• State Not Answered
  • Replies 9 replies
  • Subscribers 68 subscribers
  • Views 221 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 335205
Options

Updating\removing BLE related libraries in SDK

EyalR

Hi,

I'm using nRF52832 with SDK 17.0.2. We were using the Snyk Vulnerability Database to scan our code and found issues with the libraries mbedtls, lwip-tcpip and micro-ecc.

mbedtls and lwip-tcpip offered version upgrades to fix the issue, while the micro-ecc issue had no solution.

My questions are:

1) How would I go about and manually upgrade mbedtls and lwip-tcpip libraries in the SDK? Is it a simple matter of overwriting the new libraries on top of the old ones?

2) Since we're not using any sort of encryptions or cryptography we don't really need the micro-cc library. How could I remove it from the code without breaking the compilation of the entire solution?

Thanks,

Eyal 

Parents
  • 0

    Hi again Eyal

    Hmm, I can't say we're able to see what's missing here I'm afraid. But discussing this case with a colleague, we realized that since you don't actually use encryption or cryptography on your end, it might be easier to just remove embedtls and micro-ecc from the external folder in the SDK entirely. Would that be an option here?

    Best regards,

    Simon

  • 0 in reply to Simonr

    I just wanna update that I found the .h with all of the defines and prerequistes for mbedtls.

    It is called nrf_crypto_mbedtls_config.h and it's inside <SDK_PATH>\external\nrf_tls\mbedtls\nrf_crypto\config

    I couldn't find it because it wasn't in the actual mbedtls folder.

    I'm still testing it but it seems that after updating the defines it compiles fine and updates mbedtls

Reply
  • 0 in reply to Simonr

    I just wanna update that I found the .h with all of the defines and prerequistes for mbedtls.

    It is called nrf_crypto_mbedtls_config.h and it's inside <SDK_PATH>\external\nrf_tls\mbedtls\nrf_crypto\config

    I couldn't find it because it wasn't in the actual mbedtls folder.

    I'm still testing it but it seems that after updating the defines it compiles fine and updates mbedtls

Children
Related