Initial Changes for updating mbedtls to v3.0

components/lwip/lwip

@@ -1 +1 @@
-Subproject commit 2749568fe15df2003f6c3f37f0dfd44f8f01fcd6
+Subproject commit 2195f7416fb3136831babf3e96c027a73075bd4f

components/mbedtls/CMakeLists.txt

@@ -8,11 +8,12 @@ if(NOT BOOTLOADER_BUILD)
 endif()
 
 idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c"
-    INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include"
+    INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" "."
     REQUIRES lwip
     PRIV_REQUIRES "${priv_requires}"
     )
 
+
 if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
     set(bundle_name "x509_crt_bundle")
     set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle)

components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c

@@ -56,10 +56,10 @@ static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
         return MBEDTLS_SSL_OUT_BUFFER_LEN;
     } else {
         return len + MBEDTLS_SSL_HEADER_LEN
-                   + MBEDTLS_SSL_COMPRESSION_ADD
                    + MBEDTLS_MAX_IV_LENGTH
                    + MBEDTLS_SSL_MAC_ADD
-                   + MBEDTLS_SSL_PADDING_ADD;
+                   + MBEDTLS_SSL_PADDING_ADD
+                   + MBEDTLS_SSL_MAX_CID_EXPANSION;
     }
 }
 

components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h

@@ -10,7 +10,7 @@
 #include <stddef.h>
 #include <string.h>
 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h
 #include "mbedtls/platform.h"
 #include "esp_log.h"
 

components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c

@@ -34,7 +34,6 @@ static const char *TAG = "ESP_RSA_SIGN_ALT";
 #define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24))
 
 #include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
 #include <string.h>

components/mbedtls/port/esp_hardware.c

@@ -9,7 +9,7 @@
 #include <stdio.h>
 #include <esp_system.h>
 
-#include "mbedtls/entropy_poll.h"
+#include <entropy_poll.h>
 
 #ifndef MBEDTLS_ENTROPY_HARDWARE_ALT
 #error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF"

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -2766,6 +2766,10 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
+/* Define this flag for now */
+/* To Do - while updating to v3.0 remove all the code where this flag is used */
+#define MBEDTLS_DEPRECATED_REMOVED
+
 #include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

components/mbedtls/test/test_esp_crt_bundle.c

@@ -27,7 +27,6 @@
 
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"

components/mbedtls/test/test_rsa.c

@@ -11,9 +11,9 @@
 #include "mbedtls/rsa.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/x509_crt.h"
-#include "mbedtls/entropy_poll.h"
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include "mbedtls/library/entropy_poll.h"
 #include "freertos/FreeRTOS.h"
 #include "unity.h"
 #include "test_utils.h"

components/protocomm/src/security/security1.c

@@ -18,6 +18,7 @@
 #include <mbedtls/error.h>
 #include <mbedtls/ssl_internal.h>
 #include <mbedtls/constant_time.h>
+#include <mbedtls/library/ssl_misc.h>
 
 #include <protocomm_security.h>
 #include <protocomm_security1.h>

components/wpa_supplicant/src/crypto/tls_mbedtls.c

@@ -12,7 +12,8 @@
 #include "crypto/md5.h"
 #include "crypto/sha256.h"
 #include "crypto/sha384.h"
-#include "mbedtls/ssl_internal.h"
+#include "mbedtls/library/ssl_misc.h"
+//#error "It is included"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/debug.h"

examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib

@@ -1 +1 @@
-Subproject commit 077758db50d4b55addab56e723a5a379f09077d0
+Subproject commit ef346994291313f72c3dd3b0dc048f0247b46ef8