From 0582153673f8f231aa375648e503c5f7c2942b8d Mon Sep 17 00:00:00 2001 From: Evlers <1425295900@qq.com> Date: Fri, 15 May 2026 15:55:39 +0800 Subject: [PATCH 1/2] =?UTF-8?q?[security][mbedtls]=20=E6=96=B0=E5=A2=9E=20?= =?UTF-8?q?RSA=20ALT=20=E9=85=8D=E7=BD=AE=E9=A1=B9=EF=BC=9A=E7=A1=AC?= =?UTF-8?q?=E4=BB=B6=E6=A8=A1=E5=B9=82=E6=9C=80=E5=A4=A7=E4=BD=8D=E5=AE=BD?= =?UTF-8?q?=E4=B8=8E=E8=B6=85=E9=99=90=E6=8E=A2=E6=B5=8B=E5=BC=80=E5=85=B3?= =?UTF-8?q?=EF=BC=8C=E4=BE=BF=E4=BA=8E=E6=8C=89=E8=8A=AF=E7=89=87=E8=83=BD?= =?UTF-8?q?=E5=8A=9B=E6=8E=A7=E5=88=B6=E7=A1=AC=E4=BB=B6=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- security/mbedtls/Kconfig | 80 ++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 49 deletions(-) diff --git a/security/mbedtls/Kconfig b/security/mbedtls/Kconfig index 8c1ffd18b2..1eb4607ded 100644 --- a/security/mbedtls/Kconfig +++ b/security/mbedtls/Kconfig @@ -110,65 +110,47 @@ if PKG_USING_MBEDTLS int "Maxium fragment length in bytes" default 3584 + menu "RSA ALT Configuration" + depends on RT_HWCRYPTO_USING_BIGNUM_EXPTMOD + + config MBEDTLS_RSA_ALT_HW_MODEXP_MAX_BITS + int "Max modulus bits for hardware expmod" + range 256 8192 + default 3136 + help + Maximum modulus bit-length that RSA ALT sends to hardware + modular exponentiation. Typical values: + - 3136 for GD32F5 PKCAU + - 4096 for hardware that supports RSA-4096 + This limit applies to modulus N bit-length, not certificate + file size. + + config MBEDTLS_RSA_ALT_OVERSIZE_HW_PROBE + bool "Probe hardware for oversize modulus" + default n + help + If enabled, RSA ALT will still try hardware expmod when modulus + size exceeds MBEDTLS_RSA_ALT_HW_MODEXP_MAX_BITS. Disable for + stable production behavior and direct software fallback on + oversize requests. + + endmenu + + config MBEDTLS_SSL_PROTO_TLS1_3_SUPPORTS + bool "Enable TLS 1.3 support" + default n + config PKG_USING_MBEDTLS_EXAMPLE bool "Enable a mbedtls client example" select PKG_USING_MBEDTLS_CERTUM_TRUSTED_NETWORK_ROOT_CA default n - if PKG_USING_MBEDTLS_V2710 - config MBEDTLS_MPI_MAX_SIZE - int "Maximum number of bytes for usable MPIs" - default 1024 - - config MBEDTLS_CTR_DRBG_KEYSIZE - int "The key size used by the cipher" - default 32 - endif - config PKG_USING_MBEDTLS_DEBUG bool "Enable Debug log output" default n - config PKG_MBEDTLS_PATH - string - default "/packages/security/mbedtls" - - choice - prompt "version" - default PKG_USING_MBEDTLS_V2281 - help - Select the mbedtls version - - config PKG_USING_MBEDTLS_V2281 - bool "v2.28.1" - - config PKG_USING_MBEDTLS_V27102 - bool "v2.7.10.2" - - config PKG_USING_MBEDTLS_V27101 - bool "v2.7.10.1" - - config PKG_USING_MBEDTLS_V2710 - bool "v2.7.10" - - config PKG_USING_MBEDTLS_V261 - bool "v2.6.1" - - config PKG_USING_MBEDTLS_V260 - bool "v2.6.0" - - config PKG_USING_MBEDTLS_LATEST_VERSION - bool "latest" - endchoice - config PKG_MBEDTLS_VER string - default "latest" if PKG_USING_MBEDTLS_LATEST_VERSION - default "v2.28.1" if PKG_USING_MBEDTLS_V2281 - default "v2.7.10.2" if PKG_USING_MBEDTLS_V27102 - default "v2.7.10.1" if PKG_USING_MBEDTLS_V27101 - default "v2.7.10" if PKG_USING_MBEDTLS_V2710 - default "v2.6.1" if PKG_USING_MBEDTLS_V261 - default "v2.6.0" if PKG_USING_MBEDTLS_V260 + default "v2.28.1" endif From 4f446700e1773e71f01ccc8432543eafb02f5533 Mon Sep 17 00:00:00 2001 From: Evlers <1425295900@qq.com> Date: Fri, 15 May 2026 16:07:42 +0800 Subject: [PATCH 2/2] =?UTF-8?q?[security][mbedtls]=20=E6=81=A2=E5=A4=8D?= =?UTF-8?q?=E8=AF=AF=E5=88=A0=E9=99=A4=E7=9A=84=E7=89=88=E6=9C=AC=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- security/mbedtls/Kconfig | 50 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/security/mbedtls/Kconfig b/security/mbedtls/Kconfig index 1eb4607ded..328bcffb25 100644 --- a/security/mbedtls/Kconfig +++ b/security/mbedtls/Kconfig @@ -145,12 +145,60 @@ if PKG_USING_MBEDTLS select PKG_USING_MBEDTLS_CERTUM_TRUSTED_NETWORK_ROOT_CA default n + if PKG_USING_MBEDTLS_V2710 + config MBEDTLS_MPI_MAX_SIZE + int "Maximum number of bytes for usable MPIs" + default 1024 + + config MBEDTLS_CTR_DRBG_KEYSIZE + int "The key size used by the cipher" + default 32 + endif + config PKG_USING_MBEDTLS_DEBUG bool "Enable Debug log output" default n + config PKG_MBEDTLS_PATH + string + default "/packages/security/mbedtls" + + choice + prompt "version" + default PKG_USING_MBEDTLS_V2281 + help + Select the mbedtls version + + config PKG_USING_MBEDTLS_V2281 + bool "v2.28.1" + + config PKG_USING_MBEDTLS_V27102 + bool "v2.7.10.2" + + config PKG_USING_MBEDTLS_V27101 + bool "v2.7.10.1" + + config PKG_USING_MBEDTLS_V2710 + bool "v2.7.10" + + config PKG_USING_MBEDTLS_V261 + bool "v2.6.1" + + config PKG_USING_MBEDTLS_V260 + bool "v2.6.0" + + config PKG_USING_MBEDTLS_LATEST_VERSION + bool "latest" + endchoice + config PKG_MBEDTLS_VER string - default "v2.28.1" + default "latest" if PKG_USING_MBEDTLS_LATEST_VERSION + default "v2.28.1" if PKG_USING_MBEDTLS_V2281 + default "v2.7.10.2" if PKG_USING_MBEDTLS_V27102 + default "v2.7.10.1" if PKG_USING_MBEDTLS_V27101 + default "v2.7.10" if PKG_USING_MBEDTLS_V2710 + default "v2.6.1" if PKG_USING_MBEDTLS_V261 + default "v2.6.0" if PKG_USING_MBEDTLS_V260 endif