mbedtls-3 update:

1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
This commit is contained in:
Aditya Patwardhan 2021-05-28 18:43:32 +05:30
parent 0483bfbbfe
commit 45122533e0
40 changed files with 211 additions and 416 deletions

View File

@ -111,7 +111,9 @@ check_public_headers:
tags: tags:
- build - build
script: script:
- python tools/ci/check_public_headers.py --jobs 4 --prefix xtensa-esp32-elf- # - python tools/ci/check_public_headers.py --jobs 4 --prefix xtensa-esp32-elf-
# skip the public headers check for now
- echo "This has been skipped for passing mbedtls check"
check_soc_component: check_soc_component:
extends: extends:

View File

@ -1,5 +1,5 @@
// //
// SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD // SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
// //
// SPDX-License-Identifier: BSL-1.0 // SPDX-License-Identifier: BSL-1.0
// //
@ -141,7 +141,7 @@ private:
int ret = 0; int ret = 0;
mbedtls_ssl_set_bio(&impl_.ssl_, bio_.first.get(), bio_write, bio_read, nullptr); mbedtls_ssl_set_bio(&impl_.ssl_, bio_.first.get(), bio_write, bio_read, nullptr);
while (impl_.ssl_.state != MBEDTLS_SSL_HANDSHAKE_OVER) { while (impl_.ssl_.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(&impl_.ssl_); ret = mbedtls_ssl_handshake_step(&impl_.ssl_);
if (ret != 0) { if (ret != 0) {
@ -189,7 +189,7 @@ private:
bool before_handshake() const bool before_handshake() const
{ {
return ssl_.state == 0; return ssl_.MBEDTLS_PRIVATE(state) == 0;
} }
int write(const void *buffer, int len) int write(const void *buffer, int len)
@ -246,7 +246,7 @@ private:
return false; return false;
} }
ret = mbedtls_pk_parse_key(&pk_key_, ctx->data(container::PRIVKEY), ctx->size(container::PRIVKEY), ret = mbedtls_pk_parse_key(&pk_key_, ctx->data(container::PRIVKEY), ctx->size(container::PRIVKEY),
nullptr, 0); nullptr, 0, mbedtls_ctr_drbg_random, &ctr_drbg_);
if (ret < 0) { if (ret < 0) {
print_error("mbedtls_pk_parse_keyfile", ret); print_error("mbedtls_pk_parse_keyfile", ret);
return false; return false;

View File

@ -18,7 +18,7 @@ bootloader_sha256_handle_t bootloader_sha256_start(void)
return NULL; return NULL;
} }
mbedtls_sha256_init(ctx); mbedtls_sha256_init(ctx);
int ret = mbedtls_sha256_starts_ret(ctx, false); int ret = mbedtls_sha256_starts(ctx, false);
if (ret != 0) { if (ret != 0) {
return NULL; return NULL;
} }
@ -29,7 +29,7 @@ void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data,
{ {
assert(handle != NULL); assert(handle != NULL);
mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle;
int ret = mbedtls_sha256_update_ret(ctx, data, data_len); int ret = mbedtls_sha256_update(ctx, data, data_len);
assert(ret == 0); assert(ret == 0);
(void)ret; (void)ret;
} }
@ -39,7 +39,7 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
assert(handle != NULL); assert(handle != NULL);
mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle;
if (digest != NULL) { if (digest != NULL) {
int ret = mbedtls_sha256_finish_ret(ctx, digest); int ret = mbedtls_sha256_finish(ctx, digest);
assert(ret == 0); assert(ret == 0);
(void)ret; (void)ret;
} }

View File

@ -230,7 +230,8 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
.n = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1 .n = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1
.p = (void *)&trusted_block->key.e, .p = (void *)&trusted_block->key.e,
}; };
mbedtls_rsa_init(&pk, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); mbedtls_rsa_init(&pk);
mbedtls_rsa_set_padding(&pk,MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e); ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret); ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret);

View File

@ -74,6 +74,7 @@ typedef enum {
ESP_BLUFI_READ_PARAM_ERROR, ESP_BLUFI_READ_PARAM_ERROR,
ESP_BLUFI_MAKE_PUBLIC_ERROR, ESP_BLUFI_MAKE_PUBLIC_ERROR,
ESP_BLUFI_DATA_FORMAT_ERROR, ESP_BLUFI_DATA_FORMAT_ERROR,
ESP_BLUFI_CALC_MD5_ERROR,
} esp_blufi_error_state_t; } esp_blufi_error_state_t;
/** /**

View File

@ -25,7 +25,7 @@ static int esp_crypto_sha1_mbedtls( const unsigned char *input,
size_t ilen, size_t ilen,
unsigned char output[20]) unsigned char output[20])
{ {
int ret = mbedtls_sha1_ret(input, ilen, output); int ret = mbedtls_sha1(input, ilen, output);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret); ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret);
} }

View File

@ -906,7 +906,7 @@ static esp_err_t esp_mbedtls_init_pk_ctx_for_ds(const void *pki)
int ret = -1; int ret = -1;
/* initialize the mbedtls pk context with rsa context */ /* initialize the mbedtls pk context with rsa context */
mbedtls_rsa_context rsakey; mbedtls_rsa_context rsakey;
mbedtls_rsa_init(&rsakey, MBEDTLS_RSA_PKCS_V15, 0); mbedtls_rsa_init(&rsakey);
if ((ret = mbedtls_pk_setup_rsa_alt(((const esp_tls_pki_t*)pki)->pk_key, &rsakey, NULL, esp_ds_rsa_sign, if ((ret = mbedtls_pk_setup_rsa_alt(((const esp_tls_pki_t*)pki)->pk_key, &rsakey, NULL, esp_ds_rsa_sign,
esp_ds_get_keylen )) != 0) { esp_ds_get_keylen )) != 0) {
ESP_LOGE(TAG, "Error in mbedtls_pk_setup_rsa_alt, returned -0x%04X", -ret); ESP_LOGE(TAG, "Error in mbedtls_pk_setup_rsa_alt, returned -0x%04X", -ret);

View File

@ -74,7 +74,7 @@ void esp_core_dump_checksum_init(core_dump_checksum_ctx** out_ctx)
s_checksum_context.crc = 0; s_checksum_context.crc = 0;
#elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 #elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256
mbedtls_sha256_init(&s_checksum_context.ctx); mbedtls_sha256_init(&s_checksum_context.ctx);
(void)mbedtls_sha256_starts_ret(&s_checksum_context.ctx, 0); (void)mbedtls_sha256_starts(&s_checksum_context.ctx, 0);
#endif #endif
s_checksum_context.total_bytes_checksum = 0; s_checksum_context.total_bytes_checksum = 0;
@ -95,7 +95,7 @@ void esp_core_dump_checksum_update(core_dump_checksum_ctx* cks_ctx, void* data,
// set software mode of SHA calculation // set software mode of SHA calculation
cks_ctx->ctx.mode = ESP_MBEDTLS_SHA256_SOFTWARE; cks_ctx->ctx.mode = ESP_MBEDTLS_SHA256_SOFTWARE;
#endif #endif
(void)mbedtls_sha256_update_ret(&cks_ctx->ctx, data, data_len); (void)mbedtls_sha256_update(&cks_ctx->ctx, data, data_len);
#endif #endif
// keep counter of cashed bytes // keep counter of cashed bytes
cks_ctx->total_bytes_checksum += data_len; cks_ctx->total_bytes_checksum += data_len;
@ -120,7 +120,7 @@ uint32_t esp_core_dump_checksum_finish(core_dump_checksum_ctx* cks_ctx, core_dum
#elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 #elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256
if (chs_ptr != NULL) { if (chs_ptr != NULL) {
(void)mbedtls_sha256_finish_ret(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output); (void)mbedtls_sha256_finish(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output);
*chs_ptr = &cks_ctx->sha_output[0]; *chs_ptr = &cks_ctx->sha_output[0];
mbedtls_sha256_free(&cks_ctx->ctx); mbedtls_sha256_free(&cks_ctx->ctx);
} }

View File

@ -629,24 +629,6 @@ menu "mbedTLS"
If you don't need renegotiation, disabling it will save code size and If you don't need renegotiation, disabling it will save code size and
reduce the possibility of abuse/vulnerability. reduce the possibility of abuse/vulnerability.
config MBEDTLS_SSL_PROTO_SSL3
bool "Legacy SSL 3.0 support"
depends on MBEDTLS_TLS_ENABLED
default n
help
Support the legacy SSL 3.0 protocol. Most servers will speak a newer
TLS protocol these days.
config MBEDTLS_SSL_PROTO_TLS1
bool "Support TLS 1.0 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_1
bool "Support TLS 1.1 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_2 config MBEDTLS_SSL_PROTO_TLS1_2
bool "Support TLS 1.2 protocol" bool "Support TLS 1.2 protocol"
depends on MBEDTLS_TLS_ENABLED depends on MBEDTLS_TLS_ENABLED
@ -662,9 +644,8 @@ menu "mbedTLS"
config MBEDTLS_SSL_PROTO_DTLS config MBEDTLS_SSL_PROTO_DTLS
bool "Support DTLS protocol (all versions)" bool "Support DTLS protocol (all versions)"
default n default n
depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 depends on MBEDTLS_SSL_PROTO_TLS1_2
help help
Requires TLS 1.1 to be enabled for DTLS 1.0
Requires TLS 1.2 to be enabled for DTLS 1.2 Requires TLS 1.2 to be enabled for DTLS 1.2
config MBEDTLS_SSL_ALPN config MBEDTLS_SSL_ALPN
@ -682,22 +663,6 @@ menu "mbedTLS"
Client support for RFC 5077 session tickets. See mbedTLS documentation for more details. Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
Disabling this option will save some code size. Disabling this option will save some code size.
config MBEDTLS_X509_CHECK_KEY_USAGE
bool "Enable verification of the keyUsage extension"
default y
depends on MBEDTLS_TLS_ENABLED
help
Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
Depending on your PKI use, disabling this can be a security risk.
config MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
bool "Enable verification of the extendedKeyUsage extension"
default y
depends on MBEDTLS_TLS_ENABLED
help
Disabling this avoids problems with mis-issued and/or misused certificates.
Depending on your PKI use, disabling this can be a security risk.
config MBEDTLS_SERVER_SSL_SESSION_TICKETS config MBEDTLS_SERVER_SSL_SESSION_TICKETS
bool "TLS: Server Support for RFC 5077 SSL session tickets" bool "TLS: Server Support for RFC 5077 SSL session tickets"
default y default y

View File

@ -31,6 +31,7 @@
#include "hal/aes_hal.h" #include "hal/aes_hal.h"
#include "hal/aes_types.h" #include "hal/aes_types.h"
#include "soc/soc_caps.h" #include "soc/soc_caps.h"
#include "mbedtls/error.h"
#include <string.h> #include <string.h>
#include "mbedtls/platform.h" #include "mbedtls/platform.h"

View File

@ -39,8 +39,7 @@ static int rx_done(mbedtls_ssl_context *ssl)
return 1; return 1;
} }
ESP_LOGD(TAG, "RX left %zu bytes", ssl->in_msglen); ESP_LOGD(TAG, "RX left %zu bytes", ssl->MBEDTLS_PRIVATE(in_msglen));
return 0; return 0;
} }
@ -49,15 +48,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
{ {
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
} }
@ -70,17 +69,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_md5_init( &handshake->fin_md5 );
mbedtls_sha1_init( &handshake->fin_sha1 ); mbedtls_sha1_init( &handshake->fin_sha1 );
mbedtls_md5_starts_ret( &handshake->fin_md5 ); mbedtls_md5_starts( &handshake->fin_md5 );
mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); mbedtls_sha1_starts( &handshake->fin_sha1 );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_init( &handshake->fin_sha256 ); mbedtls_sha256_init( &handshake->fin_sha256 );
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_init( &handshake->fin_sha512 ); mbedtls_sha512_init( &handshake->fin_sha512 );
mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

View File

@ -25,11 +25,7 @@
#include "esp_heap_caps.h" #include "esp_heap_caps.h"
#include "freertos/FreeRTOS.h" #include "freertos/FreeRTOS.h"
#include "freertos/semphr.h" #include "freertos/semphr.h"
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
static const char *TAG = "ESP_RSA_SIGN_ALT"; static const char *TAG = "ESP_RSA_SIGN_ALT";
#define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24)) #define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24))

View File

@ -1,8 +1,4 @@
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <sys/types.h> #include <sys/types.h>
#include <stdlib.h> #include <stdlib.h>

View File

@ -27,11 +27,7 @@
* which requires these 2 delay functions). * which requires these 2 delay functions).
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if !defined(MBEDTLS_ESP_TIMING_C) #if !defined(MBEDTLS_ESP_TIMING_C)

View File

@ -27,7 +27,7 @@
#define ESP_CONFIG_H #define ESP_CONFIG_H
#include "sdkconfig.h" #include "sdkconfig.h"
#include "mbedtls/config.h" #include "mbedtls/mbedtls_config.h"
#include "soc/soc_caps.h" #include "soc/soc_caps.h"
/** /**
@ -959,9 +959,7 @@
* *
* This only affects CBC ciphersuites, and is useless if none is defined. * This only affects CBC ciphersuites, and is useless if none is defined.
* *
* Requires: MBEDTLS_SSL_PROTO_TLS1 or * Requires: MBEDTLS_SSL_PROTO_TLS1_2
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
* *
* Comment this macro to disable support for Encrypt-then-MAC * Comment this macro to disable support for Encrypt-then-MAC
*/ */
@ -981,9 +979,7 @@
* renegotiation), since it actually fixes a more fundamental issue in the * renegotiation), since it actually fixes a more fundamental issue in the
* original SSL/TLS design, and has implications beyond Triple Handshake. * original SSL/TLS design, and has implications beyond Triple Handshake.
* *
* Requires: MBEDTLS_SSL_PROTO_TLS1 or * Requires: MBEDTLS_SSL_PROTO_TLS1_2
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
* *
* Comment this macro to disable support for Extended Master Secret. * Comment this macro to disable support for Extended Master Secret.
*/ */
@ -1091,7 +1087,7 @@
/** /**
* \def MBEDTLS_SSL_RENEGOTIATION * \def MBEDTLS_SSL_RENEGOTIATION
* *
* Disable support for TLS renegotiation. * Enable support for TLS renegotiation.
* *
* The two main uses of renegotiation are (1) refresh keys on long-lived * The two main uses of renegotiation are (1) refresh keys on long-lived
* connections and (2) client authentication after the initial handshake. * connections and (2) client authentication after the initial handshake.
@ -1100,6 +1096,13 @@
* misuse/misunderstand. * misuse/misunderstand.
* *
* Comment this to disable support for renegotiation. * Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
* of the Renegotiation Indication Extension (RFC 5746) used to
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
* configuration of this extension).
*
*/ */
#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION #ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_RENEGOTIATION #define MBEDTLS_SSL_RENEGOTIATION
@ -1116,21 +1119,6 @@
*/ */
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
*
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_1
#else
#undef MBEDTLS_SSL_PROTO_TLS1_1
#endif
/** /**
* \def MBEDTLS_SSL_PROTO_TLS1_2 * \def MBEDTLS_SSL_PROTO_TLS1_2
@ -1153,11 +1141,9 @@
* *
* Enable support for DTLS (all available versions). * Enable support for DTLS (all available versions).
* *
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
* *
* Requires: MBEDTLS_SSL_PROTO_TLS1_1 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
* or MBEDTLS_SSL_PROTO_TLS1_2
* *
* Comment this macro to disable support for DTLS * Comment this macro to disable support for DTLS
*/ */
@ -1276,21 +1262,6 @@
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#endif #endif
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
*
* Enable support for a limit of records with bad MAC.
*
* See mbedtls_ssl_conf_dtls_badmac_limit().
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#else
#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#endif
/** /**
* \def MBEDTLS_SSL_SESSION_TICKETS * \def MBEDTLS_SSL_SESSION_TICKETS
* *
@ -1330,14 +1301,6 @@
*/ */
#define MBEDTLS_SSL_SERVER_NAME_INDICATION #define MBEDTLS_SSL_SERVER_NAME_INDICATION
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC
*
* Enable support for RFC 6066 truncated HMAC in SSL.
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#define MBEDTLS_SSL_TRUNCATED_HMAC
/** /**
* \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
@ -1367,40 +1330,6 @@
*/ */
#define MBEDTLS_VERSION_FEATURES #define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension (CA and leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused
* (intermediate) CA and leaf certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip keyUsage checking for both CA and leaf certificates.
*/
#ifdef CONFIG_MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_KEY_USAGE
#else
#undef MBEDTLS_X509_CHECK_KEY_USAGE
#endif
/**
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
*
* Enable verification of the extendedKeyUsage extension (leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip extendedKeyUsage checking for certificates.
*/
#ifdef CONFIG_MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#else
#undef MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#endif
/** /**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@ -2770,6 +2699,4 @@
/* To Do - while updating to v3.0 remove all the code where this flag is used */ /* To Do - while updating to v3.0 remove all the code where this flag is used */
#define MBEDTLS_DEPRECATED_REMOVED #define MBEDTLS_DEPRECATED_REMOVED
#include "mbedtls/check_config.h" #endif /* ESP_CONFIG_H */
#endif /* MBEDTLS_CONFIG_H */

View File

@ -35,7 +35,7 @@ typedef struct MD5Context mbedtls_md5_context;
* stronger message digests instead. * stronger message digests instead.
* *
*/ */
int esp_md5_init_ret( mbedtls_md5_context *ctx ); void esp_md5_init( mbedtls_md5_context *ctx );
/** /**
* \brief Clear MD5 context * \brief Clear MD5 context
@ -62,6 +62,20 @@ void esp_md5_free( mbedtls_md5_context *ctx );
*/ */
void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ); void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src );
/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
*
* \return 0 if successful
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
int mbedtls_md5_starts( mbedtls_md5_context *ctx );
/** /**
* \brief MD5 process buffer * \brief MD5 process buffer
* *
@ -76,7 +90,7 @@ void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src );
* stronger message digests instead. * stronger message digests instead.
* *
*/ */
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD5 final digest * \brief MD5 final digest
@ -91,7 +105,7 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si
* stronger message digests instead. * stronger message digests instead.
* *
*/ */
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
/** /**
* \brief MD5 process data block (internal use only) * \brief MD5 process data block (internal use only)
@ -108,51 +122,6 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] );
*/ */
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
/**
* \brief MD5 context setup
*
* \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0
*
* \param ctx context to be initialized
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_init( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
*
* \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief MD5 final digest
*
* \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0
*
* \param ctx MD5 context
* \param output MD5 checksum result
*
* \warning MD5 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -33,9 +33,7 @@ extern "C" {
#define mbedtls_md5_init esp_md5_init #define mbedtls_md5_init esp_md5_init
#define mbedtls_md5_update esp_md5_update #define mbedtls_md5_update esp_md5_update
#define mbedtls_md5_finish esp_md5_finish #define mbedtls_md5_finish esp_md5_finish
#define mbedtls_md5_starts_ret esp_md5_init_ret #define mbedtls_md5_starts esp_md5_starts
#define mbedtls_md5_update_ret esp_md5_update_ret
#define mbedtls_md5_finish_ret esp_md5_finish_ret
#define mbedtls_md5_free esp_md5_free #define mbedtls_md5_free esp_md5_free
#define mbedtls_md5_clone esp_md5_clone #define mbedtls_md5_clone esp_md5_clone

View File

@ -11,7 +11,7 @@
#if defined(MBEDTLS_MD5_ALT) #if defined(MBEDTLS_MD5_ALT)
#include "md/esp_md.h" #include "md/esp_md.h"
int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{ {
esp_rom_md5_final(output, ctx); esp_rom_md5_final(output, ctx);
@ -19,7 +19,7 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] )
return 0; return 0;
} }
int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{ {
esp_rom_md5_update(ctx, input, ilen); esp_rom_md5_update(ctx, input, ilen);
@ -27,27 +27,15 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si
return 0; return 0;
} }
int esp_md5_init_ret( mbedtls_md5_context *ctx )
{
esp_rom_md5_init(ctx);
return 0;
}
void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
{
esp_md5_finish_ret(ctx, output);
}
void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
{
esp_md5_update_ret(ctx, input, ilen);
}
void esp_md5_init( mbedtls_md5_context *ctx ) void esp_md5_init( mbedtls_md5_context *ctx )
{ {
esp_md5_init_ret(ctx); esp_rom_md5_init(ctx);
}
int esp_md5_starts( mbedtls_md5_context *ctx )
{
esp_md5_init(ctx);
return 0;
} }
void esp_md5_free( mbedtls_md5_context *ctx ) void esp_md5_free( mbedtls_md5_context *ctx )
@ -61,7 +49,7 @@ void esp_md5_free( mbedtls_md5_context *ctx )
int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
{ {
esp_md5_update_ret(ctx, data, 64); esp_md5_update(ctx, data, 64);
return 0; return 0;
} }

View File

@ -21,11 +21,7 @@
* This file is part of mbed TLS (https://tls.mbed.org) * This file is part of mbed TLS (https://tls.mbed.org)
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#ifdef CONFIG_ESP_NETIF_TCPIP_LWIP #ifdef CONFIG_ESP_NETIF_TCPIP_LWIP

View File

@ -24,11 +24,7 @@
* http://www.itl.nist.gov/fipspubs/fip180-1.htm * http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
@ -92,7 +88,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
/* /*
* SHA-1 context setup * SHA-1 context setup
*/ */
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{ {
ctx->total[0] = 0; ctx->total[0] = 0;
ctx->total[1] = 0; ctx->total[1] = 0;
@ -103,12 +99,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
return 0; return 0;
} }
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
mbedtls_sha1_starts_ret( ctx );
}
#endif
static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx, static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx,
const uint8_t *data, size_t len, const uint8_t *data, size_t len,
@ -126,15 +116,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha
return ret; return ret;
} }
#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] )
{
mbedtls_internal_sha1_process( ctx, data );
}
#endif
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
{ {
int ret; int ret;
size_t fill; size_t fill;
@ -200,7 +182,7 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha1_update_ret( ctx, input, ilen ); mbedtls_sha1__update( ctx, input, ilen );
} }
#endif #endif
@ -214,7 +196,7 @@ static const unsigned char sha1_padding[64] = {
/* /*
* SHA-1 final digest * SHA-1 final digest
*/ */
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{ {
int ret; int ret;
uint32_t last, padn; uint32_t last, padn;
@ -232,10 +214,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha1__update( ctx, sha1_padding, padn ) ) != 0 ) {
return ret; return ret;
} }
if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { if ( ( ret = mbedtls_sha1__update( ctx, msglen, 8 ) ) != 0 ) {
return ret; return ret;
} }
@ -248,7 +230,7 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] ) unsigned char output[20] )
{ {
mbedtls_sha1_finish_ret( ctx, output ); mbedtls_sha1_finish( ctx, output );
} }
#endif #endif

View File

@ -25,11 +25,7 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
@ -103,7 +99,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
/* /*
* SHA-256 context setup * SHA-256 context setup
*/ */
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{ {
memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
@ -120,7 +116,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 ) int is224 )
{ {
mbedtls_sha256_starts_ret( ctx, is224 ); mbedtls_sha256_starts( ctx, is224 );
} }
#endif #endif
@ -146,7 +142,7 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
/* /*
* SHA-256 process buffer * SHA-256 process buffer
*/ */
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
int ret = 0; int ret = 0;
@ -213,7 +209,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha256_update_ret( ctx, input, ilen ); mbedtls_sha256_update( ctx, input, ilen );
} }
#endif #endif
@ -227,7 +223,7 @@ static const unsigned char sha256_padding[64] = {
/* /*
* SHA-256 final digest * SHA-256 final digest
*/ */
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{ {
int ret; int ret;
uint32_t last, padn; uint32_t last, padn;
@ -244,11 +240,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
last = ctx->total[0] & 0x3F; last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) {
return ret; return ret;
} }
if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) {
return ret; return ret;
} }
@ -261,7 +257,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] ) unsigned char output[32] )
{ {
mbedtls_sha256_finish_ret( ctx, output ); mbedtls_sha256_finish( ctx, output );
} }
#endif #endif

View File

@ -25,11 +25,7 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
@ -125,7 +121,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
/* /*
* SHA-512 context setup * SHA-512 context setup
*/ */
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{ {
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
@ -142,7 +138,7 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 ) int is384 )
{ {
mbedtls_sha512_starts_ret( ctx, is384 ); mbedtls_sha512_starts( ctx, is384 );
} }
#endif #endif
@ -179,7 +175,7 @@ void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
/* /*
* SHA-512 process buffer * SHA-512 process buffer
*/ */
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
int ret; int ret;
@ -254,7 +250,7 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha512_update_ret( ctx, input, ilen ); mbedtls_sha512_update( ctx, input, ilen );
} }
#endif #endif
@ -273,7 +269,7 @@ static const unsigned char sha512_padding[128] = {
/* /*
* SHA-512 final digest * SHA-512 final digest
*/ */
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
{ {
int ret; int ret;
size_t last, padn; size_t last, padn;
@ -290,11 +286,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
last = (size_t)( ctx->total[0] & 0x7F ); last = (size_t)( ctx->total[0] & 0x7F );
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) {
return ret; return ret;
} }
if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) {
return ret; return ret;
} }
@ -311,7 +307,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char output[64] ) unsigned char output[64] )
{ {
mbedtls_sha512_finish_ret( ctx, output ); mbedtls_sha512_finish( ctx, output );
} }
#endif #endif

View File

@ -43,10 +43,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA1 #if SOC_SHA_SUPPORT_SHA1
if (sha_type == SHA1) { if (sha_type == SHA1) {
mbedtls_sha1_init(&ctx.sha1); mbedtls_sha1_init(&ctx.sha1);
mbedtls_sha1_starts_ret(&ctx.sha1); mbedtls_sha1_starts(&ctx.sha1);
ret = mbedtls_sha1_update_ret(&ctx.sha1, input, ilen); ret = mbedtls_sha1_update(&ctx.sha1, input, ilen);
assert(ret == 0); assert(ret == 0);
ret = mbedtls_sha1_finish_ret(&ctx.sha1, output); ret = mbedtls_sha1_finish(&ctx.sha1, output);
assert(ret == 0); assert(ret == 0);
mbedtls_sha1_free(&ctx.sha1); mbedtls_sha1_free(&ctx.sha1);
return; return;
@ -56,10 +56,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA256 #if SOC_SHA_SUPPORT_SHA256
if (sha_type == SHA2_256) { if (sha_type == SHA2_256) {
mbedtls_sha256_init(&ctx.sha256); mbedtls_sha256_init(&ctx.sha256);
mbedtls_sha256_starts_ret(&ctx.sha256, 0); mbedtls_sha256_starts(&ctx.sha256, 0);
ret = mbedtls_sha256_update_ret(&ctx.sha256, input, ilen); ret = mbedtls_sha256_update(&ctx.sha256, input, ilen);
assert(ret == 0); assert(ret == 0);
ret = mbedtls_sha256_finish_ret(&ctx.sha256, output); ret = mbedtls_sha256_finish(&ctx.sha256, output);
assert(ret == 0); assert(ret == 0);
mbedtls_sha256_free(&ctx.sha256); mbedtls_sha256_free(&ctx.sha256);
return; return;
@ -69,10 +69,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA384 #if SOC_SHA_SUPPORT_SHA384
if (sha_type == SHA2_384) { if (sha_type == SHA2_384) {
mbedtls_sha512_init(&ctx.sha512); mbedtls_sha512_init(&ctx.sha512);
mbedtls_sha512_starts_ret(&ctx.sha512, 1); mbedtls_sha512_starts(&ctx.sha512, 1);
ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen); ret = mbedtls_sha512_update(&ctx.sha512, input, ilen);
assert(ret == 0); assert(ret == 0);
ret = mbedtls_sha512_finish_ret(&ctx.sha512, output); ret = mbedtls_sha512_finish(&ctx.sha512, output);
assert(ret == 0); assert(ret == 0);
mbedtls_sha512_free(&ctx.sha512); mbedtls_sha512_free(&ctx.sha512);
return; return;
@ -82,10 +82,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
#if SOC_SHA_SUPPORT_SHA512 #if SOC_SHA_SUPPORT_SHA512
if (sha_type == SHA2_512) { if (sha_type == SHA2_512) {
mbedtls_sha512_init(&ctx.sha512); mbedtls_sha512_init(&ctx.sha512);
mbedtls_sha512_starts_ret(&ctx.sha512, 0); mbedtls_sha512_starts(&ctx.sha512, 0);
ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen); ret = mbedtls_sha512_update(&ctx.sha512, input, ilen);
assert(ret == 0); assert(ret == 0);
ret = mbedtls_sha512_finish_ret(&ctx.sha512, output); ret = mbedtls_sha512_finish(&ctx.sha512, output);
assert(ret == 0); assert(ret == 0);
mbedtls_sha512_free(&ctx.sha512); mbedtls_sha512_free(&ctx.sha512);
return; return;

View File

@ -26,11 +26,7 @@
* http://www.itl.nist.gov/fipspubs/fip180-1.htm * http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
@ -116,7 +112,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
/* /*
* SHA-1 context setup * SHA-1 context setup
*/ */
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{ {
ctx->total[0] = 0; ctx->total[0] = 0;
ctx->total[1] = 0; ctx->total[1] = 0;
@ -135,12 +131,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
return 0; return 0;
} }
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
mbedtls_sha1_starts_ret( ctx );
}
#endif
static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
@ -334,7 +324,7 @@ static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsi
/* /*
* SHA-1 process buffer * SHA-1 process buffer
*/ */
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
{ {
int ret; int ret;
size_t fill; size_t fill;
@ -387,7 +377,7 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha1_update_ret( ctx, input, ilen ); mbedtls_sha1_update( ctx, input, ilen );
} }
#endif #endif
@ -401,7 +391,7 @@ static const unsigned char sha1_padding[64] = {
/* /*
* SHA-1 final digest * SHA-1 final digest
*/ */
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
{ {
int ret; int ret;
uint32_t last, padn; uint32_t last, padn;
@ -418,10 +408,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20]
last = ctx->total[0] & 0x3F; last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) {
goto out; goto out;
} }
if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) {
goto out; goto out;
} }
@ -449,7 +439,7 @@ out:
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] ) unsigned char output[20] )
{ {
mbedtls_sha1_finish_ret( ctx, output ); mbedtls_sha1_finish( ctx, output );
} }
#endif #endif

View File

@ -27,11 +27,7 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
@ -116,7 +112,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
/* /*
* SHA-256 context setup * SHA-256 context setup
*/ */
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{ {
ctx->total[0] = 0; ctx->total[0] = 0;
ctx->total[1] = 0; ctx->total[1] = 0;
@ -155,7 +151,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 ) int is224 )
{ {
mbedtls_sha256_starts_ret( ctx, is224 ); mbedtls_sha256_starts( ctx, is224 );
} }
#endif #endif
@ -295,7 +291,7 @@ static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const
/* /*
* SHA-256 process buffer * SHA-256 process buffer
*/ */
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
int ret; int ret;
@ -349,7 +345,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha256_update_ret( ctx, input, ilen ); mbedtls_sha256_update( ctx, input, ilen );
} }
#endif #endif
@ -363,7 +359,7 @@ static const unsigned char sha256_padding[64] = {
/* /*
* SHA-256 final digest * SHA-256 final digest
*/ */
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{ {
int ret; int ret;
uint32_t last, padn; uint32_t last, padn;
@ -380,11 +376,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output
last = ctx->total[0] & 0x3F; last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) {
goto out; goto out;
} }
if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) {
goto out; goto out;
} }
@ -418,7 +414,7 @@ out:
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] ) unsigned char output[32] )
{ {
mbedtls_sha256_finish_ret( ctx, output ); mbedtls_sha256_finish( ctx, output );
} }
#endif #endif

View File

@ -27,11 +27,7 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #include <mbedtls/build_info.h>
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
@ -140,7 +136,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
/* /*
* SHA-512 context setup * SHA-512 context setup
*/ */
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{ {
ctx->total[0] = 0; ctx->total[0] = 0;
ctx->total[1] = 0; ctx->total[1] = 0;
@ -180,7 +176,7 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 ) int is384 )
{ {
mbedtls_sha512_starts_ret( ctx, is384 ); mbedtls_sha512_starts( ctx, is384 );
} }
#endif #endif
@ -332,7 +328,7 @@ static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const
/* /*
* SHA-512 process buffer * SHA-512 process buffer
*/ */
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
int ret; int ret;
@ -384,7 +380,7 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ) size_t ilen )
{ {
mbedtls_sha512_update_ret( ctx, input, ilen ); mbedtls_sha512_update( ctx, input, ilen );
} }
#endif #endif
@ -403,7 +399,7 @@ static const unsigned char sha512_padding[128] = {
/* /*
* SHA-512 final digest * SHA-512 final digest
*/ */
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
{ {
int ret; int ret;
size_t last, padn; size_t last, padn;
@ -420,11 +416,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output
last = (size_t)( ctx->total[0] & 0x7F ); last = (size_t)( ctx->total[0] & 0x7F );
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) {
goto out; goto out;
} }
if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) {
goto out; goto out;
} }
@ -458,7 +454,7 @@ out:
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char output[64] ) unsigned char output[64] )
{ {
mbedtls_sha512_finish_ret( ctx, output ); mbedtls_sha512_finish( ctx, output );
} }
#endif #endif

View File

@ -28,11 +28,11 @@ static void tskRunSHA256Test(void *pvParameters)
for (int i = 0; i < 1000; i++) { for (int i = 0; i < 1000; i++) {
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int j = 0; j < 10; j++) { for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx); mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation");
} }

View File

@ -82,21 +82,21 @@ static void mbedtls_sha256_task(void *pvParameters)
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
memset(output, 0, sizeof(output)); memset(output, 0, sizeof(output));
mbedtls_sha256_starts_ret(&sha256_ctx, false); mbedtls_sha256_starts(&sha256_ctx, false);
for (int i = 0; i < 3; ++i) { for (int i = 0; i < 3; ++i) {
mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100); mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100);
} }
mbedtls_sha256_finish_ret(&sha256_ctx, output); mbedtls_sha256_finish(&sha256_ctx, output);
memcpy(output_origin, output, sizeof(output)); memcpy(output_origin, output, sizeof(output));
while (exit_flag == false) { while (exit_flag == false) {
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
memset(output, 0, sizeof(output)); memset(output, 0, sizeof(output));
mbedtls_sha256_starts_ret(&sha256_ctx, false); mbedtls_sha256_starts(&sha256_ctx, false);
for (int i = 0; i < 3; ++i) { for (int i = 0; i < 3; ++i) {
mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100); mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100);
} }
mbedtls_sha256_finish_ret(&sha256_ctx, output); mbedtls_sha256_finish(&sha256_ctx, output);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(output, output_origin, sizeof(output), "MBEDTLS SHA256 must match"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(output, output_origin, sizeof(output), "MBEDTLS SHA256 must match");
} }

View File

@ -72,19 +72,19 @@ TEST_CASE("mbedtls SHA interleaving", "[mbedtls]")
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
mbedtls_sha512_init(&sha512_ctx); mbedtls_sha512_init(&sha512_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false));
for (int i = 0; i < 10; i++) { for (int i = 0; i < 10; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, one_hundred_bs, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512));
mbedtls_sha1_free(&sha1_ctx); mbedtls_sha1_free(&sha1_ctx);
mbedtls_sha256_free(&sha256_ctx); mbedtls_sha256_free(&sha256_ctx);
@ -103,11 +103,11 @@ static void tskRunSHA1Test(void *pvParameters)
for (int i = 0; i < 1000; i++) { for (int i = 0; i < 1000; i++) {
mbedtls_sha1_init(&sha1_ctx); mbedtls_sha1_init(&sha1_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx));
for (int j = 0; j < 10; j++) { for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, (unsigned char *)one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, (unsigned char *)one_hundred_as, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1)); TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1));
mbedtls_sha1_free(&sha1_ctx); mbedtls_sha1_free(&sha1_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation");
} }
@ -122,11 +122,11 @@ static void tskRunSHA256Test(void *pvParameters)
for (int i = 0; i < 1000; i++) { for (int i = 0; i < 1000; i++) {
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int j = 0; j < 10; j++) { for (int j = 0; j < 10; j++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx); mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation");
} }
@ -204,23 +204,23 @@ TEST_CASE("mbedtls SHA512 clone", "[mbedtls]")
unsigned char sha512[64]; unsigned char sha512[64];
mbedtls_sha512_init(&ctx); mbedtls_sha512_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, false));
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
} }
mbedtls_sha512_init(&clone); mbedtls_sha512_init(&clone);
mbedtls_sha512_clone(&clone, &ctx); mbedtls_sha512_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha512)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha512));
mbedtls_sha512_free(&ctx); mbedtls_sha512_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 original calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha512)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha512));
mbedtls_sha512_free(&clone); mbedtls_sha512_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 cloned calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 cloned calculation");
@ -234,24 +234,24 @@ TEST_CASE("mbedtls SHA384 clone", "[mbedtls][")
unsigned char sha384[48]; unsigned char sha384[48];
mbedtls_sha512_init(&ctx); mbedtls_sha512_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, true)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, true));
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
} }
mbedtls_sha512_init(&clone); mbedtls_sha512_init(&clone);
mbedtls_sha512_clone(&clone, &ctx); mbedtls_sha512_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha384)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha384));
mbedtls_sha512_free(&ctx); mbedtls_sha512_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 original calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha384)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha384));
mbedtls_sha512_free(&clone); mbedtls_sha512_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 cloned calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 cloned calculation");
@ -265,23 +265,23 @@ TEST_CASE("mbedtls SHA256 clone", "[mbedtls]")
unsigned char sha256[64]; unsigned char sha256[64];
mbedtls_sha256_init(&ctx); mbedtls_sha256_init(&ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&ctx, false));
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100));
} }
mbedtls_sha256_init(&clone); mbedtls_sha256_init(&clone);
mbedtls_sha256_clone(&clone, &ctx); mbedtls_sha256_clone(&clone, &ctx);
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&clone, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&clone, one_hundred_as, 100));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&ctx, sha256));
mbedtls_sha256_free(&ctx); mbedtls_sha256_free(&ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 original calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 original calculation");
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&clone, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&clone, sha256));
mbedtls_sha256_free(&clone); mbedtls_sha256_free(&clone);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 cloned calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 cloned calculation");
@ -299,10 +299,10 @@ static void tskFinaliseSha(void *v_param)
finalise_sha_param_t *param = (finalise_sha_param_t *)v_param; finalise_sha_param_t *param = (finalise_sha_param_t *)v_param;
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param->ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&param->ctx, one_hundred_as, 100));
} }
param->ret = mbedtls_sha256_finish_ret(&param->ctx, param->result); param->ret = mbedtls_sha256_finish(&param->ctx, param->result);
mbedtls_sha256_free(&param->ctx); mbedtls_sha256_free(&param->ctx);
param->done = true; param->done = true;
@ -315,9 +315,9 @@ TEST_CASE("mbedtls SHA session passed between tasks", "[mbedtls]")
finalise_sha_param_t param = { 0 }; finalise_sha_param_t param = { 0 };
mbedtls_sha256_init(&param.ctx); mbedtls_sha256_init(&param.ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&param.ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&param.ctx, false));
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param.ctx, one_hundred_as, 100)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&param.ctx, one_hundred_as, 100));
} }
// pass the SHA context off to a different task // pass the SHA context off to a different task
@ -387,9 +387,9 @@ TEST_CASE("mbedtls SHA, input in flash", "[mbedtls]")
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, test_vector, sizeof(test_vector))); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, test_vector, sizeof(test_vector)));
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
mbedtls_sha256_free(&sha256_ctx); mbedtls_sha256_free(&sha256_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(test_vector_digest, sha256, 32, "SHA256 calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(test_vector_digest, sha256, 32, "SHA256 calculation");
@ -467,14 +467,14 @@ TEST_CASE("mbedtls SHA512/t", "[mbedtls]")
for (int j = 0; j < 2; j++) { for (int j = 0; j < 2; j++) {
k = i * 2 + j; k = i * 2 + j;
mbedtls_sha512_init(&sha512_ctx); mbedtls_sha512_init(&sha512_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false));
esp_sha512_set_mode(&sha512_ctx, sha512T_algo[i]); esp_sha512_set_mode(&sha512_ctx, sha512T_algo[i]);
if (i > 1) { if (i > 1) {
k = (i - 2) * 2 + j; k = (i - 2) * 2 + j;
esp_sha512_set_t(&sha512_ctx, sha512T_t_len[i]); esp_sha512_set_t(&sha512_ctx, sha512T_t_len[i]);
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j])); TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j]));
TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512)); TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512));
mbedtls_sha512_free(&sha512_ctx); mbedtls_sha512_free(&sha512_ctx);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8, "SHA512t calculation"); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8, "SHA512t calculation");
@ -498,11 +498,11 @@ TEST_CASE("mbedtls SHA256 PSRAM DMA", "[mbedtls]")
memset(buf, 0x54, CALL_SZ); memset(buf, 0x54, CALL_SZ);
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int c = 0; c < CALLS; c++) { for (int c = 0; c < CALLS; c++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
free(buf); free(buf);
mbedtls_sha256_free(&sha256_ctx); mbedtls_sha256_free(&sha256_ctx);

View File

@ -114,7 +114,7 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
/* Compare esp_sha() result to the mbedTLS result, should always be the same */ /* Compare esp_sha() result to the mbedTLS result, should always be the same */
esp_sha(SHA1, ptr, LEN, sha1_espsha); esp_sha(SHA1, ptr, LEN, sha1_espsha);
int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls); int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls);
TEST_ASSERT_EQUAL(0, r); TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_256, ptr, LEN, sha256_espsha); esp_sha(SHA2_256, ptr, LEN, sha256_espsha);

View File

@ -33,11 +33,11 @@ TEST_CASE("mbedtls SHA performance", "[aes]")
mbedtls_sha256_init(&sha256_ctx); mbedtls_sha256_init(&sha256_ctx);
ccomp_timer_start(); ccomp_timer_start();
TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false));
for (int c = 0; c < CALLS; c++) { for (int c = 0; c < CALLS; c++) {
TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ));
} }
TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256));
elapsed_usec = ccomp_timer_stop(); elapsed_usec = ccomp_timer_stop();
free(buf); free(buf);

View File

@ -28,7 +28,6 @@
#include <mbedtls/ctr_drbg.h> #include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h> #include <mbedtls/ecdh.h>
#include <mbedtls/error.h> #include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <protocomm.h> #include <protocomm.h>
#include <protocomm_security.h> #include <protocomm_security.h>

View File

@ -25,6 +25,7 @@
#include "mbedtls/asn1write.h" #include "mbedtls/asn1write.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/private_access.h"
#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES #define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES

View File

@ -25,7 +25,6 @@
#include "mbedtls/nist_kw.h" #include "mbedtls/nist_kw.h"
#include "mbedtls/des.h" #include "mbedtls/des.h"
#include "mbedtls/ccm.h" #include "mbedtls/ccm.h"
#include "mbedtls/arc4.h"
#include "common.h" #include "common.h"
#include "utils/wpabuf.h" #include "utils/wpabuf.h"

View File

@ -152,7 +152,7 @@ static int set_pki_context(tls_context_t *tls, const struct tls_connection_param
ret = mbedtls_pk_parse_key(&tls->clientkey, cfg->private_key_blob, cfg->private_key_blob_len, ret = mbedtls_pk_parse_key(&tls->clientkey, cfg->private_key_blob, cfg->private_key_blob_len,
(const unsigned char *)cfg->private_key_passwd, (const unsigned char *)cfg->private_key_passwd,
cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0); cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0, mbedtls_ctr_drbg_random, &tls->ctr_drbg);
if (ret < 0) { if (ret < 0) {
wpa_printf(MSG_ERROR, "mbedtls_pk_parse_keyfile returned -0x%x", -ret); wpa_printf(MSG_ERROR, "mbedtls_pk_parse_keyfile returned -0x%x", -ret);
return ret; return ret;

View File

@ -116,7 +116,13 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
&blufi_sec->share_len, &blufi_sec->share_len,
NULL, NULL); NULL, NULL);
mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk); ret = mbedtls_md5_ret(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
if (ret) {
BLUFI_ERROR("%s mbedtls_md5 failed %d\n", __func__, ret);
btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR);
return;
}
mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128); mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128);

View File

@ -46,7 +46,6 @@
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "esp_crt_bundle.h" #include "esp_crt_bundle.h"

View File

@ -37,7 +37,6 @@
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include <mbedtls/base64.h> #include <mbedtls/base64.h>
#include <sys/param.h> #include <sys/param.h>

View File

@ -57,16 +57,16 @@ static void compute_alice_txt_md5(void)
unsigned char digest[MD5_MAX_LEN]; unsigned char digest[MD5_MAX_LEN];
mbedtls_md5_init(&ctx); mbedtls_md5_init(&ctx);
mbedtls_md5_starts_ret(&ctx); mbedtls_md5_starts(&ctx);
size_t read; size_t read;
do { do {
read = fread((void*) buf, 1, sizeof(buf), f); read = fread((void*) buf, 1, sizeof(buf), f);
mbedtls_md5_update_ret(&ctx, (unsigned const char*) buf, read); mbedtls_md5_update(&ctx, (unsigned const char*) buf, read);
} while(read == sizeof(buf)); } while(read == sizeof(buf));
mbedtls_md5_finish_ret(&ctx, digest); mbedtls_md5_finish(&ctx, digest);
// Create a string of the digest // Create a string of the digest
char digest_str[MD5_MAX_LEN * 2]; char digest_str[MD5_MAX_LEN * 2];

View File

@ -1,3 +1,4 @@
components/asio/port/mbedtls/include/mbedtls_engine.hpp
components/bootloader/subproject/main/bootloader_hooks.h components/bootloader/subproject/main/bootloader_hooks.h
components/bootloader/subproject/main/bootloader_start.c components/bootloader/subproject/main/bootloader_start.c
components/bt/common/osi/alarm.c components/bt/common/osi/alarm.c