mbedtls: Move local mbedtls to v3.6.0

ci/espressif_run.sh

@@ -9,6 +9,11 @@ IDF_PATH="${HOME}/esp-idf"
 
 set -eo pipefail
 
+revert_mcuboot() {
+  (cd "${MCUBOOT_ROOTDIR}/ext/mbedtls";
+   git checkout v3.0.0)
+}
+
 prepare_environment() {
   # Prepare the environment for ESP-IDF
 
@@ -44,6 +49,7 @@ build_mcuboot() {
   cmake --build "${build_dir}"/
 }
 
+revert_mcuboot
 prepare_environment
 
 if [ -n "${MCUBOOT_FEATURES}" ]; then

sim/mcuboot-sys/build.rs

@@ -108,6 +108,7 @@ fn main() {
             conf.file("../../ext/mbedtls/library/chachapoly.c");
             conf.file("../../ext/mbedtls/library/cipher.c");
             conf.file("../../ext/mbedtls/library/cipher_wrap.c");
+            conf.file("../../ext/mbedtls/library/constant_time.c");
             conf.file("../../ext/mbedtls/library/ctr_drbg.c");
             conf.file("../../ext/mbedtls/library/des.c");
             conf.file("../../ext/mbedtls/library/ecdsa.c");
@@ -130,14 +131,14 @@ fn main() {
             conf.file("../../ext/mbedtls/library/psa_crypto.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_cipher.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_client.c");
-            conf.file("../../ext/mbedtls/library/psa_crypto_driver_wrappers.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_ecp.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_hash.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_mac.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_rsa.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_slot_management.c");
             conf.file("../../ext/mbedtls/library/psa_crypto_storage.c");
             conf.file("../../ext/mbedtls/library/psa_its_file.c");
+            conf.file("../../ext/mbedtls/library/psa_util.c");
             conf.file("../../ext/mbedtls/library/ripemd160.c");
             conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c");
             conf.file("../../ext/mbedtls/library/sha1.c");
@@ -169,6 +170,9 @@ fn main() {
 
         conf.file("../../ext/mbedtls/library/rsa.c");
         conf.file("../../ext/mbedtls/library/bignum.c");
+        conf.file("../../ext/mbedtls/library/bignum_core.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
+        conf.file("../../ext/mbedtls/library/nist_kw.c");
         conf.file("../../ext/mbedtls/library/platform.c");
         conf.file("../../ext/mbedtls/library/platform_util.c");
         conf.file("../../ext/mbedtls/library/asn1parse.c");
@@ -202,6 +206,9 @@ fn main() {
 
         conf.file("../../ext/mbedtls/library/asn1parse.c");
         conf.file("../../ext/mbedtls/library/bignum.c");
+        conf.file("../../ext/mbedtls/library/bignum_core.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
+        conf.file("../../ext/mbedtls/library/nist_kw.c");
         conf.file("../../ext/mbedtls/library/ecdsa.c");
         conf.file("../../ext/mbedtls/library/ecp.c");
         conf.file("../../ext/mbedtls/library/ecp_curves.c");
@@ -221,6 +228,9 @@ fn main() {
         conf.file("csupport/keys.c");
         conf.file("../../ext/mbedtls/library/asn1parse.c");
         conf.file("../../ext/mbedtls/library/bignum.c");
+        conf.file("../../ext/mbedtls/library/bignum_core.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
+        conf.file("../../ext/mbedtls/library/nist_kw.c");
         conf.file("../../ext/mbedtls/library/ecp.c");
         conf.file("../../ext/mbedtls/library/ecp_curves.c");
         conf.file("../../ext/mbedtls/library/platform.c");
@@ -282,6 +292,9 @@ fn main() {
         conf.file("../../ext/mbedtls/library/md.c");
         conf.file("../../ext/mbedtls/library/aes.c");
         conf.file("../../ext/mbedtls/library/bignum.c");
+        conf.file("../../ext/mbedtls/library/bignum_core.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
+        conf.file("../../ext/mbedtls/library/nist_kw.c");
         conf.file("../../ext/mbedtls/library/asn1parse.c");
     }
 
@@ -305,6 +318,7 @@ fn main() {
         conf.conf.include("../../ext/mbedtls/library");
         conf.file("../../ext/mbedtls/library/platform_util.c");
         conf.file("../../ext/mbedtls/library/nist_kw.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
         conf.file("../../ext/mbedtls/library/cipher.c");
         conf.file("../../ext/mbedtls/library/cipher_wrap.c");
         conf.file("../../ext/mbedtls/library/aes.c");
@@ -369,6 +383,9 @@ fn main() {
         conf.file("../../ext/mbedtls/library/sha256.c");
         conf.file("../../ext/mbedtls/library/asn1parse.c");
         conf.file("../../ext/mbedtls/library/bignum.c");
+        conf.file("../../ext/mbedtls/library/bignum_core.c");
+        conf.file("../../ext/mbedtls/library/constant_time.c");
+        conf.file("../../ext/mbedtls/library/nist_kw.c");
         conf.file("../../ext/mbedtls/library/ecdh.c");
         conf.file("../../ext/mbedtls/library/md.c");
         conf.file("../../ext/mbedtls/library/aes.c");

sim/mcuboot-sys/csupport/config-ec-psa.h

@@ -22,6 +22,7 @@
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_OID_C
+#define MBEDTLS_CIPHER_C
 #if defined(MCUBOOT_SIGN_EC384)
 #define MBEDTLS_SHA384_C
 #define MBEDTLS_SHA512_C

sim/mcuboot-sys/csupport/config-rsa-kw.h

@@ -63,6 +63,7 @@
 
 /* mbed TLS modules */
 #define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_OID_C
@@ -72,10 +73,6 @@
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_NIST_KW_C
 
-/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS             2048
-#define MBEDTLS_MPI_MAX_SIZE              256
-
 #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
 
 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */