Merge branch 'feature/mbedtls-3.3.0' into 'master'

mbedtls: Update to v3.3.0 Closes IDF-6536 See merge request espressif/esp-idf!21897
2024-10-05 20:47:46 -04:00 · 2023-01-12 19:38:51 +08:00 · 2023-01-12 19:38:51 +08:00 · 4f67662cab
commit 4f67662cab
parent c83d1db2ed 68d90dd392
7 changed files with 352 additions and 100 deletions
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@ -179,10 +179,26 @@ menu "mbedTLS"
            select MBEDTLS_HKDF_C
            default n
-        config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+        menu "TLS 1.3 related configurations"
            bool "Enable TLS 1.3 middlebox compatibility mode"
            depends on MBEDTLS_SSL_PROTO_TLS1_3
-            default y
+
            config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
                bool "TLS 1.3 middlebox compatibility mode"
                default y
            config MBEDTLS_SSL_TLS1_3_KEXM_PSK
                bool "TLS 1.3 PSK key exchange mode"
                default y
            config MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL
                bool "TLS 1.3 ephemeral key exchange mode"
                default y
            config MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL
                bool "TLS 1.3 PSK ephemeral key exchange mode"
                default y
        endmenu
        config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
            bool "Variable SSL buffer length"
@ -212,6 +228,7 @@ menu "mbedTLS"
        config MBEDTLS_SSL_CONTEXT_SERIALIZATION
            bool "Enable serialization of the TLS context structures"
            default n
            depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
            help
                Enable serialization of the TLS context structures
                This is a local optimization in handling a single, potentially long-lived connection.
@ -230,17 +247,14 @@ menu "mbedTLS"
                See mbedTLS documentation for required API and more details.
        menu "DTLS-based configurations"
-            visible if MBEDTLS_SSL_PROTO_DTLS
+            depends on MBEDTLS_SSL_PROTO_DTLS
            config MBEDTLS_SSL_DTLS_CONNECTION_ID
                bool "Support for the DTLS Connection ID extension"
                depends on MBEDTLS_SSL_PROTO_DTLS
                default n
                help
                    Enable support for the DTLS Connection ID extension which allows to
                    identify DTLS connections across changes in the underlying transport.
                    The Connection ID extension is still in draft state.
                    Refer: version draft-ietf-tls-dtls-connection-id-05
            config MBEDTLS_SSL_CID_IN_LEN_MAX
                int "Maximum length of CIDs used for incoming DTLS messages"
@ -276,7 +290,6 @@ menu "mbedTLS"
            config MBEDTLS_SSL_DTLS_SRTP
                bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
                depends on MBEDTLS_SSL_PROTO_DTLS
                default n
                help
                    Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension.
@ -702,7 +715,7 @@ menu "mbedTLS"
    config MBEDTLS_SERVER_SSL_SESSION_TICKETS
        bool "TLS: Server Support for RFC 5077 SSL session tickets"
        default y
-        depends on MBEDTLS_TLS_ENABLED
+        depends on MBEDTLS_TLS_ENABLED && (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
        help
            Server support for RFC 5077 session tickets. See mbedTLS documentation for more details.
            Disabling this option will save some code size.
--- a/components/mbedtls/mbedtls
+++ b/components/mbedtls/mbedtls
@ -1 +1 @@
-Subproject commit 7b428b1bf260ce1fec4e3ffb6494070d439a3a67
+Subproject commit e39975969d548572a39875ad29abd88b23285f94
--- a/components/mbedtls/port/dynamic/esp_ssl_cli.c
+++ b/components/mbedtls/port/dynamic/esp_ssl_cli.c
@ -35,7 +35,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
        ssl->handshake->new_session_ticket != 0 )
    {
-        ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
+        ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
    }
 #endif
@ -158,7 +158,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
+        case MBEDTLS_SSL_NEW_SESSION_TICKET:
            if (add) {
                CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
            } else {
--- a/components/mbedtls/port/dynamic/esp_ssl_tls.c
+++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c
@ -49,7 +49,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
 #endif
 #if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+    mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
 #endif
 }
@ -62,8 +62,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
    mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
 #endif
 #if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_init(   &handshake->fin_sha512    );
+    mbedtls_sha512_init(   &handshake->fin_sha384    );
-    mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
+    mbedtls_sha512_starts( &handshake->fin_sha384, 1 );
 #endif
    handshake->update_checksum = ssl_update_checksum_start;
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@ -43,7 +43,16 @@
 * The time does not need to be correct, only time differences are used,
 * by contrast with MBEDTLS_HAVE_TIME_DATE
 *
- * Comment if your system does not support time functions
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
 * MBEDTLS_PLATFORM_STD_TIME.
 *
 * Comment if your system does not support time functions.
 *
 * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
 *       interface - timing.c will include time.h on suitable platforms
 *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
 *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
 */
 #ifdef CONFIG_MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME
@ -358,7 +367,7 @@
 *
 * Module:  library/cmac.c
 *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
 *
 */
 #ifdef CONFIG_MBEDTLS_CMAC_C
@ -878,19 +887,15 @@
 /**
 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
 *
- * Enable support for the DTLS Connection ID extension
+ * Enable support for the DTLS Connection ID (CID) extension,
 * (version draft-ietf-tls-dtls-connection-id-05,
 * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
 * which allows to identify DTLS connections across changes
- * in the underlying transport.
+ * in the underlying transport. The CID functionality is described
 * in RFC 9146.
 *
 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
+ * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
- * See the corresponding documentation for more information.
+ * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
- *
+ * more information.
 * \warning The Connection ID extension is still in draft state.
 *          We make no stability promises for the availability
 *          or the shape of the API controlled by this option.
 *
 * The maximum lengths of outgoing and incoming CIDs can be configured
 * through the options
@ -907,6 +912,28 @@
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
 #endif
 /**
 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
 *
 * Defines whether RFC 9146 (default) or the legacy version
 * (version draft-ietf-tls-dtls-connection-id-05,
 * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
 * is used.
 *
 * Set the value to 0 for the standard version, and
 * 1 for the legacy draft version.
 *
 * \deprecated Support for the legacy version of the DTLS
 *             Connection ID feature is deprecated. Please
 *             switch to the standardized version defined
 *             in RFC 9146 enabled by utilizing
 *             MBEDTLS_SSL_DTLS_CONNECTION_ID without use
 *             of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
 *
 * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
 */
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
 /**
 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
 *
@ -930,6 +957,8 @@
 * saved after the handshake to allow for more efficient serialization, so if
 * you don't need this feature you'll save RAM by disabling it.
 *
 * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
 *
 * Comment to disable the context serialization APIs.
 */
 #ifdef CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION
@ -963,7 +992,7 @@
 * Enable support for RFC 7627: Session Hash and Extended Master Secret
 * Extension.
 *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
 * attacks, but it is recommended to always use it (even if you disable
 * renegotiation), since it actually fixes a more fundamental issue in the
 * original SSL/TLS design, and has implications beyond Triple Handshake.
@ -1011,7 +1040,9 @@
 * \note This option has no influence on the protection against the
 *       triple handshake attack. Even if it is disabled, Mbed TLS will
 *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
 *
 * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
 *
 * Comment this macro to disable storing the peer's certificate
 * after the handshake.
@ -1100,6 +1131,8 @@
 *       See docs/architecture/tls13-support.md for a description of the TLS
 *       1.3 support that this option enables.
 *
 * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 *
 * Uncomment this macro to enable the support for TLS 1.3.
 *
 */
@ -1135,6 +1168,134 @@
 #undef MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 #endif
 /**
 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 *
 * Enable TLS 1.3 PSK key exchange mode.
 *
 * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
 * effect on the build.
 *
 */
 #ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_PSK
 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 #else
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 #endif
 /**
 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 *
 * Enable TLS 1.3 ephemeral key exchange mode.
 *
 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
 *           MBEDTLS_PKCS1_V21
 *
 * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
 * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
 * effect on the build.
 *
 */
 #ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_EPHEMERAL
 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 #else
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 #endif
 /**
 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 *
 * Enable TLS 1.3 PSK ephemeral key exchange mode.
 *
 * Requires: MBEDTLS_ECDH_C
 *
 * Comment to disable support for the PSK ephemeral key exchange mode in
 * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
 * have any effect on the build.
 *
 */
 #ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEXM_PSK_EPHEMERAL
 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 #else
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 #endif
 /**
 * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
 *
 * Maximum time difference in milliseconds tolerated between the age of a
 * ticket from the server and client point of view.
 * From the client point of view, the age of a ticket is the time difference
 * between the time when the client proposes to the server to use the ticket
 * (time of writing of the Pre-Shared Key Extension including the ticket) and
 * the time the client received the ticket from the server.
 * From the server point of view, the age of a ticket is the time difference
 * between the time when the server receives a proposition from the client
 * to use the ticket and the time when the ticket was created by the server.
 * The server age is expected to be always greater than the client one and
 * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
 * maximum difference tolerated for the server to accept the ticket.
 * This is not used in TLS 1.2.
 *
 */
 #define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
 /**
 * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
 *
 * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
 *
 * This must be less than 256.
 */
 #define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
 /**
 * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
 *
 * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
 * after handshake completion. This is not used in TLS 1.2 and relevant only if
 * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
 *
 */
 #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
 /**
 * \def MBEDTLS_SSL_EARLY_DATA
 *
 * Enable support for RFC 8446 TLS 1.3 early data.
 *
 * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
 *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
 *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 *
 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
 * is not enabled, this option does not have any effect on the build.
 *
 * This feature is experimental, not completed and thus not ready for
 * production.
 *
 */
 //#define MBEDTLS_SSL_EARLY_DATA
 /**
 * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
 *
 * The default maximum amount of 0-RTT data. See the documentation of
 * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
 *
 * It must be positive and smaller than UINT32_MAX.
 *
 * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
 * have any impact on the build.
 *
 * This feature is experimental, not completed and thus not ready for
 * production.
 *
 */
 #define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE        1024
 /**
 * \def MBEDTLS_SSL_PROTO_DTLS
 *
@ -1489,10 +1650,14 @@
 * Enable the multi-precision integer library.
 *
 * Module:  library/bignum.c
 *          library/bignum_core.c
 *          library/bignum_mod.c
 *          library/bignum_mod_raw.c
 * Caller:  library/dhm.c
 *          library/ecp.c
 *          library/ecdsa.c
 *          library/rsa.c
 *          library/rsa_alt_helpers.c
 *          library/ssl_tls.c
 *
 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@ -1578,7 +1743,8 @@
 *
 * Module:  library/ccm.c
 *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
 *                             MBEDTLS_ARIA_C
 *
 * This module enables the AES-CCM ciphersuites, if other requisites are
 * enabled as well.
@ -1635,7 +1801,17 @@
 * Enable the generic cipher layer.
 *
 * Module:  library/cipher.c
- * Caller:  library/ssl_tls.c
+ * Caller:  library/ccm.c
 *          library/cmac.c
 *          library/gcm.c
 *          library/nist_kw.c
 *          library/pkcs12.c
 *          library/pkcs5.c
 *          library/psa_crypto_aead.c
 *          library/psa_crypto_mac.c
 *          library/ssl_ciphersuites.c
 *          library/ssl_msg.c
 *          library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
 *
 * Uncomment to enable generic cipher wrappers.
 */
@ -1661,9 +1837,10 @@
 * Enable the debug functions.
 *
 * Module:  library/debug.c
- * Caller:  library/ssl_cli.c
+ * Caller:  library/ssl_msg.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
 *          library/ssl_tls12_*.c
 *          library/ssl_tls13_*.c
 *
 * This module provides debugging functions.
 */
@ -1709,8 +1886,9 @@
 * Enable the Diffie-Hellman-Merkle module.
 *
 * Module:  library/dhm.c
- * Caller:  library/ssl_cli.c
+ * Caller:  library/ssl_tls.c
- *          library/ssl_srv.c
+ *          library/ssl*_client.c
 *          library/ssl*_server.c
 *
 * This module is used by the following key exchanges:
 *      DHE-RSA, DHE-PSK
@ -1727,8 +1905,10 @@
 * Enable the elliptic curve Diffie-Hellman library.
 *
 * Module:  library/ecdh.c
- * Caller:  library/ssl_cli.c
+ * Caller:  library/psa_crypto.c
- *          library/ssl_srv.c
+ *          library/ssl_tls.c
 *          library/ssl*_client.c
 *          library/ssl*_server.c
 *
 * This module is used by the following key exchanges:
 *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
@ -1777,7 +1957,8 @@
 * This module is used by the following key exchanges:
 *      ECJPAKE
 *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_ECP_C and MBEDTLS_MD_C
 *
 */
 #ifdef CONFIG_MBEDTLS_ECJPAKE_C
 #define MBEDTLS_ECJPAKE_C
@ -1836,7 +2017,8 @@
 *
 * Module:  library/gcm.c
 *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
 *                             MBEDTLS_ARIA_C
 *
 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
 * requisites are enabled as well.
@ -1885,8 +2067,29 @@
 *
 * Enable the generic message digest layer.
 *
- * Module:  library/mbedtls_md.c
+ * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
- * Caller:
+ *                   MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
 *                   MBEDTLS_SHA512_C.
 *
 * Module:  library/md.c
 * Caller:  library/constant_time.c
 *          library/ecdsa.c
 *          library/ecjpake.c
 *          library/hkdf.c
 *          library/hmac_drbg.c
 *          library/pk.c
 *          library/pkcs5.c
 *          library/pkcs12.c
 *          library/psa_crypto_ecp.c
 *          library/psa_crypto_rsa.c
 *          library/rsa.c
 *          library/ssl_cookie.c
 *          library/ssl_msg.c
 *          library/ssl_tls.c
 *          library/x509.c
 *          library/x509_crt.c
 *          library/x509write_crt.c
 *          library/x509write_csr.c
 *
 * Uncomment to enable generic message digest wrappers.
 */
@ -1910,11 +2113,19 @@
 /**
 * \def MBEDTLS_NET_C
 *
- * Enable the TCP/IP networking routines.
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
 *
- * Module:  library/net.c
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
 * and Windows. For other platforms, you'll want to disable it, and write your
 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
 *
- * This module provides TCP/IP networking routines.
+ * \note See also our Knowledge Base article about porting to a new
 * environment:
 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
 *
 * Module:  library/net_sockets.c
 *
 * This module provides networking routines.
 */
 #ifdef MBEDTLS_NET_C
 #undef MBEDTLS_NET_C
@ -2002,12 +2213,16 @@
 /**
 * \def MBEDTLS_PK_C
 *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
 *
 * Module:  library/pk.c
- * Caller:  library/ssl_tls.c
+ * Caller:  library/psa_crypto_rsa.c
- *          library/ssl_cli.c
+ *          library/ssl_tls.c
- *          library/ssl_srv.c
+ *          library/ssl*_client.c
 *          library/ssl*_server.c
 *          library/x509.c
 *
 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
 *
 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
 *
@ -2018,7 +2233,7 @@
 /**
 * \def MBEDTLS_PK_PARSE_C
 *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
 *
 * Module:  library/pkparse.c
 * Caller:  library/mbedtls_x509_crt.c
@ -2033,7 +2248,7 @@
 /**
 * \def MBEDTLS_PK_WRITE_C
 *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
 *
 * Module:  library/pkwrite.c
 * Caller:  library/x509write.c
@ -2051,12 +2266,32 @@
 *
 * Module:  library/pkcs5.c
 *
- * Requires: MBEDTLS_MD_C
+ * Requires: MBEDTLS_CIPHER_C and MBEDTLS_MD_C
 *
 * This module adds support for the PKCS#5 functions.
 */
 #define MBEDTLS_PKCS5_C
 /**
 * \def MBEDTLS_PKCS7_C
 *
 * This feature is a work in progress and not ready for production. Testing and
 * validation is incomplete, and handling of malformed inputs may not be robust.
 * The API may change.
 *
 * Enable PKCS7 core for using PKCS7 formatted signatures.
 * RFC Link - https://tools.ietf.org/html/rfc2315
 *
 * Module:  library/pkcs7.c
 *
 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
 *           MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
 *           MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
 *
 * This module is required for the PKCS7 parsing modules.
 */
 //#define MBEDTLS_PKCS7_C
 /**
 * \def MBEDTLS_PKCS12_C
 *
@ -2083,7 +2318,7 @@
 * above to be specified at runtime or compile time respectively.
 *
 * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
+ * as other modules rely on it for a fixed snprintf implementation.
 *
 * Module:  library/platform.c
 * Caller:  Most other .c files
@ -2127,10 +2362,12 @@
 * Enable the RSA public-key cryptosystem.
 *
 * Module:  library/rsa.c
- * Caller:  library/ssl_cli.c
+ *          library/rsa_alt_helpers.c
- *          library/ssl_srv.c
+ * Caller:  library/pk.c
 *          library/psa_crypto.c
 *          library/ssl_tls.c
- *          library/x509.c
+ *          library/ssl*_client.c
 *          library/ssl*_server.c
 *
 * This module is used by the following key exchanges:
 *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
@ -2144,17 +2381,36 @@
 *
 * Enable the SHA1 cryptographic hash algorithm.
 *
- * Module:  library/mbedtls_sha1.c
+ * Module:  library/sha1.c
- * Caller:  library/mbedtls_md.c
+ * Caller:  library/md.c
- *          library/ssl_cli.c
+ *          library/psa_crypto_hash.c
- *          library/ssl_srv.c
+ *
- *          library/ssl_tls.c
+ * This module is required for TLS 1.2 depending on the handshake parameters,
- *          library/x509write_crt.c
+ * and for SHA1-signed certificates.
 *
 * \warning   SHA-1 is considered a weak message digest and its use constitutes
 *            a security risk. If possible, we recommend avoiding dependencies
 *            on it, and considering stronger message digests instead.
 *
 * This module is required for SSL/TLS and SHA1-signed certificates.
 */
 #define MBEDTLS_SHA1_C
 /**
 * \def MBEDTLS_SHA224_C
 *
 * Enable the SHA-224 cryptographic hash algorithm.
 *
 * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
 *           SHA-224 without SHA-256.
 *
 * Module:  library/sha256.c
 * Caller:  library/md.c
 *          library/ssl_cookie.c
 *
 * This module adds support for SHA-224.
 */
 #define MBEDTLS_SHA224_C
 /**
 * \def MBEDTLS_SHA256_C
 *
@ -2163,9 +2419,9 @@
 * Module:  library/mbedtls_sha256.c
 * Caller:  library/entropy.c
 *          library/mbedtls_md.c
 *          library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
 *          library/ssl*_client.c
 *          library/ssl*_server.c=
 *
 * This module adds support for SHA-224 and SHA-256.
 * This module is required for the SSL/TLS 1.2 PRF function.
@ -2177,11 +2433,11 @@
 *
 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
 *
- * Module:  library/mbedtls_sha512.c
+ * Module:  library/sha512.c
 * Caller:  library/entropy.c
- *          library/mbedtls_md.c
+ *          library/md.c
- *          library/ssl_cli.c
+ *          library/ssl_tls.c
- *          library/ssl_srv.c
+ *          library/ssl_cookie.c
 *
 * This module adds support for SHA-384 and SHA-512.
 */
@ -2223,7 +2479,8 @@
 * Module:  library/ssl_ticket.c
 * Caller:
 *
- * Requires: MBEDTLS_CIPHER_C
+ * Requires: (MBEDTLS_CIPHER_C) &&
 *           (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
 */
 #ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS
 #define MBEDTLS_SSL_TICKET_C
@ -2236,7 +2493,7 @@
 *
 * Enable the SSL/TLS client code.
 *
- * Module:  library/ssl_cli.c
+ * Module:  library/ssl*_client.c
 * Caller:
 *
 * Requires: MBEDTLS_SSL_TLS_C
@ -2273,8 +2530,8 @@
 * Enable the generic SSL/TLS code.
 *
 * Module:  library/ssl_tls.c
- * Caller:  library/ssl_cli.c
+ * Caller:  library/ssl*_client.c
- *          library/ssl_srv.c
+ *          library/ssl*_server.c
 *
 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
 *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
@ -2301,7 +2558,7 @@
 *
 * \note See also our Knowledge Base article about porting to a new
 * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
 *
 * Module:  library/timing.c
 * Caller:  library/havege.c
@ -2334,7 +2591,7 @@
 *          library/mbedtls_x509_csr.c
 *
 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
- *           MBEDTLS_PK_PARSE_C
+ *           MBEDTLS_PK_PARSE_C, MBEDTLS_MD_C
 *
 * This module is required for the X.509 parsing modules.
 */
@ -2346,9 +2603,9 @@
 * Enable X.509 certificate parsing.
 *
 * Module:  library/mbedtls_x509_crt.c
- * Caller:  library/ssl_cli.c
+ * Caller:  library/ssl_tls.c
- *          library/ssl_srv.c
+ *          library/ssl*_client.c
- *          library/ssl_tls.c
+ *          library/ssl*_server.c
 *
 * Requires: MBEDTLS_X509_USE_C
 *
@ -2399,7 +2656,8 @@
 *
 * Module:  library/x509_create.c
 *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C,
 *           MBEDTLS_MD_C
 *
 * This module is the basis for creating X.509 certificates and CSRs.
 */
@ -2613,7 +2871,7 @@
 * contexts are not shared between threads. If you do intend to use contexts
 * between threads, you will need to enable this layer to prevent race
 * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+ * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
 *
 * Module:  library/threading.c
 *
--- a/components/protocomm/test_apps/main/test_protocomm.c
+++ b/components/protocomm/test_apps/main/test_protocomm.c
@ -564,7 +564,7 @@ static esp_err_t test_req_endpoint(session_t *session)
        // Check if the AES key is correctly set before calling the software encryption
        // API. Without this check, the code will crash, resulting in a test case failure.
        // For hardware AES, portability layer takes care of this.
-        if (session->ctx_aes.MBEDTLS_PRIVATE(rk) != NULL && session->ctx_aes.MBEDTLS_PRIVATE(nr) > 0) {
+        if (session->ctx_aes.MBEDTLS_PRIVATE(nr) > 0) {
 #endif
            mbedtls_aes_crypt_ctr(&session->ctx_aes, sizeof(rand_test_data), &session->nc_off,
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
@ -745,25 +745,7 @@ cleanup:
 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 		int iterations, u8 *buf, size_t buflen)
 {
-
+	int ret = mbedtls_pkcs5_pbkdf2_hmac_ext(MBEDTLS_MD_SHA1, (const u8 *) passphrase,
 	mbedtls_md_context_t sha1_ctx;
 	const mbedtls_md_info_t *info_sha1;
 	int ret;
 	mbedtls_md_init(&sha1_ctx);
 	info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
 	if (info_sha1 == NULL) {
 		ret = -1;
 		goto cleanup;
 	}
 	if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) {
 		ret = -1;
 		goto cleanup;
 	}
 	ret = mbedtls_pkcs5_pbkdf2_hmac(&sha1_ctx, (const u8 *) passphrase,
 					os_strlen(passphrase) , ssid,
 					ssid_len, iterations, 32, buf);
 	if (ret != 0) {
@ -772,7 +754,6 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 	}
 cleanup:
 	mbedtls_md_free(&sha1_ctx);
 	return ret;
 }
		`@ -1 +1 @@`
			`Subproject commit 7b428b1bf260ce1fec4e3ffb6494070d439a3a67`				`Subproject commit e39975969d548572a39875ad29abd88b23285f94`