From 6ce1305df4c62aa3829a9b430c06ac42ca8c1056 Mon Sep 17 00:00:00 2001 From: Devaraj Ranganna Date: Tue, 12 Nov 2024 15:23:48 +0000 Subject: [PATCH 1/3] mbedtls: Remove out-of-tree patch With MbedTLS v3.6.1, the out of tree patch `0001-md-Fix-guards-for-functions-and-headers.patch` is not needed anymore. Signed-off-by: Devaraj Ranganna --- components/security/mbedtls/CMakeLists.txt | 6 --- ...Fix-guards-for-functions-and-headers.patch | 45 ------------------- release_changes/202411121523.change.md | 1 + 3 files changed, 1 insertion(+), 51 deletions(-) delete mode 100644 components/security/mbedtls/integration/patches/0001-md-Fix-guards-for-functions-and-headers.patch create mode 100644 release_changes/202411121523.change.md diff --git a/components/security/mbedtls/CMakeLists.txt b/components/security/mbedtls/CMakeLists.txt index c2cdff7..0273f3f 100644 --- a/components/security/mbedtls/CMakeLists.txt +++ b/components/security/mbedtls/CMakeLists.txt @@ -18,12 +18,6 @@ else () set(ENABLE_PROGRAMS OFF CACHE BOOL "" FORCE) set(ENABLE_TESTING OFF CACHE BOOL "" FORCE) - include(ApplyPatches) - - set(PATCH_FILES_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/integration/patches") - set(PATCH_FILES "${PATCH_FILES_DIRECTORY}/0001-md-Fix-guards-for-functions-and-headers.patch") - iot_reference_arm_corstone3xx_apply_patches("${mbedtls_SOURCE_DIR}" "${PATCH_FILES}") - add_subdirectory(library) add_subdirectory(integration) diff --git a/components/security/mbedtls/integration/patches/0001-md-Fix-guards-for-functions-and-headers.patch b/components/security/mbedtls/integration/patches/0001-md-Fix-guards-for-functions-and-headers.patch deleted file mode 100644 index 2a6e862..0000000 --- a/components/security/mbedtls/integration/patches/0001-md-Fix-guards-for-functions-and-headers.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 6f7cd697c427d9f7430d668a3412997c0a053701 Mon Sep 17 00:00:00 2001 -From: Ahmed Ismail -Date: Tue, 30 Apr 2024 14:13:29 +0100 -Subject: [PATCH] md: Fix guards for functions and headers - -The guard should be CRYPTO_CLIENT and not CRYPTO_C as these -function/headers can be used even when CRYPTO_C is not defined. - -Signed-off-by: Ahmed Ismail ---- - library/md.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/library/md.c b/library/md.c -index 12a3ea237..c95846aa0 100644 ---- a/library/md.c -+++ b/library/md.c -@@ -41,7 +41,7 @@ - #include "mbedtls/sha512.h" - #include "mbedtls/sha3.h" - --#if defined(MBEDTLS_PSA_CRYPTO_C) -+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - #include - #include "md_psa.h" - #include "psa_util_internal.h" -@@ -761,13 +761,13 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) - return md_info->type; - } - --#if defined(MBEDTLS_PSA_CRYPTO_C) -+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - int mbedtls_md_error_from_psa(psa_status_t status) - { - return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, - psa_generic_status_to_mbedtls); - } --#endif /* MBEDTLS_PSA_CRYPTO_C */ -+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ - - - /************************************************************************ --- -2.34.1 - diff --git a/release_changes/202411121523.change.md b/release_changes/202411121523.change.md new file mode 100644 index 0000000..999d0e0 --- /dev/null +++ b/release_changes/202411121523.change.md @@ -0,0 +1 @@ +components: Remove out-of-tree patches From 7e7eeea4c6e65b83ebe5609ab0de153fa6b6f29b Mon Sep 17 00:00:00 2001 From: Devaraj Ranganna Date: Wed, 13 Nov 2024 12:20:16 +0000 Subject: [PATCH 2/3] freertos-integration-tests: Remove out-of-tree patch * Remove upstreamed out of tree patch `0003-Introduce-user-defined-MQTT-keep-alive-value.patch`. * With the latest version of FreeRTOS Integration tests, OTA PAL test has been removed. Therefore, remove OTA PAL test specific changes from integration layer including the patch 0002-closefile-validsignature-test-Fix-test-bugs.patch. Signed-off-by: Devaraj Ranganna --- .../CMakeLists.txt | 1 - .../integration_tests_platform_function.c | 6 - .../test_execution_config.h | 5 - .../test_param_config.h | 29 ---- .../helpers/provisioning/CMakeLists.txt | 15 +- .../CMakeLists.txt | 2 - .../integration/CMakeLists.txt | 16 -- ...le-validsignature-test-Fix-test-bugs.patch | 140 ------------------ ...e-user-defined-MQTT-keep-alive-value.patch | 36 ----- .../library | 2 +- manifest.yml | 2 +- 11 files changed, 6 insertions(+), 248 deletions(-) delete mode 100644 components/tools/freertos_libraries_integration_tests/integration/patches/0002-closefile-validsignature-test-Fix-test-bugs.patch delete mode 100644 components/tools/freertos_libraries_integration_tests/integration/patches/0003-Introduce-user-defined-MQTT-keep-alive-value.patch diff --git a/applications/freertos_iot_libraries_tests/CMakeLists.txt b/applications/freertos_iot_libraries_tests/CMakeLists.txt index 168a43e..0c9142a 100644 --- a/applications/freertos_iot_libraries_tests/CMakeLists.txt +++ b/applications/freertos_iot_libraries_tests/CMakeLists.txt @@ -79,7 +79,6 @@ target_link_libraries(freertos-libraries-integration-tests-config coremqtt helpers-logging freertos-libraries-integration-tests-mqtt - freertos-libraries-integration-tests-ota-pal freertos-libraries-integration-tests-qualification freertos-libraries-integration-tests-transport unity diff --git a/applications/freertos_iot_libraries_tests/integration_tests_platform_function.c b/applications/freertos_iot_libraries_tests/integration_tests_platform_function.c index b311b06..65cf3c1 100644 --- a/applications/freertos_iot_libraries_tests/integration_tests_platform_function.c +++ b/applications/freertos_iot_libraries_tests/integration_tests_platform_function.c @@ -19,7 +19,6 @@ #include "transport_interface_test.h" #include "qualification_test.h" -#include "ota_pal_test.h" #include "mqtt_test.h" #include "demo_config.h" @@ -128,11 +127,6 @@ void SetupMqttTestParam( MqttTestParam_t * pTestParam ) } } -void SetupOtaPalTestParam( OtaPalTestParam_t * pTestParam ) -{ - pTestParam->pageSize = 4096; -} - typedef struct Task_t { TaskHandle_t handle; diff --git a/applications/freertos_iot_libraries_tests/test_execution_config.h b/applications/freertos_iot_libraries_tests/test_execution_config.h index 809bbd7..248da23 100644 --- a/applications/freertos_iot_libraries_tests/test_execution_config.h +++ b/applications/freertos_iot_libraries_tests/test_execution_config.h @@ -55,11 +55,6 @@ */ #define TRANSPORT_INTERFACE_TEST_ENABLED ( 1 ) -/** - * @brief Configuration to enable the OTA PAL test. - */ -#define OTA_PAL_TEST_ENABLED ( 1 ) - /** * @brief Configuration to enable the OTA End-to-end test. */ diff --git a/applications/freertos_iot_libraries_tests/test_param_config.h b/applications/freertos_iot_libraries_tests/test_param_config.h index b5d6aaf..b8aba57 100644 --- a/applications/freertos_iot_libraries_tests/test_param_config.h +++ b/applications/freertos_iot_libraries_tests/test_param_config.h @@ -186,35 +186,6 @@ * #define TEST_START_DELAY_MS 5000 */ -#define OTA_RSA_SHA1 1 -#define OTA_RSA_SHA256 2 -#define OTA_ECDSA_SHA256 3 - -/** - * @brief Certificate type for OTA PAL test. - * Valid options are: OTA_RSA_SHA1, OTA_RSA_SHA256, OTA_ECDSA_SHA256. - */ -#define OTA_PAL_TEST_CERT_TYPE OTA_RSA_SHA256 - -/** - * @brief Path to cert for OTA test PAL. Used to verify signature. - * If applicable, the device must be pre-provisioned with this certificate. Please see - * test/common/ota/test_files for the set of certificates. - */ -#define OTA_PAL_CERTIFICATE_FILE "ecdsa-sha256-signer.crt.pem" - -/** - * @brief Some devices have a hard-coded name for the firmware image to boot. - */ -#define OTA_PAL_FIRMWARE_FILE "non_secure image" - -/** - * @brief Some boards OTA PAL layers will use the file names passed into it for the - * image and the certificates because their non-volatile memory is abstracted by a - * file system. Set this to 1 if that is the case for your device. - */ -#define OTA_PAL_USE_FILE_SYSTEM 0 - /** * @brief The PKCS #11 supports RSA key function. * diff --git a/applications/helpers/provisioning/CMakeLists.txt b/applications/helpers/provisioning/CMakeLists.txt index 313857f..fbb749b 100644 --- a/applications/helpers/provisioning/CMakeLists.txt +++ b/applications/helpers/provisioning/CMakeLists.txt @@ -23,17 +23,10 @@ else() fri-bsp ) - if(FREERTOS_LIBRARIES_INTEGRATION_TESTS EQUAL 1) - set( - CODE_SIGNING_PUBLIC_KEY_PEM_PATH - ${freertos_libraries_integration_tests_SOURCE_DIR}/src/ota/test_files/tfm-rsa-sha256-signer.crt.pem - ) - else() - set( - CODE_SIGNING_PUBLIC_KEY_PEM_PATH - ${AWS_OTA_SIGNATURE_PUBLIC_KEY_PATH} - ) - endif() + set( + CODE_SIGNING_PUBLIC_KEY_PEM_PATH + ${AWS_OTA_SIGNATURE_PUBLIC_KEY_PATH} + ) add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/aws_clientcredential_keys.h DEPENDS ${AWS_CLIENT_PRIVATE_KEY_PEM_PATH} diff --git a/components/tools/freertos_libraries_integration_tests/CMakeLists.txt b/components/tools/freertos_libraries_integration_tests/CMakeLists.txt index 84945dd..da0e443 100644 --- a/components/tools/freertos_libraries_integration_tests/CMakeLists.txt +++ b/components/tools/freertos_libraries_integration_tests/CMakeLists.txt @@ -13,8 +13,6 @@ include(ApplyPatches) set(PATCH_FILES_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/integration/patches") set(PATCH_FILES "${PATCH_FILES_DIRECTORY}/0001-Reduce-the-TRANSPORT_TEST_BUFFER_WRITABLE_LENGTH.patch" - "${PATCH_FILES_DIRECTORY}/0002-closefile-validsignature-test-Fix-test-bugs.patch" - "${PATCH_FILES_DIRECTORY}/0003-Introduce-user-defined-MQTT-keep-alive-value.patch" ) iot_reference_arm_corstone3xx_apply_patches("${freertos_libraries_integration_tests_SOURCE_DIR}" "${PATCH_FILES}") diff --git a/components/tools/freertos_libraries_integration_tests/integration/CMakeLists.txt b/components/tools/freertos_libraries_integration_tests/integration/CMakeLists.txt index a4e7e7d..30563ce 100644 --- a/components/tools/freertos_libraries_integration_tests/integration/CMakeLists.txt +++ b/components/tools/freertos_libraries_integration_tests/integration/CMakeLists.txt @@ -7,7 +7,6 @@ add_library(freertos-libraries-integration-tests-config INTERFACE) include(${freertos_libraries_integration_tests_SOURCE_DIR}/qualification_test.cmake) include(${freertos_libraries_integration_tests_SOURCE_DIR}/src/mqtt_test.cmake) include(${freertos_libraries_integration_tests_SOURCE_DIR}/src/pkcs11_test.cmake) -include(${freertos_libraries_integration_tests_SOURCE_DIR}/src/ota_pal_test.cmake) include(${freertos_libraries_integration_tests_SOURCE_DIR}/src/transport_interface_test.cmake) add_library(freertos-libraries-integration-tests-mqtt @@ -31,20 +30,6 @@ target_compile_definitions(freertos-libraries-integration-tests-mqtt PRIVATE MQTT_KEEP_ALIVE_INTERVAL_SECONDS=60 ) -add_library(freertos-libraries-integration-tests-ota-pal - ${OTA_PAL_TEST_SOURCES} -) -target_include_directories(freertos-libraries-integration-tests-ota-pal - PUBLIC - ${OTA_PAL_TEST_INCLUDE_DIRS} -) -target_link_libraries(freertos-libraries-integration-tests-ota-pal - PRIVATE - freertos-libraries-integration-tests-config - freertos-ota-pal-psa - ota-for-aws-iot-embedded-sdk - unity -) add_library(freertos-libraries-integration-tests-pkcs11 ${PKCS11_TEST_SOURCES} @@ -82,7 +67,6 @@ target_link_libraries(freertos-libraries-integration-tests-qualification coremqtt freertos-libraries-integration-tests-config freertos-libraries-integration-tests-mqtt - freertos-libraries-integration-tests-ota-pal freertos-libraries-integration-tests-pkcs11 ) diff --git a/components/tools/freertos_libraries_integration_tests/integration/patches/0002-closefile-validsignature-test-Fix-test-bugs.patch b/components/tools/freertos_libraries_integration_tests/integration/patches/0002-closefile-validsignature-test-Fix-test-bugs.patch deleted file mode 100644 index 030592e..0000000 --- a/components/tools/freertos_libraries_integration_tests/integration/patches/0002-closefile-validsignature-test-Fix-test-bugs.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 0481e0a7ce10440bcdc699903889c16b227e479d Mon Sep 17 00:00:00 2001 -From: Ahmed Ismail -Date: Mon, 1 Jul 2024 14:49:50 +0100 -Subject: [PATCH 2/3] closefile-validsignature-test: Fix test bugs - -This test has two main issues: - -* otaPal_CloseFile_ValidSignature test has a hardcoded -filename ("test_happy_path_image.bin") which causes -test failure with custom OTA PAL implementation. The -hardcoded filename must be made configurable at -which point it should be renamed to "non_secure image". - -* The RSA Sha256 signature is not actually a valid -signature, so a new signature was generated using -different key pair as the library does not provide -the private key used during the signature generation, -the public key used is added to the test_files directory. - -Signed-off-by: Ahmed Ismail ---- - .../aws_test_ota_pal_rsa_sha256_signature.h | 56 +++++++++++-------- - src/ota/ota_pal_test.c | 7 ++- - .../test_files/tfm-rsa-sha256-signer.crt.pem | 11 ++++ - 3 files changed, 50 insertions(+), 24 deletions(-) - create mode 100644 src/ota/test_files/tfm-rsa-sha256-signer.crt.pem - -diff --git a/src/ota/aws_test_ota_pal_rsa_sha256_signature.h b/src/ota/aws_test_ota_pal_rsa_sha256_signature.h -index d4f76fe..d67167f 100644 ---- a/src/ota/aws_test_ota_pal_rsa_sha256_signature.h -+++ b/src/ota/aws_test_ota_pal_rsa_sha256_signature.h -@@ -63,30 +63,40 @@ static const int ucInvalidSignatureLength = 256; - */ - static const uint8_t ucValidSignature[] = - { -- 0xa9, 0x5f, 0xa1, 0x5d, 0x9b, 0x42, 0x09, 0x78, 0xaf, 0x95, 0xe4, 0x42, -- 0xac, 0xf4, 0xd7, 0x83, 0xea, 0xa9, 0x67, 0x54, 0x32, 0x62, 0x54, 0x21, -- 0x46, 0xf5, 0x91, 0xe7, 0x76, 0xdf, 0x2f, 0xa0, 0x6a, 0xe3, 0xb1, 0xd2, -- 0xda, 0x1b, 0x6d, 0x54, 0x6b, 0xac, 0xb6, 0x38, 0x1d, 0x3c, 0xf1, 0xcf, -- 0x0d, 0x33, 0x84, 0xac, 0x5d, 0xf1, 0x20, 0x7b, 0xfe, 0x2f, 0x9d, 0xf9, -- 0x93, 0x5e, 0x4d, 0x34, 0xdc, 0x21, 0x1c, 0x1b, 0x90, 0xf8, 0x37, 0xc6, -- 0x7d, 0x16, 0x16, 0x25, 0xe3, 0xcc, 0x06, 0xb5, 0xd5, 0xbf, 0x64, 0x64, -- 0x44, 0xa0, 0x60, 0xfe, 0xf3, 0xba, 0xf2, 0xdc, 0xc7, 0x57, 0xbe, 0xca, -- 0xcc, 0x6b, 0x57, 0xc2, 0x89, 0x7c, 0xef, 0xdc, 0xc8, 0xf8, 0xb3, 0x34, -- 0x8f, 0x67, 0x7a, 0x04, 0x3e, 0x9f, 0x96, 0x17, 0x7f, 0x98, 0x6c, 0x87, -- 0x21, 0x70, 0x9d, 0xf8, 0xf4, 0x26, 0xe4, 0xc8, 0x61, 0x57, 0x2a, 0xea, -- 0x08, 0xe1, 0x51, 0x52, 0xbb, 0x53, 0x11, 0x35, 0x1e, 0x39, 0x1a, 0x11, -- 0x2f, 0xc4, 0xa6, 0x19, 0x5e, 0x6a, 0x62, 0xa1, 0x77, 0x7f, 0x6b, 0xc4, -- 0x0a, 0x61, 0xf8, 0x9a, 0x95, 0xd2, 0xfa, 0x09, 0x38, 0xd1, 0xb1, 0xfb, -- 0x75, 0xd1, 0x36, 0xfe, 0x2f, 0xc5, 0x08, 0xc1, 0x35, 0x66, 0x7a, 0x97, -- 0x46, 0x61, 0x8a, 0xfa, 0xbb, 0x83, 0x63, 0x8c, 0xe9, 0x0b, 0x2a, 0x3e, -- 0x88, 0xaa, 0x79, 0x63, 0xb6, 0x92, 0x22, 0xb1, 0x75, 0xeb, 0x20, 0x0d, -- 0x06, 0xb2, 0x01, 0x35, 0x01, 0xa2, 0xa7, 0x21, 0x3f, 0xe9, 0x80, 0x83, -- 0x87, 0xfd, 0x29, 0x54, 0x77, 0x3a, 0x13, 0xa6, 0x10, 0xa7, 0x47, 0xed, -- 0x9f, 0xb1, 0x52, 0xb6, 0x86, 0x54, 0xbc, 0x89, 0x40, 0xa8, 0x74, 0x15, -- 0xd8, 0xa7, 0x69, 0x9b, 0x27, 0x7a, 0x99, 0xde, 0x9d, 0xdc, 0x69, 0xb6, -- 0x0c, 0x57, 0x68, 0x3d -+ 0x82, 0xec, 0x6b, 0x31, 0xed, 0xed, 0xbb, 0x33, 0x58, 0x1e, 0x37, 0x43, -+ 0x2c, 0x2e, 0xef, 0xc8, 0x2a, 0x5d, 0x98, 0x8d, 0xf8, 0xc6, 0x94, 0xf8, -+ 0xd2, 0xb7, 0x19, 0x2b, 0xc2, 0x04, 0xe8, 0x67, 0xf8, 0xfb, 0x1d, 0x7e, -+ 0xc4, 0x5c, 0xde, 0x6b, 0x05, 0xbb, 0x08, 0x3e, 0xb0, 0x57, 0x4e, 0x44, -+ 0x35, 0xe3, 0x09, 0x22, 0x82, 0xda, 0x55, 0x61, 0x05, 0x8c, 0x53, 0xb1, -+ 0x02, 0xc8, 0x54, 0x33, 0xc1, 0x2e, 0x1e, 0x78, 0x9a, 0x21, 0xb9, 0xc5, -+ 0xba, 0xe0, 0x56, 0x3f, 0xaa, 0x64, 0x65, 0x36, 0x8d, 0x33, 0xbb, 0x59, -+ 0xc2, 0x5f, 0x35, 0xfb, 0x97, 0xaa, 0x2f, 0xd0, 0xab, 0xd3, 0x06, 0xdf, -+ 0xca, 0x43, 0x39, 0x6c, 0xff, 0xe9, 0x3b, 0x3f, 0x94, 0xf1, 0xb4, 0xbc, -+ 0x8c, 0x31, 0xc1, 0xf9, 0xd0, 0xda, 0x27, 0x5c, 0x03, 0xa8, 0x1f, 0x3d, -+ 0x81, 0xc9, 0xb2, 0xd7, 0x0c, 0x64, 0x99, 0x31, 0x32, 0x8b, 0x37, 0x94, -+ 0xd6, 0x0e, 0x7e, 0x91, 0xa2, 0xd8, 0x0d, 0xc2, 0xb0, 0x17, 0x26, 0xf9, -+ 0x33, 0x9c, 0xed, 0x5c, 0x83, 0x6a, 0x2a, 0x16, 0x89, 0x54, 0xba, 0x5e, -+ 0x1c, 0xe3, 0x3e, 0xd8, 0x58, 0x03, 0x9e, 0xe3, 0x7a, 0xc2, 0x1c, 0x6b, -+ 0xe8, 0xaf, 0x63, 0x15, 0x4e, 0xe2, 0xe6, 0xe3, 0x79, 0x8b, 0x18, 0x95, -+ 0x91, 0x1d, 0x63, 0x10, 0x8d, 0x90, 0x82, 0xb3, 0x8d, 0x1a, 0x05, 0xdc, -+ 0x77, 0xc9, 0xe0, 0x23, 0x60, 0xc8, 0x53, 0xd8, 0x02, 0xae, 0xb4, 0xc9, -+ 0x50, 0xf6, 0x48, 0x2f, 0x20, 0x50, 0xd0, 0x4e, 0x16, 0xb6, 0x6f, 0x52, -+ 0xad, 0x0d, 0xe1, 0x09, 0x07, 0xee, 0x68, 0x7b, 0x06, 0x7e, 0xb7, 0xec, -+ 0x38, 0xed, 0x27, 0xeb, 0x75, 0x7d, 0xff, 0xee, 0x81, 0xa6, 0xd0, 0xe5, -+ 0xbc, 0xe1, 0x68, 0x1c, 0x8f, 0xf4, 0xac, 0x11, 0x0d, 0x61, 0xff, 0xd2, -+ 0x37, 0xb7, 0xed, 0x73, 0x01, 0xf3, 0x9e, 0xd3, 0xd5, 0x75, 0xc0, 0xf6, -+ 0x40, 0x88, 0x45, 0xc6, 0x5b, 0x61, 0xcf, 0x5a, 0x08, 0x19, 0xb8, 0x0d, -+ 0x42, 0x5f, 0x87, 0x11, 0x69, 0xbb, 0x34, 0xb0, 0x67, 0xcf, 0x00, 0xf7, -+ 0x16, 0x4c, 0xb4, 0xc8, 0xfd, 0x4a, 0x46, 0xdc, 0x0c, 0xdb, 0x32, 0xd2, -+ 0x3c, 0x21, 0xd4, 0x65, 0xb8, 0xf8, 0x92, 0x34, 0xa5, 0xfa, 0xa6, 0x69, -+ 0x0c, 0x70, 0x18, 0x32, 0x27, 0x63, 0x2f, 0x2b, 0xa1, 0xab, 0x05, 0xf5, -+ 0x6e, 0x2f, 0x4c, 0x1e, 0x6b, 0xe6, 0xd1, 0x57, 0xb5, 0x1a, 0x3e, 0x60, -+ 0xbf, 0xee, 0x14, 0xe3, 0x4a, 0x09, 0xaf, 0x2a, 0xee, 0x29, 0x3c, 0xec, -+ 0xda, 0xb8, 0xa6, 0x40, 0xad, 0x8d, 0xf9, 0xf3, 0xb1, 0x87, 0xf8, 0x35, -+ 0x0c, 0x9c, 0x9a, 0x72, 0x29, 0x67, 0x20, 0x86, 0xf0, 0x0a, 0xfe, 0x36, -+ 0x69, 0xe8, 0x92, 0x94, 0xd2, 0x79, 0x15, 0x1f, 0x8c, 0x40, 0x86, 0x6e - }; --static const int ucValidSignatureLength = 256; -+static const int ucValidSignatureLength = 384; - - /** - * @brief The type of signature method this file defines for the valid signature. -diff --git a/src/ota/ota_pal_test.c b/src/ota/ota_pal_test.c -index e890faa..9b3668b 100644 ---- a/src/ota/ota_pal_test.c -+++ b/src/ota/ota_pal_test.c -@@ -137,7 +137,7 @@ TEST( Full_OTA_PAL, otaPal_CloseFile_ValidSignature ) - - /* We use a dummy file name here because closing the system designated bootable - * image with content that is not runnable may cause issues. */ -- xOtaFile.pFilePath = ( uint8_t * ) ( "test_happy_path_image.bin" ); -+ xOtaFile.pFilePath = ( uint8_t * ) OTA_PAL_FIRMWARE_FILE; - xOtaFile.fileSize = sizeof( ucDummyData ); - xOtaStatus = otaPal_CreateFileForRx( &xOtaFile ); - TEST_ASSERT_EQUAL( OtaPalSuccess, OTA_PAL_MAIN_ERR( xOtaStatus ) ); -@@ -145,6 +145,11 @@ TEST( Full_OTA_PAL, otaPal_CloseFile_ValidSignature ) - /* We still want to close the file if the test fails somewhere here. */ - if( TEST_PROTECT() ) - { -+ /* The blocksRemaining is set to 1 as to update the component state -+ * to PSA_FWU_CANDIDATE where it would query the implementation info -+ */ -+ xOtaFile.blocksRemaining = 1; -+ - /* Write data to the file. */ - bytesWritten = otaPal_WriteBlock( &xOtaFile, - 0, -diff --git a/src/ota/test_files/tfm-rsa-sha256-signer.crt.pem b/src/ota/test_files/tfm-rsa-sha256-signer.crt.pem -new file mode 100644 -index 0000000..10bf6dd ---- /dev/null -+++ b/src/ota/test_files/tfm-rsa-sha256-signer.crt.pem -@@ -0,0 +1,11 @@ -+-----BEGIN PUBLIC KEY----- -+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsuHwWVHsCa/jbi4G5WEv -+C7zqr+aQwB0zWdD5sWyfdV/5RFsjyAOToRBBfMlepzfd2YBufwZgRZrpQCu0osMA -+TQsHzftESR0ODHrkpvQwUDIzoqWvMfKgU5zJbpGHFGkh88WoB2fbKIvCl810tqZ2 -+7WiRxPH/L52OYyUPjlSK/JoW0961iJjBTkbHn2FrPYwTG7vAPhaLPqyLJAiYlyQb -+HBZt9yKYegmtiVfB7ULQO0nm3pa4ClB2TgMpBI33e/c+9IrVegb483H6Pt9hL8X4 -+dLYZa9R3F4W5ONeFlX0E6ld8CfY91D6JPJRn2CwUgGdJpBJOXJNqfnkKmYR/M7YB -+bFOuGkjNAifz+i8effbfcWdq34Htbujm0wsMR6JzFdLusMVWpnDtt9uaoXuNYH04 -+xq7K74Bsv+dLgfpwUl/rqsPK4BTEoayVVPIk+xqdSrYU5fwgeTai7GaiFdy2K8I0 -+kLnLZ2Jw0+t2VAWbTkR7cnvqHoVCE1MlBfSOI1ouEaBxAgMBAAE= -+-----END PUBLIC KEY----- --- -2.34.1 - diff --git a/components/tools/freertos_libraries_integration_tests/integration/patches/0003-Introduce-user-defined-MQTT-keep-alive-value.patch b/components/tools/freertos_libraries_integration_tests/integration/patches/0003-Introduce-user-defined-MQTT-keep-alive-value.patch deleted file mode 100644 index 635bed7..0000000 --- a/components/tools/freertos_libraries_integration_tests/integration/patches/0003-Introduce-user-defined-MQTT-keep-alive-value.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4578e741befdc8a0bdbc4dd20964ae790e11b589 Mon Sep 17 00:00:00 2001 -From: Ahmed Ismail -Date: Mon, 1 Jul 2024 14:50:11 +0100 -Subject: [PATCH 3/3] Introduce user defined MQTT keep alive value - -`MQTT_KEEP_ALIVE_INTERVAL_SECONDS` macro value -depends on the responsiveness of the target -running the tests because some targets might -be faster or slower than others. Hence, it -would be useful to have a default value for -this macro (5) and the integration code can -provide other value if needed. - -Signed-off-by: Ahmed Ismail Date: Wed, 13 Nov 2024 12:26:53 +0000 Subject: [PATCH 3/3] corepkcs11: Remove out-of-tree patch Remove the upstreamed out-of-tree patch `0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch` and update to latest version of corePKCS11 library. Signed-off-by: Devaraj Ranganna --- components/aws_iot/corepkcs11/CMakeLists.txt | 6 ---- ...efine-__PASTE-macro-for-Arm-compiler.patch | 32 ------------------- components/aws_iot/corepkcs11/library | 2 +- manifest.yml | 2 +- 4 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 components/aws_iot/corepkcs11/integration/patches/0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch diff --git a/components/aws_iot/corepkcs11/CMakeLists.txt b/components/aws_iot/corepkcs11/CMakeLists.txt index de667bb..07e4720 100644 --- a/components/aws_iot/corepkcs11/CMakeLists.txt +++ b/components/aws_iot/corepkcs11/CMakeLists.txt @@ -9,11 +9,5 @@ if(CMAKE_CROSSCOMPILING) "Path to corePKCS11 source code" ) - include(ApplyPatches) - - set(PATCH_FILES_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/integration/patches") - set(PATCH_FILES "${PATCH_FILES_DIRECTORY}/0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch") - iot_reference_arm_corstone3xx_apply_patches("${corepkcs11_SOURCE_DIR}" "${PATCH_FILES}") - add_subdirectory(integration) endif() diff --git a/components/aws_iot/corepkcs11/integration/patches/0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch b/components/aws_iot/corepkcs11/integration/patches/0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch deleted file mode 100644 index a501bf6..0000000 --- a/components/aws_iot/corepkcs11/integration/patches/0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b57c4407d6438e252ade2b753565da9fffc8f8b7 Mon Sep 17 00:00:00 2001 -From: Ahmed Ismail -Date: Tue, 2 Jul 2024 10:46:38 +0100 -Subject: [PATCH] Do not define __PASTE macro for Arm-compiler - -__PASTE macro is defined for Arm Compiler in its header files -so to avoid conflicts it is undefined as it is already defined by -corePkcs11 headers. - -Signed-off-by: Ahmed Ismail ---- - source/include/core_pkcs11.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source/include/core_pkcs11.h b/source/include/core_pkcs11.h -index d8b84f7..6195f3f 100644 ---- a/source/include/core_pkcs11.h -+++ b/source/include/core_pkcs11.h -@@ -197,8 +197,8 @@ - - /* Bring in the public header. */ - --/* Undefine the macro for Keil Compiler to avoid conflict */ --#if defined( __PASTE ) && defined( __CC_ARM ) -+/* Undefine the macro for Keil and ARMClang Compilers to avoid conflict */ -+#if defined( __PASTE ) && ( defined( __CC_ARM ) || defined( __ARMCC_VERSION ) ) - /* ARM RCVT stdint.h has a duplicate definition with PKCS #11. */ - #undef __PASTE - #endif --- -2.34.1 - diff --git a/components/aws_iot/corepkcs11/library b/components/aws_iot/corepkcs11/library index 781f577..8a4ac0e 160000 --- a/components/aws_iot/corepkcs11/library +++ b/components/aws_iot/corepkcs11/library @@ -1 +1 @@ -Subproject commit 781f5774948fa8e6427be544b1bf1ad512ae9e90 +Subproject commit 8a4ac0e0e27a83da5c2a5e8c87f34998f6eb7aaf diff --git a/manifest.yml b/manifest.yml index 93b46c4..a33ee93 100644 --- a/manifest.yml +++ b/manifest.yml @@ -106,7 +106,7 @@ dependencies: license: "MIT" tpip-category: "category-2" security-risk: "low" - version: "v3.5.0" + version: "8a4ac0e0e27a83da5c2a5e8c87f34998f6eb7aaf" repository: type: "git" url: "https://github.com/FreeRTOS/corePKCS11.git"