Merge branch 'feature/update_mbedtls_v3.4.0' into 'master'

mbedtls: Update to release/v3.4.0

Closes IDF-7158

See merge request espressif/esp-idf!23058

components/mbedtls/CMakeLists.txt

@@ -126,6 +126,12 @@ if(${IDF_TARGET} STREQUAL "linux")
 set(mbedtls_target_sources ${mbedtls_target_sources} "${COMPONENT_DIR}/port/net_sockets.c")
 endif()
 
+# While updating to MbedTLS release/v3.4.0, building mbedtls/library/psa_crypto.c
+# clang produces an unreachable-code warning.
+if(CMAKE_C_COMPILER_ID MATCHES "Clang")
+    target_compile_options(mbedcrypto PRIVATE "-Wno-unreachable-code")
+endif()
+
 # net_sockets.c should only be compiled if BSD socket functions are available.
 # Do this by checking if lwip component is included into the build.
 idf_build_get_property(build_components BUILD_COMPONENTS)

components/mbedtls/Kconfig

@@ -246,6 +246,13 @@ menu "mbedTLS"
 
                 See mbedTLS documentation for required API and more details.
 
+        config MBEDTLS_PKCS7_C
+            bool "Enable PKCS #7"
+            default y
+            depends on MBEDTLS_X509_CRL_PARSE_C
+            help
+                Enable PKCS #7 core for using PKCS #7-formatted signatures.
+
         menu "DTLS-based configurations"
             depends on MBEDTLS_SSL_PROTO_DTLS
 
@@ -351,6 +358,7 @@ menu "mbedTLS"
     config MBEDTLS_ECP_RESTARTABLE
         bool "Enable mbedTLS ecp restartable"
         select MBEDTLS_ECDH_LEGACY_CONTEXT
+        depends on MBEDTLS_ECP_C
         default n
         help
             Enable "non-blocking" ECC operations that can return early and be resumed.

components/mbedtls/mbedtls

@@ -1 +1 @@
-Subproject commit e39975969d548572a39875ad29abd88b23285f94
+Subproject commit f5fca55508d9d18961b10824d5cf5d8338c087f6

components/mbedtls/port/dynamic/esp_ssl_tls.c

@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 #include <sys/param.h>
+#include "mbedtls/error.h"
 #include "esp_mbedtls_dynamic_impl.h"
 
 int __real_mbedtls_ssl_write(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
@@ -42,15 +43,17 @@ static int rx_done(mbedtls_ssl_context *ssl)
     return 0;
 }
 
-static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
+static int ssl_update_checksum_start( mbedtls_ssl_context *ssl,
                                        const unsigned char *buf, size_t len )
 {
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+    ret = mbedtls_md_update( &ssl->handshake->fin_sha256, buf, len );
 #endif
 #if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
+    ret = mbedtls_md_update( &ssl->handshake->fin_sha384, buf, len );
 #endif
+    return ret;
 }
 
 static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
@@ -58,12 +61,18 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
     memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
 
 #if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_init(   &handshake->fin_sha256    );
-    mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
+    mbedtls_md_init( &handshake->fin_sha256 );
+    mbedtls_md_setup( &handshake->fin_sha256,
+                    mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+                    0 );
+    mbedtls_md_starts( &handshake->fin_sha256 );
 #endif
 #if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_init(   &handshake->fin_sha384    );
-    mbedtls_sha512_starts( &handshake->fin_sha384, 1 );
+    mbedtls_md_init( &handshake->fin_sha384 );
+    mbedtls_md_setup( &handshake->fin_sha384,
+                    mbedtls_md_info_from_type(MBEDTLS_MD_SHA384),
+                    0 );
+    mbedtls_md_starts( &handshake->fin_sha384 );
 #endif
 
     handshake->update_checksum = ssl_update_checksum_start;

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -314,12 +314,36 @@
  * This is useful in non-threaded environments if you want to avoid blocking
  * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
  *
- * Uncomment this macro to enable restartable ECC computations.
+ * This option:
+ * - Adds xxx_restartable() variants of existing operations in the
+ *   following modules, with corresponding restart context types:
+ *   - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
+ *     linear combination (muladd);
+ *   - ECDSA: signature generation & verification;
+ *   - PK: signature generation & verification;
+ *   - X509: certificate chain verification.
+ * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
+ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
+ *   ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
+ *   computations restartable:
+ *   - ECDH operations from the key exchange, only for Short Weierstrass
+ *     curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
+ *   - verification of the server's key exchange signature;
+ *   - verification of the server's certificate chain;
+ *   - generation of the client's signature if client authentication is used,
+ *     with an ECC key/certificate.
+ *
+ * \note  In the cases above, the usual SSL/TLS functions, such as
+ *        mbedtls_ssl_handshake(), can now return
+ *        MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
  *
  * \note  This option only works with the default software implementation of
  *        elliptic curve functionality. It is incompatible with
- *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
- *        and MBEDTLS_ECDH_LEGACY_CONTEXT.
+ *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
+ *
+ * Requires: MBEDTLS_ECP_C
+ *
+ * Uncomment this macro to enable restartable ECC computations.
  */
 #ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE
 #define MBEDTLS_ECP_RESTARTABLE
@@ -1105,6 +1129,19 @@
  */
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
+/**
+ * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
+ *
+ * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
+ *
+ * \warning This extension is currently in development and must NOT be used except
+ *          for testing purposes.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Uncomment this macro to enable support for the record_size_limit extension
+ */
+//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1262,21 +1299,21 @@
 #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
 
 /**
-* \def MBEDTLS_SSL_EARLY_DATA
-*
-* Enable support for RFC 8446 TLS 1.3 early data.
-*
-* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
-*           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
-*           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-*
-* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
-* is not enabled, this option does not have any effect on the build.
-*
-* This feature is experimental, not completed and thus not ready for
-* production.
-*
-*/
+ * \def MBEDTLS_SSL_EARLY_DATA
+ *
+ * Enable support for RFC 8446 TLS 1.3 early data.
+ *
+ * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
+ * is not enabled, this option does not have any effect on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
 //#define MBEDTLS_SSL_EARLY_DATA
 
 /**
@@ -2289,9 +2326,13 @@
  *           MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
  *           MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
  *
- * This module is required for the PKCS7 parsing modules.
+ * This module is required for the PKCS #7 parsing modules.
  */
-//#define MBEDTLS_PKCS7_C
+#ifdef CONFIG_MBEDTLS_PKCS7_C
+#define MBEDTLS_PKCS7_C
+#else
+#undef MBEDTLS_PKCS7_C
+#endif
 
 /**
  * \def MBEDTLS_PKCS12_C