From d2dddf13ae00a9c0392aa2a145bf44ed544cd89e Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 4 Jan 2023 15:11:58 +0530 Subject: [PATCH 1/5] mbedtls: Update to v3.3.0 --- components/mbedtls/mbedtls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls index 7b428b1bf2..e39975969d 160000 --- a/components/mbedtls/mbedtls +++ b/components/mbedtls/mbedtls @@ -1 +1 @@ -Subproject commit 7b428b1bf260ce1fec4e3ffb6494070d439a3a67 +Subproject commit e39975969d548572a39875ad29abd88b23285f94 From 59de3948dcd904802f7376cef7406a8a7002f6ae Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 4 Jan 2023 16:32:37 +0530 Subject: [PATCH 2/5] mbedtls: Update config options as per v3.3.0 release --- components/mbedtls/Kconfig | 31 +- .../mbedtls/port/include/mbedtls/esp_config.h | 386 +++++++++++++++--- 2 files changed, 344 insertions(+), 73 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index ba0e294a79..301380576f 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -179,10 +179,26 @@ menu "mbedTLS" select MBEDTLS_HKDF_C default n - config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - bool "Enable TLS 1.3 middlebox compatibility mode" + menu "TLS 1.3 related configurations" depends on MBEDTLS_SSL_PROTO_TLS1_3 - default y + + config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + bool "TLS 1.3 middlebox compatibility mode" + default y + + config MBEDTLS_SSL_TLS1_3_KEXM_PSK + bool "TLS 1.3 PSK key exchange mode" + default y + + config MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL + bool "TLS 1.3 ephemeral key exchange mode" + default y + + config MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL + bool "TLS 1.3 PSK ephemeral key exchange mode" + default y + + endmenu config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH bool "Variable SSL buffer length" @@ -212,6 +228,7 @@ menu "mbedTLS" config MBEDTLS_SSL_CONTEXT_SERIALIZATION bool "Enable serialization of the TLS context structures" default n + depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C help Enable serialization of the TLS context structures This is a local optimization in handling a single, potentially long-lived connection. @@ -230,17 +247,14 @@ menu "mbedTLS" See mbedTLS documentation for required API and more details. menu "DTLS-based configurations" - visible if MBEDTLS_SSL_PROTO_DTLS + depends on MBEDTLS_SSL_PROTO_DTLS config MBEDTLS_SSL_DTLS_CONNECTION_ID bool "Support for the DTLS Connection ID extension" - depends on MBEDTLS_SSL_PROTO_DTLS default n help Enable support for the DTLS Connection ID extension which allows to identify DTLS connections across changes in the underlying transport. - The Connection ID extension is still in draft state. - Refer: version draft-ietf-tls-dtls-connection-id-05 config MBEDTLS_SSL_CID_IN_LEN_MAX int "Maximum length of CIDs used for incoming DTLS messages" @@ -276,7 +290,6 @@ menu "mbedTLS" config MBEDTLS_SSL_DTLS_SRTP bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)" - depends on MBEDTLS_SSL_PROTO_DTLS default n help Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension. @@ -702,7 +715,7 @@ menu "mbedTLS" config MBEDTLS_SERVER_SSL_SESSION_TICKETS bool "TLS: Server Support for RFC 5077 SSL session tickets" default y - depends on MBEDTLS_TLS_ENABLED + depends on MBEDTLS_TLS_ENABLED && (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) help Server support for RFC 5077 session tickets. See mbedTLS documentation for more details. Disabling this option will save some code size. diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index a04c62bb43..71905d8cb3 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -43,7 +43,16 @@ * The time does not need to be correct, only time differences are used, * by contrast with MBEDTLS_HAVE_TIME_DATE * - * Comment if your system does not support time functions + * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, + * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and + * MBEDTLS_PLATFORM_STD_TIME. + * + * Comment if your system does not support time functions. + * + * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing + * interface - timing.c will include time.h on suitable platforms + * regardless of the setting of MBEDTLS_HAVE_TIME, unless + * MBEDTLS_TIMING_ALT is used. See timing.c for more information. */ #ifdef CONFIG_MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME @@ -358,7 +367,7 @@ * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C * */ #ifdef CONFIG_MBEDTLS_CMAC_C @@ -878,19 +887,15 @@ /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID * - * Enable support for the DTLS Connection ID extension - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * Enable support for the DTLS Connection ID (CID) extension, * which allows to identify DTLS connections across changes - * in the underlying transport. + * in the underlying transport. The CID functionality is described + * in RFC 9146. * * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, - * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. - * See the corresponding documentation for more information. - * - * \warning The Connection ID extension is still in draft state. - * We make no stability promises for the availability - * or the shape of the API controlled by this option. + * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and + * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for + * more information. * * The maximum lengths of outgoing and incoming CIDs can be configured * through the options @@ -907,6 +912,28 @@ #undef MBEDTLS_SSL_DTLS_CONNECTION_ID #endif +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT + * + * Defines whether RFC 9146 (default) or the legacy version + * (version draft-ietf-tls-dtls-connection-id-05, + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * is used. + * + * Set the value to 0 for the standard version, and + * 1 for the legacy draft version. + * + * \deprecated Support for the legacy version of the DTLS + * Connection ID feature is deprecated. Please + * switch to the standardized version defined + * in RFC 9146 enabled by utilizing + * MBEDTLS_SSL_DTLS_CONNECTION_ID without use + * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. + * + * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID + */ +#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT + /** * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION * @@ -930,6 +957,8 @@ * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * + * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * * Comment to disable the context serialization APIs. */ #ifdef CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -963,7 +992,7 @@ * Enable support for RFC 7627: Session Hash and Extended Master Secret * Extension. * - * This was introduced as "the proper fix" to the Triple Handshake familiy of + * This was introduced as "the proper fix" to the Triple Handshake family of * attacks, but it is recommended to always use it (even if you disable * renegotiation), since it actually fixes a more fundamental issue in the * original SSL/TLS design, and has implications beyond Triple Handshake. @@ -1011,7 +1040,9 @@ * \note This option has no influence on the protection against the * triple handshake attack. Even if it is disabled, Mbed TLS will * still ensure that certificates do not change during renegotiation, - * for exaple by keeping a hash of the peer's certificate. + * for example by keeping a hash of the peer's certificate. + * + * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set. * * Comment this macro to disable storing the peer's certificate * after the handshake. @@ -1100,6 +1131,8 @@ * See docs/architecture/tls13-support.md for a description of the TLS * 1.3 support that this option enables. * + * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * * Uncomment this macro to enable the support for TLS 1.3. * */ @@ -1135,6 +1168,134 @@ #undef MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE #endif +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + * + * Enable TLS 1.3 PSK key exchange mode. + * + * Comment to disable support for the PSK key exchange mode in TLS 1.3. If + * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_PSK +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +#else +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +#endif + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 ephemeral key exchange mode. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or + * MBEDTLS_PKCS1_V21 + * + * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. + * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +#else +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +#endif + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 PSK ephemeral key exchange mode. + * + * Requires: MBEDTLS_ECDH_C + * + * Comment to disable support for the PSK ephemeral key exchange mode in + * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not + * have any effect on the build. + * + */ +#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +#else +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +#endif + +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + * + * Maximum time difference in milliseconds tolerated between the age of a + * ticket from the server and client point of view. + * From the client point of view, the age of a ticket is the time difference + * between the time when the client proposes to the server to use the ticket + * (time of writing of the Pre-Shared Key Extension including the ticket) and + * the time the client received the ticket from the server. + * From the server point of view, the age of a ticket is the time difference + * between the time when the server receives a proposition from the client + * to use the ticket and the time when the ticket was created by the server. + * The server age is expected to be always greater than the client one and + * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the + * maximum difference tolerated for the server to accept the ticket. + * This is not used in TLS 1.2. + * + */ +#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 + +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH + * + * Size in bytes of a ticket nonce. This is not used in TLS 1.2. + * + * This must be less than 256. + */ +#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 + +/** + * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS + * + * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server + * after handshake completion. This is not used in TLS 1.2 and relevant only if + * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. + * + */ +#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 + +/** +* \def MBEDTLS_SSL_EARLY_DATA +* +* Enable support for RFC 8446 TLS 1.3 early data. +* +* Requires: MBEDTLS_SSL_SESSION_TICKETS and either +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +* +* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 +* is not enabled, this option does not have any effect on the build. +* +* This feature is experimental, not completed and thus not ready for +* production. +* +*/ +//#define MBEDTLS_SSL_EARLY_DATA + +/** + * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE + * + * The default maximum amount of 0-RTT data. See the documentation of + * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. + * + * It must be positive and smaller than UINT32_MAX. + * + * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not + * have any impact on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + */ +#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 + + /** * \def MBEDTLS_SSL_PROTO_DTLS * @@ -1489,10 +1650,14 @@ * Enable the multi-precision integer library. * * Module: library/bignum.c + * library/bignum_core.c + * library/bignum_mod.c + * library/bignum_mod_raw.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c * library/rsa.c + * library/rsa_alt_helpers.c * library/ssl_tls.c * * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. @@ -1578,7 +1743,8 @@ * * Module: library/ccm.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C * * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. @@ -1635,7 +1801,17 @@ * Enable the generic cipher layer. * * Module: library/cipher.c - * Caller: library/ssl_tls.c + * Caller: library/ccm.c + * library/cmac.c + * library/gcm.c + * library/nist_kw.c + * library/pkcs12.c + * library/pkcs5.c + * library/psa_crypto_aead.c + * library/psa_crypto_mac.c + * library/ssl_ciphersuites.c + * library/ssl_msg.c + * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) * * Uncomment to enable generic cipher wrappers. */ @@ -1661,9 +1837,10 @@ * Enable the debug functions. * * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/ssl_msg.c * library/ssl_tls.c + * library/ssl_tls12_*.c + * library/ssl_tls13_*.c * * This module provides debugging functions. */ @@ -1709,8 +1886,9 @@ * Enable the Diffie-Hellman-Merkle module. * * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c * * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK @@ -1727,8 +1905,10 @@ * Enable the elliptic curve Diffie-Hellman library. * * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/psa_crypto.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c * * This module is used by the following key exchanges: * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK @@ -1777,7 +1957,8 @@ * This module is used by the following key exchanges: * ECJPAKE * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C + * Requires: MBEDTLS_ECP_C and MBEDTLS_MD_C + * */ #ifdef CONFIG_MBEDTLS_ECJPAKE_C #define MBEDTLS_ECJPAKE_C @@ -1836,7 +2017,8 @@ * * Module: library/gcm.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. @@ -1885,8 +2067,29 @@ * * Enable the generic message digest layer. * - * Module: library/mbedtls_md.c - * Caller: + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C. + * + * Module: library/md.c + * Caller: library/constant_time.c + * library/ecdsa.c + * library/ecjpake.c + * library/hkdf.c + * library/hmac_drbg.c + * library/pk.c + * library/pkcs5.c + * library/pkcs12.c + * library/psa_crypto_ecp.c + * library/psa_crypto_rsa.c + * library/rsa.c + * library/ssl_cookie.c + * library/ssl_msg.c + * library/ssl_tls.c + * library/x509.c + * library/x509_crt.c + * library/x509write_crt.c + * library/x509write_csr.c * * Uncomment to enable generic message digest wrappers. */ @@ -1910,11 +2113,19 @@ /** * \def MBEDTLS_NET_C * - * Enable the TCP/IP networking routines. + * Enable the TCP and UDP over IPv6/IPv4 networking routines. * - * Module: library/net.c + * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) + * and Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * - * This module provides TCP/IP networking routines. + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/net_sockets.c + * + * This module provides networking routines. */ #ifdef MBEDTLS_NET_C #undef MBEDTLS_NET_C @@ -2002,12 +2213,16 @@ /** * \def MBEDTLS_PK_C * - * Enable the generic public (asymetric) key layer. + * Enable the generic public (asymmetric) key layer. * * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/psa_crypto_rsa.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * library/x509.c + * + * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C * * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C * @@ -2018,7 +2233,7 @@ /** * \def MBEDTLS_PK_PARSE_C * - * Enable the generic public (asymetric) key parser. + * Enable the generic public (asymmetric) key parser. * * Module: library/pkparse.c * Caller: library/mbedtls_x509_crt.c @@ -2033,7 +2248,7 @@ /** * \def MBEDTLS_PK_WRITE_C * - * Enable the generic public (asymetric) key writer. + * Enable the generic public (asymmetric) key writer. * * Module: library/pkwrite.c * Caller: library/x509write.c @@ -2051,12 +2266,32 @@ * * Module: library/pkcs5.c * - * Requires: MBEDTLS_MD_C + * Requires: MBEDTLS_CIPHER_C and MBEDTLS_MD_C * * This module adds support for the PKCS#5 functions. */ #define MBEDTLS_PKCS5_C +/** + * \def MBEDTLS_PKCS7_C + * + * This feature is a work in progress and not ready for production. Testing and + * validation is incomplete, and handling of malformed inputs may not be robust. + * The API may change. + * + * Enable PKCS7 core for using PKCS7 formatted signatures. + * RFC Link - https://tools.ietf.org/html/rfc2315 + * + * Module: library/pkcs7.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, + * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C + * + * This module is required for the PKCS7 parsing modules. + */ +//#define MBEDTLS_PKCS7_C + /** * \def MBEDTLS_PKCS12_C * @@ -2083,7 +2318,7 @@ * above to be specified at runtime or compile time respectively. * * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. + * as other modules rely on it for a fixed snprintf implementation. * * Module: library/platform.c * Caller: Most other .c files @@ -2127,10 +2362,12 @@ * Enable the RSA public-key cryptosystem. * * Module: library/rsa.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * library/rsa_alt_helpers.c + * Caller: library/pk.c + * library/psa_crypto.c * library/ssl_tls.c - * library/x509.c + * library/ssl*_client.c + * library/ssl*_server.c * * This module is used by the following key exchanges: * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK @@ -2144,17 +2381,36 @@ * * Enable the SHA1 cryptographic hash algorithm. * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c + * Module: library/sha1.c + * Caller: library/md.c + * library/psa_crypto_hash.c + * + * This module is required for TLS 1.2 depending on the handshake parameters, + * and for SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. * - * This module is required for SSL/TLS and SHA1-signed certificates. */ #define MBEDTLS_SHA1_C +/** + * \def MBEDTLS_SHA224_C + * + * Enable the SHA-224 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling + * SHA-224 without SHA-256. + * + * Module: library/sha256.c + * Caller: library/md.c + * library/ssl_cookie.c + * + * This module adds support for SHA-224. + */ +#define MBEDTLS_SHA224_C + /** * \def MBEDTLS_SHA256_C * @@ -2163,9 +2419,9 @@ * Module: library/mbedtls_sha256.c * Caller: library/entropy.c * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c= * * This module adds support for SHA-224 and SHA-256. * This module is required for the SSL/TLS 1.2 PRF function. @@ -2177,11 +2433,11 @@ * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha512.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c - * library/ssl_cli.c - * library/ssl_srv.c + * library/md.c + * library/ssl_tls.c + * library/ssl_cookie.c * * This module adds support for SHA-384 and SHA-512. */ @@ -2223,7 +2479,8 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_CIPHER_C + * Requires: (MBEDTLS_CIPHER_C) && + * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ #ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS #define MBEDTLS_SSL_TICKET_C @@ -2236,7 +2493,7 @@ * * Enable the SSL/TLS client code. * - * Module: library/ssl_cli.c + * Module: library/ssl*_client.c * Caller: * * Requires: MBEDTLS_SSL_TLS_C @@ -2273,8 +2530,8 @@ * Enable the generic SSL/TLS code. * * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * Caller: library/ssl*_client.c + * library/ssl*_server.c * * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C * and at least one of the MBEDTLS_SSL_PROTO_XXX defines @@ -2301,7 +2558,7 @@ * * \note See also our Knowledge Base article about porting to a new * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * * Module: library/timing.c * Caller: library/havege.c @@ -2334,7 +2591,7 @@ * library/mbedtls_x509_csr.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C + * MBEDTLS_PK_PARSE_C, MBEDTLS_MD_C * * This module is required for the X.509 parsing modules. */ @@ -2346,9 +2603,9 @@ * Enable X.509 certificate parsing. * * Module: library/mbedtls_x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c + * Caller: library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c * * Requires: MBEDTLS_X509_USE_C * @@ -2399,7 +2656,8 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C, + * MBEDTLS_MD_C * * This module is the basis for creating X.509 certificates and CSRs. */ @@ -2613,7 +2871,7 @@ * contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading + * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading * * Module: library/threading.c * From c2ab1af47fe21127c83cbfff389c33ca03a7a3b8 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 4 Jan 2023 16:54:56 +0530 Subject: [PATCH 3/5] wpa_supplicant: Update deprecated API (`mbedtls_pkcs5_pbkdf2_hmac`) - The newer alternative does not require HMAC context for its operation --- .../src/crypto/crypto_mbedtls.c | 21 +------------------ 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c index 881e7079f1..db6b835534 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c @@ -745,25 +745,7 @@ cleanup: int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, int iterations, u8 *buf, size_t buflen) { - - mbedtls_md_context_t sha1_ctx; - const mbedtls_md_info_t *info_sha1; - int ret; - - mbedtls_md_init(&sha1_ctx); - - info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - if (info_sha1 == NULL) { - ret = -1; - goto cleanup; - } - - if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) { - ret = -1; - goto cleanup; - } - - ret = mbedtls_pkcs5_pbkdf2_hmac(&sha1_ctx, (const u8 *) passphrase, + int ret = mbedtls_pkcs5_pbkdf2_hmac_ext(MBEDTLS_MD_SHA1, (const u8 *) passphrase, os_strlen(passphrase) , ssid, ssid_len, iterations, 32, buf); if (ret != 0) { @@ -772,7 +754,6 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, } cleanup: - mbedtls_md_free(&sha1_ctx); return ret; } From 1e4493e592e946deb88fd1587361f6597ca1ad13 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 4 Jan 2023 17:23:33 +0530 Subject: [PATCH 4/5] mbedtls: Fix build with dynamic buffers feature --- components/mbedtls/port/dynamic/esp_ssl_cli.c | 4 ++-- components/mbedtls/port/dynamic/esp_ssl_tls.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/mbedtls/port/dynamic/esp_ssl_cli.c b/components/mbedtls/port/dynamic/esp_ssl_cli.c index 46178bf654..9fb224419c 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_cli.c +++ b/components/mbedtls/port/dynamic/esp_ssl_cli.c @@ -35,7 +35,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && ssl->handshake->new_session_ticket != 0 ) { - ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; + ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; } #endif @@ -158,7 +158,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + case MBEDTLS_SSL_NEW_SESSION_TICKET: if (add) { CHECK_OK(esp_mbedtls_add_rx_buffer(ssl)); } else { diff --git a/components/mbedtls/port/dynamic/esp_ssl_tls.c b/components/mbedtls/port/dynamic/esp_ssl_tls.c index 21f8ca95e1..dad7414388 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_tls.c +++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c @@ -49,7 +49,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len ); #endif } @@ -62,8 +62,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); + mbedtls_sha512_init( &handshake->fin_sha384 ); + mbedtls_sha512_starts( &handshake->fin_sha384, 1 ); #endif handshake->update_checksum = ssl_update_checksum_start; From 68d90dd39272396c97c05f4d9ffa8c5d07d6c7cf Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Thu, 5 Jan 2023 11:10:43 +0530 Subject: [PATCH 5/5] protocomm: Fix test-app build for esp32c2 & esp32c6 - AES context has a breaking change, rather than storing round keys directly, it stores the offset at which the keys are present in the context buffer --- components/protocomm/test_apps/main/test_protocomm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/protocomm/test_apps/main/test_protocomm.c b/components/protocomm/test_apps/main/test_protocomm.c index 7160d90817..8bd17f5e9e 100644 --- a/components/protocomm/test_apps/main/test_protocomm.c +++ b/components/protocomm/test_apps/main/test_protocomm.c @@ -564,7 +564,7 @@ static esp_err_t test_req_endpoint(session_t *session) // Check if the AES key is correctly set before calling the software encryption // API. Without this check, the code will crash, resulting in a test case failure. // For hardware AES, portability layer takes care of this. - if (session->ctx_aes.MBEDTLS_PRIVATE(rk) != NULL && session->ctx_aes.MBEDTLS_PRIVATE(nr) > 0) { + if (session->ctx_aes.MBEDTLS_PRIVATE(nr) > 0) { #endif mbedtls_aes_crypt_ctr(&session->ctx_aes, sizeof(rand_test_data), &session->nc_off,