espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(mbedtls): enable pthread threading by default

Browse Source
This commit is contained in:
Ashish Sharma
2026-02-10 18:28:02 +08:00
parent 3a00345f3a
commit 939be5c62f
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/mbedtls/Kconfig
+3 -3
View File
@@ -32,7 +32,7 @@ menu "mbedTLS"
config MBEDTLS_THREADING_C
bool "Enable the threading abstraction layer"
default n
default y
help
If you do intend to use contexts between threads, you will need to enable
this layer to prevent race conditions.
@@ -40,14 +40,14 @@ menu "mbedTLS"
config MBEDTLS_THREADING_ALT
bool "Enable threading alternate implementation"
depends on MBEDTLS_THREADING_C
default y
default n
help
Enable threading alt to allow your own alternate threading implementation.
config MBEDTLS_THREADING_PTHREAD
bool "Enable threading pthread implementation"
depends on MBEDTLS_THREADING_C
default n
default y
help
Enable the pthread wrapper layer for the threading layer.
components/mbedtls/config/mbedtls_preset_default.conf
+1 -1
View File
@@ -4,7 +4,7 @@
# Core Configuration
CONFIG_MBEDTLS_FS_IO=y
CONFIG_MBEDTLS_THREADING_C=n
CONFIG_MBEDTLS_THREADING_C=y
CONFIG_MBEDTLS_ERROR_STRINGS=y
CONFIG_MBEDTLS_VERSION_C=n
CONFIG_MBEDTLS_HAVE_TIME=y
docs/en/migration-guides/release-6.x/6.0/security.rst
+4 -1
View File
@@ -32,7 +32,7 @@ ESP-IDF v6.0 updates to Mbed TLS v4.0, where **PSA Crypto is the primary cryptog
- **Breaking change**: certificates/peers using elliptic curves of less than 250 bits (for example secp192r1/secp224r1) are no longer supported in certificates and in TLS.
- **Note**:
- void relying on Mbed TLS private declarations (for example headers under ``mbedtls/private/`` or declarations enabled via ``MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`` / ``MBEDTLS_ALLOW_PRIVATE_ACCESS``). Such private interfaces may change without notice.
- Avoid relying on Mbed TLS private declarations (for example headers under ``mbedtls/private/`` or declarations enabled via ``MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`` / ``MBEDTLS_ALLOW_PRIVATE_ACCESS``). Such private interfaces may change without notice.
- The PSA Crypto migration (TF-PSA-Crypto) can increase flash footprint, depending on the features enabled. As reference points:
.. list-table::
@@ -69,6 +69,9 @@ Default configuration changes
- ``MBEDTLS_ARIA_C`` is disabled by default. Applications that rely on ARIA must explicitly enable it in ``menuconfig`` (Component config -> mbedTLS) or by customizing ``components/mbedtls/config/mbedtls_preset_default.conf``.
- Support for ``secp192r1`` is disabled by default, consistent with the removal of support for elliptic curves smaller than 250 bits in certificates and TLS. If an application still requires legacy curve support outside TLS/certificates, it must be enabled explicitly (for example by defining ``PSA_WANT_ECC_SECP_R1_192=1``) and validated for compatibility. Note: this legacy support may be disabled in the next minor ESP-IDF release.
- ``MBEDTLS_THREADING_C`` is enabled by default. This provides thread-safety for the PSA Crypto key management API and ``psa_crypto_init()``. It is recommended to keep this configuration enabled when using PSA Crypto from multiple threads (for example, concurrent TLS connections, certificate operations, or any scenario where cryptographic operations may be invoked from different threads). Applications that only call PSA functions from a single thread are not affected by this change and can optionally disable threading support if desired.
- ``MBEDTLS_THREADING_PTHREAD`` is enabled by default. This enables Mbed TLS threading support using pthread primitives.
- ``MBEDTLS_THREADING_ALT`` is disabled by default. This disables Mbed TLS threading support using alternate threading primitives.
References
^^^^^^^^^^