|
3 | 3 | # |
4 | 4 | # SPDX-License-Identifier: Apache-2.0 |
5 | 5 | # |
| 6 | + |
| 7 | +# Allow properties (C flags, include dir, etc) to be propagate from |
| 8 | +# "zephyr_interface" to the specified target library. |
| 9 | +function (propagate_from_zephyr_interface target_lib) |
| 10 | + target_compile_options(${target_lib} PRIVATE |
| 11 | + $<TARGET_PROPERTY:zephyr_interface,INTERFACE_COMPILE_OPTIONS>) |
| 12 | + target_compile_definitions(${target_lib} PRIVATE |
| 13 | + $<TARGET_PROPERTY:zephyr_interface,INTERFACE_COMPILE_DEFINITIONS>) |
| 14 | + target_include_directories(${target_lib} PRIVATE |
| 15 | + $<TARGET_PROPERTY:zephyr_interface,INTERFACE_INCLUDE_DIRECTORIES>) |
| 16 | +endfunction() |
| 17 | + |
6 | 18 | if(CONFIG_MBEDTLS) |
7 | | -zephyr_interface_library_named(mbedTLS) |
8 | 19 |
|
9 | 20 | if(CONFIG_MBEDTLS_BUILTIN) |
10 | | - if(CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR AND NOT CONFIG_ENTROPY_HAS_DRIVER) |
11 | | - message(WARNING "No entropy device on the system, using fake entropy source!") |
12 | | - endif() |
13 | 21 |
|
14 | | - if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) |
15 | | - if(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG OR |
16 | | - CONFIG_TEST_CSPRNG_GENERATOR) |
17 | | - message(WARNING " |
18 | | - Non cryptographycally secure sources are enabled for psa_generate_random(). |
19 | | - This is meant to be used only for tests, not in production!") |
20 | | - else() |
21 | | - if(NOT CONFIG_CSPRNG_ENABLED) |
22 | | - message(FATAL_ERROR " |
23 | | - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is set but there is |
24 | | - no CSPRNG enabled.") |
25 | | - endif() |
26 | | - endif() |
27 | | - endif() |
| 22 | + set(CMAKE_POLICY_DEFAULT_CMP0077 NEW) |
| 23 | + set(MBEDTLS_AS_SUBPROJECT ON) |
| 24 | + set(ENABLE_PROGRAMS OFF) |
| 25 | + set(ENABLE_TESTING OFF) |
| 26 | + |
| 27 | + set(MBEDTLS_CONFIG_FILE "${CMAKE_CURRENT_LIST_DIR}/configs/${CONFIG_MBEDTLS_CFG_FILE}" |
| 28 | + CACHE FILEPATH "Configuration file for Mbed TLS") |
| 29 | + set(TF_PSA_CRYPTO_CONFIG_FILE "${CMAKE_CURRENT_LIST_DIR}/configs/${CONFIG_TF_PSA_CRYPTO_CFG_FILE}" |
| 30 | + CACHE FILEPATH "Configuration file for TF-PSA-Crypto") |
| 31 | + |
| 32 | + # This is a dirty-fix to get rid of a warning generated by the Mbed TLS's |
| 33 | + # build system. |
| 34 | + set(CMAKE_INSTALL_LIBDIR "lib" CACHE PATH "") |
| 35 | + |
| 36 | + # Add Mbed TLS (TF-PSA-Crypto is automatically included from there). |
| 37 | + # This creates 3 libraries: mbedtls, mbedx509 and tfpsacrypto. |
| 38 | + add_subdirectory(${ZEPHYR_MBEDTLS_MODULE_DIR} mbedtls) |
| 39 | + |
| 40 | + # Build all the libraries with the same compile options and imacros used for |
| 41 | + # Zephyr build. |
| 42 | + target_link_libraries(tfpsacrypto PRIVATE zephyr_interface) |
| 43 | + target_link_libraries(mbedx509 PRIVATE zephyr_interface) |
| 44 | + target_link_libraries(mbedtls PRIVATE zephyr_interface) |
| 45 | + |
| 46 | + # Linking to "zephyr_interface" doesn't work in these case because these |
| 47 | + # are object libraries so properties are NOT propagated. We need to |
| 48 | + # explicitly do this. |
| 49 | + propagate_from_zephyr_interface(builtin) |
| 50 | + propagate_from_zephyr_interface(p256-m) |
| 51 | + propagate_from_zephyr_interface(everest) |
28 | 52 |
|
29 | | - # Add the config-file entry point |
30 | | - target_compile_definitions(mbedTLS INTERFACE |
31 | | - MBEDTLS_CONFIG_FILE="${CONFIG_MBEDTLS_CFG_FILE}" |
| 53 | + # Custom macro to tell that an mbedTLSCrypto source file is being compiled. |
| 54 | + target_compile_definitions(tfpsacrypto PRIVATE BUILDING_MBEDTLS_CRYPTO) |
| 55 | + |
| 56 | + # Create an interface library named mbedTLS: |
| 57 | + # - it wraps the 3 libraries provided by Mbed TLS and TF-PSA-Crypto and |
| 58 | + # it preserves their public headers as public for further linking; |
| 59 | + # - it links out-of-the-box with all samples/test/drivers/subsys linking |
| 60 | + # to "mbedTLS" in their CMakeLists file. |
| 61 | + zephyr_interface_library_named(mbedTLS) |
| 62 | + |
| 63 | + target_link_libraries(mbedTLS INTERFACE |
| 64 | + mbedtls |
| 65 | + mbedx509 |
| 66 | + tfpsacrypto |
32 | 67 | ) |
33 | 68 |
|
34 | | - if(CONFIG_BUILD_WITH_TFM) |
35 | | - target_include_directories(mbedTLS INTERFACE |
36 | | - $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include |
37 | | - ) |
38 | | - endif() |
39 | | - |
40 | | - # Add regular includes |
41 | 69 | target_include_directories(mbedTLS INTERFACE |
42 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/include |
43 | | - configs |
44 | | - include |
45 | | - ) |
46 | | - |
47 | | - if(CONFIG_MBEDTLS_PSA_P256M_DRIVER_RAW) |
48 | | - target_include_directories(mbedTLS INTERFACE |
49 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m |
50 | | - ) |
51 | | - endif() |
52 | | - |
53 | | - # Add base library with files required by all drivers/backends. |
54 | | - zephyr_library_named(mbedTLSBase) |
55 | | - |
56 | | - # Base mbed TLS files |
57 | | - list(APPEND mbedtls_base_src |
58 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/aes.c |
59 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/aesni.c |
60 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/aria.c |
61 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1parse.c |
62 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/asn1write.c |
63 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/base64.c |
64 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_core.c |
65 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod_raw.c |
66 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_mod.c |
67 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum.c |
68 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/block_cipher.c |
69 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/camellia.c |
70 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ccm.c |
71 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/chacha20.c |
72 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/chachapoly.c |
73 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher_wrap.c |
74 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/cipher.c |
75 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/cmac.c |
76 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/constant_time.c |
77 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ctr_drbg.c |
78 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/debug.c |
79 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/des.c |
80 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/dhm.c |
81 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdh.c |
82 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecdsa.c |
83 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecjpake.c |
84 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves_new.c |
85 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp_curves.c |
86 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ecp.c |
87 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy_poll.c |
88 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/entropy.c |
89 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/error.c |
90 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/gcm.c |
91 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/hkdf.c |
92 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/hmac_drbg.c |
93 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/lmots.c |
94 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/lms.c |
95 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/md.c |
96 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/md5.c |
97 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/memory_buffer_alloc.c |
98 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_reader.c |
99 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/mps_trace.c |
100 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/nist_kw.c |
101 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/oid.c |
102 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/padlock.c |
103 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform_util.c |
104 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/platform.c |
105 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/poly1305.c |
106 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_util.c |
107 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ripemd160.c |
108 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa_alt_helpers.c |
109 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/rsa.c |
110 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha1.c |
111 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha256.c |
112 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha512.c |
113 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/sha3.c |
114 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/threading.c |
115 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/timing.c |
116 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/version_features.c |
117 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/version.c |
118 | | - zephyr_init.c |
119 | | - zephyr_entropy.c |
120 | | - ) |
121 | | - |
122 | | - zephyr_library_sources(${mbedtls_base_src}) |
123 | | - |
124 | | - zephyr_library_sources_ifdef(CONFIG_MBEDTLS_DEBUG debug.c) |
125 | | - zephyr_library_sources_ifdef(CONFIG_MBEDTLS_SHELL shell.c) |
126 | | - |
127 | | - zephyr_library_app_memory(k_mbedtls_partition) |
128 | | - if(CONFIG_ARCH_POSIX AND CONFIG_ASAN AND NOT CONFIG_64BIT AND NOT CONFIG_NO_OPTIMIZATIONS) |
129 | | - # i386 assembly code used in MBEDTLS does not compile with size optimization |
130 | | - # if address sanitizer is enabled, as such switch default optimization level |
131 | | - # to speed |
132 | | - set_property(SOURCE ${ZEPHYR_CURRENT_MODULE_DIR}/library/bignum_core.c APPEND PROPERTY COMPILE_OPTIONS |
133 | | - "${COMPILER_OPTIMIZE_FOR_SPEED_FLAG}") |
134 | | - endif() |
135 | | - |
136 | | - zephyr_library_link_libraries(mbedTLS) |
137 | | - |
138 | | - zephyr_library_named(mbedTLSCrypto) |
139 | | - |
140 | | - if(CONFIG_MBEDTLS_PSA_CRYPTO_C) |
141 | | - list(APPEND crypto_source |
142 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_aead.c |
143 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_cipher.c |
144 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_driver_wrappers_no_static.c |
145 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ecp.c |
146 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_ffdh.c |
147 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_hash.c |
148 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_mac.c |
149 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_pake.c |
150 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_rsa.c |
151 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_se.c |
152 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_storage.c |
153 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_its_file.c |
154 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto.c |
155 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_client.c |
156 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_slot_management.c |
157 | | - ) |
158 | | - endif() |
159 | | - |
160 | | - if(CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
161 | | - list(APPEND crypto_source |
162 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m_driver_entrypoints.c |
163 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/3rdparty/p256-m/p256-m/p256-m.c |
164 | | - ) |
165 | | - zephyr_library_include_directories(${ZEPHYR_CURRENT_MODULE_DIR}/library) |
166 | | - endif() |
167 | | - |
168 | | - list(APPEND crypto_source |
169 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pem.c |
170 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs12.c |
171 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkcs5.c |
172 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkparse.c |
173 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pkwrite.c |
174 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk.c |
175 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_ecc.c |
176 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/pk_wrap.c |
177 | | - ) |
178 | | - |
179 | | - zephyr_library_sources(${crypto_source}) |
180 | | - |
181 | | - # Custom macro to tell that an mbedTLSCrypto source file is being compiled. |
182 | | - zephyr_library_compile_definitions(BUILDING_MBEDTLS_CRYPTO) |
183 | | - |
184 | | - zephyr_library_link_libraries(mbedTLS) |
185 | | - |
186 | | - zephyr_library_link_libraries_ifdef(CONFIG_BUILD_WITH_TFM tfm_api) |
187 | | - |
188 | | - zephyr_library_named(mbedTLSX509) |
189 | | - |
190 | | - list(APPEND x509_source |
191 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509.c |
192 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_create.c |
193 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crl.c |
194 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_crt.c |
195 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509_csr.c |
196 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_crt.c |
197 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write_csr.c |
198 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/x509write.c |
| 70 | + ${CMAKE_CURRENT_SOURCE_DIR}/configs |
| 71 | + ${CMAKE_CURRENT_SOURCE_DIR}/include |
| 72 | + ${CMAKE_BINARY_DIR}/legacy-mbedtls-headers/ |
199 | 73 | ) |
200 | 74 |
|
201 | | - zephyr_library_sources(${x509_source}) |
202 | | - |
203 | | - zephyr_library_link_libraries(mbedTLS) |
204 | | - |
205 | | - zephyr_library() |
206 | | - |
207 | | - list(APPEND mbedtls_source |
208 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/net_sockets.c |
209 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cache.c |
210 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ciphersuites.c |
211 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_client.c |
212 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_cookie.c |
213 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_debug_helpers_generated.c |
214 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_msg.c |
215 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_ticket.c |
216 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_client.c |
217 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls12_server.c |
218 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_client.c |
219 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_generic.c |
220 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_keys.c |
221 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls13_server.c |
222 | | - ${ZEPHYR_CURRENT_MODULE_DIR}/library/ssl_tls.c |
| 75 | + # Add another library to provide Zephyr support |
| 76 | + zephyr_library_named(zephyr_mbedtls_support) |
| 77 | + zephyr_library_sources( |
| 78 | + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_init.c |
| 79 | + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_entropy.c |
| 80 | + $<$<BOOL:${CONFIG_MBEDTLS_DEBUG}>:${CMAKE_CURRENT_SOURCE_DIR}/debug.c> |
| 81 | + $<$<BOOL:${CONFIG_MBEDTLS_SHELL}>:${CMAKE_CURRENT_SOURCE_DIR}/shell.c> |
223 | 82 | ) |
224 | | - |
225 | | - zephyr_library_sources(${mbedtls_source}) |
226 | | - |
227 | | - zephyr_library_link_libraries( |
228 | | - mbedTLSX509 |
229 | | - mbedTLSCrypto |
230 | | - mbedTLSBase |
231 | | - mbedTLS |
| 83 | + zephyr_library_include_directories(zephyr_mbedtls_support PRIVATE |
| 84 | + ${CMAKE_CURRENT_SOURCE_DIR}/configs |
| 85 | + ${CMAKE_CURRENT_SOURCE_DIR}/include |
232 | 86 | ) |
233 | 87 |
|
234 | | -elseif(CONFIG_MBEDTLS_LIBRARY) |
235 | | - |
236 | | - # NB: CONFIG_MBEDTLS_LIBRARY is not regression tested and is |
237 | | - # therefore susceptible to bit rot |
238 | | - target_include_directories(mbedTLS INTERFACE |
239 | | - ${CONFIG_MBEDTLS_INSTALL_PATH} |
240 | | - ) |
241 | | - zephyr_link_libraries( |
242 | | - mbedtls_external |
243 | | - -L${CONFIG_MBEDTLS_INSTALL_PATH} |
244 | | - gcc |
| 88 | + elseif(CONFIG_MBEDTLS_LIBRARY) |
| 89 | + # NB: CONFIG_MBEDTLS_LIBRARY is not regression tested and is |
| 90 | + # therefore susceptible to bit rot |
| 91 | + target_include_directories(mbedTLS INTERFACE |
| 92 | + ${CONFIG_MBEDTLS_INSTALL_PATH} |
245 | 93 | ) |
246 | | - # Lib mbedtls_external depends on libgcc (I assume?) so to allow |
247 | | - # mbedtls_external to link with gcc we need to ensure it is placed |
248 | | - # after mbedtls_external on the linkers command line. |
249 | | -else() |
250 | | - # If none of either CONFIG_MBEDTLS_BUILTIN or CONFIG_MBEDTLS_LIBRARY |
251 | | - # are defined the users need add a custom Kconfig choice to the |
252 | | - # MBEDTLS_IMPLEMENTATION and manually add the mbedtls library and |
253 | | - # included the required directories for mbedtls in their projects. |
254 | | -endif() |
| 94 | + zephyr_link_libraries( |
| 95 | + mbedtls_external |
| 96 | + -L${CONFIG_MBEDTLS_INSTALL_PATH} |
| 97 | + gcc |
| 98 | + ) |
| 99 | + # Lib mbedtls_external depends on libgcc (I assume?) so to allow |
| 100 | + # mbedtls_external to link with gcc we need to ensure it is placed |
| 101 | + # after mbedtls_external on the linkers command line. |
| 102 | + else() |
| 103 | + # If none of either CONFIG_MBEDTLS_BUILTIN or CONFIG_MBEDTLS_LIBRARY |
| 104 | + # are defined the users need add a custom Kconfig choice to the |
| 105 | + # MBEDTLS_IMPLEMENTATION and manually add the mbedtls library and |
| 106 | + # included the required directories for mbedtls in their projects. |
| 107 | + endif() |
255 | 108 |
|
256 | | -if(CONFIG_MBEDTLS_TLS_VERSION_1_2 OR CONFIG_MBEDTLS_TLS_VERSION_1_3) |
257 | | - if(NOT CONFIG_MBEDTLS_HAVE_TIME_DATE) |
258 | | - message(WARNING " |
259 | | - The option CONFIG_MBEDTLS_HAVE_TIME_DATE is required for proper |
260 | | - certificate validation. If it is not enabled, certificates will |
261 | | - not be checked for expiration or validity dates, which may lead |
262 | | - to security vulnerabilities. |
263 | | - ") |
| 109 | + if(CONFIG_MBEDTLS_TLS_VERSION_1_2 OR CONFIG_MBEDTLS_TLS_VERSION_1_3) |
| 110 | + if(NOT CONFIG_MBEDTLS_HAVE_TIME_DATE) |
| 111 | + message(WARNING " |
| 112 | + The option CONFIG_MBEDTLS_HAVE_TIME_DATE is required for proper |
| 113 | + certificate validation. If it is not enabled, certificates will |
| 114 | + not be checked for expiration or validity dates, which may lead |
| 115 | + to security vulnerabilities. |
| 116 | + ") |
| 117 | + endif() |
264 | 118 | endif() |
265 | | -endif() |
266 | 119 |
|
267 | 120 | endif() |
0 commit comments