
x509write_crt.c
x509write_csr.c
)
list(TRANSFORM src_x509 PREPEND ${PICO_MBEDTLS_PATH}/library/)
function(src_x509_list)
set(src_x509
x509.c
x509_create.c
x509_crl.c
x509_crt.c
x509_csr.c
x509write_crt.c
x509write_csr.c
)
if (MBEDTLS_VERSION_MAJOR EQUAL 2)
list(APPEND src_x509
certs.c
pkcs11.c
)
endif()
list(TRANSFORM src_x509 PREPEND ${PICO_MBEDTLS_PATH}/library/)
set(src_x509 ${src_x509} PARENT_SCOPE)
endfunction()
src_x509_list()
pico_add_library(pico_mbedtls_x509 NOFLAG)
target_sources(pico_mbedtls_x509 INTERFACE ${src_x509})
set(src_tls
debug.c
net_sockets.c
ssl_cache.c
ssl_ciphersuites.c
ssl_cli.c
ssl_cookie.c
ssl_msg.c
ssl_srv.c
ssl_ticket.c
ssl_tls.c
ssl_tls13_keys.c
)
list(TRANSFORM src_tls PREPEND ${PICO_MBEDTLS_PATH}/library/)
function(src_tls_list)
set(src_tls
debug.c
net_sockets.c
ssl_cache.c
ssl_ciphersuites.c
ssl_cookie.c
ssl_msg.c
ssl_ticket.c
ssl_tls.c
ssl_tls13_keys.c
)
if (MBEDTLS_VERSION_MAJOR EQUAL 2)
list(APPEND src_tls
ssl_cli.c
ssl_srv.c
)
elseif (MBEDTLS_VERSION_MAJOR EQUAL 3)
list(APPEND src_tls
ssl_client.c
ssl_debug_helpers_generated.c
ssl_tls12_client.c
ssl_tls12_server.c
)
endif()
list(TRANSFORM src_tls PREPEND ${PICO_MBEDTLS_PATH}/library/)
set(src_tls ${src_tls} PARENT_SCOPE)
endfunction()
src_tls_list()
pico_add_library(pico_mbedtls_tls NOFLAG)
target_sources(pico_mbedtls_tls INTERFACE ${src_tls})
@ -134,7 +186,12 @@ if (EXISTS ${PICO_MBEDTLS_PATH}/${MBEDTLS_TEST_PATH})
if (DEFINED PICO_MBEDTLS_CONFIG_FILE)
target_compile_definitions(pico_mbedtls_headers INTERFACE MBEDTLS_CONFIG_FILE="${PICO_MBEDTLS_CONFIG_FILE}")
else()
target_compile_definitions(pico_mbedtls_headers INTERFACE MBEDTLS_CONFIG_FILE="mbedtls_config.h")
if (MBEDTLS_VERSION_MAJOR EQUAL 2)
target_compile_definitions(pico_mbedtls_headers INTERFACE MBEDTLS_CONFIG_FILE="mbedtls_config.h")
else()
# Avoid including mbedtls/include/mbedtls_config.h
target_compile_definitions(pico_mbedtls_headers INTERFACE MBEDTLS_CONFIG_FILE="pico_mbedtls_config.h")
endif()
endif()
if (TARGET pico_sha256)
pico_mirrored_target_link_libraries(pico_mbedtls INTERFACE pico_sha256)
@ -143,32 +200,26 @@ if (EXISTS ${PICO_MBEDTLS_PATH}/${MBEDTLS_TEST_PATH})
target_include_directories(pico_mbedtls_headers SYSTEM INTERFACE ${PICO_MBEDTLS_PATH}/include/ ${PICO_MBEDTLS_PATH}/library/ ${CMAKE_CURRENT_LIST_DIR}/include/)
function(suppress_mbedtls_warnings)
# It seems everything needs this due to mbedtls_get_unaligned_uint64
src_crypto_list()
src_x509_list()
src_tls_list()
foreach(src_file IN LISTS src_crypto src_x509 src_tls)
set_source_files_properties(
${src_file}
PROPERTIES
COMPILE_OPTIONS "-Wno-cast-qual"
)
endforeach()
set_source_files_properties(
${PICO_MBEDTLS_PATH}/library/ecdsa.c
${PICO_MBEDTLS_PATH}/library/ecp.c
${PICO_MBEDTLS_PATH}/library/ecp_curves.c
${PICO_MBEDTLS_PATH}/library/pk_wrap.c
${PICO_MBEDTLS_PATH}/library/pkparse.c
${PICO_MBEDTLS_PATH}/library/ssl_cli.c
PROPERTIES
COMPILE_OPTIONS "-Wno-cast-qual"
)
set_source_files_properties(
${PICO_MBEDTLS_PATH}/library/psa_crypto_client.c
${PICO_MBEDTLS_PATH}/library/psa_crypto_driver_wrappers.c
PROPERTIES
COMPILE_OPTIONS "-Wno-redundant-decls"
)
set_source_files_properties(
${PICO_MBEDTLS_PATH}/library/ssl_srvx.c
${PICO_MBEDTLS_PATH}/library/x509_crt.c
PROPERTIES
COMPILE_OPTIONS "-Wno-cast-qual;-Wno-null-dereference"
)
set_source_files_properties(
${PICO_MBEDTLS_PATH}/library/ssl_srv.c
${PICO_MBEDTLS_PATH}/library/pk_ecc.c
${PICO_MBEDTLS_PATH}/library/ssl_tls12_server.c
${PICO_MBEDTLS_PATH}/library/ssl_tls.c
PROPERTIES
COMPILE_OPTIONS "-Wno-null-dereference"
COMPILE_OPTIONS "-Wno-cast-qual;-Wno-null-dereference"
)
endfunction()

11
src/rp2_common/pico_mbedtls/doc.h Normal file
View File

@ -0,0 +1,11 @@
/**
* \defgroup pico_mbedtls pico_mbedtls
* \brief pico-sdk wrapper library for <a href="https://github.com/Mbed-TLS/mbedtls.git">mbedtls</a>
* the documentation for which is <a href="https://mbed-tls.readthedocs.io/en/latest/">here</a>.
*
* Builds mbedtls for pico-sdk and implements functions to take advantage of hardware support, if enabled in mbedtls_config.h
*
* * \c \b MBEDTLS_ENTROPY_HARDWARE_ALT, implementation of a hardware entropy collector that uses \ref get_rand_64
* * \c \b MBEDTLS_SHA256_ALT, use SHA256 hardware acceleration. Only valid if LIB_PICO_SHA256 is defined (i.e. not available for rp2040)
*
*/

3
src/rp2_common/pico_mbedtls/include/pico_mbedtls_config.h Normal file
View File

@ -0,0 +1,3 @@
// Latest versions of mbedtls include mbedtls/include/mbedtls_config.h and we used to set MBEDTLS_CONFIG_FILE=mbedtls_config.h
// To maintain compatibility with this and avoid including the mbedtls version of mbedtls_config.h we include pico_mbedtls_config.h first
#include "mbedtls_config.h"

23
src/rp2_common/pico_mbedtls/mbedtls.BUILD Normal file
View File

@ -0,0 +1,23 @@
load("@pico-sdk//bazel:defs.bzl", "incompatible_with_config")
package(default_visibility = ["//visibility:public"])
cc_library(
name = "pico_mbedtls_library",
srcs = glob(
["library/*.c"],
exclude = ["*mbedtls.c"],
),
hdrs = glob(
include = [
"include/**/*.h",
"library/*.h",
],
),
includes = ["include"],
target_compatible_with = incompatible_with_config("@pico-sdk//bazel/constraint:pico_mbedtls_config_unset"),
deps = [
"@pico-sdk//src/rp2_common/pico_mbedtls:pico_mbedtls_config",
"@pico-sdk//bazel/config:PICO_MBEDTLS_CONFIG",
],
)

3
src/rp2_common/pico_mbedtls/pico_mbedtls.c
View File

@ -8,7 +8,6 @@
#include "pico.h"
#include "pico/rand.h"
#include "mbedtls/sha256.h"
#include "common.h"
/* Function to feed mbedtls entropy. */
int mbedtls_hardware_poll(void *data __unused, unsigned char *output, size_t len, size_t *olen) {
@ -27,7 +26,7 @@ int mbedtls_hardware_poll(void *data __unused, unsigned char *output, size_t len
#error SHA256 hardware acceleration not supported
#endif
// PICO_CONFIG: PICO_MBEDTLS_SHA256_ALT_USE_DMA, Whether to use DMA for writing to hardware for the mbedtls SHA-256 hardware acceleration, type=int, default=1, group=pico_stdlib
// PICO_CONFIG: PICO_MBEDTLS_SHA256_ALT_USE_DMA, Whether to use DMA for writing to hardware for the mbedtls SHA-256 hardware acceleration, type=int, default=1, group=pico_mbedtls
#ifndef PICO_MBEDTLS_SHA256_ALT_USE_DMA
#define PICO_MBEDTLS_SHA256_ALT_USE_DMA 1
#endif

1
src/rp2_common/tinyusb/CMakeLists.txt
View File

@ -1,3 +1,4 @@
# PICO_CMAKE_CONFIG: PICO_TINYUSB_PATH, Path to an alternative version of tinyusb overriding the version in pico-sdk/libs/tinyusb. Can be passed to cmake or set in your environment, type=string, group=tinyusb_device
if (DEFINED ENV{PICO_TINYUSB_PATH} AND (NOT PICO_TINYUSB_PATH))
set(PICO_TINYUSB_PATH $ENV{PICO_TINYUSB_PATH})
message("Using PICO_TINYUSB_PATH from environment ('${PICO_TINYUSB_PATH}')")

7
test/kitchen_sink/BUILD.bazel
View File

@ -110,6 +110,8 @@ cc_binary(
":kitchen_sink_common",
"//src/rp2_common/pico_cyw43_arch:pico_cyw43_arch_lwip_poll",
"//src/rp2_common/pico_btstack:pico_btstack",
"//src/rp2_common/pico_lwip:pico_lwip_mbedtls",
"//src/rp2_common/pico_mbedtls",
],
)
@ -121,6 +123,9 @@ cc_binary(
deps = [
":kitchen_sink_common",
"//src/rp2_common/pico_cyw43_arch:pico_cyw43_arch_lwip_threadsafe_background",
"//src/rp2_common/pico_btstack:pico_btstack",
"//src/rp2_common/pico_lwip:pico_lwip_mbedtls",
"//src/rp2_common/pico_mbedtls",
],
)
@ -130,6 +135,7 @@ kitchen_sink_test_binary(
src = ":kitchen_sink_lwip_poll_actual",
bt_stack_config = ":btstack_config",
lwip_config = ":lwip_config",
mbedtls_config = ":mbedtls_config",
enable_ble = True,
enable_bt_classic = True,
target_compatible_with = compatible_with_rp2(),
@ -141,6 +147,7 @@ kitchen_sink_test_binary(
src = ":kitchen_sink_lwip_background_actual",
bt_stack_config = ":btstack_config",
lwip_config = ":lwip_config",
mbedtls_config = ":mbedtls_config",
enable_ble = True,
enable_bt_classic = True,
target_compatible_with = compatible_with_rp2(),

8
test/kitchen_sink/lwipopts.h
View File

@ -11,4 +11,10 @@
#define LWIP_DNS 1
#define LWIP_SOCKET 0
#define LWIP_NETCONN 0
#endif
// For testing mbedtls
#define LWIP_ALTCP 1
#define LWIP_ALTCP_TLS 1
#define LWIP_ALTCP_TLS_MBEDTLS 1
#endif

1
test/kitchen_sink/mbedtls_config.h
View File

@ -61,3 +61,4 @@
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_PLATFORM_MS_TIME_ALT

1
tools/compare_build_systems.py
View File

@ -135,6 +135,7 @@ BAZEL_ONLY_ALLOWLIST = (
# Bazel configuration for 3p deps.
"PICO_BTSTACK_CONFIG",
"PICO_LWIP_CONFIG",
"PICO_MBEDTLS_CONFIG",
"PICO_FREERTOS_LIB",
"PICO_MBEDTLS_LIB",
# CMake has PICO_DEFAULT_CLIB, but it's not user-facing.