Merge branch 'feature/mbedtls_3_5_0_update_v5.1' into 'release/v5.1'

feat(mbedtls): update to 3.5.0 release (v5.1)

See merge request espressif/esp-idf!26475
This commit is contained in:
Jiang Jiang Jian 2023-10-18 17:06:00 +08:00
commit ee6ea577e2
7 changed files with 41 additions and 34 deletions

View File

@ -110,9 +110,13 @@ list(REMOVE_ITEM src_x509 x509_crt.c)
set_property(TARGET mbedx509 PROPERTY SOURCES ${src_x509}) set_property(TARGET mbedx509 PROPERTY SOURCES ${src_x509})
endif() endif()
# Core libraries from the mbedTLS project
set(mbedtls_targets mbedtls mbedcrypto mbedx509) set(mbedtls_targets mbedtls mbedcrypto mbedx509)
# 3rd party libraries from the mbedTLS project
list(APPEND mbedtls_targets everest p256m)
set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c") set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c"
"${COMPONENT_DIR}/port/esp_platform_time.c")
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER) if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
set(mbedtls_target_sources ${mbedtls_target_sources} set(mbedtls_target_sources ${mbedtls_target_sources}

View File

@ -1052,16 +1052,4 @@ menu "mbedTLS"
then the ESP will be unable to process keys greater then the ESP will be unable to process keys greater
than SOC_RSA_MAX_BIT_LEN. than SOC_RSA_MAX_BIT_LEN.
menuconfig MBEDTLS_SECURITY_RISKS
bool "Show configurations with potential security risks"
default n
config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
bool "X.509 CRT parsing with unsupported critical extensions"
depends on MBEDTLS_SECURITY_RISKS
default n
help
Allow the X.509 certificate parser to load certificates
with unsupported critical extensions
endmenu # mbedTLS endmenu # mbedTLS

@ -1 +1 @@
Subproject commit 727a037da6f9a62a9d3d5def5bd21a2bc9c621c6 Subproject commit dd91f30058dfad68d80267cc82cd8472c4aa54b5

View File

@ -283,6 +283,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf) int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
{ {
ssl->conf = conf; ssl->conf = conf;
ssl->tls_version = ssl->conf->max_tls_version;
CHECK_OK(ssl_handshake_init(ssl)); CHECK_OK(ssl_handshake_init(ssl));
mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf)); mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf));

View File

@ -13,7 +13,7 @@
#include "esp_private/periph_ctrl.h" #include "esp_private/periph_ctrl.h"
#include "ecdsa/ecdsa_alt.h" #include "ecdsa/ecdsa_alt.h"
#define ECDSA_KEY_MAGIC 0xECD5A #define ECDSA_KEY_MAGIC (short) 0xECD5A
#define ECDSA_SHA_LEN 32 #define ECDSA_SHA_LEN 32
#define MAX_ECDSA_COMPONENT_LEN 32 #define MAX_ECDSA_COMPONENT_LEN 32

View File

@ -0,0 +1,25 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "mbedtls/build_info.h"
#include "mbedtls/platform_time.h"
#ifdef MBEDTLS_PLATFORM_MS_TIME_ALT
mbedtls_ms_time_t mbedtls_ms_time()
{
int ret;
struct timespec tv = {};
mbedtls_ms_time_t current_ms;
ret = clock_gettime(CLOCK_MONOTONIC, &tv);
if (ret) {
return time(NULL) * 1000L;
}
current_ms = tv.tv_sec;
return current_ms * 1000L + tv.tv_nsec / 1000000L;
}
#endif // MBEDTLS_PLATFORM_MS_TIME_ALT

View File

@ -56,8 +56,15 @@
*/ */
#ifdef CONFIG_MBEDTLS_HAVE_TIME #ifdef CONFIG_MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME
/**
* \def MBEDTLS_PLATFORM_MS_TIME_ALT
*
* Define platform specific function to get time since bootup in milliseconds.
*/
#define MBEDTLS_PLATFORM_MS_TIME_ALT
#else #else
#undef MBEDTLS_HAVE_TIME #undef MBEDTLS_HAVE_TIME
#undef MBEDTLS_PLATFORM_MS_TIME_ALT
#endif #endif
/** /**
@ -2731,25 +2738,6 @@
*/ */
#define MBEDTLS_X509_CRT_WRITE_C #define MBEDTLS_X509_CRT_WRITE_C
/**
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* Alow the X509 parser to not break-off when parsing an X509 certificate
* and encountering an unknown critical extension.
*
* Module: library/x509_crt.c
*
* Requires: MBEDTLS_X509_CRT_PARSE_C
*
* This module is supports loading of certificates with extensions that
* may not be supported by mbedtls.
*/
#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#else
#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
/** /**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
* *